• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.351-355
• /
• 2003

본 논문에서는 3GPP-WLAN 연동 보안에 필수인 EAP-AKA를 기반으로 한 인증/재인증의 개요와 인증 진행 부분에서 협상되는 마스터 세션 키 생성과 EAP AKA 패킷을 보호하기 위해 사용되는 키 생성에 관하여 설명하고, EAP-AKA 과정에서 생성되는 키의 안전성을 분석하고, EAP-AKA를 사용하는 3GPP-WLAN 연동의 효율성 및 고려사항에 대하여 고찰하였다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.5
• /
• pp.168-177
• /
• 2009

This paper proposes the EAP-AKA scheme without UICC for extending its usage to existing WLAN/WiBro devices. To apply the current EAP-AKA scheme, the WLAN/WiBro devices require an external Universal Integrated Circuit Card (UICC) reader. If they don't use UICC due to cost overhead and architectural problem of device, the EAP-AKA scheme loses its own advantages in security and portability aspects. The proposed scheme uses the DH key algorithm and a password for non-UICC devices instead of using the long-term key stored in UICC. The main contribution is to maintain the security and portability of the EAP-AKA while being applied to non-3GPP network devices not equipped with UICC. Furthermore, it does not require major modifications of authentication architecture in 3GPP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.93-103
• /
• 2009

In this paper, we propose a USIM-based Authentication Scheme for 3GPP Network Access. The proposed scheme improves the problems of existing authentication protocol in 3GPP Network such as sequence number synchronization problem, the storage overhead of authentication data, and bandwidth consumption between Serving Network and Home Network. Our proposal is based on the USIM-based Authentication and Key Agreement Protocol that is defined in 3GPP Specification. In our scheme, mobile nodes share a SK with Serving Network and use a time stamp when mobile nodes are performing an authentication procedure with Serving Network. By using time stamp, there is no reason for using sequence number to match the authentication vector between mobile nodes and networks. So, synchronization problem can be solved in our scheme. As well as our scheme uses an authentication vector, the storage overhead of authentication data in Serving Network and bandwidth consumption between networks can be improved.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.754-757
• /
• 2013

사람의 개입 없이 언제 어디서나 다양한 서비스를 제공하는 MTC(Machine Type Communication)는 다수의 ME(Mobile Equipment)들과의 인증 시그널에 의해 상당한 부하 문제를 야기한다. 본 논문은 non-3GPP 네트워크에서 MTC를 위한 그룹 기반의 EAP-AKA 인증 프로토콜을 제안한다. 제안 프로토콜은 기존 3GPP EAP-AKA 인증 구조에서 큰 수정을 요구하지 않는 동시에 같은 수준의 안전성을 제공한다. 또한, 기존 3GPP EAP-AKA보다 낮은 통신 비용, 연산 지연을 제공한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.12
• /
• pp.5049-5057
• /
• 2010

As communication technologies are developed and variety of services to mobile devices are provided, mobile users is rapidly increasing every year. However, mobile services running on wireless network environment are exposed to various security threats, such as illegal tampering, eavesdropping, and disguising identity. Accordingly, the secure mobile communications services to 3GPP were established that the standard for 3GPP-AKA specified authentication and key agreement. But in the standard, sequence number synchronization problem using false base station attack and privacy problem were discovered through related researches. In this paper, we propose an efficient authentication mechanism for enhanced privacy protection in the 3G network. We solve the sequence number synchronization existing 3GPP authentication scheme using timestamp and strengthen a privacy problem using secret token. In addition, the proposed scheme can improve the bandwidth consumption between serving network and home network and the problem of authentication data overhead for the serving network because it uses only one authentication vector.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.10
• /
• pp.361-372
• /
• 2016

Identity Privacy issues such as exposures of IMSIs(International Mobile Subscriber Identities) in access network have been consistently raised throughout GSM, UMTS, LTE in 3GPP. The 3GPP specification uses temporary identities instead of IMSI to ensure anonymity of the user. Even if temporary identities are disclosed, Identity Privacy may be maintained at a safe level by security policies such as no linkability and periodic update. But in case of IMSI, it cannot be changed even though it is exposed. There still exist some situations that IMSI is used in clear text for the authentication. Therefore, a protective mechanism for the identity confidentiality is needed. In this paper we propose a protocol based on IBE(Identity-based Encryption) to protect permanent identities in access network. By simplifying the scheme, this protocol has minimized the system impact on current 3GPP environment. And this scheme can be applied to all kind of permanent identities and 3GPP AKA(Authentication and Key Agreement) protocols in access network.

• Journal of Korea Multimedia Society
• /
• v.13 no.11
• /
• pp.1687-1697
• /
• 2010

The USIM-based AKA authentication process is essential to a mobile payment system on smart phone environment. In this paper a payment protocol and an AKA module are designed for mobile payment system which is suitable for openness smart phone environment. The payment protocol designs the cross authentication among components of the mobile payment system to improve the reliability of the components. The AKA module of mobile payment system based on 3GPP-AKA protocol prevents the exposure of IMSI by creating the SSK(Shared Secure Key) through advance registration and solves the SQN(SeQuence Number) synchronization problem by using timestamp. Also, by using the SSK instead of authentication vector between SN and authentication center, the existing bandwidth $(688{\times}N){\times}R$ bit between them is reduced to $320{\times}R$ bit or $368{\times}R$ bit. It creates CK and IK which are message encryption key by using OT-SSK(One-Time SSK) between MS and SN. In addition, creating the new OT-SSK whenever MS is connected to SN, it prevents the data replay attack.

• Journal of the Institute of Convergence Signal Processing
• /
• v.10 no.1
• /
• pp.66-71
• /
• 2009

In view of mutual complementary feature of wide coverage and high data rate, the interworking between 3G cellular network and WLAN is a global trend of wireless communications. This paper introduces the analytic result of an authentication mechanism for 3GPP-WLAN seamless mobility under the USIM-based authentication test-bed. In a handover process between heterogeneous networks, authentication is the main factor of handover delay. So authentication processing time should be firstly reduced. This paper describes an USTM-based EAP-AKA test-bed implemented for handover in UMTS and WLAN interworking systems. Experimental result has shown that the fast re-authentication mechanism during handover has reduced the handover delay by about 48.6%.

• ETRI Journal
• /
• v.34 no.3
• /
• pp.482-484
• /
• 2012

With the rapid progress of wireless mobile communications, the authenticated key agreement (AKA) protocol has attracted an increasing amount of attention. However, due to the limitations of bandwidth and storage of the mobile devices, most of the existing AKA protocols are not suitable for wireless mobile communications. Recently, Lo and others presented an efficient AKA protocol based on elliptic curve cryptography and included their protocol in 3GPP2 specifications. However, in this letter, we point out that Lo and others' protocol is vulnerable to an offline password guessing attack. To resist the attack, we also propose an efficient countermeasure.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06d
• /
• pp.47-51
• /
• 2010

휴대인터넷(WiBro: Wireless Broadband)은 언제 어디서나 고속으로 무선 인터넷 접속이 가능한 서비스를 위한 기술이다. 노트북을 비롯한 휴대가 간편한 PDA, 스마트폰으로 사람이 보행 또는 차량 주행 중에서도 끊김 없이(seamless) 무선 인터넷 서비스가 가능하다. 이동성과 고속 무선 통신이 가능한 서비스에서 중요한 기술 요소 중 하나가 보안이다. 본 논문은 안전한 서비스를 제공하기 위하여 WiBro 무선 네트워크에서의 USIM 기반 EAP-AKA 인증 프로토콜 보안 요구사항 안전성을 정형기법 툴인 AVISPA를 이용하여 명세 및 검증해 본다.