Research On The Security Of Authentication And Key Agreement Protocol For LTE/SAE Networks

To acheive secure communication in 3G/4G communication networks,Authentication and Key Agreement(AKA) protocol provides mutual authentication between the user and the network,and directly or indirectly generates the encryption key and integrity key.Based on the UMTS AKA mechanism,LTE/SAE AKA adds service network verification,uses the authentication vectors in order, and introduces the hierarchical key system, which improves the security of the system.However,LTE/SAE AKA still has some security issues to be solved.This thesis analyzes the security of authentication and key agreement protocol and makes a research on the problem of the automatic selection mechanism for the size of the authentication vector array applied in LTE/SAE AKA.The details are as follows:1. An efficient and secure authentication and key agreement(ES-AKA) protocol is proposed.This protocol resists redirection attack and replay attack, avoids security risks when key K is leaked. The simulation results show that ES-AKA reduces not only the storage of service network but also the computation of home network, and has less bit exchange traffic in the higher security environment.2. An automatic K-selection mechanism on the basis of authentication numbers is proposed. According to the simplified model of LTE/SAE AKA, this thesis establishes the mathematical relationship of authentication numbers, the size of the authentication vector array and exchange traffic which includes message exchange traffic and bit exchange traffic. Adding the bits exchanging traffic as measures based on messages exchanging traffic, and introducing the two wastage rate of authentication vectors, the selection mechanism is proposed.The simulation results show that the proposed mechanism effectively reduces bit exchange traffic, finds much better value of K in terms of message exchange traffic,and gains an unique K value.This mechanism has an outstanding performance when the user stays in the same SN for a long time.3. An automatic K-selection mechanism on the basis of authentication rate is proposed in this thesis. According to mathematical model based on the Poisson distribution,this thesis establishes the mathematical relationship among authentication rate, the size of the authentication vector array and exchange traffic which includes message exchange traffic and bit exchange traffic. Adopting bits exchanging traffic and messages exchanging traffic as measures, a final decision is made to obtain the optimal K. The simulation results show that the proposed mechanism can reduce both bits exchanging traffic and messages exchanging traffic, and can gain an unique K value. This mechanism has an outstanding performance when the residual time of user in the same SN is short.