Video Also Available : https://youtu.be/JlOK6LeZ9oM
The 4th Generation of mobile communications has been designed to fulfill strict security requirements. However many publications found critical vulnerabilities especially in the authentication and key agreement protocol which is the essential part of the security of the network.
This project intends to give an in-depth insight into this issue. It focuses on the enhancement of the Authentication and Key Agreement protocol in 4G mobile networks. The research to be done aims to present an in-depth study of the areas of vulnerability for 4G standard. The aim is then to research and analyze the solutions presented in order to overcome the attacks made on the 4G Network and then to simulate similar attacks on the proposed solutions for the 4G Network, specifically on the AKA Protocol using the AVISPA Simulator.
There is an urgent need to be in synchronization with the evolution of wireless communication and the much-anticipated 4G standard, which promises wonders. This Proposal explores the trends in the evolution of wireless communication and its advantages in security over the earlier systems. It outlines the requirements that are to be met by the 4G standard and also attempts to analyze the technical challenges that demand solutions during the course of the development and implementation of the next generation of wireless communication.
The development of the 4G wireless standard began in 2005 and is expected to be fully completed approximately by mid-2015. Researchers all around the world and industry communities are racing against time to find solutions for open issues in 4G networks. Hopefully as a second objective, all the researches and findings help me to contribute in providing a new extension for the AKA Protocol.
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Networks
1. Enhancement of the Authentication and Key Agreement
Protocol in 4G Mobile Network
Presented by:
Ahmad Kabbara ( CNE)
Student id:201110061
Ahmad.Kabbara@outlook.com
Mobile : 71418179
FACULTY OF ENGINEERING AND INFORMATION TECHNOLOGY AND MARITIME
STUDIES
C O M M U N I C AT I O N A N D N E T W O R K E N G I N E E R I N G D E PA R T M E N T
FINAL YEAR PROJECT FYP596: 2013 - 2014
Project Supervisor: Dr. Bacem Bakhache Bakhache@hotmail.com 03172319
Project Reviewer 1: Dr. Kassem Ahmad Kassem.ahmad@liu.edu.lb 03012333
Project Reviewer 2: Eng. Hikmat Adhami Hikmat.adhami@gmail.com 03205239
Faculty Dean: Dr. Walid Kamali Walid.kamali@gmail.com 70139077
Rev5 27/6/2014
2. This project intends to give an in-depth insight into the issue of security in 4th
generation mobile network specifically in the authentication and key agreement
(AKA) protocol. The aim is to analyze the 4G AKAs and their Enhancements
and propose a new solution to overcome the attacks made on the 4G network
and to oppose to the vulnerabilities found in the 4G AKA Enhancements. This
Solution will be tested based on some QOS parameters and by the AVISPA
tool (Safe/Unsafe results).
Abstract
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 2 /44
3. Introduction
Security in 4G Mobile Networks
EPS-AKA Vulnerabilities & Existing Solution Analysis
Our Proposed Solution
Proposed Solution Analysis & Testing
Project Management
Difficulties, Assessments & Acquired Skills
Outline
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 3 /44
5. Even though the new network generation represents the most important
evolution in the mobile network, many security issues and breaches have been
identified, and multiple non successful enhancements have been proposed. So
in order to overcome these vulnerabilities we propose an enhancement that will
be inspired from some of the successful enhancements in order to provide a
better and more powerful protocol.
Introduction 1/2
Overview
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 5 /44
6. All time integrity and confidentiality
protection of control plane.
User identity confidentiality (IMSI).
Mutual authentication between all
entities.
Introduction 2/2
Objectives
• Search for
vulnerable
areas.
Analyze
• Write AKAs
in HLPSL
Code.
Program
• Implement
AKAs &
Solutions on
AVISPA.
• Compare the
protocols
based on QOS
parameters
Test
Project Methodology
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 6 /44
8. Mobile security has become increasingly important in mobile computing. It
is of particular concern as it relates to the security of personal and business
information.
A smartphone user is exposed to various threats when he uses his phone.
These threats can disrupt the operation of the smartphone, and transmit or
modify the user data. For these reasons, The protocols deployed there
must guarantee the privacy/confidentiality and integrity of the information
the terminal handles.
Security in 4G Mobile Networks
Introduction
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 8 /44
9. 4G Mobile Network Security Credentials 1/3
Integrity and Confidentiality Protection
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 9 /44
10. 4G Mobile Network Security Credentials 2/3
Symmetric Key Cyphering
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 10 /44
11. 4G Mobile Network Security Credentials 3/3
Asymmetric Key Cyphering
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 11 /44
12. Security in 4G Mobile Networks 1/6
EPS AKA Keys derivation Overview
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 12 /44
13. Security in 4G Mobile Network 2/6
EPS AKA Procedure
UE eNB MME HSS/AuC
NAS attach request (IMSI)
AUTH data request
(IMSI, SNid)
AUTH data response
AV ( 1… n )Authentication Request (AUTN, RAND,
KSIasme)
Authentication Response
(RES)
NAS SMC (confidentiality and integrity
algorithm)
NAS Security Mode Complete
S1AP Initial Context Setup
Compute CK &
IK, & Kasme
Compare RES
& XRES
AUTN = (XSQN || AMF || MAC
Generation of authentication vectors
At AUC/HSS Side
AVUMTS = (RAND || XRES || CK || IK || AUTN
Verify that SQN is
in the correct range
Verify MAC=XMAC
Security Context
AS Security Mode
Complete
AS security Mode
Command
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 13 /44
14. f1 f2 f3 f5f4
Generate RAND
Generate SQN
K
AMF
MAC XRES CK IK AK
AUTN = (XSQN || AMF || MAC
Generation of authentication
vectors At AUC Side
f1
f2
XMAC
RES
CK IK
AK
Verify that SQN is
in the correct range
Verify MAX=XMAC
K
f5
SQN
⊕
RAND
AMF MAC
AUTN
f4f3
Network
Authentication
CK IK
KDF
XSQN
KASME
SNID
XSQN
XSQN = xor (SQN,AK)
Generation of authentication vectors
At HSS/UE Side
AVEPS = (RAND || XRES || KASME || AUTN
AVUMTS = (RAND || XRES || CK || IK || AUTN
Generation of Encryption and
integrity Keys
Security in 4G Mobile Network 3/6
EPS AKA Keys Derivation Methods
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 14 /44
15. K
KASME
KNASenc KNASint
KeNB
KRRCintKUPencKUPint KRRCenc
CK , IK
USIM/AuC
UE/HSS
UE/MME
UE/eNB
Security in 4G Mobile Network 4/6
EPS Key Hierarchy
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 15 /44
16. Encryption and integrity of NAS signaling Integrity and Encryption of RRC/AS signaling
User Plane Encryption
Security in 4G Mobile Network 5/6
EPS Key Derivation Purpose
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 16 /44
17. Derived Key= KDF (Kin, S),
or KDF=HMAC-SHA-256
S= FC|| P0| |L0|| P1|| L1||….|| Pn|| Ln
Saize of
derived key
(bits)
Output
derived key
Input secret
key
Kin
FC
(1 octet)
P0, P1, …., Pn L0,
L1,..,Ln
(2 octets)
KASME CK||IK 0x10 SNid, SQN⊕AK 0x0003,
0x0006
256
KeNB KASME 0x11 La valeur Count
de la liaison
montante NAS
0x0004 256
KeNB* KeNB 0x13 PCI, EARFCN-
DL
0x0002,
0x0002
256
KNASenc,
KNASint,
KRRCenc,
KRRCint,
KUPenc,
KUPint
KASME ou
KeNB
0x15 Algorithm
Distinguisher &
Algo-ID
0x0001,
0x0001
128
KDF
KASME
S=0x15||0x 02||0x 0001||0x 01|| 0x 0001
HMAC
SHA-256
Integrity Algorithm ID Integrity Algorithm
‘0001’: EIA1 SNOW 3G
‘0010’: EIA2 AES
‘0011’: EIA3 ZUC
KNASint
Encryption Algorithm ID Encryption
Algorithm
‘0001’: EEA1 SNOW 3G
‘0010’: EEA2 AES
‘0011’: EEA3 Not defined
Security in 4G Mobile Network 6/6
Key Derivation Function
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 17 /44
19. K
Security in 4G Mobile Network 1/4
EPS-AKA Vulnerabilities
UE eNB MME HSS/AuC
NAS attach request (IMSI , UESecCap)
AUTH data request
(IMSI, SNid)
AUTH data response
AV ( 1… n )
Authentication Request (AUTN, RAND,
KSIasme)
Authentication Response
(RES)
NAS SMC (confidentiality and integrity
algorithm)
NAS Security Mode Complete
S1AP Initial Context Setup
Compute CK &
IK, & Kasme
Compare RES
& XRES
AUTN = (XSQN || AMF || MAC)
Generation of authentication
vectors At AUC/HSS Side
AVUMTS = (RAND || XRES || CK || IK || AUTN)AS Security Mode
Complete
AS security Mode
Command
Passive Attacks(eavesdropping) & Active
Attacks
Bidding Down Attack
AVEPS = (RAND || XRES || KASME || AUTN)
Replay Attack
f1 f3 f5f4
Generate RAND
Generate SQN
AMF
MAC XRES CK IK AK
Attack against
the permanent
Key K by
1-Cypher-text
only attack on f1
2-Known
Plaintext Attack
on f2
Attack to recover KASME & K
f2
MITM attack against AVs
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 19 /44
Attack to recover KASME & K
20. Security Enhanced Authentication & Key Agreement – SE AKA
IMSI is cyphered and all transmission links between the entities are protected.
New key generation method.
Ensured Confidentiality Authentication & Key Agreement – EC AKA
Asymmetric encryption of some messages using HSS and MME public keys.
Symmetric encryption of some messages using new encryption key generated
in HSS and UE.
Security in 4G Mobile Network 2/4
Existing Solutions
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 20 /44
21. Advantages:
All transmission connections between the nodes of the EPS all secured
by asymmetric cyphering.
Inconvenients:
Vulnerable against Reject attack
Vulnerable against Service Blocking(MITM)
Vulnerable against Brute Force or Intelligent Brute Force attack against
IMSI
Security in 4G Mobile Network 3/4
Existing Solutions – SE AKA
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 21 /44
22. Advantages:
Oppose the dictionary attack against IMSI
Inconvenients:
Vulnerable against Reject Attack
Vulnerable against Denial of Service Attack against HSS/AuC
Vulnerable against MITM Attack:
Security in 4G Mobile Network 4/4
Existing Solutions – EC AKA
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 22 /44
24. Inspired from the tested protocols (SE & EC AKA)
Need to oppose to most vulnerabilities.
based on both Public key and Symmetric key Cyphering.
New Key Derivation functions.
New keys generated.
The Solution will be tested by AVISPA to ensure its success.
Proposed Solution
Introduction
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 24 /44
25. Proposed Solution
The Revolutionary EPS AKA–upon 1st registration
NAS attach request (IDHSS, B= ({IMSI, SQNUE , RandEK,
RandTHK, RandTIK, UEsecCap, MACTIK1}_PKH))
AUTH data request (A=({SNid, Network-Type,
RandTEK1}_PKH) || B)
AUTH data response (C1=({UEsecCap, RandTEK2,
MACTIK3}_PKM ) || C2=({EK, RandTHK, SQNHSS, AVEPSi (1…
n), MACTIK2}_TEK))
Authentication Request (D1=({AUTN(i), RAND(i), KSIASME,
SQNHSS,MACRIK}_REK),D2=({ChosenUEsecCap, THK}_EK))
Authentication Response (RESEK , MACRIK)
NAS Security Mode Complete
({ReplayedUEsecCap,[IMEISV-request], NAS-MAC}_REK)
NAS SMC ([IMEISV-request], NAS-MAC)
Initial Context Setup
(UEsecCap, KeNB)
AS Security Mode
Complete (AS-MAC)
AS security Mode
Command (Int Algo, Enc
Algo, AS-MAC)
Generation of
Authentication
vectorsHSS
authentication
Generation of
Cyphering
and Integrity
Keys
UE authentication &
Generation of Cyphering and
Integrity Keys
UE eNB MME HSS/AuC
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 25 /44
26. The Revolutionary EPS AKA
Av’s Generation & Authentication Process
f1 f2 f3 f5f4
Generate RAND
Generate SQN
K
AMF
MAC XRES CK IK AK
S-MAC
⊕
S-XRES
⊕
SQNHSS EK
f1
f2
XMAC
RES
CK IK
AK
Verify that SQNUE & SQNHE and
SQN in the correct range
Verify MAC=XMAC
K
f5
RAND
AMF S-MAC
AUTN
f4f3
Network
Authentication
⊕
SQNHSS
MAC
AUTN = (SQNAK|| AMF || S-MAC)
Generation of authentication vectors
At AUC Side
AVUMTS= (RAND || XRES || CK || IK || AUTN)
Generation of Encryption and
integrity Keys at UE Side
AVEPS = (RAND || S-XRES || KASME || AUTN)
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 26 /44
27. The Revolutionary EPS AKA
Keys Derivation Functions
Derived Key= KDF (Kin, S), or
KDF=HMAC-SHA-256
S= FC|| P0| |L0|| P1|| L1||….|| Pn|| Ln
Size of
derived key
(bits)
Output
derived key
Input secret
key Kin
FC
(1 octet)
P0, P1, …., Pn L0, L1,..,Ln
KASME CK||IK 0x10 SNid, SQNAK 0x0003,
0x0008
512
TIK1 K 0x15 RandTIK 0x0010 128
TEK RandTEK1||Ran
dTEK2
0x1D IDHSS 0x0004 256
TIK2 Trunc (TEK) 0x15 SNid 0x0003 128
EK K 0x1E RandEK 0x0010 128
THK Trunc (KASME) 0x1F RandTHK 0x0010 256
REK Trunc(THK) 0x15 Distinguisher
Algo & Algo ID
0x0001,
0x0001
128
RIK Trunc(THK) 0x15 Distinguisher
Algo & Algo ID
0x0001,
0x0001
128
HMAC
SHA-3-256/512
CK IK
KDF
512
KASME
SNID
SQNAK
IDHSS
KDF
256
TEK
RandTEK1
RandTEK2
Input Kin & S and output parameters of KDF for R-AKA
Trunc (TEK) SNid
KDF
256
TIK2
K RandTIK
KDF
256
TIK1
Distinguisher
Algo
Algo ID
KDF
256
REK
Trunc(THK)
Kin
S=0x15||0x 08||0x 0001||0x 01|| 0x 0001HMAC
SHA-3-256
KDF
HMAC
SHA-3-256
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 27 /44
28. Proposed Solution
The Revolutionary EPS AKA
NAS attach request (IDHSS, B= ({IMSI, SQNUE , RandEK,
RandTHK, RandTIK, UEsecCap, MACTIK1}_PKH))
AUTH data request (A=({SNid, Network-Type,
MACTIK2}_TEK) || B)
AUTH data response (C=({UEsecCap, EK, RandTHK,
SQNHSS, AVEPSi (1… n),MACTIK2}_TEK))Authentication Request (D1=({AUTN(i), RAND(i), KSIASME,
SQNHSS,MACRIK}_REK),D2=({ChosenUEsecCap, THK}_EK))
Authentication Response (RESEK , MACRIK)
NAS Security Mode Complete
({ReplayedUEsecCap,[IMEISV-request], NAS-MAC}_REK)
NAS SMC ([IMEISV-request], NAS-MAC)
Initial Context Setup
(UEsecCap, KeNB)
AS Security Mode
Complete (AS-MAC)
AS security Mode
Command (Int Algo, Enc
Algo, AS-MAC)
Generation of
Authentication
vectorsHSS
authentication
Generation of
Cyphering
and Integrity
Keys
UE authentication &
Generation of Cyphering and
Integrity Keys
UE eNB MME HSS/AuC
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 28 /44
30. Used for the analysis of large-scale Internet security protocols and applications.
Based on High-Level Protocol Specification Language (HLPSL).
Can be downloaded on desktop or accessed directly from the browser
Compatible only with Macintosh and Linux environments.
Proposed Solution Analysis & Testing
AVISPA Overview
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 30 /44
31. Protocol
name
Protocols are defined role
by role (UE,MME,HSS)
the knowledge that each role in the protocol is
supposed to have at the beginning of a
protocol session
the sequence of messages of the protocol
( transitions)
the description of the knowledge of the principals
the intruder's knowledge and capabilities and goals
Environment Role containing all constants declaration
HLPSL
Protocol Specification
Role
Goals to be
satisfied
Own
knowledge
Transitions
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 31 /44
32. Proposed Solution Analysis & Testing
Protocols Testing with AVISPA
AVISPA
Result
AKA protocols
Safe TR-AKA
Safe EC-AKA
Unsafe SE-AKA
Unsafe EPS- AKA
AVISPA Results for the
tested Protocols
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 32 /44
33. Additional cost of each protocol compared to the cost of the standard EPS-
AKA protocol
TR-AKA and EC-AKA protocols do not require additional expenditure, compared with
EPS-AKA. A software update will do the job.
SE-AKA protocol relies on digital certificates to users so The MME must have UE public
key (certificate). SE-AKA requires additional investment compared to EPS-AKA ($ 50 /
certificate).
Proposed Solution Analysis & Testing
QOS Parameters – Cost Analysis
1 TR-AKA, EC-AKA, EPS-AKA
2 SE-AKA
Protocols are arranged in
ascending order of cost:
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 33 /44
34. Proposed Solution Analysis & Testing
QOS Parameters – Security/Risk Analysis
Security Level
AKA
protocols
1 TR-AKA
2 EC-AKA
3 SE-AKA
4 EPS- AKA
Potocols are listed in
desceandant order
based on the security
of each one
Risk=Active Value*Perceived Threat*Vulnerability
Vulnerability EPS-AKA SE-AKA EC-AKA TR-AKA
1- IMSI Confidentiality Protection No No Yes Yes
2- Resistance against Rejet Attack No No No Yes
3- Resistance against DOS Attack over UE No No Yes Yes
4- Resistance against services blockage by MITM Attack No No Yes Yes
5- Confidentiality of the interface MME-HSS No Yes Yes Yes
6- Confidentiality of the interface UE-MME No No Yes Yes
7- Resistance against DOS Attack over HSS No No No Yes
8- Resistance against MME identity theft No No No Yes
TR-AKA is the most secured protocol compared to the three tested protocols.
EC-AKA also is somehow secured and at the same time vulnerable against
some attacks.
SE-AKA and EPS-AKA are totally unsecured and vulnerable against all the
identified attacks in the above table
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 34 /44
35. Proposed Solution Analysis & Testing
QOS Parameters – Signaling Traffic & Overhead Analysis
0
2000
4000
6000
8000
10000
12000
14000
16000
Uplink
(Radio and Backhaul
Interfaces)
Downlink
(Radio and Backhaul)
Core Traffic
204 260
4562
1180 1024
14780
1180
394
7951
1212
586
7709
EPS-AKA
SE-AKA
EC-AKA
TR-AKA
Additional Traffic Percentage 3GPP EPS-AKA SE-AKA EC-AKA
Overhead over the radio (%) +289% -18% +14%
Overhead over the Core interface (%) +62% -38% 5%
Total Overhead % +76% -35% -7%
TR-AKA has more traffic than 3GPP EPS-AKA and less
Traffic than SE-AKA and EC-AKA
TR-AKA has more traffic than 3GPP EPS-AKA and less
Traffic than SE-AKA and EC-AKA
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 35 /44
36. Proposed Solution Analysis & Testing
Results Summary
Studied Protocols TR-AKA EC-AKA SE-AKA EPS-AKA
Safety 1 1 4 4
Security 1 2 3 4
Cost 1 1 3 1
Overhead 2 3 4 1
The TR-AKA has the best results in the first three parameters and achieved very good results in the
remaining parameter.
The excellent performance of TR-AKA
places it as the best AKA protocol
proposed to date.
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 36 /44
42. Difficulties & Assessments
Acquired Skills
- Faced many problems in the programing language.
- Tried to solve the Protocol Simulation & intruder simulation issue on
SPAN with no success.
- Faced too many problems configuring and installing AVISPA on
different OS platforms.
- Learned a new programing language.
- Improved my knowledge in Mobile Security.
- Improved my project management abilities
Difficulties, Assessments & Acquired Skills
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 42 /44
43. Future Work
Conclusion
• Testing of TR-AKA against internal and external attacks.
• Investigation of power consumption & how the battery life is
affected by the use of the proposed protocol.
• Comparison of processing & transmission delays for TR-AKA &
studied protocols
The TR-AKA succeeded to perform very well on all the studied
parameters(Safety, Security, Cost & Signaling Overhead) and
outperformed SE-AKA & EC-AKA
Future Work
11/07/2014FYP596 Enhancement of the Authentication and Key Agreement Protocol for 4G Mobile Network - Ahmad Kabbara 43 /44
The objectives of our project are:
The methodology that I have followed is:
Advantages:
All transmission connections between the nodes of the EPS all secured by asymmetric cyphering.
Inconvenients:
Vulnerable against Reject attack: Sending multiple A intercepted msgs
Vulnerable against Service Blocking(MITM): change Snid
Vulnerable against Brute Force or Intelligent Brute Force attack against IMSI
Based on the research performed in this project, three areas of future research are recommended:
The TR-AKA was proposed to resolve the security issues in the 4G network, it was suggested to secure the LTE network against all attacks (MITM, DOS, cryptanalyze attacks against security functions etc..). The TR-AKA succeeded to perform very well on all the studied parameters(Safety, Security, Cost & Signaling Overhead) and outperformed SE-AKA & EC-AKA where “1” means the best and “4” the weakest.