• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.351-355
• /
• 2003

본 논문에서는 3GPP-WLAN 연동 보안에 필수인 EAP-AKA를 기반으로 한 인증/재인증의 개요와 인증 진행 부분에서 협상되는 마스터 세션 키 생성과 EAP AKA 패킷을 보호하기 위해 사용되는 키 생성에 관하여 설명하고, EAP-AKA 과정에서 생성되는 키의 안전성을 분석하고, EAP-AKA를 사용하는 3GPP-WLAN 연동의 효율성 및 고려사항에 대하여 고찰하였다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.5
• /
• pp.168-177
• /
• 2009

This paper proposes the EAP-AKA scheme without UICC for extending its usage to existing WLAN/WiBro devices. To apply the current EAP-AKA scheme, the WLAN/WiBro devices require an external Universal Integrated Circuit Card (UICC) reader. If they don't use UICC due to cost overhead and architectural problem of device, the EAP-AKA scheme loses its own advantages in security and portability aspects. The proposed scheme uses the DH key algorithm and a password for non-UICC devices instead of using the long-term key stored in UICC. The main contribution is to maintain the security and portability of the EAP-AKA while being applied to non-3GPP network devices not equipped with UICC. Furthermore, it does not require major modifications of authentication architecture in 3GPP.

• Journal of Korea Multimedia Society
• /
• v.13 no.11
• /
• pp.1687-1697
• /
• 2010

The USIM-based AKA authentication process is essential to a mobile payment system on smart phone environment. In this paper a payment protocol and an AKA module are designed for mobile payment system which is suitable for openness smart phone environment. The payment protocol designs the cross authentication among components of the mobile payment system to improve the reliability of the components. The AKA module of mobile payment system based on 3GPP-AKA protocol prevents the exposure of IMSI by creating the SSK(Shared Secure Key) through advance registration and solves the SQN(SeQuence Number) synchronization problem by using timestamp. Also, by using the SSK instead of authentication vector between SN and authentication center, the existing bandwidth $(688{\times}N){\times}R$ bit between them is reduced to $320{\times}R$ bit or $368{\times}R$ bit. It creates CK and IK which are message encryption key by using OT-SSK(One-Time SSK) between MS and SN. In addition, creating the new OT-SSK whenever MS is connected to SN, it prevents the data replay attack.

• Journal of Korean Physical Therapy Science
• /
• v.2 no.2
• /
• pp.545-562
• /
• 1995

The purpose of this paper was to provide the understanding of theory, technique, clinical use about arthro kinematic approach. Difference between AKA and Joint mobilization was seen through Table 1, and the relation between AKA and Athro kinematics was seen through Table 2. Examples of AKA techniques were as follow ; 1. Cervical intervertebral joint, left $C_{2/3}$ 2. Thoracic intervertebral joint, left $T_{5/6}$ 3. Sacroiliac joint, left (1) Nutation-upward gliding (2) Nutation-downward gliding (3) Superior distraction (4) Inferior distraction 4. 1st. costovertebral joint, left 5. 2nd. sternocostal joint, left 6. AKA-streching exercise 7. AKA - resistive exercise Symptoms, diagnosis, treatment were discribed for clinical use, and they were expected further that clinical application of AKA might clarify many of joint dysfunction.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.87-101
• /
• 2017

As people increasingly rely on mobile networks in modern society, mobile communication security is becoming more and more important. In the Long Term Evolution/System Architecture Evolution (LTE/SAE) architecture, the 3rd Generation Partnership (3GPP) team has also developed the improved Evolved Packet System Authentication and Key Agreement (EPS AKA) protocol based on the 3rd Generation Authentication and Key Agreement (3G AKA) protocol in order to provide mutual authentication and secure communication between the user and the network. Unfortunately, the EPS AKA also has several vulnerabilities such as sending the International Mobile Subscriber Identity (IMSI) in plain text (which leads to disclosure of user identity and further causes location and tracing of the user, Mobility Management Entity (MME) attack), man-in-middle attack, etc. Hence, in this paper, we analyze the EPS AKA protocol and point out its deficiencies and then propose an Efficient and Security Enhanced Authentication and Key agreement (ESE-EPS AKA) protocol based on hybrid of Dynamic Pseudonym Mechanism (DPM) and Public Key Infrastructure (PKI) retaining the original framework and the infrastructure of the LTE network. Then, our evaluation proves that the proposed new ESE-EPS AKA protocol is relatively more efficient, secure and satisfies some of the security requirements such as confidentiality, integrity and authentication.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.7
• /
• pp.3747-3765
• /
• 2017

Existing authentication mechanisms in cellular mobile communication networks are realized in the upper layer by employing cryptographic techniques. Authentication data are broadcasted over the air in plaintext, enabling attackers to completely eavesdrop on the authentication and get some information about the shared secret key between legitimate nodes. Therefore, reusing the same secret key to authenticate several times results in the secret key's information leakage and high attacking rate. In this paper, we consider the most representative authentication mechanism, Authentication and Key Agreement (AKA), in cellular communication networks and propose an enhanced AKA scheme based on Physical Layer Authentication (AKA-PLA). Authentication responses generated by AKA are no longer transmitted in plaintext but masked by wireless channel characteristics, which are not available to adversaries, to generate physical layer authentication responses by a fault-tolerant hash method. The authenticator sets the threshold according to the authentication requirement and channel condition, further verifies the identity of the requester based on the matching result of the physical layer authentication responses. The performance analyses show that the proposed scheme can achieve lower false alarm rate and missing rate, which are a pair of contradictions, than traditional AKA. Besides, it is well compatible with AKA.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.501-505
• /
• 2006

다양하게 제공되고 있는 무선 네트워크 서비스를 통합하기 위한 보안 연동 기술 개발이 활발히 이루어지고 있다. 통합 보안 연동 기술을 위해 IETF에서 EAP-AKA(Extensible Authentication Protocol-Authentication and Key Agreement)[8]가 표준으로 제안되었지만 HN(Home Network)이 MS(Mobile Station)를 직접 인증하지 못하고 사용자의 permanent identity가 노출되는 등 여러 보안상의 문제점이 제기되고 있다. 또한 SN(Serving Network)이 필요로 하는 저장 공간이 너무 많고 SN과 HN 사이의 대역폭 낭비, 동기화 문제 등 효율성에 있어서도 문제점이 제기되고 있다. 이 논문에서는 개선한 AKA(Authentication and Key Agreement)[12] 프로토콜을 PEAP(Protected EAP)에 적용하여 기존 EAP-AKA보다 안전하고 효율적인 티켓기반의 프로토콜을 제안한다. 제안하는 프로토콜은 HN과 MS 간의 상호 인증을 보장하고 사용자의 permanent identity를 보호하여 안전하고, 계산량과 저장 공간에 있어 기존의 EAP-AKA보다 효율적이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.81-90
• /
• 2007

In the UMTS (Universal Mobile Telecommunication System), which is one of 3G mobile communication standards, the protocol called UMTS AKA (Authentication and Key Agreement) is used to authenticate mobile stations. However, the UMTS AKA protocol has some weakness, including network bandwidth consumption between a SN (Serving Network) and a HN (Home Network) and SQN (SeQuence Number) synchronization. In this paper, we propose a new improved protocol for UMTS that overcomes UMTS AKA weakness. Our protocol solves the privacy problem caused by IMSI (International Mobile Subscriber Identity)'s disclosure and provides perfect forward secrecy using ECDH (Elliptic Curve Diffie Hellman).

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4C
• /
• pp.441-450
• /
• 2006

WiBro(Portable Internet Service) is service being capable to provide a high data rate wireless internet access with Personal Subscriber Station under the stationary or mobile environment, anytime and any where. It will fill the gap between very high data rate wireless local area networks and very high mobility cellular systems. The security is an important point of WiBro providing high data and mobile wireless services. This paper proposes user authentication mechanism of WiBro wireless networks applied EAP-AKA authentication protocol. As a result of Wireless authentication based on EAP-AKA, this mechanism is capable to be used in WiBro-WLAN-3GPP interworking scenario as well as the WiBro authentication mechanism.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1210-1213
• /
• 2007

WiBro는 무선랜과 3G 이동통신의 장점을 결합한 휴대 인터넷 기술로 최근 국내에서 상용화 되었다. WiBro의 장점인 이동성과 고속 무선 통신에 기인하여, 향후 지속적인 발전이 기대된다. 이러한 WiBro의 확산에 따라 개인 사용자에 대한 보안문제가 최근 크게 부각되고 있다. 현재 Wibro는 3G 이동통신 및 무선랜과 효율적인 연동을 위해 EAP-AKA 인증기법을 사용하고 있다. 하지만 EAP-AKA는 단말이 기지국을 인증하지 못하는 치명적인 취약점이 있다. 따라서 공격자는 임의로 rogue BS를 설치할 수 있고, 정상 사용자의 데이터를 이종 네트워크로 보내는 Redirection Attack을 시도할 수 있다. Redirection Attack은 전송 속도 저하, Denial-of-Service (DoS) 을 초래하며, 데이터가 redirection 되는 이종 네트워크에 따라 암호화된 데이터가 노출될 수 있다. 본 논문에서는 EAP-AKA와 Redirection Attack에 대해 분석하고, 그 해결책을 제시한다. 논문은 1) 프로토콜을 일부 수정하여 공격을 막는 방법과 2) traffic 분석을 통한 공격 탐지 방식을 다루고 있으며, 이러한 두 가지 방법을 통해 Redirection Attack에 대한 취약점을 근본적으로 제거할 수 있다.