1 Replay protection method for CAVE based AKA Anand Palanigounder Qualcomm Inc.

Slides:

Advertisements

Similar presentations

xxx-00-0sec IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx-00-0sec-3gpp-security-non802handover Title: A Study on Security Solutions in.

Advertisements

AUTHENTICATION AND KEY DISTRIBUTION

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

A Survey of Secure Wireless Ad Hoc Routing

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

1/xx AKA Support In IS-820-B Stage 2 Lijun Zhao QUALCOMM Incorporated Apr 14, 2003 Notice QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2.

UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM(UMTS). EVOLUATION OF MOBILE COMMUNICATION 1 st Generation : Analog Cellular 2 nd Generation : Multiple Digital.

Replay protection in AKA with 2G RUIM Sarvar Patel and Zhibi Wang.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

One-Pass GPRS and IMS Authentication Procedure for UMTS

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Doc: IEEE xxx Submission April 2015 Woongsoo Na, et al., Chung-Ang University Project: IEEE P Working Group for Wireless Personal.

Summary of 3GPP TR GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

Overview & Definitions for Downloadable Credentials 1 S GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s):

Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.

SSH Secure Login Connections over the Internet

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

WIRELESS LAN SECURITY Using

Security in GSM/GPRS and UMTS

Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.

All Rights Reserved © Alcatel-Lucent 2006, ##### 1 | Presentation Title | Month 2006 Oct 8, 2007 Sarvar Patel – Alcatel-Lucent ABSTRACT: Improving random.

1 R-UIM Support for Secure LBS (Stage 2) Zhimin Du Lijun Zhao zdu, QUALCOMM Incorporated June 20, 2005.

Wireless Insecurity By: No’eau Kamakani Robert Whitmire.

1x Device Binding Framework Overview to TSG-AC 3GPP2 TSG-AC AC Source: TSG-SX WG4 Contact(s): Anand Palanigounder,

Revised Solution for Device Binding Revised from S GPP2 TSG-SX WG4 SX Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

Authentication Profile for UICC- less eHRPD Terminals QUALCOMM Incorporated Contact(s): Anand Palanigounder Jun Wang.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

2003/12/291 Security Aspects of 3G-WLAN Interworking 組別： 2 組員：陳俊文 , 李奇勇 , 黃弘光 , 林柏均

KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.

Protecting Privacy in WLAN with DoS Resistance using Client Puzzle Team 7 Yanisa Akkarawichai Rohan Shah CSC 774 – Advanced Network Security Prof. Peng.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

後卓越計畫進度報告楊舜仁老師實驗室 GPP-WLAN Interworking (collaboration with ICL/ITRI)

All Rights Reserved © Alcatel-Lucent 2007, ##### 1 | Presentation Title | January 2007 UMB Security Evolution Proposal Abstract: This contribution proposes.

Page 1 January 16, 2008 Source: 3GPP2 TSG-S WG4 (Security) Contacts: Anand Palanigounder, Chair, TSG-S WG4 ( Zhibi Wang,

Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.

Proposed Solution for Device Binding 3GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

May 12, 2008 Alcatel Lucent, Cisco, Motorola, Nortel, Verizon ABSTRACT: Proposed is additional key hierarchy and derivation for EPS access over eHRPD.

All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Alec Brusilovsky, Zhibi Wang Alcatel-Lucent, July 24, 2007.

Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.

1 3GPP2 GBA Overview Adrian Escott Chair, TSG-S WG4 24 May 2006.

Lecture 2: Introduction to Cryptography

All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Zhibi Wang January, 2007.

Security Support for Multi-cast Traffic in M2M communication Document Number: IEEE C802.16p-10/0032 Date Submitted: Source: Inuk Jung, Kiseon.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.

Wireless and Mobile Security

Doc.: IEEE /1022r0 Submission September 2008 Greenstein (Intel) et al. Slide 1 SlyFi: Enhancing Privacy by Concealing Link Layer Identifiers.

1 3GPP2 GBA Overview Adrian Escott Chair, TSG-S WG4 24 May 2006.

3GPP GBA Overview Adrian Escott.

Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp , “Integrity.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

N. Asokan, Kaisa Nyberg, Valtteri Niemi Nokia Research Center

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

EAP over HRPD Comments Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

1 On 3GPP2 Femto Security Anand Palanigounder Qualcomm Inc. Notice: Contributors grant a free, irrevocable license to 3GPP2 and its Organization.

af-Secure-Enabelement-and-CVS-without-Association Submission June 2011 Secure Enablement and CVS without Persistent Association Slide 1Qualcomm.

Cryptography CSS 329 Lecture 13:SSL.

Replay protection for CAVE based AKA when moving R-UIM between mobiles.

1 Rogue Mobile Shell Problem Verizon Wireless October 26, 2000 Christopher Carroll.

助理教授：吳俊興助教：楊文健國立高雄大學資訊工程學系

Packet Leashes: Defense Against Wormhole Attacks

Header Compression Date: Authors: May 2012 Month Year

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

Providing Secure Storage on the Internet

Secure WUR frames Date: Authors: January 2018

Presentation transcript:

1 Replay protection method for CAVE based AKA Anand Palanigounder Qualcomm Inc.

2 High level solution outline Store 16-bit sequence numbers (MS_SQN and HSS_SQN) and 128-bit AKA re- synchronization tokens (MS_AUTS and HSS_AUTS) at both MS and HSS If these parameters are not available (e.g. when UIM is inserted into a new ME), initiate AKA re-synchronization procedure to agree on these parameters

3 When stored parameters are available then the HSS/H-AAA AKA_KEY= formed from CAVE keys (same as in the 2G IMS baseline) AKA_RAND = CAVE_RAND (32 bits) | HSS_RAND (96 bits) AUTN = MS_VERIFY | HSS_SQN (16 bits) | MAC (64 bits), where –MAC = f1(AKA_RAND, MS_VERIFY, HSS_SQN) –MS_VERIFY = 48-bits of prf (HSS_AUTS, AKA_RAND) Increase HSS_SQN by 1 Calculate XRES, CK and IK from AKA_KEY, AKA_RAND and HSS_AUTS using AKA functions (f2, f3 and f4 respectively)

4 When stored parameters are available then the MS AKA_KEY = formed from CAVE keys (same as in 2G IMS baseline) Mobile verifies AUTN – if MAC failed -> network authentication failure; –Otherwise, check SQN - if SQN out of range -> start re-sync procedure If AUTN successful, MS proceeds with CK, IK and RES calculations using AKA_KEY, AKA_RAND and MS_AUTS Increment SQN by 1

5 Initialization procedure used when the stored parameters are not available at the HSS and/or MS –For example, when UIM inserted in to a new ME, HSS –Generate random values for unknown parameters and form challenge (see slide #3) –When re-sync response is received, verify MAC –If successful set HSS_AUTS=AUTS and set the MS –If MAC check successful, then start re-sync procedure to agree on the parameters –Select 64-bit random number in place of 48-bit MS_VERIFY and 16-bits of HSS_SQN and calculate MAC –Set AUTS to (64-bit random number |MAC) and store as MS_AUTS and set MS_SQN=0

6 Advantages of the method Independent of AKA transport (HTTP Digest or EAP) Independent of access technology-specific or device-specific parameters (timestamp, IMEI etc) –No protocol or implementation changes needed Single solution for using 2G R-UIM with IMS or UMB/CAN Re-sync procedure only run when –no stored parameters at MS/HSS –SQN out of range (this is same as 3G AKA)

7 Conclusion and Proposal Discuss and Adopt as the replay protection method for 2G R-UIM based AKA solutions –2G IMS –Another optional method for UMB access authentication using 2G R-UIM