The 3rd Generation Partnership Project (3GPP) standard is developing System Architecture Evolution (SAE)/Long Term Evolution (LTE) architecture for the next generation mobile communication system. The SAE/LTE architecture provides secure service and accesses non-3GPP such as WLAN.
3GPP provides efficient charging management, nearly universal roaming, completed subscriber management, mobility, and wide service area. WLAN provides high bandwidth and data rate, compatibility of the Internet. However, WLAN provides narrower service area, lower mobility and roaming than 3GPP. If 3GPP can access non-3GPP such as WLAN, subscribers can have both 3GPP and WLAN advantages. In 3GPP-WLAN interworking, both networks require authentication for secure communication.
To provide secure access of non-3GPP such as WLAN in the SAE/LTE architecture, Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) is used. However, EAP-AKA has several vulnerabilities such as disclosure of user identity, man-in-the-middle attack, Sequence Number (SQN) synchronization, and additional bandwidth consumption.
This thesis analyzes threats and attacks in 3GPP-WLAN interworking and proposes a new authentication and key agreement protocol based on EAP-AKA. The proposed protocol combines Elliptic Curve Diffie-Hellman (ECDH) with symmetric key cryptosystem to overcome these vulnerabilities. Moreover, our protocol provides Perfect Forward Secrecy (PFS) to guarantee stronger security, mutual authentication, and resistance to replay attack. Compared with previous protocols which use public key cryptosystem with certificates, our protocol can reduce computational overhead. Therefore, our protocol can provide secure and ecient 3GPP-WLAN interworking.