Formal Analysis of Security Procedures in LTE - A Feasibility Study

  • Noomene Ben Henda
  • Karl Norrman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8688)


The only part of the Long Term Evolution (LTE) security standard that has been formally analyzed is the Authentication and Key Agreement (AKA) procedure. It is not clear how well existing security related verification tools can handle other types of procedures. In this work, we use ProVerif to analyze the procedures related to session management and mobility. Our analysis has shown that most of the secrecy and agreement properties hold which was expected. However, we had difficulties proving stronger injective agreement properties.


Formal verification Telecom LTE security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    3GPP The Mobile Broadband Standard,
  2. 2.
    10th Computer Security Foundations Workshop (CSFW 1997), Rockport, Massachusetts, USA, June 10-12. IEEE Computer Society (1997)Google Scholar
  3. 3.
    Abadi, M., Blanchet, B., Fournet, C.: Just Fast Keying in the Pi Calculus. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 340–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Hankin, C., Schmidt, D. (eds.) POPL, pp. 104–115. ACM (2001)Google Scholar
  5. 5.
    Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M., Golde, N., Redon, K., Borgaonkar, R.: New privacy issues in mobile telephony: fix and verification. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM Conference on Computer and Communications Security, pp. 205–216. ACM (2012)Google Scholar
  6. 6.
    Armando, A., et al.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Blanchet, B.: Automatic verification of correspondences for security protocolsGoogle Scholar
  8. 8.
    Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: CSFW, pp. 82–96. IEEE Computer Society (2001)Google Scholar
  9. 9.
    Blanchet, B., Chaudhuri, A.: Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage. In: IEEE Symposium on Security and Privacy, pp. 417–431. IEEE Computer Society (2008)Google Scholar
  10. 10.
    Blanchet, B., Smyth, B., Cheval, V.: ProVerif 1.88: Automatic Cryptographic Protocol Verifier, User Manual and TutorialGoogle Scholar
  11. 11.
    Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Automatic validation of protocol narrationGoogle Scholar
  12. 12.
    Bouassida, M.S., Chridi, N., Chrisment, I., Festor, O., Vigneron, L.: Automated verification of a key management architecture for hierarchical group protocols. Annales des Télécommunications 62(11-12), 1365–1387 (2007)Google Scholar
  13. 13.
    Cremers, C.J.F.: The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Cremers, C.J.F.: Session-state Reveal Is Stronger Than Ephemeral Key Reveal: Attacking the NAXOS Authenticated Key Exchange Protocol. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 20–33. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Cremers, C.: Key Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 315–334. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  16. 16.
    Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)CrossRefzbMATHMathSciNetGoogle Scholar
  17. 17.
    Fang, J., Jiang, R.: An analysis and improvement of 3GPP SAE AKA protocol based on strand space model. In: 2010 2nd IEEE International Conference on Network Infrastructure and Digital Content, pp. 789–793 (September 2010)Google Scholar
  18. 18.
    Holzmann, G.J.: The Model Checker SPIN. IEEE Trans. Software Eng. 23(5), 279–295 (1997)CrossRefMathSciNetGoogle Scholar
  19. 19.
    Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Lowe, G.: A Hierarchy of Authentication Specification. In: CSFW [2], pp. 31–44Google Scholar
  21. 21.
    Lowe, G.: Casper: A Compiler for the Analysis of Security Protocols. In: CSFW [2], pp. 18–30Google Scholar
  22. 22.
    Meadows, C.: The NRL Protocol Analyzer: An Overview. J. Log. Program. 26(2), 113–131 (1996)CrossRefzbMATHGoogle Scholar
  23. 23.
    Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN Prover for the Symbolic Analysis of Security Protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  24. 24.
    Qachri, N., Markowitch, O., Dricot, J.-M.: A formally Verififed Protocol for Secure Vertical Handovers in 4G Heterogeneous Networks. International Journal of Security and Its Applications 7(6) (2013)Google Scholar
  25. 25.
    Schmidt, B., Sasse, R., Basin, D.: Automated Verification of Group Key Agreement Protocols. In: IEEE Symposium on Security and Privacy (to appear, 2014)Google Scholar
  26. 26.
    Taha, A.M., Abdel-Hamid, A.T., Tahar, S.: Formal analysis of the handover schemes in mobile WiMAX networks. In: IFIP International Conference on Wireless and Optical Communications Networks, WOCN 2009, pp. 1–5 (April 2009)Google Scholar
  27. 27.
    Taha, A.M., Abdel-Hamid, A.T., Tahar, S.: Formal Verification of IEEE 802.16 Security Sublayer Using Scyther Tool. In: International Conference on Network and Service Security, N2S 2009, pp. 1–5 (June 2009)Google Scholar
  28. 28.
    Tang, C., Naumann, D.A., Wetzel, S.: Symbolic Analysis for Security of Roaming Protocols in Mobile Networks - (Extended Abstract). In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds.) SecureComm. LNICST, vol. 96, pp. 480–490. Springer (2011)Google Scholar
  29. 29.
    Tsay, J.-K., Mjølsnes, S.F.: A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 65–76. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  30. 30.
    Zhang, M., Fang, Y.: Security analysis and enhancements of 3gpp authentication and key agreement protocolGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Noomene Ben Henda
    • 1
  • Karl Norrman
    • 1
  1. 1.Ericsson Research StockholmSweden

Personalised recommendations