Authentications & Key Agreement Protocols 3G/UMTS , 4G/LTE/EPS and their Enhancements By Ahmad Kabbara
Jun 09, 2015
Authentications & Key Agreement Protocols
3G/UMTS , 4G/LTE/EPS and their Enhancements
ByAhmad Kabbara
UMTS AKA
2/12
UMTS Security Context
3/12
Done only at initialization of the terminal
EMSUCU
4/12
Enhanced-EMSUCU(2 Solutions)
5/12
LTE - AKA
6/12
LTE – Security Context
7/12
SE - AKA
8/12
Advantages of SE - AKA:• All transmission connections between the nodes of the EPS all
secured by asymmetric cyphering.
9/12
• Vulnerable against Reject attack: Sending multiple A intercepted msgs• Vulnerable against Service Blocking(MITM): change Snid• Vulnerable against Brute Force or Intelligent Brute Force attack
against IMSI
Inconvenients of SE – AKA:
EC – AKA
10/12
EC – AKA 2
11/12
Advantages of EC – AKA:• Oppose the dictionary attack against IMSI by the generation of Dynamic IMSI
• Always guarantees to have dynamic Cyphering and Integrity Keys on each User Attach Request.
12/12
• Vulnerable against Reject Attack :by intercepting msg A.*solved by EC-AKA2
• Vulnerable against Denial of Service Attack against HSS/AuC by sending multiple A msgs.• Vulnerable against MITM Attack: Compromise the Av by knowing PKM change msg B ot B’ by changing Snid to another authorized one.
Inconvenients of EC – AKA: