While GSM is ubiquitously deployed, 3rd and 4th generation technologies such as

Question

While GSM is ubiquitously deployed, 3rd and 4th generation technologies such as UMTS and LTS are wide spread today. This question explores some of the security aspects of 3G/4G systems, especially as they relate to GSM. Universal Mobile Telecommunications System (UMTS) is a 3G system based on the GSM standard. The authentication and key agreement procedure in UMTS is similar to GSM, with some notable differences: •The security algorithms and protocols used are negotiated between the operator and the mobile station during authentication. •Both a cipher key and an integrity key are derived during authentication. •In addition to the RAND challenge, the mobile network sends an AUTN message that contains a Message Authentication Code (MAC). Research the UMTS authentication and key agreement (AKA) to answer the following questions: (a) Briefly explain the purpose of the AUTN message. (b) Assume Eve observes a < RAND, AUTN > pair for a particular IMSI during the device’s authentication. What prevents an attacker from replaying this same < RAND, AUTN > pair? Explain your answer; you may need to examine the 3GPP UMTS spec and AUTN messages in more detail to answer. (c) Xavier Breath believes that both the AUTN and the integrity-protected protocol negotiation messages are required to ensure mutual authentication and prevent Manin-the-Middle attacks. Explain why, or argue why not. (d) Xavier further argues that the UMTS authentication protocol prevents downgrade attacks (for instance where the mobile station is instructed to use no encryption). Explain why Xavier is correct or incorrect. Long Term Evolution (LTE) is a popular 4G system enjoying increased deployment. (e) Briefly describe at least two differences between EPS-AKA (LTE’s authentication and key agreement) and UMTS’s AKA.

Explanation / Answer

A) Briefly explain the purpose of the AUTN message?

Ans: Authentication token: A Security token ( some period called an verification token) is a small hardware tool that the owners carry on the way to authorize contact to net service. The tool may be in the form of a neat card (or) may exist insert in a usually used entity such as a key fob security tokens provide an extra level of assurance through a method known as   2 faucal authentication. The user has(PIN),which (AUTN)the owner of that exacting machine, The tool to show number Which Uniquely identifies the users to the service allow them to login the identification number for each user is changed frequently, usually every five minutes(or)so.

b) Assume Eve observes a<RAND, AUTN > pair of particular IMSI during the devices Authentication. What prevents an attacker from replaying this same<RAND, AUTN>pair? Explain answer; you may need to examine the 3GPP UMTS spec and AUTN message in more detail to answer?

Ans: 3GPP stipulation are published complimentary of (charge-up to four times a year following quarterly technical speciation. Group,(TSG) plenary meetings. At   each TSG runnels specs can be

Newly brought under change control.(at least 80% complete)

Unchanged from this previous vesion.

The 3GPP Mobile competence center (MCC) aims to create all spectacles obtainable following TSG land as a   possible   the term 3GPP specification covers all GSM (counting GPRS and EDGE),W-CDMA including LTE- advanced and LTE advanced protocol.  

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.