Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

Achieving Better Privacy for the 3GPP AKA Protocol

Pierre-Alain Fouque / Cristina Onete / Benjamin Richard
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0039


Proposed by the 3rd Generation Partnership Project (3GPP) as a standard for 3G and 4G mobile-network communications, the AKA protocol is meant to provide a mutually-authenticated key-exchange between clients and associated network servers. As a result AKA must guarantee the indistinguishability from random of the session keys (key-indistinguishability), as well as client- and server-impersonation resistance. A paramount requirement is also that of client privacy, which 3GPP defines in terms of: user identity confidentiality, service untraceability, and location untraceability. Moreover, since servers are sometimes untrusted (in the case of roaming), the AKA protocol must also protect clients with respect to these third parties. Following the description of client-tracking attacks e.g. by using error messages or IMSI catchers, van den Broek et al. and respectively Arapinis et al. each proposed a new variant of AKA, addressing such problems. In this paper we use the approach of provable security to show that these variants still fail to guarantee the privacy of mobile clients. We propose an improvement of AKA, which retains most of its structure and respects practical necessities such as key-management, but which provably attains security with respect to servers and Man-in-the- Middle (MiM) adversaries. Moreover, it is impossible to link client sessions in the absence of client-corruptions. Finally, we prove that any variant of AKA retaining its mutual authentication specificities cannot achieve client-unlinkability in the presence of corruptions. In this sense, our proposed variant is optimal.

Keywords: privacy; security proof; AKA protocol


  • [1] 3GPP. 3G Security; Technical Specification Group (TSG) SA; 3G Security; Security Architecture. TS 33.102, 3rd Generation Partnership Project (3GPP), June 2013.Google Scholar

  • [2] 3GPP. 3rd Generation Partnership Project; Technical Specification Group Services ans System Aspects; Security related network functions (Release 12). TS 43.020, 3rd Generation Partnership Project (3GPP), June 2014.Google Scholar

  • [3] J. Alwen, M. Hirt, U. Maurer, A. Patra, and P. Raykov. Anonymous authentication with shared secrets. In Proceedings of LatinCrypt, volume 8895 of LNCS, pages 219-236. Springer- Verlag, 1999.Google Scholar

  • [4] G. Ateniese, A. Herzberg, H. Krawczyk, and G. Tsudik. Untraceable mobility or how to travel incognito. In Elsevier Computer Networks, volume 31, pages 871-884. Elsevier, 1999.Google Scholar

  • [5] BSI. A Proposal for: Functionality classes for random number generators. AIS 20 / AIS 31. Version 2.0 , Bundesamt fur Sichercheit in der Informationstechnik (BSI), 2011.Google Scholar

  • [6] R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attacks. In Advances in Cryptology - CRYPTO 1998, volume 1462 of LNCS, pages 13-25. Springer, 1998.Google Scholar

  • [7] David A. McGrew and John Viega. The Security and Performance of the Galois/Counter Mode of Operation (Full Version). IACR Cryptology ePrint Archive, 2004:193, 2004.Google Scholar

  • [8] D.Strobel. IMSI Catcher. In 2007, Seminar Work, Ruhr- Universitat Bochum, 2007.Google Scholar

  • [9] Fabian van den Broek and Roel Verdult and Joeri de Ruiter. Defeating IMSI Catchers. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, USA, October 12-6, 2015, pages 340-351, 2015.Google Scholar

  • [10] P. A. Fouque, C. Onete, and B. Richard. Achieving Better Privacy for the 3GPP AKA Protocol. Cryptology ePrint Archive, Report 2001/112, 2016.Google Scholar

  • [11] Jens Hermans and Andreas Pashalidis and Frederik Vercauteren and Bart Preneel. A New RFID Privacy Model. In Computer Security - ESORICS 2011 - 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14, 2011. Proceedings, pages 568-587, 2011.Google Scholar

  • [12] Jens Hermans and Andreas Pashalidis and Frederik Vercauteren and Bart Preneel. A New RFID Privacy Model. In V. Atluri and C. Diaz, editors, Esorics, volume 6879, pages 568-587, 2011.Google Scholar

  • [13] M. S. A. Khan and C. J. Mitchell. Another look at privacy threats in 3G mobile telephony. In Proceedings of ACISP, volume 8544 of Lecture Notes in Computer Science, pages 386-396. Springer, 2014.Google Scholar

  • [14] Michael Burrows and Martín Abadi and Roger M. Needham. A Logic of Authentication. ACM Trans. Comput. Syst., 8(1):18-36, 1990.Google Scholar

  • [15] Mihir Bellare and David Pointcheval and Phillip Rogaway. Authenticated Key Exchange Secure against Dictionary Attacks. In Advances in Cryptology - EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, pages 139-155, 2000.Google Scholar

  • [16] Mihir Bellare and Phillip Rogaway. Entity Authentication and Key Distribution. In D. R. Stinson, editor, Advances in Cryptology - CRYPTO ’93, volume 773 of LNCS, pages 232-249. Springer, 1993.Google Scholar

  • [17] Mihir Bellare and Ran Canetti and Hugo Krawczyk. A Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols. In Proceedings of the ACM Symposium on the Theory of Computing, pages 419-428, 1998.Google Scholar

  • [18] Ming-Feng Lee and Nigel P. Smart and Bogdan Warinschi and Gaven J. Watson. Anonymity guarantees of the UMTS/LTE authentication and connection protocol. Int. J. Inf. Sec., 13(6):513-527, 2014.Web of ScienceGoogle Scholar

  • [19] Muxiang Zhang. Provably-Secure Enhancement on 3GPP Authentication and Key Agreement Protocol. IACR Cryptology ePrint Archive, 2003:92, 2003.Google Scholar

  • [20] Muxiang Zhang and Yuguang Fang. Security analysis and enhancements of 3gpp authentication and key agreement protocol. IEEE Transactions on Wireless Communications, 4(2):734-742, 2005.Google Scholar

  • [21] Myrto Arapinis and Loretta Ilaria Mancini and Eike Ritter and Mark Ryan. Privacy through Pseudonymity in Mobile Telephony Systems. In 21st Annual Network and Distributed System Security Symposium, NDSS, 2014.Google Scholar

  • [22] Myrto Arapinis and Loretta Ilaria Mancini and Eike Ritter and Mark Ryan and Nico Golde and Kevin Redon and Ravishankar Borgaonkar. New privacy issues in mobile telephony: fix and verification. In the ACM Conference on Computer and Communications Security, CCS’12, Raleigh, NC, USA, October 16-18, 2012, pages 205-216, 2012.Google Scholar

  • [23] S. provider. Personal communication with one of europe’s largest service providers, 2015.Google Scholar

  • [24] Radu-Ioan Paise and Serge Vaudenay. Mutual Authentication in RFID: Security and Privacy. In Proc. on the 3rd ACM Symposium on Information, Computer and Communications Security (ASIACCS), pages 292-299. ACM, 2008.Google Scholar

  • [25] Ran Canetti and Hugo Krawczyk. Universally Composable Notions of Key Exchange and Secure Channels. In Advances in Cryptology - EUROCRYPT 2002, volume 2332 of LNCS, pages 337-351, 2002.Google Scholar

  • [26] Serge Vaudenay. On Privacy Models for RFID. In ASIACRYPT ’07, volume 4883, pages 68-87, 2007.Google Scholar

  • [27] A. Shaik, R. Borgaonkar, N. Asokan, V. Niemi, and J.-P. Seifert. Practical attacks against privacy and availability in 4g/lte mobile communication systems. In Proceedings of NDSS. Internet Society, 2016.Google Scholar

  • [28] Ulrike Meyer and Susanne Wetzel. A man-in-the-middle attack on UMTS. In Proceedings of the 2004 ACM Workshop on Wireless Security, Philadelphia, PA, USA, October 1, 2004, pages 90-97, 2004.Google Scholar

  • [29] Zahra Ahmadian and Somayeh Salimi and Ahmad Salahi. New attacks on UMTS network access. In 2009 Wireless Telecommunications Symposium, WTS 2009, Prague, Czech Republic, April 22-24, 2009, pages 1-6, 2009.Google Scholar

About the article

Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2016, Issue 4, Pages 255–275, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0039.

Export Citation

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0

Comments (0)

Please log in or register to comment.
Log in