New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols-Reference-Cited by-同舟云学术

New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols

Published:2019-07-01 Issue:3 Volume:2019 Page:108-127
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Borgaonkar Ravishankar¹,Hirschi Lucca²,Park Shinjo³,Shaik Altaf⁴

Affiliation:

1. SINTEF Digital , Norway .

2. Inria & LORIA , France .

3. Technische Universität Berlin , Germany .

4. Technische Universität , Berlin , Germany .

Abstract

Abstract Mobile communications are used by more than two-thirds of the world population who expect security and privacy guarantees. The 3rd Generation Partnership Project (3GPP) responsible for the worldwide standardization of mobile communication has designed and mandated the use of the AKA protocol to protect the subscribers’ mobile services. Even though privacy was a requirement, numerous subscriber location attacks have been demonstrated against AKA, some of which have been fixed or mitigated in the enhanced AKA protocol designed for 5G. In this paper, we reveal a new privacy attack against all variants of the AKA protocol, including 5G AKA, that breaches subscriber privacy more severely than known location privacy attacks do. Our attack exploits a new logical vulnerability we uncovered that would require dedicated fixes. We demonstrate the practical feasibility of our attack using low cost and widely available setups. Finally we conduct a security analysis of the vulnerability and discuss countermeasures to remedy our attack.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2019-0039

Reference54 articles.

1. [1] Tamarin tool code.

2. [2] 3GPP. 3G Security; Formal Analysis of the 3G Authentication Protocol. TS 33.902, (3GPP).

3. [3] 3GPP. 3G security; Security architecture. TS 33.102, (3GPP).

4. [4] 3GPP. 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 2: Algorithm specification. Technical Specification (TS) 35.206, (3GPP).

5. [5] 3GPP. 3GPP System Architecture Evolution (SAE); Security architecture. TR 33.401, (3GPP).

Cited by 77 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. IoT cybersecurity in 5G and beyond: a systematic literature review;International Journal of Information Security;2024-05-28

2. Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging Services;Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks;2024-05-27

3. Security Threats, Requirements and Recommendations on Creating 5G Network Slicing System: A Survey;Electronics;2024-05-10

4. Implementing of 5G Authentication and Key Agreement Protocol: Practical Security Measures;2024 21st International Multi-Conference on Systems, Signals & Devices (SSD);2024-04-22

5. A formal security analysis of the fast authentication procedure based on the security context in 5G networks;Soft Computing;2024-01-10