1 / 8

A Security Enhancement and Proof for AKA (Authentication and Key Agreement)

A Security Enhancement and Proof for AKA (Authentication and Key Agreement). Vladimir Kolesnikov Bell Labs SCN 2010. Program. AKA background AKA Single-UIM property Our extension to “regular” KE. The AKA Setting. HE (Home Environment). AV. ?. SN (Serving Network). MS

lael
Download Presentation

A Security Enhancement and Proof for AKA (Authentication and Key Agreement)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Security Enhancement and Prooffor AKA(Authentication and Key Agreement) Vladimir Kolesnikov Bell Labs SCN 2010

  2. Program • AKA background • AKA Single-UIM property • Our extension to “regular” KE

  3. The AKA Setting HE (Home Environment) AV ? SN (Serving Network) MS (Mobile Set)

  4. AKA Message Flow Credential: Shared key K One-time Auth vector AV RAND, SQN AUTN = SQN, FK(0,SQN,RAND) XRES = FK(1,RAND) SK = FK(2,RAND) Obvious problem: MS does not contribute randomness AKA Resolution: K stored on single UIM UIM keeps state (SQN) sk sk

  5. “Crypto-traditional” Multi-UIM secuirity Users have several devices UIMs keyed with the same key improves AV management Simplified state management (SQN) More robust (simplified credential management, UIM cloning) Strict AKA deployment requirements Flow is preserved. No extra messages No extra overhead

  6. Our Multi-UIM-secure AKA Idea: do not use AKA-derived SK directly. use SK’ = FSK (RANDC)

  7. Multi-AKA RANDC Fsk(RANDC) Fsk(RANDC) sk sk

  8. Security Give the usual game-style KE security definition Theorem: Essential message exchange of the above Multi-AKA protocol is a secure KE protocol.

More Related