Skip to main content
SpringerLink
Log in

A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols

  • Conference paper
Computer Network Security (MMM-ACNS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7531))

Abstract

We report on a deficiency in the specifications of the Authentication and Key Agreement (AKA) protocols of the Universal Mobile Telecommunications System (UMTS) and Long-Term Evolution (LTE) as well as the specification of the GSM Subscriber Identity Authentication protocol, which are all maintained by the 3rd Generation Partnership Program (3GPP), an international consortium of telecommunications standards bodies. The flaw, although found using the computational prover CryptoVerif, is of symbolic nature and could be exploited by both an outside and an inside attacker in order to violate entity authentication properties. An inside attacker may impersonate an honest user during a run of the protocol and apply the session key to use subsequent wireless services on behalf of the honest user.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 3GPP TS 33.102. 3G Security; Formal Analysis of the 3G Authentication Protocol, http://www.3gpp.org/ftp/Specs/html-info/33902.html

  2. 3GPP TS 29.002. Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Mobile Application Part (MAP) specification, http://www.3gpp.org/ftp/Specs/html-info/29002.html

  3. 3GPP TS 33.102. LTE; 3G Security; Security Architecture, http://www.3gpp.org/ftp/Specs/html-info/33102.html

  4. 3GPP TS 33.200. 3G Security; Network Domain Security (NDS); Mobile Application Part (MAP) application layer security, http://www.3gpp.org/ftp/Specs/html-info/33200.html

  5. 3GPP TS 33.210. LTE; 3G Security; Network Domain Security (NDS); IP network layer security, http://www.3gpp.org/ftp/Specs/html-info/33210.html

  6. 3GPP TS 33.310. LTE; Network Domain Security (NDS); Authentication Framework (AF), http://www.3gpp.org/ftp/Specs/html-info/33310.html

  7. 3GPP TS 33.401. LTE; 3GPP System Architecture Evolution (SAE); Security Architecture, http://www.3gpp.org/ftp/Specs/html-info/33401.html

  8. 3GPP TS 42.009. Digital cellular telecommunications system (Phase 2+); Security Aspects, http://www.3gpp.org/ftp/Specs/html-info/42009.html

  9. 3GPP TS 43.020. Digital cellular telecommunications system (Phase 2+); Security related network functions, http://www.3gpp.org/ftp/Specs/html-info/43020.html

  10. Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M.: Formal Analysis of UMTS Privacy. CoRR, abs/1109.2066 (2011), http://arxiv.org/abs/1109.2066

  11. Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada, pp. 82–96. IEEE Computer Society (June 2001)

    Google Scholar 

  12. Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada, pp. 82–96. IEEE Computer Society (June 2001)

    Google Scholar 

  13. Blanchet, B.: A Computationally Sound Mechanized Prover for Security Protocols. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 140–154 (May 2006)

    Google Scholar 

  14. Blanchet, B.: A Computationally Sound Mechanized Prover for Security Protocols. IEEE Transactions on Dependable and Secure Computing 5(4), 193–207 (2006); Special issue IEEE Symposium on Security and Privacy 2006

    Article  MathSciNet  Google Scholar 

  15. Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transactions on Information Theory 2(29), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  16. IETF. Diameter Base Protocol RFC 3588 (September 2003), http://www.ietf.org/rfc/rfc3588.txt

  17. International Telecom Union. ICT Indication Database (2011), http://www.itu.int/ITU-D/ict/statistics/

  18. Meyer, U., Wetzel, S.: A man-in-the-middle attack on UMTS. In: Proceedings of the 3rd ACM Workshop on Wireless Security (WiSe 2004), Philadelphia, PA, USA, pp. 90–97 (2004)

    Google Scholar 

  19. MjĂžlsnes, S.F., Tsay, J.-K.: Compuational Security Analysis of the UMTS and LTE Authentication and Key Agreement Protocols. CoRR, abs/1203.3866 (2012)

    Google Scholar 

  20. Zhang, M., Fang, Y.: Security analysis and enhancements of 3GPP authentication and key agreement protocol. IEEE Transactions on Wireless Communications 4(2), 734–742 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Telematics, Norwegian University of Sciences and Technology, NTNU, Norway

    Joe-Kai Tsay & Stig F. MjÞlsnes

Authors
  1. Joe-Kai Tsay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stig F. MjĂžlsnes
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation, Russian Academy of Science, 39, 14th Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  2. Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tsay, JK., MjĂžlsnes, S.F. (2012). A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33704-8_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33703-1

  • Online ISBN: 978-3-642-33704-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation