Authentications & Key Agreement Protocols

3G/UMTS , 4G/LTE/EPS and their Enhancements

ByAhmad Kabbara

UMTS AKA

2/12

UMTS Security Context

3/12

Done only at initialization of the terminal

EMSUCU

4/12

Enhanced-EMSUCU(2 Solutions)

5/12

LTE - AKA

6/12

LTE – Security Context

7/12

SE - AKA

8/12

Advantages of SE - AKA:• All transmission connections between the nodes of the EPS all

secured by asymmetric cyphering.

9/12

• Vulnerable against Reject attack: Sending multiple A intercepted msgs• Vulnerable against Service Blocking(MITM): change Snid• Vulnerable against Brute Force or Intelligent Brute Force attack

against IMSI

Inconvenients of SE – AKA:

EC – AKA

10/12

EC – AKA 2

11/12

Advantages of EC – AKA:• Oppose the dictionary attack against IMSI by the generation of Dynamic IMSI

• Always guarantees to have dynamic Cyphering and Integrity Keys on each User Attach Request.

12/12

• Vulnerable against Reject Attack :by intercepting msg A.*solved by EC-AKA2

• Vulnerable against Denial of Service Attack against HSS/AuC by sending multiple A msgs.• Vulnerable against MITM Attack: Compromise the Av by knowing PKM change msg B ot B’ by changing Snid to another authorized one.

Inconvenients of EC – AKA: