research-article

A Formal Analysis of 5G Authentication

Authors:

Saša Radomirovic,

Ralf Sasse, and

Vincent StettlerAuthors Info & Claims

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

October 2018

Pages 1383 - 1396

https://doi.org/10.1145/3243734.3243846

Published: 15 October 2018 Publication History

Abstract

Mobile communication networks connect much of the world's population. The security of users' calls, SMSs, and mobile data depends on the guarantees provided by the Authenticated Key Exchange protocols used. For the next-generation network (5G), the 3GPP group has standardized the 5G AKA protocol for this purpose. We provide the first comprehensive formal model of a protocol from the AKA family: 5G AKA. We also extract precise requirements from the 3GPP standards defining 5G and we identify missing security goals. Using the security protocol verification tool Tamarin, we conduct a full, systematic, security evaluation of the model with respect to the 5G security goals. Our automated analysis identifies the minimal security assumptions required for each security goal and we find that some critical security goals are not met, except under additional assumptions missing from the standard. Finally, we make explicit recommendations with provably secure fixes for the attacks and weaknesses we found.

Supplementary Material

MP4 File (p1383-hirschi.mp4)

Download
488.90 MB

References

[1]

3GPP. 2001. 3G Security: Formal Analysis of the 3G Authentication Protocol. TS 33.902, v4.0.0.

[2]

3GPP. 2018. Security architecture and procedures for 5G system. TS 33.501, v15.1.0.

[3]

Myrto Arapinis, Loretta Mancini, Eike Ritter, Mark Ryan, Nico Golde, Kevin Redon, and Ravishankar Borgaonkar. 2012. New privacy issues in mobile telephony: fix and verification. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 205--216.

Digital Library

[4]

David Basin, Cas Cremers, and Simon Meier. 2013. Provably repairing the ISO/IEC 9798 standard for entity authentication. Journal of Computer Security, Vol. 21, 6 (2013), 817--846.

Digital Library

[5]

David Basin, Cas Cremers, Kunihiko Miyazaki, Savsa Radomirović, and Dai Watanabe. 2015a. Improving the security of cryptographic protocol standards. IEEE Security & Privacy, Vol. 13, 3 (2015), 24--31.

Digital Library

[6]

David Basin, Jannik Dreier, Lucca Hirschi, Savs a Radomirović, Ralf Sasse, and Vincent Stettler. 2018a. A Formal Analysis of 5G Authentication. arXiv preprint arXiv:1806.10360 (2018).

[7]

David Basin, Jannik Dreier, Lucca Hirschi, Savsa Radomirović, Ralf Sasse, and Vincent Stettler. 2018b. Tamarin models, proofs and instructions for reproducibility. https://github.com/tamarin-prover/tamarin-prover/tree/develop/examples/ccs18--5G. Accessed: 2018-08--10.

[8]

David Basin, Jannik Dreier, and Ralf Sasse. 2015b. Automated symbolic proofs of observational equivalence. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM.

Digital Library

[9]

Karthikeyan Bhargavan, Bruno Blanchet, and Nadim Kobeissi. 2017. Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate. In 2017 IEEE Symposium on Security and Privacy (SP). 483--502.

[10]

Bruno Blanchet. 2016. Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif. Foundations and Trends in Privacy and Security, Vol. 1, 1--2 (Oct. 2016), 1--135.

Digital Library

[11]

Ravishankar Borgaonkar, Lucca Hirshi, Shinjo Park, Altaf Shaik, Andrew Martin, and Jean-Pierre Seifert. 2017. New Adventures in Spying 3G & 4G Users: Locate, Track, Monitor. https://www.blackhat.com/us-17/briefings.html#new-adventures-in-spying-3g-and-4g-users-locate-track-and-monitor Briefing at BlackHat USA 2017.

[12]

Colin Boyd and Wenbo Mao. 1993. On a limitation of BAN logic. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 240--247.

Digital Library

[13]

Vincent Cheval, Steve Kremer, and Itsaka Rakotonirina. 2018. DEEPSEC: Deciding Equivalence Properties in Security Protocols - Theory and Practice. In Proceedings of the 39th IEEE Symposium on Security and Privacy (S&P'18). IEEE Computer Society Press, San Francisco, CA, USA, 529--546.

[14]

Katriel Cohn-Gordon, Cas Cremers, and Luke Garratt. 2016. On post-compromise security. In Computer Security Foundations Symposium (CSF), 2016 IEEE 29th. IEEE, 164--178.

[15]

Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. 2017. A Comprehensive Symbolic Analysis of TLS 1.3. In ACM CCS 2017: Proceedings of the 24th ACM Conference on Computer and Communications Security, Dallas, USA, 2017. 1773--1788.

Digital Library

[16]

Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. 2017. A Comprehensive Symbolic Analysis of TLS 1.3. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 1773--1788.

Digital Library

[17]

Cas Cremers, Marko Horvat, Sam Scott, and Thyla van der Merwe. 2016. Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication. In IEEE Symposium on Security and Privacy .

[18]

Martin Dehnel-Wild and Cas Cremers. 2018. Authentication vulnerability in the most recent 5G AKA drafts (February 2018). http://www.cs.ox.ac.uk/people/cas.cremers/tamarin/5G/.

[19]

Danny Dolev and Andrew C. Yao. 1981. On the security of public key protocols. Information Theory, IEEE Transactions on, Vol. 29, 2 (March 1981), 198--208.

Digital Library

[20]

Jannik Dreier, Lucca Hirschi, Savsa Radomirović, and Ralf Sasse. 2018. Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR. In 31st IEEE Computer Security Foundations Symposium, CSF 2018, Oxford, United Kingdom, July 9--12, 2018. IEEE Computer Society, 359--373.

[21]

Pierre-Alain Fouque, Cristina Onete, and Benjamin Richard. 2016. Achieving better privacy for the 3GPP AKA protocol. Proceedings on Privacy Enhancing Technologies, Vol. 2016, 4 (2016), 255--275.

[22]

Nico Golde, Kévin Redon, and Jean-Pierre Seifert. 2013. Let Me Answer That for You: Exploiting Broadcast Information in Cellular Networks. In 22Nd USENIX Conference on Security. USENIX Association.

Digital Library

[23]

GSMA. 2017. Global Mobile Trends 2017. https://www.gsma.com/globalmobiletrends/. Accessed: 2018-05-06.

[24]

Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, and Elisa Bertino. 2018. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE. In Network and Distributed Systems Security (NDSS) Symposium 2018 .

[25]

Nadim Kobeissi, Karthikeyan Bhargavan, and Bruno Blanchet. 2017. Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach. In IEEE European Symposium on Security and Privacy (EuroS&P) .

[26]

Robert Künnemann and Graham Steel. 2013. YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM. In Security and Trust Management, Audun Jøsang, Pierangela Samarati, and Marinella Petrocchi (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 257--272.

[27]

Gavin Lowe. 1997. A Hierarchy of Authentication Specifications. In 10th Computer Security Foundations Workshop. IEEE Computer Society Press.

Digital Library

[28]

Simon Meier. 2013. Advancing automated security protocol verification. Ph.D. Dissertation. ETH Zurich.

[29]

Simon Meier, Benedikt Schmidt, Cas J. F. Cremers, and David Basin. 2013. The TAMARIN Prover for the Symbolic Analysis of Security Protocols. In CAV (LNCS), Vol. 8044. Springer, 696--701.

[30]

Piers O'Hanlon, Ravishankar Borgaonkar, and Lucca Hirschi. 2017. Mobile subscriber WiFi Privacy. In 2017 IEEE Security and Privacy Workshops, SP Workshops 2017, San Jose, CA, USA, May 25, 2017. 169--178.

[31]

David Rupprecht, Adrian Dabrowski, Thorsten Holz, Edgar Weippl, and Christina Pöpper. 2018. On Security Research towards Future Mobile Network Generations. IEEE Communications Surveys & Tutorials (2018).

[32]

Benedikt Schmidt, Simon Meier, Cas Cremers, and David Basin. 2012. Automated analysis of Diffie-Hellman protocols and advanced security properties. In Computer Security Foundations Symposium (CSF). IEEE, 78--94.

Digital Library

[33]

Benedikt Schmidt, Ralf Sasse, Cas Cremers, and David Basin. 2014. Automated Verification of Group Key Agreement Protocols. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP '14). IEEE Computer Society, Washington, DC, USA, 179--194.

Digital Library

[34]

Altaf Shaik, Jean-Pierre Seifert, Ravishankar Borgaonkar, N. Asokan, and Valtteri Niemi. 2016. Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems. In 23nd Annual Network and Distributed System Security Symposium, NDSS.

[35]

Fabian van den Broek, Roel Verdult, and Joeri de Ruiter. 2015. Defeating IMSI Catchers. Proceedings of the 2015 ACM Conference on Computer and Communications Security - CCS '15 (2015).

Digital Library

Cited By

Paci AChiacchia MBianchi G(2024)5GMap: User-Driven Audit of Access Security Configurations in Cellular Networks2024 19th Wireless On-Demand Network Systems and Services Conference (WONS)10.23919/WONS60642.2024.10449586(97-104)Online publication date: 29-Jan-2024
https://doi.org/10.23919/WONS60642.2024.10449586
Thorn SEnglish KButler KEnck WKim YKim JKoushanfar FRasmussen K(2024)5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network FunctionsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656134(66-77)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656134
Yang YZhang YWan TWang CDuan HChen JLi YKim YKim JKoushanfar FRasmussen K(2024)Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging ServicesProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656131(265-276)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656131
Show More Cited By

Index Terms

A Formal Analysis of 5G Authentication
1. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models
    2. Logic and verification
  2. Network security
    1. Mobile and wireless security

Recommendations

A comprehensive formal analysis of 5G handover
WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

5G has been under standardization for over a decade and will drive the world's mobile technologies in the decades to come. One of the cornerstones of the 5G standard is its security, also for devices that move frequently between networks, such as ...
Read More
Authentication for paranoids: multi-party secret handshakes
ACNS'06: Proceedings of the 4th international conference on Applied Cryptography and Network Security

In a society increasingly concerned with the steady assault on electronic privacy, the need for privacy-preserving techniques is both natural and justified. This need extends to traditional security tools such as authentication and key distribution ...
Read More
A Multi-Party Contract Signing Protocol and its Formal Analysis in Strand Space Model
ETCS '09: Proceedings of the 2009 First International Workshop on Education Technology and Computer Science - Volume 03

Difficulties in designing multi-party contract signing (MPCS) protocols include providing concise and efficient protocols and at the same time keeping the protocols fair and abuse-free. This paper proposed an optimistic MPCS protocol. The number of ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

October 2018

2359 pages

ISBN:9781450356930

DOI:10.1145/3243734

General Chairs:
David Lie
University of Toronto
,
Mohammad Mannan
Concordia University
,
Program Chairs:
Michael Backes
CISPA Helmholtz Center i.G.
,
XiaoFeng Wang
Indiana University

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

EUs Horizon 2020 research and innovation program

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

226
Total Citations
View Citations
3,060
Total Downloads

Downloads (Last 12 months)419
Downloads (Last 6 weeks)36

Other Metrics

View Author Metrics

Citations

Cited By

Paci AChiacchia MBianchi G(2024)5GMap: User-Driven Audit of Access Security Configurations in Cellular Networks2024 19th Wireless On-Demand Network Systems and Services Conference (WONS)10.23919/WONS60642.2024.10449586(97-104)Online publication date: 29-Jan-2024
https://doi.org/10.23919/WONS60642.2024.10449586
Thorn SEnglish KButler KEnck WKim YKim JKoushanfar FRasmussen K(2024)5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network FunctionsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656134(66-77)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656134
Yang YZhang YWan TWang CDuan HChen JLi YKim YKim JKoushanfar FRasmussen K(2024)Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging ServicesProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656131(265-276)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656131
Pacherkar HYan GKim YKim JKoushanfar FRasmussen K(2024)PROV5GC: Hardening 5G Core Network Security with Attack Detection and Attribution Based on Provenance GraphsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656129(254-264)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656129
English KBennett NThorn SButler KEnck WTraynor PVilela JSchulmann HLi N(2024)Examining Cryptography and Randomness Failures in Open-Source Cellular CoresProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653259(43-54)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653259
Ma RCao JHe SZhang YNiu BLi H(2024)A UAV-Assisted UE Access Authentication Scheme for 5G/6G NetworkIEEE Transactions on Network and Service Management10.1109/TNSM.2023.334182921:2(2426-2444)Online publication date: Apr-2024
https://doi.org/10.1109/TNSM.2023.3341829
Ge YZhu Q(2024)GAZETA: GAme-Theoretic ZEro-Trust Authentication for Defense Against Lateral Movement in 5G IoT NetworksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332697519(540-554)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3326975
Joudah RManaa M(2024)Implementing of 5G Authentication and Key Agreement Protocol: Practical Security Measures2024 21st International Multi-Conference on Systems, Signals & Devices (SSD)10.1109/SSD61670.2024.10549167(735-744)Online publication date: 22-Apr-2024
https://doi.org/10.1109/SSD61670.2024.10549167
Liu YSu ZPeng HXiang YWang WLi R(2024)Zero Trust-Based Mobile Network Security ArchitectureIEEE Wireless Communications10.1109/MWC.001.230037531:2(82-88)Online publication date: Apr-2024
https://doi.org/10.1109/MWC.001.2300375
Jeon YPack S(2024)Hierarchical Network Data Analytics Framework for 6G Network Automation: Design and ImplementationIEEE Internet Computing10.1109/MIC.2024.336993928:2(38-46)Online publication date: Mar-2024
https://doi.org/10.1109/MIC.2024.3369939
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents