A formal analysis of 5G authentication

METADATA ONLY

Author / Producer

Basin, David Dreier, Jannik

Date

2018-06-27

Publication Type

Working Paper

ETH Bibliography

yes

Citations

Altmetric
METADATA ONLY

Data

Rights / License

Abstract

Mobile communication networks connect much of the world's population. The security of users' calls, SMSs, and mobile data depends on the guarantees provided by the Authenticated Key Exchange protocols used. For the next-generation network (5G), the 3GPP group has standardized the 5G AKA protocol for this purpose. We provide the first comprehensive formal model of a protocol from the AKA family: 5G AKA. We also extract precise requirements from the 3GPP standards defining 5G and we identify missing security goals. Using the security protocol verification tool Tamarin, we conduct a full, systematic, security evaluation of the model with respect to the 5G security goals. Our automated analysis identifies the minimal security assumptions required for each security goal and we find that some critical security goals are not met, except under additional assumptions missing from the standard. Finally, we make explicit recommendations with provably secure fixes for the attacks and weaknesses we found.

Permanent link

Publication status

published

External links

Arxiv: 1806.10360 north_east

Editor

Book title

Journal / series

Volume

Pages / Article No.

1806.1036

Publisher

Cornell University

Event

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

5G standard; Authentication protocols; AKA protocol; Symbolic verification; Formal analysis

Organisational unit

03634 - Basin, David / Basin, David check_circle

Notes

Funding

Related publications and datasets

Is previous version of:

More

Show all metadata