A forward secure PKI-based UMTS-AKA with tunneling authentication

摘要

During development of the UMTS security standard, many protocols have been proposed to secure the UMTS AKA. Although these efforts have been too much until now, but new protocols are also vulnerable or are not suitable for a mobile environment, in which the computational capabilities of handsets are restricted. In this paper we propose a new protocol based on tunneling authentication. Our focus is not on the 3G network itself, but on the way of Public Key Infrastructure(PKI) deployment in cellular networks. Therefore, this scheme can be extended to other networks like 4G. We have combined the features of PKI with concept of Tunneled TLS(TTLS), where there is no need to issue a certificate for each mobile user and creating a tunnel causes a robust key agreement. In our scheme there is no need to involve mobile handset in the process of certificate path validation and we have used a new method for this purpose called efficient online-validation method. Furthermore, due to our intention for reducing changes in the 3GPP standard we still use the idea of Authentication Vector which facilitates our protocol implementation. Also user identity confidentiality is protected by using public-key encryption. Finally, the proposed protocol has the property of forward secrecy, where compromising the Master Key, does not result on insecurity of past sessions.