Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Replay protection method for CAVE based AKA Anand Palanigounder Qualcomm Inc.

Published byAnastasia Floyd Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Replay protection method for CAVE based AKA Anand Palanigounder Qualcomm Inc."— Presentation transcript:

1 1 Replay protection method for CAVE based AKA Anand Palanigounder Qualcomm Inc. apg@qualcomm.com

2 2 High level solution outline Store 16-bit sequence numbers (MS_SQN and HSS_SQN) and 128-bit AKA re- synchronization tokens (MS_AUTS and HSS_AUTS) at both MS and HSS If these parameters are not available (e.g. when UIM is inserted into a new ME), initiate AKA re-synchronization procedure to agree on these parameters

3 3 When stored parameters are available then procedures @ the HSS/H-AAA AKA_KEY= formed from CAVE keys (same as in the 2G IMS baseline) AKA_RAND = CAVE_RAND (32 bits) | HSS_RAND (96 bits) AUTN = MS_VERIFY | HSS_SQN (16 bits) | MAC (64 bits), where –MAC = f1(AKA_RAND, MS_VERIFY, HSS_SQN) –MS_VERIFY = 48-bits of prf (HSS_AUTS, AKA_RAND) Increase HSS_SQN by 1 Calculate XRES, CK and IK from AKA_KEY, AKA_RAND and HSS_AUTS using AKA functions (f2, f3 and f4 respectively)

4 4 When stored parameters are available then procedures @ the MS AKA_KEY = formed from CAVE keys (same as in 2G IMS baseline) Mobile verifies AUTN – if MAC failed -> network authentication failure; –Otherwise, check SQN - if SQN out of range -> start re-sync procedure If AUTN successful, MS proceeds with CK, IK and RES calculations using AKA_KEY, AKA_RAND and MS_AUTS Increment SQN by 1

5 5 Initialization procedure used when the stored parameters are not available at the HSS and/or MS –For example, when UIM inserted in to a new ME, etc @ HSS –Generate random values for unknown parameters and form challenge (see slide #3) –When re-sync response is received, verify MAC –If successful set HSS_AUTS=AUTS and set HSS_SQN=0 @ the MS –If MAC check successful, then start re-sync procedure to agree on the parameters –Select 64-bit random number in place of 48-bit MS_VERIFY and 16-bits of HSS_SQN and calculate MAC –Set AUTS to (64-bit random number |MAC) and store as MS_AUTS and set MS_SQN=0

6 6 Advantages of the method Independent of AKA transport (HTTP Digest or EAP) Independent of access technology-specific or device-specific parameters (timestamp, IMEI etc) –No protocol or implementation changes needed Single solution for using 2G R-UIM with IMS or UMB/CAN Re-sync procedure only run when –no stored parameters at MS/HSS –SQN out of range (this is same as 3G AKA)

7 7 Conclusion and Proposal Discuss and Adopt as the replay protection method for 2G R-UIM based AKA solutions –2G IMS –Another optional method for UMB access authentication using 2G R-UIM

Download ppt "1 Replay protection method for CAVE based AKA Anand Palanigounder Qualcomm Inc."

Similar presentations

21-08-0xxx-00-0sec IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-08-0xxx-00-0sec-3gpp-security-non802handover Title: A Study on Security Solutions in.

xxx-00-0sec IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx-00-0sec-3gpp-security-non802handover Title: A Study on Security Solutions in.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1/xx AKA Support In IS-820-B Stage 2 Lijun Zhao QUALCOMM Incorporated Apr 14, 2003 Notice QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2.

1/xx AKA Support In IS-820-B Stage 2 Lijun Zhao QUALCOMM Incorporated Apr 14, 2003 Notice QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2.
UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM(UMTS). EVOLUATION OF MOBILE COMMUNICATION 1 st Generation : Analog Cellular 2 nd Generation : Multiple Digital.

UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM(UMTS). EVOLUATION OF MOBILE COMMUNICATION 1 st Generation : Analog Cellular 2 nd Generation : Multiple Digital.
Replay protection in AKA with 2G RUIM Sarvar Patel and Zhibi Wang.

Replay protection in AKA with 2G RUIM Sarvar Patel and Zhibi Wang.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
One-Pass GPRS and IMS Authentication Procedure for UMTS

One-Pass GPRS and IMS Authentication Procedure for UMTS
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Doc: IEEE 802. 15-15-0xxx-00-0008 Submission April 2015 Woongsoo Na, et al., Chung-Ang University Project: IEEE P802.15 Working Group for Wireless Personal.

Doc: IEEE xxx Submission April 2015 Woongsoo Na, et al., Chung-Ang University Project: IEEE P Working Group for Wireless Personal.
Summary of 3GPP TR 33.868 3GPP2 TSG-S WG4 S40-20120725-003 Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

Summary of 3GPP TR GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,
Overview & Definitions for Downloadable Credentials 1 S10-20110926-013 3GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s):

Overview & Definitions for Downloadable Credentials 1 S GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s):
Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.

Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet

Similar presentations

Ads by Google