The 5G-AKA Authentication Protocol Privacy

11/16/2018
by   Adrien Koutsos, et al.
0

We study the 5G-AKA authentication protocol described in the 5G mobile communication standards. This version of AKA tries to achieve a better privacy than the 3G and 4G versions through the use of asymmetric randomized encryption. Nonetheless, we show that except for the IMSI-catcher attack, all known attacks against 5G-AKA privacy still apply. Next, we modify the 5G-AKA protocol to prevent these attacks, while satisfying the cost and efficiency constraints of the 5G-AKA protocol. We then formally prove that our protocol is sigma-unlinkable. This is a new security notion, which allows for a fine-grained quantification of a protocol privacy. Our security proof is carried out in the Bana-Comon indistinguishability logic. We also prove mutual authentication as a secondary result.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
07/13/2022

On Post-Quantum Perfect Forward Secrecy in 6G

The standardized Authentication and Key Agreement protocol for 5G networ...
research
09/16/2022

PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot

Hardware supply-chain attacks are raising significant security threats t...
research
09/08/2022

Security Analysis of the EDHOC protocol

Ephemeral Diffie-Hellman Over COSE (EDHOC) aims at being a very compact ...
research
09/15/2018

On the Feasibility of Fine-Grained TLS Security Configurations in Web Browsers Based on the Requested Domain Name

Most modern web browsers today sacrifice optimal TLS security for backwa...
research
09/06/2023

Provably Unlinkable Smart Card-based Payments

The most prevalent smart card-based payment method, EMV, currently offer...
research
06/15/2020

The EMV Standard: Break, Fix, Verify

EMV is the international protocol standard for smartcard payment and is ...
research
10/15/2022

Man-in-the-OBD: A modular, protocol agnostic firewall for automotive dongles to enhance privacy and security

Third-party dongles for cars, e.g. from insurance companies, can extract...

Please sign up or login with your details

Forgot password? Click here to reset