A Study on the Improvement of Authentication Mechanisms for UMTS

• Main Authors: Nai-Ren Dong, 董乃仁
• Other Authors: Shih-Hsiung Twu
• Format: Others
• Language: en_US
• Published: 2003
• Online Access: http://ndltd.ncl.edu.tw/handle/j2ak74

碩士 === 中原大學 === 電機工程研究所 === 91 === Abstract In this thesis, we propose two new authentication protocols for UMTS (Universal Mobile Telecommunication System) based on symmetric and asymmetric cryptosystems, respectively. The comparison of performance between protocols of UMTS and our proposed schemes are also made. The two new authentication protocols not only conform to specification of UMTS, but also improve the insufficient security of the published authentication protocol of UMTS. The first mechanism is based on symmetric-key encryption functions that the cost and complexity of hardware design may be implicitly reduced. In addition, it provides all the requirements of an authentication protocol. The characteristic of the first scheme is that the MS(Mobile Station)and the HLR (Home Location Register)have a common secret key and the VLR(Visitor Location Register)and the HLR possess another common secret key, respectively. At first, MS sends a random number RM and his TMSI (Temporary Mobile Subscriber Identity) to VLR and HLR. The design to use TMSI can protect the subscriber’s true identity, and RM is applied to challenge VLR and HLR. Then, HLR generates a random number RH to VLR and MS, respectively. In addition to challenge VLR and MS, the random number RH is also used to execute the task of key refreshment. At the same time, it can accomplish key exchange between MS and VLR, and identity authentication of the MS to VLR. Finally, when the MS and HLR send the response messages to VLR, VLR can authenticate the identity of MS to check if MS is a legal user. The second mechanism is based on asymmetric-key encryption function that it is able to solve an important problem of key management and distribution, it also provides non-repudiation of part of the transmitted data. The characteristic of the second scheme is that HLR have certificates of MS and VLR, and VLR can obtain the public key of MS to be sent by HLR. Similarly, the MS can obtain the public key of VLR to be sent by HLR. First, MS uses secret message to challenge the HLR and VLR, and VLR also uses secret message to challenge the HLR. However, secret message is encrypted with its private key. After the HLR and VLR decrypting the secret message to response MS based on MS’s public key, HLR also decrypts secret message to response VLR based on VLR’s public key. If the processes are finished, they can achieve mutual authentication between all participants, and refresh MS’s public key. Finally, when the MS and HLR send the response messages to VLR, VLR can authenticate the identity of MS to check if MS is a legal user and refresh his TMSI. To summarize, the contributions of our improved schemes are as follows: (1)Bi-unilateral authentication among MS、VLR and HLR in the first scheme and entire mutual authentication between all participants in the second scheme are achieved. It makes a more secure communication environment than UMTS authentication protocol (2) The schemes can prevent many kinds of attacks. (3) Not only it can protect user data, but also provides confidentiality of user identity. It is believed that the results of our study in this thesis will be much helpful to the future research in the areas of the authentication protocols of UMTS.