SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks
Introduction
With the development of mobile communication systems, numerous authentication and key agreement (AKA) protocols have been proposed. To improve the security weaknesses in Global System for Mobile Communications (GSM) [1], UMTS-AKA, which is based on GSM’s successor Universal Mobile Telecommunications System (UMTS), was proposed at the network level [2] for authenticating 3G mobile subscribers. UMTS-AKA can negotiate security keys between a subscriber and the serving network and then achieve mutual authentication between the two parties. UMTS-AKA can also successfully defeat most of the vulnerabilities found in GSM systems and ensure a more secure telecommunication environment. Nevertheless, it is still vulnerable to some sophisticated attacks, such as redirection and man-in-the-middle attacks. Recently, a novel authentication protocol dedicated for Evolved Packet System (EPS) has been proposed in the Long Term Evolution (LTE) project [3] by the 3rd Generation Partnership Project (3GPP), known as EPS-AKA [4], which is based on its predecessor UMTS-AKA protocol. Backward compatibility of EPS-AKA is an important factor for its wide acceptance, but it may also hinder progress and limit the design freedom. On one hand, EPS-AKA inevitably inherits some defects of UMTS-AKA and cannot resist known typical attacks found in UMTS-AKA, i.e., redirection attack that is discussed by [5], [24], man-in-the-middle attack which is studied in [6], [30], and DoS attack that is given in [29], [30]; on the other hand, there are some additional security issues associated with the EPS-AKA protocol that cannot be neglected, i.e., the lack of privacy-preservation and key forward/backward secrecy (KFS/KBS). Although most of the existing studies of mobile communication protocols have focused on confidentiality and authentication requirements, yet privacy-preservation [7], [8], [9], another important issue in mobile communication networks, has not been well addressed. Recently, Arapinis et al. [10] highlight the privacy problems of the 3G network, they exposed two novel threats to the user privacy in 3G telephony systems, i.e., IMSI paging attack and AKA protocol linkability attack, which make it possible to trace and identify mobile telephony subscribers. At the same time, they propose amendments to these privacy issues. Moreover, EPS-AKA still uses a symmetric key K shared between the user equipment and the home subscriber server to perform authentication and key agreement. All subkeys are generated using K. Therefore, disclosure of K is equal to the disclosure of whole procedure of EPS-AKA, i.e., EPS-AKA does not provide KFS/KBS.1
With the emergence of group-based communication scenarios, there are a large number of user terminals with the same properties in a network, e.g., machine-type communication (MTC) [11], [12], [13]. These kinds of devices can form a group when they are in the same region, belong to the same applications, etc. [14], [15], [16], [17]. If a large number of devices in a group need to access the network successively over a short period of time, available authentication methods will suffer from high network access latency until completing authentication procedures of all devices in the same group, especially when these devices roam in a visited domain which is far from their home domain. The reason is that every device must perform a full AKA authentication procedure with home authentication server, so authentication signaling in the network will increase. Meanwhile, the overload of home authentication server will increase due to frequently generating authentication vectors. To the best of our knowledge, most of existing authentication schemes on 3G/LTE networks do not have group authentication mechanism and are not suitable for the authentication of group-based communications, and few authentication protocols for group communications have been proposed. Ngo et al. [18] develop an individual and group authentication model for wireless network services, which uses dynamic key cryptography and group key management to provide authentication for individual and group of users and services; Aboudagga et al. [19] present an associated authentication protocol for mobile groups and individual nodes over heterogeneous domains. However, they are designed for specific scenarios and lack of universality. Recently, Fun et al. propose a novel group-based handover authentication scheme with privacy preservation for mobile WiMAX networks [20]. This scheme improves performance of group-based handover authentication in mobile WiMAX networks. However, it has not discussed the existing attacks, meanwhile, it is designed for WiMAX networks and may not be suitable for LTE networks. Cao et al. [21] propose a group-based authentication and key agreement for MTC in LTE networks, which can effectively authenticate a group of devices at the same time. However, their scheme is totally based on asymmetric cryptography by adopting bilinear pairing technique, which is costly in computation and may not be suitable for resource-constrained mobile device in LTE networks.
Considering security, effectiveness and universality simultaneously, we propose a secure and efficient authentication and key agreement protocol, called SE-AKA, for LTE networks in this paper. The main contributions of this paper are as follows.
- •
First, SE-AKA meets the security requirements defined in EPS-AKA and can resist the existing attacks including redirection, man-in-the-middle and denial-of-service attacks, etc. Besides, motivated by the research done by Arapinis et al. [10], we adopt an asymmetric key cryptosystem to enhance user’s privacy-preservation in LTE networks. In addition, SE-AKA can guarantee KFS/KBS through combining Elliptic Curve Diffie-Hellman (ECDH). Furthermore, we use automatical analyzing tool ProVerif [22] to verify the security of SE-AKA to show its security strength.
- •
Second, the group authentication mechanism is designed which can efficiently authenticate devices in a group compared with the traditional protocols. The results of analysis show that the transmission overhead of the whole authentication is considerably reduced. The computational overhead of home subscriber server and the storage overhead in the serving network can also be decreased.
- •
Third, SE-AKA is proposed based on LTE network infrastructure which can fit in with all of the scenarios for performing group-based authentication in the LTE networks.
The remainder of this paper is organized as follows: In Section 2, we discuss the related works. In Section 3, we review the EPS-AKA protocol, introduce our network architecture, and recall Elliptic Curve Diffie-Hellman [32] as the preliminaries. Then, we present our SE-AKA protocol in Section 4, followed by its security analysis and performance evaluations in Section 5 and Section 6, respectively. Finally, We conclude this paper with remarks about future work in Section 7.
Section snippets
Related work
There have been many research works on authentication and key agreement protocols in 3G/LTE networks. In 2003, Harn and Hsin [23] used the concept of hash chain and message authentication code (MAC) to design an ER-AKA protocol, which is expected to enhance the security of the original UMTS-AKA protocol. However, the protocol has greatly increased space and communication overhead in the hash chain’s storage and transmission.
In 2005, Zhang and Fang [24] pointed out that 3GPP AKA has some
Review of the EPS-AKA protocol
In this section, we first introduce EPS-AKA authentication procedure, which was proposed in the 3GPP release 9 for LTE networks. EPS-AKA can broadly be divided into two stages: (1) authentication data distribution, and (2) user authentication and key agreement. The former enables the home network (HN) of an mobile equipment (ME) to distribute authentication data to the serving network (SN) the ME device is visiting. The latter is to establish new session keys between the ME and the SN. The
Proposed authentication protocol
In this section, we propose a secure and efficient authentication and key agreement protocol for LTE networks (SE-AKA) to facilitate the ME/MEs that have been subscribed in the HN to roam in an SN which is far from HN. Table 2 shows the used notations in the SE-AKA protocol.
Security analysis
In this section, both security analysis and formal verification are conducted to demonstrate that SE-AKA can meet the security requirements.
Performance evaluation
In this section, we compare our SE-AKA protocol with the existing traditional protocols in terms of bandwidth consumption, authentication transmission overhead, computational and storage overhead. We have simulated the proposed SE-AKA in MATLAB running on a 2.30 GHz-processor 4 GB-memory computing machine.
Conclusion and future work
In this paper, we have proposed a secure and efficient AKA protocol SE-AKA to fit in the LTE networks with all of the group authentication scenarios. Compared with other authentication protocols, SE-AKA cannot only provide strong security properties including privacy-preservation and KFS/KBS, but also provide a group authentication mechanism which can effectively authenticate group devices. Extensive security analysis and formal verification by using proverif have shown that the proposed SE-AKA
Acknowledgments
This work is supported by China Scholarship Council, the National Natural Science Foundation of China Grant 61272457, 61102056, and the National Science and Technology Major Projects (No. 2012ZX03002003).
Chengzhe Lai received the B.S. degree from Xi’an Institute of Posts and Telecommunications. He is currently working toward the Ph.D. degree in Cryptography, Xidian University, China. He is currently a visiting Ph.D. student with the Broadband Communications Research (BBCR) Group, University of Waterloo. His research interests include wireless network security, LTE networks and M2M communication security.
References (41)
- et al.
A cocktail protocol with the authentication and key agreement on the UMTS
Journal of Systems and Software
(2010) - et al.
A simple and robust handover authentication between HeNB and eNB in LTE networks
Computer Networks
(2012) Network aspects of the GSM system
EUROCON
(1988)- 3GPP TS 21.133 V4.1.0, 3G Security; Security Threats and Requirements,...
- ...
- 3GPP TS 33.401 V12.5.0, 3GPP System Architecture Evolution (SAE); Security architecture, September...
- M. Zhang, Provably-secure enhancement on 3GPP authentication and key agreement protocol, Verizon Commun., Cryptology...
- U. Meyer, S. Wetzel, A man-in-the-middle attack on UMTS, in: Proc. 3rd ACM WiSe, New York, 2004, pp....
- et al.
PPAB: a privacy-preserving authentication and billing architecture for metropolitan area sharing networks
IEEE Transactions on Vehicular Technology
(2009) - X.H. Liang, X. Li, R.X. Lu, X.D. Lin, X.M. Shen, Enabling pervasive healthcare with privacy preservation in smart...
PEC: a privacy-preserving emergency call scheme for mobile healthcare social networks
Journal of Communications and Networks
New privacy issues in mobile telephony: fix and verification
GRS: the green, reliability, and security of emerging machine to machine communications
IEEE Communications Magazine
Security issues on machine to machine communications
KSII Transaction on Internet and Information Systems
Machine-to-machine communications for home energy management system in smart grid
IEEE Communications Magazine
Cognitive machine-to-machine communications: visions and potentials for the smart grid
IEEE Network
An individual and group authentication model for wireless network services
JCIT: Journal of Convergence Information Technology
Cited by (154)
A comprehensive survey on hardware-assisted malware analysis and primitive techniques
2023, Computer NetworksREPS-AKA5: A robust group-based authentication protocol for IoT applications in LTE system
2023, Internet of Things (Netherlands)GBEAKA: Group-based efficient authentication and key agreement protocol for LPIoMT using 5G
2023, Internet of Things (Netherlands)A novel block chain based cluster head authentication protocol for machine-type communication in LTE network: Statistical analysis on attack detection
2022, Journal of King Saud University - Computer and Information SciencesREPS-AKA3: A secure authentication and re- authentication protocol for LTE networks
2022, Journal of Network and Computer ApplicationsCitation Excerpt :Moreover, the superiority of REPS-AKA3 becomes more clear when the number of AVs increases. We analyze the bandwidth consumption between all involved nodes (i.e. UE, eNodeB, MME, and HSS) and compare the REPS-AKA3 with other AKA protocols (Lai et al., 2013) (Adhikari et al., 2020). We assume that n AVs are transmitted to authenticate one UE.
Improved LTE-R Access Authentication Scheme Based on Blockchain and Secgear
2024, IEEE Internet of Things Journal
Chengzhe Lai received the B.S. degree from Xi’an Institute of Posts and Telecommunications. He is currently working toward the Ph.D. degree in Cryptography, Xidian University, China. He is currently a visiting Ph.D. student with the Broadband Communications Research (BBCR) Group, University of Waterloo. His research interests include wireless network security, LTE networks and M2M communication security.
Hui Li received B.Sc. degree from Fudan University in 1990, M.A.Sc. and Ph.D. degrees from Xidian University in 1993 and 1998. Since June 2005, he has been the professor in the school of Telecommunications Engineering, Xidian University, Xi’an Shaanxi, China. His research interests are in the areas of cryptography, wireless network security, information theory and network coding. He is a co-author of two books. He served as technique committee co-chairs of ISPEC 2009 and IAS 2009.
Rongxing Lu received the Ph.D. degree in computer science from Shanghai Jiao Tong University, Shanghai, China in 2006 and the Ph.D. degree in electrical and computer engineering from the University of Waterloo, Waterloo, ON, Canada, in 2012. He is currently an assistant professor with Division of Communication Engineering, School of Electrical and Electronics Engineering, Nanyang Technological University. His research interests include wireless network security, applied cryptography, and trusted computing.
Xuemin (Sherman) Shen received his B.Sc. degree from Dalian Maritime University, China, in 1982, and M.Sc. and Ph.D. degrees from Rutgers University, New Jersey, in 1987 and 1990, all in electrical engineering. He is a professor and university research chair in the Department of Electrical and Computer Engineering, University of Waterloo. His research focuses on resource management in interconnected wireless/wired networks, UWB wireless communications networks, wireless network security, wireless body area networks, and vehicular ad hoc and sensor networks. He is a co-author of three books, and has published more than 400 papers and book chapters in wireless communications and networks, control, and filtering. He is Editor-in-Chief of IEEE Network, and will serve as a Technical Program Committee Co-Chair for IEEE INFOCOM 2014. He is the Chair of the IEEE ComSoc Technical Committee on Wireless Communications, and P2P Communications and Networking, and a voting member of GITC. He was a Founding Area Editor for IEEE Transactions on Wireless Communications, and a Guest Editor for IEEE JSAC, IEEE Wireless Communications, and IEEE Communications Magazine. He also served as the Technical Program Committee Chair for GLOBECOM’07, Tutorial Chair for ICC’08, and Symposia Chair for ICC’10. He received the Excellent Graduate Supervision Award in 2006, and the Outstanding Performance Award in 2004, 2007, and 2010 from the University of Waterloo, and the Premier’s Research Excellence Award in 2003 from the Province of Ontario, Canada. He is a registered Professional Engineer of Ontario, Canada, an IEEE Fellow, a Fellow of the Engineering Institute of Canada, a Fellow of Canadian Academy of Engineering, and was a ComSoc Distinguished Lecturer.