secure-aka: an efficient aka protocol for umts networks

Download Secure-AKA: An Efficient AKA Protocol for UMTS Networks

Post on 25-Dec-2016




1 download

Embed Size (px)


  • Wireless Pers CommunDOI 10.1007/s11277-014-1821-0

    Secure-AKA: An Efficient AKA Protocol for UMTSNetworks

    Neetesh Saxena Narendra S. Chaudhari

    Springer Science+Business Media New York 2014

    Abstract In this paper, we propose an improved and efficient authentication and key agree-ment (AKA) protocol named Secure-AKA to prevent Universal Mobile Telecommunica-tion System (UMTS) network from various attacks like man-in-the-middle attack, redirec-tion attack, replay attack, active attacks in the corrupted UMTS networks, and especiallydenial of service attack. This protocol completely eliminates the need of counter synchro-nization between a mobile station and its home network, and protects the actual identity ofeach user over the network by generating a temporary identity during the authentication.The Secure-AKA protocol generates minimum communication and computation overheadsas compared to UMTS-AKA, S-AKA, AP-AKA, EURASIP-AKA, COCKTAIL-AKA, X-AKA, and EXT-AKA protocols. On an average, Secure-AKA protocol reduces 65 % of thebandwidth consumption during the authentication process in comparison to UMTS-AKA,which is the maximum reduction of bandwidth by any AKA protocol referred in the paper.

    Keywords UMTS Authentication Identity Attacks Overheads

    1 Introduction

    With the latest and advanced innovations in mobile applications, the third-generation (3G)technology has been widely used in modern mobile devices. It has been a great advancement tovarious service capabilities, numerous operations, and performance as compare to the second-generation (2G) technology. UMTS is one of the 3G technologies which is an extension ofGlobal System for Mobile Communications (GSM). In fact, there were many security issues

    N. Saxena (B) N. S. ChaudhariDiscipline of Computer Science and Engineering, Indian Institute of Technology, Indore, Indiae-mail:

    N. S. ChaudhariDepartment of Computer Science and Engineering, Visvesvarya National Institute of Technology,Nagpur, Indiae-mail:


  • N. Saxena, N. S. Chaudhari

    presented in the original 2G GSM network. The 3G UMTS technology has overcome theseissues including mutual authentication. To improve the security weaknesses exist in GSM[1], the UMTS authentication and key agreement AKA was proposed at network level [2] forauthenticating 3G mobile subscribers. Although, the UMTS-AKA has successfully defeatedmost of the vulnerabilities found in the GSM network, but, it is still vulnerable to redirectionattack [3], man-in-the-middle (MITM) attack [4] and denial of service (DoS) attack [5].

    1.1 Research Problem

    The original UMTS-AKA protocol is vulnerable to some security attacks such as redirec-tion attack [6], man-in-the-middle attack [7], impersonation attack, and DoS attack. Thereare several other issues with UMTS-AKA protocol including the huge bandwidth usagebetween the Home Location Register (HLR) and the Visitor Location Register (VLR), largestorage space overhead at VLR, and counter synchronization problem between the mobilestation (MS) and the HLR/VLR. This protocol also generates huge communication and com-putation overheads in order to provide the mutual authentication between the MS and theVLR/HLR. To solve these issues in the UMTS network, many researchers have proposedtheir protocols; however, they are still not able to reduce the overheads effectively. In fact,some of these protocols are still vulnerable to attacks. All these existing issues are consid-ered in our work in order to develop an efficient and secure AKA protocol for 3G UMTSnetwork.

    1.2 Our Contribution

    In this paper, we present an improved and efficient AKA protocol namely Secure-AKA for3G UMTS network. Our protocol has the following main attributes:

    1. The proposed Secure-AKA protocol provides mutual authentication between the MS andthe HLR and between the MS and the VLR, similar to all AKA protocols discussed inthe paper.

    2. The Secure-AKA protocol prevents the UMTS network from redirection attack (asby AP-AKA, S-AKA, COCKTAIL-AKA), man-in-the-middle attack (as by S-AKA,COCKTAIL-AKA), replay attack (as by all AKA), active attacks in the corrupted network(as by all AKA), and denial of service attack (by Secure-AKA only while S-AKA providepartial prevention).

    3. The Secure-AKA is able to reduce the bandwidth consumption between the VLR and theHLR, and reduce the VLR storage.

    4. It completely overcomes the counter synchronization problem exists in UMTS-AKAas the mobile user and the roaming network node do not maintain any counter. This ispossible with message authentication code (MAC3) and DK key in the proposed protocol.

    5. This protocol hides the actual identity of each MS, i.e., International Mobile SubscriberIdentity (IMSI), and computes a temporary identity, i.e., Temporary Mobile SubscriberIdentity (TMSI) during the authentication process. The other existing protocols discussedin the paper do not provide identity protection over the network.

    6. The Secure-AKA produces minimum communication and computation overheads as com-pare to all existing and recent AKA protocols from the literature.

    7. On an average, the Secure-AKA protocol uses lesser bandwidth and provides minimummessage exchanged ratio during authentication as compared to all existing AKA protocolsfor UMTS network.


  • An Efficient AKA Protocol for UMTS Networks

    1.3 Organization

    The entire paper is organized in seven sections which are as follows: Sect. 2 introducesthe literature review of existing UMTS-AKA protocols in the UMTS network. Section 3illustrates the communication, trust, and attack models for UMTS network. Section 4 explainsa solution against DoS attack in the UMTS network. In Sect. 5, we focus on the security goalsto be achieved and explain the proposed Secure-AKA protocol in detail. The security andperformance analysis with simulation results of proposed protocol are given in Sect. 6. Finally,Sect. 7 summarizes the conclusion of the work.

    2 Review: Existing AKA Protocols

    In the UMTS-AKA protocol, each MS shares a secret key SK and certain cryptographicfunctions with the home network. The HLR and the MS, each maintains a counter to preventreplay attack [8,9]. The cryptographic functions shared between the HLR and the MS includetwo message authentication codes f1 and f2, and three key generation functions f3, f4, and f5[10]. AK/XAK is the anonymity key which is used to hide the sequence number in originalUMTS-AKA protocol. Lot of research is going on 3G UMTS network including regulationof 3G uplink and downlink buffer and flow control [11], 3G traffic offloading [12], vehicularnetwork access through WiFi [13] and UMTS-AKA protocol for intelligent transportationsystems [14]. Thus, the security of 3G UMTS network is a major concern.

    Various AKA protocols [1519] were proposed to provide the authentication among com-munication parties in mobile communications at various levels. Many symmetric key basedAKA protocols [2023] were proposed for UMTS network to improve the security of UMTS-AKA and effective utilization of bandwidth during the authentication. The NS-AKA protocolin [20] reduces the overheads, and is free from redirection and MITM attacks, but does not pro-vide resistance against denial of service attack. Zhang and Fang [21,24] proposed a new pro-tocol namely AP-AKA, to defeat the redirection attack and intensely inferior the effect of cor-rupted network. Al-Saraireh and Yousefs protocol [22] primary emphasis on the bandwidthreduction for transmitted authentication vectors and therefore, the authentication vectors areonly produced by the MS, not by the VLR. Another S-AKA protocol [25] reduces bandwidthconsumption up to 38 % (with number of authentication requests n = 2, 5, 10, 20, 50, 100),and also decreases the number of messages required in authenticating mobile subscribers;however, our analysis states that S-AKA can reduce bandwidth consumption up to 29 % only(when n = 50, 100, 200, 500, 1,000). The UMTS-AKA and EURASIP-AKA protocols do notprevent MITM and redirection attacks. However, the S-AKA protocol is able to stop MITMand redirection attacks while the AP-AKA protocol does not resist the MITM attack butis free from redirection attack. Al-Saraireh and Yousefs protocol (EURASIP-AKA) doesnot clear the security issues with redirection as well as man-in-the-middle attacks. X-AKAprotocol [26] was proposed to prune off the transmission of authentication vectors (AV) inUMTS-AKA protocol and improves its bandwidth utilization; however it does not preventman-in-the-middle and redirection attacks. Al-Saraireh and Yousefs EXT-AKA protocol[27] focused on the bandwidth reduction for transmitting authentication vectors. However,this protocol also does not clear the security issues against various attacks. Ou, Hwang, andJan proposed a new protocol COCKTAIL-AKA, to vanquish the imperfection of UMTS-AKA protocol [28], but it is penetrable to DoS attack and impersonation attack [29]. It alsodoes not solve the synchronization problem between MS and HLR.

    Tables 1 and 2 list the definitions of various symbols, abbreviations and cryptographicfunctions used in various AKA protocols discussed in the paper.


  • N. Saxena, N. S. Chaudhari

    Table 1 Symbols andabbreviations

    Symbol Definition Bits

    IMSI International mobile subscriber identity 128

    TID Temporary identity 128

    LAI Location area identifier 40

    SK Secret key shared b/w MS and HLR 128

    ReqNo Request number 128

    PID Proxy identity 128

    Puz Puzzle 128

    /H Hash code 64

    AMF Authentication management field 48

    RAND Random number 128

    AUTN Authentication token Variable

    AV Authentication vector Variable

    Y/N Yes/no flag 1

    DK Delegation key 128


View more >