3G-WLAN interworking: security analysis and new authentication and key agreement based on EAP-AKA

The 3rd Generation Partnership Project(3GPP) standard is developing System Architecture Evolution(SAE)/Long Term Evolution(LTE) architecture for the next generation mobile communication system. The SAE/LTE architecture provides secure service and 3G-WLAN interworking [9]. To provide secure 3G-WLAN interworking in the SAE/LTE architecture, Extensible Authentication Protocol-Authentication and Key Agreement(EAP-AKA) is used. However, EAP-AKA has several vulnerabilities such as disclosure of user identity, man-in-the-middle attack, Sequence Number(SQN) synchronization, and additional bandwidth consumption. Therefore, this paper analyzes threats and attacks in 3G-WLAN interworking and proposes a new authentication and key agreement protocol based on EAPAKA. The proposed protocol combines Elliptic Curve Diffie-Hellman(ECDH) with symmetric key cryptosystem to overcome these vulnerabilities. Moreover, our protocol provides Perfect Forward Secrecy(PFS) to guarantee stronger security, mutual authentication, and resistance to replay attack. Compared with previous protocols which use public key cryptosystem with certificates, our protocol can reduce computational overhead.