Cryptology ePrint Archive: Report 2016/371

A Cryptographic Analysis of UMTS/LTE AKA

Stéphanie Alt and Pierre-Alain Fouque and Gilles Macario-rat and Cristina Onete and Benjamin Richard

Abstract: Secure communications between mobile subscribers and their associated operator networks require mutual authentication and key derivation protocols. The 3GPP standard provides the AKA protocol for just this purpose. Its structure is generic, to be instantiated with a set of seven cryptographic algorithms. The currently-used proposal instantiates these by means of a set of AES-based algorithms called MILENAGE; as an alternative, the ETSI SAGE committee submitted the TUAK algorithms, which rely on a truncation of the internal permutation of Keccak.

In this paper, we provide a formal security analysis of the AKA protocol in its complete three-party setting. We formulate requirements with respect to both Man-in-the-Middle (MiM) adversaries, i.e. key-indistinguishability and impersonation security, and to local untrusted serving networks, denoted “servers”, namely state-confidentiality and soundness. We prove that the unmodified AKA protocol attains these properties as long as servers cannot be corrupted. Furthermore, adding a unique server identifier suffices to guarantee all the security statements even in in the presence of corrupted servers. We use a modular proof approach: the first step is to prove the security of (modified and unmodified) AKA with generic cryptographic algorithms that can be represented as a unitary pseudorandom function –PRF– keyed either with the client’s secret key or with the operator key. A second step proceeds to show that TUAK and MILENAGE guarantee this type of pseudorandomness, though the guarantee for MILENAGE requires a stronger assumption. Our paper provides (to our knowledge) the first complete, rigorous analysis of the original AKA protocol and these two instantiations. We stress that such an analysis is important for any protocol deployed in real-life scenarios.

Category / Keywords: cryptographic protocols / security proof, AKA protocol, TUAK, MILENAGE.

Original Publication (with major differences): Proceedings of ACNS 2016

Date: received 12 Apr 2016, last revised 13 May 2016

Contact author: cristina onete at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20160513:124359 (All versions of this report)

Short URL: ia.cr/2016/371

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]