Security Analysis of Handover Key Management in 4G LTE/SAE Networks

Chan-Kyu Han, Hyoung-Kee Choi
2014 IEEE Transactions on Mobile Computing  
The goal of 3GPP Long Term Evolution/System Architecture Evolution (LTE/SAE) is to move mobile cellular wireless technology into its fourth generation. One of the unique challenges of fourth-generation technology is how to close a security gap through which a single compromised or malicious device can jeopardize an entire mobile network because of the open nature of these networks. To meet this challenge, handover key management in the 3GPP LTE/SAE has been designed to revoke any compromised
more » ... any compromised key(s) and as a consequence isolate corrupted network devices. This paper, however, identifies and details the vulnerability of this handover key management to what are called desynchronization attacks; such attacks jeopardize secure communication between users and mobile networks. Although periodic updates of the root key are an integral part of handover key management, our work here emphasizes how essential these updates are to minimizing the effect of desynchronization attacks that, as of now, cannot be effectively prevented. Our main contribution, however, is to explore how network operators can determine for themselves an optimal interval for updates that minimizes the signaling load they impose while protecting the security of user traffic. Our analytical and simulation studies demonstrate the impact of the key update interval on such performance criteria as network topology and user mobility. Index terms -Authentication and key agreement, evolved packet system, handover key management, long-term evolution security, mobile networks, system architecture evolution 1 Corresponding author Entering MME area Desynchronization attack Key update Leaving MME area τ1 τ2 τ3 τ4 time Key exposure time 1 (tu) Key exposure time 2 (tr) Intra-MME handover MME residence time distribution (tR) Key update distribution (tU) Fig. 4. Timing diagram of vulnerable period regarding MME residence time and key update time. 3
doi:10.1109/tmc.2012.242 fatcat:shxzdlzxqfderpfcks63xxw7a4