SummaryAuthentication and key agreement (AKA) is a challenge-response-like security protocol that uses symmetric-key cryptography to establish authenticated keys between 2 parties. Its application in the third-generation mobile system universal mobile telecommunications system (UMTS) is called UMTS-AKA, and the version applied in the fourth-generation mobile communication system long-term evolution (LTE) is called LTE-AKA. Both UMTS-AKA and LTE-AKA share the same weakness: the network operators need to maintain a large space of authentication vectors for visiting stations, and the transmission of the vectors causes lots of overhead. This weakness will be amplified when there are billions of devices accessing the network in the Internet-of-things scenarios. In addition, these schemes provide only key distribution (not key agreement) and cannot provide session key forward secrecy. In this paper, we propose a range-bound key assignment technique to tackle the challenges. The proposed scheme drastically reduces the communication overhead and greatly strengthens the security robustness. The securities are analyzed and are verified using the AVISPA toolset.
| INTRODUCTIONIn the mobile networks such as universal mobile telecommunications system (UMTS) and long-term evolution (LTE), a mobile station (MS) need to establish authenticated keys with the current serving network (SN) via the help of the station's home network (HN). 1-3 The authentication and key agreement (AKA) protocol is one of the most popular authentication protocols adopted in mobile networks. AKA is a challenge-response-like (we will elaborate on this in Section 2) protocol that applies symmetric-key cryptography to establish authenticated keys between 2 parties. Initially, an MS and its HN share some secret keys. When an MS visits an SN, it launches a service request upon which the SN forwards the request to the HN, and the HN returns some authentication vectors (AVs) for the SN to share authenticated session keys with the MS. The long latency between an SN and an HN could incur unbearable communication burden on the authentication process; therefore, the core of both UMTS-AKA 1 and LTE-AKA 2 is to reduce the number of interactions between an SN and an HN. This is achieved by delivering a list of AVs when an SN forwards a request to an HN. Each vector in an AV list consists of (XSQN, RAND, AUTH, XRES, and keying materials) for the SN and the MS to authenticate each other and to derive the same session keys (keying materials). XSQN is an encrypted form of the MS's sequence number (SQN). RAND acts a challenge from the HN. AUTH acts as the HN's response to the MS's request. XRES is the expected response from the MS. Because the HN is not directly involved in the authentication process, the SQN is checked by the MS to ensure the freshness of the corresponding AUTH. This