UMTS authentication and key agreement : a comprehensive illustration of AKA procedures within theUMTS system

Abstract

This report will give information on the 3rd generation mobile communication system, UMTS, its Authentication and Key Agreement (AKA) procedures and security aspects. It will also describe the ‘UMTS AKA Illustrator’ which is an animation program we have created to explain the AKA procedures. The AKA procedure is the essence of authenticating a user to the network and vice versa. This is possible due to the pre-shared secret key K stored in the Authentication Centre (AuC) and in the UMTS Subscriber Identity Module (USIM). The other parameters are derived from this key. During an AKA procedure, messages with parameters to be confirmed by the User Equipment (UE), are delivered from AuC. Such parameters are joined together in an Authentication Vector (AV). The AV is delivered to the Core Network, which distributes parts of this AV through the access network to the UE. The UE must then perform some calculations to match this challenge. The result of the UE is sent back and checked against the AV where it originated. If the result matches, then the authentication is successful. If the result fails some other procedures are activated to correct the problem. The above description is successfully animated using Flash technology. This animation we have called: ‘UMTS AKA Illustrator’ and is the result of a literature study of 3GPP specifications. This illustrator is developed for making the AKA procedures easier to understand for people without the deeper knowledge of UMTS. The illustrator can be used as a stand-alone application for educational purposes, with easy web access on multiple platforms. AKA procedures in UMTS have increased security compared with GSM. The new feature of two-way authentication eliminates the problem with false basestations. This is a very important security improvement. Even though the security has improved in some areas, there are still security features that should be improved. It is not sufficient to just require integrity protection on signalling messages. All messages should be integrity checked, but indirectly by requiring confidentiality protection together with integrity.