A Security Enhancement and Proof for Authentication and Key Agreement (AKA)

Kolesnikov, Vladimir

doi:10.1007/978-3-642-15317-4_16

Vladimir Kolesnikov¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6280))

Included in the following conference series:

International Conference on Security and Cryptography for Networks

1466 Accesses
2 Citations

Abstract

In this work, we consider Authentication and Key Agreement (AKA), a popular client-server Key Exchange (KE) protocol, commonly used in wireless standards (e.g., UMTS), and widely considered for new applications. We discuss natural potential usage scenarios for AKA, attract attention to subtle vulnerabilities, propose a simple and efficient AKA enhancement, and provide its formal proof of security.

The vulnerabilities arise due to the fact that AKA is not a secure KE in the standard cryptographic sense, since Client \(\mathcal{C}\) does not contribute randomness to the session key. We argue that AKA remains secure in current deployments where \(\mathcal{C}\) is an entity controlled by a single tamper-resistant User Identity Module (UIM). However, we also show that AKA is insecure if several Client’s devices/UIMs share his identity and key.

We show practical applicability and efficiency benefits of such multi-UIM scenarios. As our main contribution, we adapt AKA for this setting, with only the minimal changes, while adhering to AKA design goals, and preserving its advantages and features. Our protocol involves one extra PRFG evaluation and no extra messages. We formally prove security of the resulting protocol. We discuss how our security improvement allows simplification of some of AKA security heuristics, which may make our protocol more efficient and robust than AKA even for the current deployment scenarios.

Full version of this paper appears in ePrint archive [8].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

WiMAX Forum, http://www.wimaxforum.org/
3rd Generation Partnership Project. 3GPP Technical Specification 3GPP TS 33.102 V7.1.0: Technical Specification Group Services and System Aspects; 3G Security; Security Architecture (Release 7) (December 2006)
Google Scholar
3rd Generation Partnership Project. 3GPP Techical Report TR 33.902: Formal Analysis of the 3G Authentication Protocol (March 2001), http://www.3gpp.org/ftp/Specs/html-info/33902.htm
Arkko, J., Haverinen, H.: IETF Network Working Group: Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA). RFC 4187 (January 2006), http://tools.ietf.org/html/rfc4187
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990)
Article Google Scholar
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Chapter Google Scholar
Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)
Chapter Google Scholar
Kolesnikov, V.: A security enhancement and proof for Authentication and Key Agreement (AKA). Cryptology ePrint Archive, Report 2010/350 (2010), http://eprint.iacr.org/
Kolesnikov, V., Rackoff, C.: Key exchange using passwords and long keys. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 100–119. Springer, Heidelberg (2006)
Chapter Google Scholar
Kolesnikov, V., Rackoff, C.: Password mistyping in two-factor-authenticated key exchange. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 702–714. Springer, Heidelberg (2008)
Chapter Google Scholar
Shoup, V.: On formal models for secure key exchange. Technical Report RZ 3120 (#93166), IBM (1999)
Google Scholar
Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)
Google Scholar
Zhang, M., Fang, Y.: Security analysis and enhancements of 3gpp authentication and key agreement protocol. IEEE Transactions on Wireless Communications 4, 734–742 (2005)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Alcatel-Lucent Bell Laboratories, 600 Mountain Ave., Murray Hill, NJ, 07974, USA
Vladimir Kolesnikov

Authors

Vladimir Kolesnikov
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

AT&T Labs Research, Florham Park, NJ, USA
Juan A. Garay
Dipartimento di Informatica ed Applicazioni, Università di Salerno, via Ponte don Melillo, 84084, Fisciano, (SA), Italy
Roberto De Prisco

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kolesnikov, V. (2010). A Security Enhancement and Proof for Authentication and Key Agreement (AKA). In: Garay, J.A., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2010. Lecture Notes in Computer Science, vol 6280. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15317-4_16

Download citation

DOI: https://doi.org/10.1007/978-3-642-15317-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15316-7
Online ISBN: 978-3-642-15317-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics