DeepAI AI Chat
Log In Sign Up

Attacks Against Security Context in 5G Network

by   Zhiwei Cui, et al.
Beijing University of Posts and Telecommunications
China Mobile Hong Kong Company Limited

The security context used in 5G authentication is generated during the Authentication and Key Agreement (AKA) procedure and stored in both the user equipment (UE) and the network sides for the subsequent fast registration procedure. Given its importance, it is imperative to formally analyze the security mechanism of the security context. The security context in the UE can be stored in the Universal Subscriber Identity Module (USIM) card or in the baseband chip. In this work, we present a comprehensive and formal verification of the fast registration procedure based on the security context under the two scenarios in ProVerif. Our analysis identifies two vulnerabilities, including one that has not been reported before. Specifically, the security context stored in the USIM card can be read illegally, and the validity checking mechanism of the security context in the baseband chip can be bypassed. Moreover, these vulnerabilities also apply to 4G networks. As a consequence, an attacker can exploit these vulnerabilities to register to the network with the victim's identity and then launch other attacks, including one-tap authentication bypass leading to privacy disclosure, location spoofing, etc. To ensure that these attacks are indeed realizable in practice, we have responsibly confirmed them through experimentation in three operators. Our analysis reveals that these vulnerabilities stem from design flaws of the standard and unsafe practices by operators. We finally propose several potential countermeasures to prevent these attacks. We have reported our findings to the GSMA and received a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.


page 9

page 11

page 12

page 13

page 14


A Console GRID LA Console GRID Leveraged Authentication and Key Agreement Mechanism for LTE/SAE

The growing popularity of multimedia applications, pervasive connectivit...

Image Based Password Authentication System

Preservation of information and computer security is broadly dependent o...

InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis

The recent Spectre attacks has demonstrated the fundamental insecurity o...

Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks

As a fundamental communicative service, email is playing an important ro...

System-on-Chip Security Assertions

Assertions are widely used for functional validation as well as coverage...

Security and Protocol Exploit Analysis of the 5G Specifications

The Third Generation Partnership Project (3GPP) released its first 5G se...

Discovering ePassport Vulnerabilities using Bisimilarity

We uncover privacy vulnerabilities in the ICAO 9303 standard implemented...