Abstract
We report on a deficiency in the specifications of the Authentication and Key Agreement (AKA) protocols of the Universal Mobile Telecommunications System (UMTS) and Long-Term Evolution (LTE) as well as the specification of the GSM Subscriber Identity Authentication protocol, which are all maintained by the 3rd Generation Partnership Program (3GPP), an international consortium of telecommunications standards bodies. The flaw, although found using the computational prover CryptoVerif, is of symbolic nature and could be exploited by both an outside and an inside attacker in order to violate entity authentication properties. An inside attacker may impersonate an honest user during a run of the protocol and apply the session key to use subsequent wireless services on behalf of the honest user.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
3GPP TS 33.102. 3G Security; Formal Analysis of the 3G Authentication Protocol, http://www.3gpp.org/ftp/Specs/html-info/33902.html
3GPP TS 29.002. Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Mobile Application Part (MAP) specification, http://www.3gpp.org/ftp/Specs/html-info/29002.html
3GPP TS 33.102. LTE; 3G Security; Security Architecture, http://www.3gpp.org/ftp/Specs/html-info/33102.html
3GPP TS 33.200. 3G Security; Network Domain Security (NDS); Mobile Application Part (MAP) application layer security, http://www.3gpp.org/ftp/Specs/html-info/33200.html
3GPP TS 33.210. LTE; 3G Security; Network Domain Security (NDS); IP network layer security, http://www.3gpp.org/ftp/Specs/html-info/33210.html
3GPP TS 33.310. LTE; Network Domain Security (NDS); Authentication Framework (AF), http://www.3gpp.org/ftp/Specs/html-info/33310.html
3GPP TS 33.401. LTE; 3GPP System Architecture Evolution (SAE); Security Architecture, http://www.3gpp.org/ftp/Specs/html-info/33401.html
3GPP TS 42.009. Digital cellular telecommunications system (Phase 2+); Security Aspects, http://www.3gpp.org/ftp/Specs/html-info/42009.html
3GPP TS 43.020. Digital cellular telecommunications system (Phase 2+); Security related network functions, http://www.3gpp.org/ftp/Specs/html-info/43020.html
Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M.: Formal Analysis of UMTS Privacy. CoRR, abs/1109.2066 (2011), http://arxiv.org/abs/1109.2066
Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada, pp. 82â96. IEEE Computer Society (June 2001)
Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada, pp. 82â96. IEEE Computer Society (June 2001)
Blanchet, B.: A Computationally Sound Mechanized Prover for Security Protocols. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 140â154 (May 2006)
Blanchet, B.: A Computationally Sound Mechanized Prover for Security Protocols. IEEE Transactions on Dependable and Secure Computing 5(4), 193â207 (2006); Special issue IEEE Symposium on Security and Privacy 2006
Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transactions on Information Theory 2(29), 198â208 (1983)
IETF. Diameter Base Protocol RFC 3588 (September 2003), http://www.ietf.org/rfc/rfc3588.txt
International Telecom Union. ICT Indication Database (2011), http://www.itu.int/ITU-D/ict/statistics/
Meyer, U., Wetzel, S.: A man-in-the-middle attack on UMTS. In: Proceedings of the 3rd ACM Workshop on Wireless Security (WiSe 2004), Philadelphia, PA, USA, pp. 90â97 (2004)
MjĂžlsnes, S.F., Tsay, J.-K.: Compuational Security Analysis of the UMTS and LTE Authentication and Key Agreement Protocols. CoRR, abs/1203.3866 (2012)
Zhang, M., Fang, Y.: Security analysis and enhancements of 3GPP authentication and key agreement protocol. IEEE Transactions on Wireless Communications 4(2), 734â742 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tsay, JK., MjĂžlsnes, S.F. (2012). A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-33704-8_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33703-1
Online ISBN: 978-3-642-33704-8
eBook Packages: Computer ScienceComputer Science (R0)