Abstract:
In this paper, we propose a privacy-enhanced LTE authentication and key agreement scheme, W-AKA. The scheme promises to improve privacy by employing a dynamic identity instead of the static IMSI. In order to exchange the IMSI and inform the user of the new randomized identity, we propose two methods. The first method uses a Wi-Fi secured side channel since Wi-Fi hotspots are becoming ubiquitous. The other method is incorporated as part of the mobile AKA. We also present a simple method through which a random temporary identity is generated. We studied the conditions where W-AKA outperforms the original AKA and where it underperforms. Our analysis shows that in the presence of Wi-Fi, and unless an attacker jams the Wi-Fi channel, W-AKA can sustain both active and passive attacks. On the other hand, in the absence of Wi-Fi, it can only mitigate risks of passive attacks. The difficulties and challenges of the proposed work are also analyzed. The scheme was implemented and compared with previously-published techniques in order to study the computational overhead to accomplish enhanced privacy. © 2013 IEEE.