Authentication and Authorization Applications in 4G Networks



Similar documents
Operator-based Over-the-air M2M Wireless Sensor Network Security

UMTS security. Helsinki University of Technology S Security of Communication Protocols

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

Chapter 16: Authentication in Distributed System

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme

Authentication Types. Password-based Authentication. Off-Line Password Guessing

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols

Efficient nonce-based authentication scheme for Session Initiation Protocol

Efficient Nonce-based Authentication Scheme for. session initiation protocol

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Research Article. Research of network payment system based on multi-factor authentication

Formal Analysis of A Novel Mutual Authentication and Key Agreement Protocol

GSM and UMTS security

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Security Evaluation of CDMA2000

ETSI TR V6.1.0 ( )

Multi Factor Authentication Protocols for a Secured Wsn

Client Server Registration Protocol

GAA/GBA: a new Architecture for single sign-on

Entrust IdentityGuard

1. Scope and objectives

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Single Sign-On for the Internet: A Security Story. Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com

Single Password, Multiple Accounts

A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC

The Trivial Cisco IP Phones Compromise

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163.

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia Pedro Borges

The Security Behind Sticky Password

How To Use Kerberos

A Study on Secure Electronic Medical DB System in Hospital Environment

Internet Banking Two-Factor Authentication using Smartphones

Session Initiation Protocol Attacks and Challenges

Multi-Factor User Authentication in Wireless Sensor Networks

WHITE PAPER Usher Mobile Identity Platform

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME

Authentication Protocols Using Hoover-Kausik s Software Token *

Authentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography

Advanced Authentication

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

Multi-factor authentication

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Network Security Protocols

A brief on Two-Factor Authentication

CryptoNET: Security Management Protocols

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

ADVANCE AUTHENTICATION TECHNIQUES

How to Send Stealth Text From Your Cell Phone

Two-Factor Authentication and Swivel

Security Analysis of PLAID

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

How CA Arcot Solutions Protect Against Internet Threats

A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key

Using etoken for SSL Web Authentication. SSL V3.0 Overview

3GPP TSG SA WG3 Security S3#25 S October 2002 Munich, Germany

ETSI TS V ( ) Technical Specification

Digital Rights Management using a Mobile Phone

Authentication and Security in IP based Multi Hop Networks

Introduction to Computer Security

CRYPTOGRAPHY AS A SERVICE

Strong Authentication for Secure VPN Access

IMSI Catcher. Daehyun Strobel. 13.Juli Seminararbeit Ruhr-Universität Bochum. Chair for Communication Security Prof. Dr.-Ing.

ARCHIVED PUBLICATION

Knowledge Based Authentication (KBA) Metrics

Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

SENSE Security overview 2014

3GPP TS V ( )

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

Mobile Office Security Requirements for the Mobile Office

Multi-Factor Authentication of Online Transactions

Secure Card based Voice over Internet Protocol Authentication

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Attestation and Authentication Protocols Using the TPM

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

Security: Focus of Control. Authentication

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

Authentication Application

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Secure File Transfer Using USB

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Guidance on Multi-factor Authentication

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006

Message authentication and. digital signatures

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

Cryptography and Network Security

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Authentication in WLAN

Introduction to Computer Security

Delivery of Voice and Text Messages over LTE

A Security Survey of Strong Authentication Technologies

2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec

Transcription:

Authentication and Authorization Applications in 4G Networks Abstract Libor Dostálek dostalek@prf.jcu.cz Faculty of Science University of South Bohemia Ceske Budejovice, Czech Republic The principle of 4G mobile networks shows that users are still connected to the network. It also calls will be implemented already over the network (VoLTE). This contribution to discuss the possibility of strong authentication for applications running on mobile devices. It deals with the possibility of combining algorithm AKA with other authentication algorithms. Combination of two algorithms will be created strong multifactor authentication, which is suitable for applications demanding high secure authentication such as Internet banking or Internet access to the Government applications. Keywords: Authentication, Smart Card, Security, Strong Password Authentication, Mobile Application Authentication. 1 Introduction Currently, there is a mass deployment of LTE in mobile networks. The next step is to deploy VoLTE (Voice over LTE), which uses similar technology, such as VoIP (i.e. TCP/IP application protocols family such as e.g. SIP, SDP, RTP etc.). For authentication in application protocols that implement the VoLTE, will be use smart cards, USIM/ISIM. This authentication based on USIM/ISIM uses so-called AKA mechanism, which uses a share secret between the USIM/ISIM and Authentication Center of users. Current mobile applications typically use password authentication. Since SIP protocol uses the same authentication mechanisms such as HTTP, so it is quite clear that it opens the possibility of using USIM/ISIM and authentication to mobile web applications.

Authentication method based on AKA mechanism, however, has its drawbacks. E.g. AKA authenticates the user to the whole time from the user login on to the network until user log off. If the network needs to re-authenticate mobile devices, may silently authenticate user (e.g. in case of transition to roaming) i.e. perform authentication without user intervention (without entering a PIN). Another disadvantage is the fact that the shared secret for AKA authentication mechanism are administered by the mobile operator. For many applications it would be advantageous if for authentication was implemented the second factor, which would administer the owner of the server. I.e. Authentication is not completely under the control of the mobile operator. Mobile equipment is computer with smart card authentication/authorization (unlike the PC). In the future it will be possible to develop entirely new types of applications, such as secure public transport tickets sale (SMS tickets causing many frauds). At present, many Internet applications are accessed from smart phones. If Internet applications require authentication, so we have a number of authentication methods, e.g.: 1. Native authentication methods in 3G/4G networks based AKA mechanism, which is hereafter mentioned. This authentication is undoubtedly a cryptographically strong authentication. Its disadvantage is that it is practically used for authenticating of mobile device to the network. To understand the problem we will describe a practical example. The user turns on the mobile device, enters a PIN, which opens an access to the secret on USIM/ISIM. Next, network services silently authenticate the user, without requiring user intervention. An attacker could steal mobile equipment with logged user and subsequently could easily exploit mobile devices. Therefore, this kind of authentication is often called equipment authentication. 2. Password authentication is typical user authentication. Generally, this authentication method is unfortunately considered weak, so applications such as home banking or egov seek other mechanisms. 3. Strong password authentication are more sophisticated password authentication methods which are resistant against known attacks (sniffing or elicitation of password, password-file compromise attack, guessing

attack, forgery attack, impersonation attack, stolen-verifier attack, replay attack etc.). 4. Authentication based on public key certificates (PKI). The problem is, where the mobile device securely store the private keys. 5. External devices such as authentication calculators generating one-time passwords. The main disadvantage of this solution is that a user must take care about an additional device, what he can find disagreeable. Using multiple authentication method independently does not increase security. Our idea is to combine (to breed) methods 1 and 3 in a common multifactor authentication. The first factor is an equipment authentication based on AKA mechanisms and the second factor is strong password authentication. 2 Ease of Use The envisaged solution does neither impose any additional requirements on the functionality of a mobile device, nor impose any additional requirements on contents of the USIM/ISIM card or the mobile infrastructure. The envisaged solution could be implemented as software application. 3 AKA mechanism A Mobile K B Network Authentication center K AKA1: I want to access AKA4: RAND, SQN AK,AMF, MAC-A AKA2: Please generate AV for A AKA3: AV=(RAND, RES, SQN AK,AMF, MAC-A) 1. Generate: o RAND o SQN 2. Run authentication function (Fig. 2) 1. Compute SQN using f5 (SQN AK AK=SQN) 2. Run authentication function (Fig. 2) 3. If MAC-A computed by A equal to MAC-A from AV, than B is authenticated. AKA5: RES If RES obtained from A equal to RES from AV than A is authenticated. Figure 1: AKA mechanism.

AKA (Authentication and Key Agreement) mechanism is a security protocol used in 3G/4G mobile networks for mutual authentication and cryptographic material agreement (Figure 1). AKA is specified in [2]. In AKA (Figure 1) we have three communication parties: A (mobile), usually mobile equipment. A is equipped with USIM/ISIM contain shared secret K. B (network), e.g. P-CSCF in IMS. Authentication center, e.g. part of Home Subscriber Server in IMS. K SQN RAND AMF f1 f2 f3 f4 f5 AK MAC-A XRES CK IK XOR K - shared secret AMF - known string SQN - sequence number RAND - random number MAC-A - one-time password for network authentication RES - one time password for user equipment authentication CK cyphering key IK integrity key AK anonymization key for SEQ f1-f5 - one way functions XOR - binary operation SQN AK Figure 2: Functions f1 f5. Parties A (mobile) and Authentication center: share secret key K (shared secret) different for each USIM/ISIM, maintain sequence number SEQ of authentication. AKA using one way functions f1, f2, f3, f4 and f5 defined in [3]. In addition we have well known string AMF. AKA mechanism (Figure 1) is following: AKA-1: AKA-2: A (mobile) wont grant access (want authentication himself and also network authentication). B (network) sends identification of A to Authentication center. AKA-3: Authentication center on behalf of B: Generate random number RAND. Generate next sequence number SEQ of authentication.

AKA-4: AKA-5: AKA-3: Run Authentication functions (Figure 2) and generate Authentication vector AV = (RAND, RES, SQN AK, AMF, MAC-A). When RES is one time password for authentication of A and MAC-A is one time password for authentication of B. Send AV to B. B sore RES form Authentication vector AV and RAND, SQN AK, AMF and MAC-A send to A. A by function f5 compute SQN. A run rest of authentication functions (Figure 2) and: If MAC-A computed by A equal to MAC-A from AV, than B (network) is authenticated. Generate RES and sent it to B. B compares RES obtained form A with saved RES form AV. If are equal, then A is authenticated. AKA is intended for mutual silent authentication. Word silent mean, that user single sign on (user after switching on mobile equipment insert PIN for opening access to shared secret K) and application in mobile equipment on background silently run particular authentication to specific required network services without user intervention. 4 Secure Hash-Based Password Authentication Protocol It is necessary to choose a suitable algorithm for password authentication. Security demands on selected algorithm: Resistance to sniffing or elicitation of password. Resistance to Password-File Compromise Attack. Resistance to Denial-of-Service Attack. Resistance to Guessing Attack. G uessing Attack stands for an adversary s attempting to guess the user s private information. Resistance to Forgery Attack. Whereby unauthorized commands are transmitted from a user to a server. Impersonation Attack. Impersonation attack stands for an adversary masquerading as a legitimate user by stealing or changing the message in a protocol. Resistance to Replay Attack. Replay Attack stands for an adversary storing a message in a previous session, then the adversary sends the message in the current session to masquerade as a legitimate user.

Resistance to Stolen-Verifier Attack. Stolen-Verifier Attack means that an adversary has a user s verifier, stolen from a server, and then impersonates the user with the stolen verifier. Stolen-Verifier Attack stands for an adversary who has stolen a user s verifier from a server. He/she can masquerade as the user, using the stolen verifier without any other attack, such as Guessing Attack. Symbol U S U id or ID X S P K u r n T s E Kpu D Kpr E Spu(M) D Spr(M) Auth Q Auth A h() Meaning denotes the user denotes the server denote the identification of the user denotes secret key of S denotes the password of U is a randomly generated key selected by U and shared with the server and stored in secure storage in a smartcard denotes a random nonce generated by U or S denotes timestamp denotes encryption with public key of S with cryptographically secure public key algorithm denotes decryption with the private key of S denotes encryption of M with the public key of S when U sends M to S denotes decryption of M with the private key of S when U s E Spu(M) decrypts denotes the bitwise XOR operation denotes concatenation denote the authentication question for the registration, forget password, and password/verifier change Phases denote the authentication answer for the registration, forget password, and password/verifier change Phases denotes a cryptographic hash function

Was selected Secure Hash -Based Password Authentication Protocol described in [1]. Selected authentication algorithm [1] consisting the following phases: Simple user registration - during registration, client and server may exchange cryptographic material by secure channel. User authentication (login to the application). Forget-Password Phase. Password Change Phase. Now we will mention registration phase and authentication phase of this algorithm. 4.1 Registration Phase User U Server S Input ID, P and generate K u PV=h(K u P) K u R1: { ID, PV } Store: IDX=E Kpu (h(id X S )) X S R2: { Auth Q } R3: E Spu (K u, P, Auth Q Auth A ) Decrypt R by S s secret key Compute PV' using K u, P in R3. Verify if PV = PV' Store: XPV=E Kpu (h(pv K u )) X S UKP=E Kpu (ID, K u, P) QAK=E Kpu (Auth Q Auth A ) R4: { h(id X S ) } Compute and Store on smart card: KP= K u P XP=h(ID X S ) P Figure 3: Registration Phase. We have two parties: User U and server S (Figure 3). In registration phase U and S exchange four messages R1, R2, R3 and R4. Furthermore, we assume that the user

U has a public key certificate of S. This session supposes using secure channel. Figure 3 shows the registration phase and the detailed steps are as follows: Step R1: U S: {ID, PV} U inputs his ID and password P, generates K u, and computes the password verifier PV=h(K u P) K u. U sends ID and PV to S as registration request. Step R2: S U: {Auth Q} S computes IDX=E Kpu(h(ID X S)) X S and stores it in S s password file. Now S generates random Auth Q and sends it to U. Step R3: U S: {R = E Spu(K u, P, Auth Q Auth A)} U inputs Auth A as an answer for the authentication question Auth Q and computes Auth Q Auth A. Next, U encrypts (K u, P, Auth Q Auth A} with Spu and sends it to S. Step R4: S U: {h(id XS)} When S receives R3, S decrypts it and computes PV using Ku and P from R. And S compares PV with the received PV in R1. If they are equal, S stores XPV=EKpu(h(PV K u)) X S, UKP=E Kpu(ID, K u, P) and AK=E Kpu(Auth Q Auth A). Now S send h(id X S) to U. U store in smartcard: KP= K u P and XP=h(ID X S) P. 4.2 Login Phase This phase uses the challenge-response method as protection from replay attack. Figure 4 shows the login phase and the detailed steps are as follows: Step L1: U S: ESpu (XP, ID, r 1 ) U enters his/her smartcard in the card reader, and inputs ID and P. Next, U generates a nonce r 1 and encrypts XP, r 1 and ID with Spu. And then U sends it to S as a login request. Step L2: S U: CA 1, r 2 When S receives L1, S decrypts it and computes G 1=h(ID X S) and G 2=D Kpr(IDX XS )=h(id X S) by decrypting IDX XS with S s private key Kpr. And S compares G 1 with G 2. If they are equal, S computes P=XP G 2 and CA 1=h(ID P) r 1, generates a nonce r 2, and sends them to U. Step L3: U S: L = h(h(pv Ku ) r 2 ) h(p V Ku ) r 2

U computes CA 2=h(ID P) r 1 and compares CA 2 with the received CA 1. If they are equal, U computes L=h(h(PV Ku) r 2) h(pv Ku) r 2, and sends L to S. When S receives L, S computes CB 1=L r 2 and computes CB 2=D Kpr(XPV X S)= h(pv Ku) and CB 3=h(CB 2 r 2) CB 2 and compares CB 3 with CB 1. If they are equal, U authenticates S. User U KP= K u PW XP=h(ID X S ) PW Server S IDX=E Kpu (h(id X S )) X S Generate random nonce r 1 L1: {E Spu (XP,ID, r 1 ) } L2: {CA 1, r 2 } D Spr (E Spu (XP,ID, r 1 ))=(XP,ID, r 1 ) Compute: G 1 =h(id X S ) G 2 =D Kpr (IDX X S )=h(id X S ) Verify: G 1 =G 2 Generate random nonce r 2 Compute: PW=XP G 2 CA 1 =h(id PW) r 1 Compute: CA 2 =h(id PW) r 1 If: CA 1 =CA 2 Network authenticated Compute: L=h(h(PV K u ) r 2 ) h(pv K u ) r 2 L3: {L} CB 1 =L r 2 CB 2 =D Kpu (XPV X S ) CB 3 =h(cb 2 r 2 ) CB 2 Verify CB 1 =CB 3 User authenticated Figure 4: Login Phase. 5 Strong authentication for mobile application As a method of strong password authentication I chose Secure Hash -Based Password Authentication Protocol [1]. This method meets the requirements set out in the section Introduction. The proposed solution creates multifactor authentication by merging AKA and [1]. Assume that the user is registered:

In terms of [1]: Mobile user U and Application function S (server) exchange four messages R1, R2, R3 and R4. In terms of AKA mechanism: User's is equipped by USIM/ISIM smart card which share secret K with Authentication Center AuC. Mobile user U KP, XP K Application function S XPV, UKP, IDX, QAK Authentication center AuC K In smartcard: KP= K u P XP=h(ID X S) P Generate random nonce r 1 X1: { ES pu(xp, ID, r 1) } AKA2: Please generate AV for A D Spr(E Spu(XP, ID, r 1) Compute: G 1=h(ID X S) G 2=D Kpr(IDX X S)=h(ID X S) Verify if G1 = G2 Compute: P = XP G 2 CA 1= h(id P) r 1 1. Generate: RAND SQN 2. Run authentication function (Fig. 2) X2: {CA 1,RAND, SQN AK,AMF, MAC-A} AKA3: AV=(RAND, RES, SQN AK,AMF, MAC-A) 1. Compute SQN using f5 (SQN AK AK=SQN) 2. Run authentication function (Fig. 2) 3. If MAC-A computed by A equal to MAC-A from AV, than B is authenticated. 4. Compute CA 2= h(id P) r 1 5. Verify if CA 1 =CA 2 6. Compute: L=h(h(PV K u) RES) h(pv K u) RES X3: { L } CB 1=L RES CB 2= D Kpu(XPV X S) CB 3=h(CB 2 RES) CB 2 Verify if CB 1 =CB 3 user is approval Figure 5: Strong authentication for mobile application. In proposed authentication Mobile user U and Application function S exchange three messages X1, X2 and X3 (Figure 5): Step X1: U S: {ES pu (XP, ID, r 1 )} This step is similar to step L1 in [1]. In additional this step ensure step AKA1 (Figure 1). Subsequently Application function S ask Authentication center AuC for

generating authentication vector AV for Mobile user U (step AKA2). Authentication center return AV (step AKA3). Step X2: S U: {CA 1, RAND, SQN AK, AMF, MAC-A} When S receives X1, S decrypts it and computes G 1=h(ID X S) and G 2=D Kpr(IDX X S)=h(ID X S). And S compares G 1 with G 2. If they are equal, S computes P=XP G 2 and CA 1=h(ID P) r 1. S does not generate a nonce r 2 [1], instead of it will use RES. Cut RES from AV from step AKA3 and save it. The rest of AV: CA 1, RAND, SQN AK, AMF, MAC-A send to U. Step X3: U S: {L} U computes by function f5 sequence number SQN; run authentication functions (Figure 2) and: If MAC-A computed by U equal to MAC-A from X2, than Application function (server) is authenticated. Generate RES and use it for subsequent computing L. U computes CA 2=h(ID P) r 1 and compares CA 2 with the received CA 1. If they are equal, U computes L=h(h(PV K u) RES) h(pv K u) RES, and sends L to S. When S receives L, S computes CB 1=L RES and computes CB 2=D Kpu(XPV X S) =h(pv Ku) and CB 3=h(CB 2 RES) CB 2 and compares CB 3 with CB 1. If they are equal, mobile user U authenticates in Application function. 6 Conclusion While AKA mechanism of 3G/4G mobile networks is used for the device authentication; the password authentication is the typical user authentication into application. Breeding both authentication methods will form strong multifactor authentication. The result is strong two-factor authentication: Equipment authentication - this itself is two-factor authentication (USIM/ISIM + PIN). This authentication is controlled by an operator. But can be used by Application Service Provider [4]. Secure Hash-Based Password Authentication Protocol. This authentication is fully under control Application Service Provider.

Practically, it is possible to see its use, e.g. in the sale of tickets e.g. for public transport. We assume that the user is still connected to the network, which follows from the principle VoLTE (Figure 6): User U AKA & Secure Password Authentication Ticket order Ticket Server S Ticket with public subscriber s identity generation Revision of ticket Ticket Public subscriber s identity verification (sending random image) Ticket verification Figure 6: Sales and revision of tickets. 1. Perform the strong authentication, as described in the previous chapter. I.e. the user and the server mutually authenticate 2. The user U order a ticket. 3. S generates a ticket with saved public identity of U. Ticket sends to U. 4. During the revision of ticket are verified: Validity of ticket (it depend of kind of ticket). Validity of ticket holder. I.e. if the ticket was purchased by the user U on his mobile equipment. From the ticket will be extracted the public identity of the holder. This public identity is sent to a random image. 5. If U receive the image, then he has a valid ticket.

References [ 1 ] Jung, Hyunhee; Kim, Hyun Sung, Edited by: Murgante, B; Gervasi, O; Iglesias, A; et al., Conference: Secure Hash-Based Password Authentication Protocol Using Smartcards, 11th International Conference on Computational Science and Its Applications (ICCSA), PT V Book Series: Lecture Notes in Computer Science Volume: 6786 Pages: 593-606, 2011 [ 2 ] 3rd Generation Partnership Project: Technical Specification Group Services and System Aspects; 3G Security; Security architecture (Release 11), 3GPP TS 33.102, version 12.2., 2014 [ 3 ] 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the MILENAGE Algorithm Set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: General (Release 11), 3GPP TS 35.205, 2014 [ 4 ] 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) (Release 12), 3GPP TS 33.220 V12.3.0, 2014

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information