a security enhancement and proof for aka (authentication and key agreement)
DESCRIPTION
A Security Enhancement and Proof for AKA (Authentication and Key Agreement). Vladimir Kolesnikov Bell Labs SCN 2010. Program. AKA background AKA Single-UIM property Our extension to “regular” KE. The AKA Setting. HE (Home Environment). AV. ?. SN (Serving Network). MS - PowerPoint PPT PresentationTRANSCRIPT
-
A Security Enhancement and Prooffor AKA(Authentication and Key Agreement)Vladimir KolesnikovBell LabsSCN 2010
All Rights Reserved Alcatel-Lucent 2007,2008
ProgramAKA backgroundAKA Single-UIM propertyOur extension to regular KE
All Rights Reserved Alcatel-Lucent 2007,2008
The AKA SettingAVMS(Mobile Set)SN(Serving Network)HE(Home Environment)
All Rights Reserved Alcatel-Lucent 2007,2008
AKA Message FlowCredential:Shared key K
One-time Auth vector AVRAND, SQNAUTN = SQN, FK(0,SQN,RAND)XRES = FK(1,RAND)SK = FK(2,RAND)
Obvious problem:MS does not contribute randomnessAKA Resolution:K stored on single UIMUIM keeps state (SQN)sksk
All Rights Reserved Alcatel-Lucent 2007,2008
Crypto-traditional Multi-UIM secuirity Users have several devices UIMs keyed with the same key improves AV management Simplified state management (SQN) More robust (simplified credential management, UIM cloning) Strict AKA deployment requirements Flow is preserved. No extra messages No extra overhead
All Rights Reserved Alcatel-Lucent 2007,2008
Our Multi-UIM-secure AKAIdea: do not use AKA-derived SK directly.use SK = FSK (RANDC)
All Rights Reserved Alcatel-Lucent 2007,2008
Multi-AKAskskRANDCFsk(RANDC)Fsk(RANDC)
All Rights Reserved Alcatel-Lucent 2007,2008
SecurityGive the usual game-style KE security definitionTheorem: Essential message exchange of the above Multi-AKA protocol is a secure KE protocol.