Authentication and Key Agreement

(Redirected from AKA (security))

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Authentication and Key Agreement" – news · newspapers · books · scholar · JSTOR (December 2018) (Learn how and when to remove this message)

Authentication and Key Agreement (AKA) is a security protocol used in 3G networks. AKA is also used for one-time password generation mechanism for digest access authentication. AKA is a challenge–response based mechanism that uses symmetric cryptography.

AKA in CDMA

AKA – Authentication and Key Agreement a.k.a. 3G Authentication, Enhanced Subscriber Authorization (ESA).

The basis for the 3G authentication mechanism, defined as a successor to CAVE-based authentication, AKA provides procedures for mutual authentication of the Mobile Station (MS) and serving system. The successful execution of AKA results in the establishment of a security association (i.e., set of security data) between the MS and serving system that enables a set of security services to be provided.

Major advantages of AKA over CAVE-based authentication include:

Larger authentication keys (128-bit )
Stronger hash function (SHA-1)
Support for mutual authentication
Support for signaling message data integrity
Support for signaling information encryption
Support for user data encryption
Protection from rogue MS when dealing with R-UIM

AKA is not yet implemented in CDMA2000 networks, although it is expected to be used for IMS. To ensure interoperability with current devices and partner networks, support for AKA in CDMA networks and handsets will likely be in addition to CAVE-based authentication.

Air interface support for AKA is included in all releases following CDMA2000 Rev C.

TIA-41 MAP support for AKA was defined in TIA-945 (3GPP2 X.S0006), which has been integrated into TIA-41 (3GPP2 X.S0004).

For information on AKA in roaming, see CDG Reference Document #138.

AKA in UMTS

AKA a mechanism which performs authentication and session key distribution in Universal Mobile Telecommunications System (UMTS) networks. AKA is a challenge–response based mechanism that uses symmetric cryptography. AKA is typically run in a UMTS IP Multimedia Services Identity Module (ISIM), which is an application on a UICC (Universal Integrated Circuit Card). AKA is defined in RFC 3310.

Security

An attack against all variants of AKA has been reported, including 5G.

References

Chirgwin, Richard (5 December 2018). "Now you, too, can snoop on mobe users from 3G to 5G with a Raspberry Pi and €1,100 of gizmos". The Register.

External links

Illustrated Master thesis of Authentication and Key Agreement (AKA) procedures and security aspects in UMTS

v t e Authentication
Authentication APIs	BSD Authentication (BSD Auth) eAuthentication (eAuth) Generic Security Services API (GSSAPI) Java Authentication and Authorization Service (JAAS) Pluggable Authentication Modules (PAM) Simple Authentication and Security Layer (SASL) Security Support Provider Interface (SSPI) XCert Universal Database API (XUDA)
Authentication protocols	ACF2 Authentication and Key Agreement (AKA) CAVE-based authentication Challenge-Handshake Authentication Protocol (CHAP) MS-CHAP Central Authentication Service (CAS) CRAM-MD5 Diameter Extensible Authentication Protocol (EAP) Host Identity Protocol (HIP) IndieAuth Kerberos LAN Manager NT LAN Manager (NTLM) OAuth OpenID OpenID Connect (OIDC) Password-authenticated key agreement protocols Password Authentication Protocol (PAP) Protected Extensible Authentication Protocol (PEAP) Remote Access Dial In User Service (RADIUS) Resource Access Control Facility (RACF) Secure Remote Password protocol (SRP) TACACS Woo–Lam
Category Commons

Categories:

Misplaced Pages