AKMA+: Security and Privacy-Enhanced and Standard-Compatible AKMA for 5G Communication

OPEN ACCESS

Downloads

Full text (published version) (PDF, 949.37 KB)

Author / Producer

Yang, Yang Yang, Guomin Li, Yingjiu

Date

2025-09-08

Publication Type

Conference Paper

ETH Bibliography

yes

Citations

Altmetric
OPEN ACCESS

Downloads

Full text (published version) (PDF, 949.37 KB)

Data

Rights / License

In Copyright - Non-Commercial Use Permitted north_east

Abstract

The Authentication and Key Management for Applications (AKMA) protocol is a fundamental building block for security and privacy of 5G cellular networks. Therefore, it is critical that the protocol is free of vulnerabilities that can be exploited by attackers. Unfortunately, based on a detailed analysis of AKMA, we show that AKMA has several vulnerabilities that may lead to security and privacy breaches. We define AKMA+, an enhanced protocol for 5G communication that protects against security and privacy breaches while maintaining compatibility with existing standards. AKMA+ includes countermeasures for protecting communication between the user equipment (UE) and application functions (AFs) from attackers, including those within the home public land mobile network. These countermeasures ensure mutual authentication between the UE and the AKMA anchor function without altering the protocol flow. We also address vulnerabilities related to subscriber and AKMA key identifiers that could be exploited in linkability attacks. By obfuscating this data, AKMA+ prevents attackers from associating a target UE with its past application access. We employ formal verification to demonstrate that AKMA+ achieves key security and privacy objectives. We conduct extensive experiments demonstrating that AKMA+ incurs acceptable computational overhead, bandwidth costs, and UE battery consumption.

Permanent link

https://doi.org/10.3929/ethz-c-000787290

Publication status

published

External links

https://www.usenix.org/conference/usenixsecurity25/presentation/yang-yang north_east

Editor

Book title

Proceedings of the 34th USENIX Conference on Security Symposium

Journal / series

Volume

Pages / Article No.

5327 - 5345

Publisher

USENIX Association

Event

34th USENIX Security Symposium 2025

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

Organisational unit

03634 - Basin, David / Basin, David check_circle

Notes

Conference lecture held on August 15, 2025

Funding

Related publications and datasets

More

Show all metadata