5G-AKA-FS: A 5G Authentication and Key Agreement Protocol for Forward Secrecy-Reference-Cited by-同舟云学术

5G-AKA-FS: A 5G Authentication and Key Agreement Protocol for Forward Secrecy

Published:2023-12-27 Issue:1 Volume:24 Page:159
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

You Ilsun¹^ORCID,Kim Gunwoo¹^ORCID,Shin Seonghan²^ORCID,Kwon Hoseok¹^ORCID,Kim Jongkil³^ORCID,Baek Joonsang⁴^ORCID

Affiliation:

1. Department of Financial Information Security, Kookmin University, Seoul-si 02707, Republic of Korea

2. Cyber Physical Security Research Center, National Institute of Advanced Industrial Science and Technology (AIST), Tokyo 135-0064, Japan

3. Department of Cyber Security, Ewha Womans University, Seoul-si 03760, Republic of Korea

4. School of Computing and Information Technology, University of Wollongong, Northfields Avenue, Wollongong, NSW 2522, Australia

Abstract

5G acts as a highway enabling innovative digital transformation and the Fourth Industrial Revolution in our lives. It is undeniable that the success of such a paradigm shift hinges on robust security measures. Foremost among these is primary authentication, the initial step in securing access to 5G network environments. For the 5G primary authentication, two protocols, namely 5G Authentication and Key Agreement (5G-AKA) and Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA′), were proposed and standardized, where the former is for 3GPP devices, and the latter is for non-3GPP devices. Recent scrutiny has unveiled vulnerabilities in the 5G-AKA protocol, exposing it to security breaches, including linkability attacks. Moreover, mobile communication technologies are dramatically evolving while 3GPP has standardized Authentication and Key Management for Applications (AKMA) to reuse the credentials, generated during primary authentication, for 5G network applications. That makes it so significant for 5G-AKA to be improved to support forward secrecy as well as address security attacks. In response, several protocols have been proposed to mitigate these security challenges. In particular, they tried to strengthen security by reusing secret keys negotiated through the Elliptic Curve Integrated Encryption Scheme (ECIES) and countering linkability attacks. However, they still have encountered limitations in completing forward secrecy. Motivated by this, we propose an augmentation to 5G-AKA to achieve forward security and thwart linkability attacks (called 5G-AKA-FS). In 5G-AKA-FS, the home network (HN), instead of using its static ECIES key pair, generates a new ephemeral key pair to facilitate robust session key negotiation, truly realizing forward security. In order to thoroughly and precisely prove that 5G-AKA-FS is secure, formal security verification is performed by applying both BAN Logic and ProVerif. As a result, it is demonstrated that 5G-AKA-FS is valid. Besides, our performance comparison highlights that the communication and computation overheads are intrinsic to 5G-AKA-FS. This comprehensive analysis showcases how the protocol effectively balances between security and efficiency.

Funder

Institute of Information & Communications Technology Planning & Evaluation

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/24/1/159/pdf

Reference29 articles.

1. (2023, December 10). European 5G Performance Trails its International Peers. Available online: https://www.gsma.com/membership/resources/european-5g-performance-trails-its-international-peers/.

2. 5G is real: Evaluating the compliance of the 3GPP 5G new radio system with the ITU IMT-2020 requirements;Henry;IEEE Access,2020

3. 3GPP (2023, December 10). Security Architecture and Procedures for 5G System TS33.501 v18.2.0. Technical Report, The 3rd Generation Partnership Project. Available online: https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3169.

4. 3GPP (2023, December 10). 3GPP System Architecture Evolution (SAE)—Security Architecture (Release 17) TS33.401 V17.4.0. Technical Report, The 3rd Generation Partnership Project. Available online: https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2296.

5. Arkko, J., Lehtovirta, V., and Eronen, P. (2023, December 10). Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA′). Technical Report. Available online: https://www.rfc-editor.org/info/rfc5448.