-
A Beyond-5G Authentication and Key Agreement Protocol
Authors:
Mohamed Taoufiq Damir,
Tommi Meskanen,
Sara Ramezanian,
Valtteri Niemi
Abstract:
The standardized Authentication and Key Agreement protocol for 5G networks (5G AKA) have several security and privacy vulnerabilities. In this paper, we propose a novel authentication and key agreement protocol for 5G and beyond that is compatible with the standardized 5G AKA. Our protocol has several privacy and security properties, e.g., perfect forward secrecy, resistance against linkability at…
▽ More
The standardized Authentication and Key Agreement protocol for 5G networks (5G AKA) have several security and privacy vulnerabilities. In this paper, we propose a novel authentication and key agreement protocol for 5G and beyond that is compatible with the standardized 5G AKA. Our protocol has several privacy and security properties, e.g., perfect forward secrecy, resistance against linkability attacks, and protection against malicious SNs. Moreover, both the user identity protection and the perfect forward secrecy are handled using Key Encapsulation Mechanisms (KEM), which makes our protocol adaptable to the quantum-safe setting. To analyze the performance of the proposed protocol, we use the post-quantum KEM CRYSTALS-Kyber, recently chosen to be standardized by NIST, and NIST post-quantum Round 4 candidate KEMs. The results for communication and computation costs show that utilizing our protocol is feasible in practice and sometimes outperforms the public-key cryptography used in 5G AKA, i.e., ECIES. We further prove the security of our protocol by utilizing ProVerif.
△ Less
Submitted 28 October, 2022; v1 submitted 13 July, 2022;
originally announced July 2022.
-
Multi-party Private Set Operations with an External Decider
Authors:
Sara Ramezanian,
Tommi Meskanen,
Valtteri Niemi
Abstract:
A Private Set Operation (PSO) protocol involves at least two parties with their private input sets. The goal of the protocol is for the parties to learn the output of a set operation, i.e. set intersection, on their input sets, without revealing any information about the items that are not in the output set. Commonly, the outcome of the set operation is revealed to parties and no-one else. However…
▽ More
A Private Set Operation (PSO) protocol involves at least two parties with their private input sets. The goal of the protocol is for the parties to learn the output of a set operation, i.e. set intersection, on their input sets, without revealing any information about the items that are not in the output set. Commonly, the outcome of the set operation is revealed to parties and no-one else. However, in many application areas of PSO the result of the set operation should be learned by an external participant whom does not have an input set. We call this participant the decider. In this paper, we present new variants of multi-party PSO, where there is a decider who gets the result. All parties expect the decider have a private set. Other parties neither learn this result, nor anything else about this protocol. Moreover, we present a generic solution to the problem of PSO.
△ Less
Submitted 15 March, 2021;
originally announced March 2021.
-
Defeating the Downgrade Attack on Identity Privacy in 5G
Authors:
Mohsin Khan,
Philip Ginzboorg,
Kimmo Järvinen,
Valtteri Niemi
Abstract:
3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We p…
▽ More
3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.
△ Less
Submitted 6 November, 2018;
originally announced November 2018.
-
Concealing IMSI in 5G Network Using Identity Based Encryption
Authors:
Mohsin Khan,
Valtteri Niemi
Abstract:
Subscription privacy of a user has been a historical concern with all the previous generation mobile networks, namely, GSM, UMTS,and LTE. While a little improvement have been achieved in securing the privacy of the long-term identity of a subscriber, the so called IMSI catchers are still in existence even in the LTE and advanced LTE networks. Proposals have been published to tackle this problem in…
▽ More
Subscription privacy of a user has been a historical concern with all the previous generation mobile networks, namely, GSM, UMTS,and LTE. While a little improvement have been achieved in securing the privacy of the long-term identity of a subscriber, the so called IMSI catchers are still in existence even in the LTE and advanced LTE networks. Proposals have been published to tackle this problem in 5G based on pseudonyms, and different public-key technologies. This paper looks into the problem of concealing long-term identity of a subscriber and presents a technique based on identity based encryption (IBE) to tackle it. The proposed solution can be extended to a mutual authentication and key agreement protocol between a serving network (SN) and a user equipment (UE). This mutual authentication and key agreement protocol does not need to connect with the home network (HN) on every run. A qualitative comparison of the advantages and disadvantages of different techniques show that our solution is competitive for securing the long-term identity privacy of a user in the 5G network.
△ Less
Submitted 6 August, 2017;
originally announced August 2017.
-
AES and SNOW 3G are Feasible Choices for a 5G Phone from Energy Perspective
Authors:
Mohsin Khan,
Valtteri Niemi
Abstract:
The aspirations for a 5th generation (5G) mobile network are high. It has a vision of unprecedented data-rate and extremely pervasive connectivity. To cater such aspirations in a mobile phone, many existing efficiency aspects of a mobile phone need to be reviewed. We look into the matter of required energy to encrypt and decrypt the huge amount of traffic that will leave from and enter into a 5G e…
▽ More
The aspirations for a 5th generation (5G) mobile network are high. It has a vision of unprecedented data-rate and extremely pervasive connectivity. To cater such aspirations in a mobile phone, many existing efficiency aspects of a mobile phone need to be reviewed. We look into the matter of required energy to encrypt and decrypt the huge amount of traffic that will leave from and enter into a 5G enabled mobile phone. In this paper, we present an account of the power consumption details of the efficient hardware implementations of AES and SNOW 3G. We also present an account of the power consumption details of LTE protocol stack on some cutting edge hardware platforms. Based on the aforementioned two accounts, we argue that the energy requirement for the current encryption systems AES and SNOW 3G will not impact the battery-life of a 5G enabled mobile phone by any significant proportion.
△ Less
Submitted 28 March, 2017;
originally announced March 2017.
-
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems
Authors:
Altaf Shaik,
Ravishankar Borgaonkar,
N. Asokan,
Valtteri Niemi,
Jean-Pierre Seifert
Abstract:
Mobile communication systems now constitute an essential part of life throughout the world. Fourth generation "Long Term Evolution" (LTE) mobile communication networks are being deployed. The LTE suite of specifications is considered to be significantly better than its predecessors not only in terms of functionality but also with respect to security and privacy for subscribers.
We carefully anal…
▽ More
Mobile communication systems now constitute an essential part of life throughout the world. Fourth generation "Long Term Evolution" (LTE) mobile communication networks are being deployed. The LTE suite of specifications is considered to be significantly better than its predecessors not only in terms of functionality but also with respect to security and privacy for subscribers.
We carefully analyzed LTE access network protocol specifications and uncovered several vulnerabilities. Using commercial LTE mobile devices in real LTE networks, we demonstrate inexpensive, and practical attacks exploiting these vulnerabilities. Our first class of attacks consists of three different ways of making an LTE device leak its location: A semi-passive attacker can locate an LTE device within a 2 sq.km area within a city whereas an active attacker can precisely locate an LTE device using GPS co-ordinates or trilateration via cell-tower signal strength information. Our second class of attacks can persistently deny some or all services to a target LTE device. To the best of our knowledge, our work constitutes the first publicly reported practical attacks against LTE access network protocols.
We present several countermeasures to resist our specific attacks. We also discuss possible trade-offs that may explain why these vulnerabilities exist and recommend that safety margins introduced into future specifications to address such trade-offs should incorporate greater agility to accommodate subsequent changes in the trade-off equilibrium.
△ Less
Submitted 7 August, 2017; v1 submitted 26 October, 2015;
originally announced October 2015.
