Elsevier

Computer Networks

Volume 57, Issue 17, 9 December 2013, Pages 3492-3510
Computer Networks

SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks

https://doi.org/10.1016/j.comnet.2013.08.003Get rights and content

Abstract

To support Evolved Packet System (EPS) in the Long Term Evolution (LTE) networks, the 3rd Generation Partnership Project (3GPP) has proposed an authentication and key agreement (AKA) protocol, named EPS-AKA, which has become an emerging standard for fourth-generation (4G) wireless communications. However, due to the requirement of backward compatibility, EPS-AKA inevitably inherits some defects of its predecessor UMTS-AKA protocol that cannot resist several frequent attacks, i.e., redirection attack, man-in-the-middle attack, and DoS attack. Meanwhile, there are additional security issues associated with the EPS-AKA protocol, i.e., the lack of privacy-preservation and key forward/backward secrecy (KFS/KBS). In addition, there are new challenges with the emergence of group-based communication scenarios in authentication. In this paper, we propose a secure and efficient AKA protocol, called SE-AKA, which can fit in with all of the group authentication scenarios in the LTE networks. Specifically, SE-AKA uses Elliptic Curve Diffie-Hellman (ECDH) to realize KFS/KBS, and it also adopts an asymmetric key cryptosystem to protect users’ privacy. For group authentication, it simplifies the whole authentication procedure by computing a group temporary key (GTK). Compared with other authentication protocols, SE-AKA cannot only provide strong security including privacy-preservation and KFS/KBS, but also provide a group authentication mechanism which can effectively authenticate group devices. Extensive security analysis and formal verification by using proverif have shown that the proposed SE-AKA is secure against various malicious attacks. In addition, elaborate performance evaluations in terms of communication, computational and storage overhead also demonstrates that SE-AKA is more efficient than those existing protocols.

Introduction

With the development of mobile communication systems, numerous authentication and key agreement (AKA) protocols have been proposed. To improve the security weaknesses in Global System for Mobile Communications (GSM) [1], UMTS-AKA, which is based on GSM’s successor Universal Mobile Telecommunications System (UMTS), was proposed at the network level [2] for authenticating 3G mobile subscribers. UMTS-AKA can negotiate security keys between a subscriber and the serving network and then achieve mutual authentication between the two parties. UMTS-AKA can also successfully defeat most of the vulnerabilities found in GSM systems and ensure a more secure telecommunication environment. Nevertheless, it is still vulnerable to some sophisticated attacks, such as redirection and man-in-the-middle attacks. Recently, a novel authentication protocol dedicated for Evolved Packet System (EPS) has been proposed in the Long Term Evolution (LTE) project [3] by the 3rd Generation Partnership Project (3GPP), known as EPS-AKA [4], which is based on its predecessor UMTS-AKA protocol. Backward compatibility of EPS-AKA is an important factor for its wide acceptance, but it may also hinder progress and limit the design freedom. On one hand, EPS-AKA inevitably inherits some defects of UMTS-AKA and cannot resist known typical attacks found in UMTS-AKA, i.e., redirection attack that is discussed by [5], [24], man-in-the-middle attack which is studied in [6], [30], and DoS attack that is given in [29], [30]; on the other hand, there are some additional security issues associated with the EPS-AKA protocol that cannot be neglected, i.e., the lack of privacy-preservation and key forward/backward secrecy (KFS/KBS). Although most of the existing studies of mobile communication protocols have focused on confidentiality and authentication requirements, yet privacy-preservation [7], [8], [9], another important issue in mobile communication networks, has not been well addressed. Recently, Arapinis et al. [10] highlight the privacy problems of the 3G network, they exposed two novel threats to the user privacy in 3G telephony systems, i.e., IMSI paging attack and AKA protocol linkability attack, which make it possible to trace and identify mobile telephony subscribers. At the same time, they propose amendments to these privacy issues. Moreover, EPS-AKA still uses a symmetric key K shared between the user equipment and the home subscriber server to perform authentication and key agreement. All subkeys are generated using K. Therefore, disclosure of K is equal to the disclosure of whole procedure of EPS-AKA, i.e., EPS-AKA does not provide KFS/KBS.1

With the emergence of group-based communication scenarios, there are a large number of user terminals with the same properties in a network, e.g., machine-type communication (MTC) [11], [12], [13]. These kinds of devices can form a group when they are in the same region, belong to the same applications, etc. [14], [15], [16], [17]. If a large number of devices in a group need to access the network successively over a short period of time, available authentication methods will suffer from high network access latency until completing authentication procedures of all devices in the same group, especially when these devices roam in a visited domain which is far from their home domain. The reason is that every device must perform a full AKA authentication procedure with home authentication server, so authentication signaling in the network will increase. Meanwhile, the overload of home authentication server will increase due to frequently generating authentication vectors. To the best of our knowledge, most of existing authentication schemes on 3G/LTE networks do not have group authentication mechanism and are not suitable for the authentication of group-based communications, and few authentication protocols for group communications have been proposed. Ngo et al. [18] develop an individual and group authentication model for wireless network services, which uses dynamic key cryptography and group key management to provide authentication for individual and group of users and services; Aboudagga et al. [19] present an associated authentication protocol for mobile groups and individual nodes over heterogeneous domains. However, they are designed for specific scenarios and lack of universality. Recently, Fun et al. propose a novel group-based handover authentication scheme with privacy preservation for mobile WiMAX networks [20]. This scheme improves performance of group-based handover authentication in mobile WiMAX networks. However, it has not discussed the existing attacks, meanwhile, it is designed for WiMAX networks and may not be suitable for LTE networks. Cao et al. [21] propose a group-based authentication and key agreement for MTC in LTE networks, which can effectively authenticate a group of devices at the same time. However, their scheme is totally based on asymmetric cryptography by adopting bilinear pairing technique, which is costly in computation and may not be suitable for resource-constrained mobile device in LTE networks.

Considering security, effectiveness and universality simultaneously, we propose a secure and efficient authentication and key agreement protocol, called SE-AKA, for LTE networks in this paper. The main contributions of this paper are as follows.

  • First, SE-AKA meets the security requirements defined in EPS-AKA and can resist the existing attacks including redirection, man-in-the-middle and denial-of-service attacks, etc. Besides, motivated by the research done by Arapinis et al. [10], we adopt an asymmetric key cryptosystem to enhance user’s privacy-preservation in LTE networks. In addition, SE-AKA can guarantee KFS/KBS through combining Elliptic Curve Diffie-Hellman (ECDH). Furthermore, we use automatical analyzing tool ProVerif [22] to verify the security of SE-AKA to show its security strength.

  • Second, the group authentication mechanism is designed which can efficiently authenticate devices in a group compared with the traditional protocols. The results of analysis show that the transmission overhead of the whole authentication is considerably reduced. The computational overhead of home subscriber server and the storage overhead in the serving network can also be decreased.

  • Third, SE-AKA is proposed based on LTE network infrastructure which can fit in with all of the scenarios for performing group-based authentication in the LTE networks.

The remainder of this paper is organized as follows: In Section 2, we discuss the related works. In Section 3, we review the EPS-AKA protocol, introduce our network architecture, and recall Elliptic Curve Diffie-Hellman [32] as the preliminaries. Then, we present our SE-AKA protocol in Section 4, followed by its security analysis and performance evaluations in Section 5 and Section 6, respectively. Finally, We conclude this paper with remarks about future work in Section 7.

Section snippets

Related work

There have been many research works on authentication and key agreement protocols in 3G/LTE networks. In 2003, Harn and Hsin [23] used the concept of hash chain and message authentication code (MAC) to design an ER-AKA protocol, which is expected to enhance the security of the original UMTS-AKA protocol. However, the protocol has greatly increased space and communication overhead in the hash chain’s storage and transmission.

In 2005, Zhang and Fang [24] pointed out that 3GPP AKA has some

Review of the EPS-AKA protocol

In this section, we first introduce EPS-AKA authentication procedure, which was proposed in the 3GPP release 9 for LTE networks. EPS-AKA can broadly be divided into two stages: (1) authentication data distribution, and (2) user authentication and key agreement. The former enables the home network (HN) of an mobile equipment (ME) to distribute authentication data to the serving network (SN) the ME device is visiting. The latter is to establish new session keys between the ME and the SN. The

Proposed authentication protocol

In this section, we propose a secure and efficient authentication and key agreement protocol for LTE networks (SE-AKA) to facilitate the ME/MEs that have been subscribed in the HN to roam in an SN which is far from HN. Table 2 shows the used notations in the SE-AKA protocol.

Security analysis

In this section, both security analysis and formal verification are conducted to demonstrate that SE-AKA can meet the security requirements.

Performance evaluation

In this section, we compare our SE-AKA protocol with the existing traditional protocols in terms of bandwidth consumption, authentication transmission overhead, computational and storage overhead. We have simulated the proposed SE-AKA in MATLAB running on a 2.30 GHz-processor 4 GB-memory computing machine.

Conclusion and future work

In this paper, we have proposed a secure and efficient AKA protocol SE-AKA to fit in the LTE networks with all of the group authentication scenarios. Compared with other authentication protocols, SE-AKA cannot only provide strong security properties including privacy-preservation and KFS/KBS, but also provide a group authentication mechanism which can effectively authenticate group devices. Extensive security analysis and formal verification by using proverif have shown that the proposed SE-AKA

Acknowledgments

This work is supported by China Scholarship Council, the National Natural Science Foundation of China Grant 61272457, 61102056, and the National Science and Technology Major Projects (No. 2012ZX03002003).

Chengzhe Lai received the B.S. degree from Xi’an Institute of Posts and Telecommunications. He is currently working toward the Ph.D. degree in Cryptography, Xidian University, China. He is currently a visiting Ph.D. student with the Broadband Communications Research (BBCR) Group, University of Waterloo. His research interests include wireless network security, LTE networks and M2M communication security.

References (41)

  • H.H. Ou et al.

    A cocktail protocol with the authentication and key agreement on the UMTS

    Journal of Systems and Software

    (2010)
  • J. Cao et al.

    A simple and robust handover authentication between HeNB and eNB in LTE networks

    Computer Networks

    (2012)
  • J.A. Audestad

    Network aspects of the GSM system

    EUROCON

    (1988)
  • 3GPP TS 21.133 V4.1.0, 3G Security; Security Threats and Requirements,...
  • ...
  • 3GPP TS 33.401 V12.5.0, 3GPP System Architecture Evolution (SAE); Security architecture, September...
  • M. Zhang, Provably-secure enhancement on 3GPP authentication and key agreement protocol, Verizon Commun., Cryptology...
  • U. Meyer, S. Wetzel, A man-in-the-middle attack on UMTS, in: Proc. 3rd ACM WiSe, New York, 2004, pp....
  • H.J. Zhu et al.

    PPAB: a privacy-preserving authentication and billing architecture for metropolitan area sharing networks

    IEEE Transactions on Vehicular Technology

    (2009)
  • X.H. Liang, X. Li, R.X. Lu, X.D. Lin, X.M. Shen, Enabling pervasive healthcare with privacy preservation in smart...
  • X.H. Liang et al.

    PEC: a privacy-preserving emergency call scheme for mobile healthcare social networks

    Journal of Communications and Networks

    (2011)
  • M. Arapinis et al.

    New privacy issues in mobile telephony: fix and verification

  • 3GPP TR 23.888 V11.0.0, System Improvements for Machine-Type Communications, September...
  • R.X. Lu et al.

    GRS: the green, reliability, and security of emerging machine to machine communications

    IEEE Communications Magazine

    (2011)
  • C.Z. Lai et al.

    Security issues on machine to machine communications

    KSII Transaction on Internet and Information Systems

    (2012)
  • A. Wasef, X.M. Shen, PPGCV: privacy preserving group communications protocol for vehicular ad hoc networks, in: IEEE...
  • D. Niyato et al.

    Machine-to-machine communications for home energy management system in smart grid

    IEEE Communications Magazine

    (2011)
  • Y. Zhang et al.

    Cognitive machine-to-machine communications: visions and potentials for the smart grid

    IEEE Network

    (2012)
  • K. Lee, J.S. Shin, Y.W. Cho, K.S. Ko, D.K. Sung, H.S. Shin, A group-based communication scheme based on the location...
  • H.H. Ngo et al.

    An individual and group authentication model for wireless network services

    JCIT: Journal of Convergence Information Technology

    (2010)
  • Cited by (154)

    • REPS-AKA3: A secure authentication and re- authentication protocol for LTE networks

      2022, Journal of Network and Computer Applications
      Citation Excerpt :

      Moreover, the superiority of REPS-AKA3 becomes more clear when the number of AVs increases. We analyze the bandwidth consumption between all involved nodes (i.e. UE, eNodeB, MME, and HSS) and compare the REPS-AKA3 with other AKA protocols (Lai et al., 2013) (Adhikari et al., 2020). We assume that n AVs are transmitted to authenticate one UE.

    View all citing articles on Scopus

    Chengzhe Lai received the B.S. degree from Xi’an Institute of Posts and Telecommunications. He is currently working toward the Ph.D. degree in Cryptography, Xidian University, China. He is currently a visiting Ph.D. student with the Broadband Communications Research (BBCR) Group, University of Waterloo. His research interests include wireless network security, LTE networks and M2M communication security.

    Hui Li received B.Sc. degree from Fudan University in 1990, M.A.Sc. and Ph.D. degrees from Xidian University in 1993 and 1998. Since June 2005, he has been the professor in the school of Telecommunications Engineering, Xidian University, Xi’an Shaanxi, China. His research interests are in the areas of cryptography, wireless network security, information theory and network coding. He is a co-author of two books. He served as technique committee co-chairs of ISPEC 2009 and IAS 2009.

    Rongxing Lu received the Ph.D. degree in computer science from Shanghai Jiao Tong University, Shanghai, China in 2006 and the Ph.D. degree in electrical and computer engineering from the University of Waterloo, Waterloo, ON, Canada, in 2012. He is currently an assistant professor with Division of Communication Engineering, School of Electrical and Electronics Engineering, Nanyang Technological University. His research interests include wireless network security, applied cryptography, and trusted computing.

    Xuemin (Sherman) Shen received his B.Sc. degree from Dalian Maritime University, China, in 1982, and M.Sc. and Ph.D. degrees from Rutgers University, New Jersey, in 1987 and 1990, all in electrical engineering. He is a professor and university research chair in the Department of Electrical and Computer Engineering, University of Waterloo. His research focuses on resource management in interconnected wireless/wired networks, UWB wireless communications networks, wireless network security, wireless body area networks, and vehicular ad hoc and sensor networks. He is a co-author of three books, and has published more than 400 papers and book chapters in wireless communications and networks, control, and filtering. He is Editor-in-Chief of IEEE Network, and will serve as a Technical Program Committee Co-Chair for IEEE INFOCOM 2014. He is the Chair of the IEEE ComSoc Technical Committee on Wireless Communications, and P2P Communications and Networking, and a voting member of GITC. He was a Founding Area Editor for IEEE Transactions on Wireless Communications, and a Guest Editor for IEEE JSAC, IEEE Wireless Communications, and IEEE Communications Magazine. He also served as the Technical Program Committee Chair for GLOBECOM’07, Tutorial Chair for ICC’08, and Symposia Chair for ICC’10. He received the Excellent Graduate Supervision Award in 2006, and the Outstanding Performance Award in 2004, 2007, and 2010 from the University of Waterloo, and the Premier’s Research Excellence Award in 2003 from the Province of Ontario, Canada. He is a registered Professional Engineer of Ontario, Canada, an IEEE Fellow, a Fellow of the Engineering Institute of Canada, a Fellow of Canadian Academy of Engineering, and was a ComSoc Distinguished Lecturer.

    View full text