Mobile communication networks connect much of the world’s population. The security of every user’s calls, SMSs, and mobile data, depends on the guarantees provided by the Authenticated Key Exchange protocols used. For the next-generation network (5G), the 3GPP group has standardized the 5G AKA protocol for this purpose.
We first discuss a comprehensive formal model and security analysis of 5G AKA (CCS’18). We extract precise requirements from the 3GPP standards defining 5G and we identify missing security goals. Using the security protocol verification tool Tamarin, we conduct a full, systematic, security evaluation of the model with respect to the 5G security goals. Our evaluation automatically identifies the minimal security assumptions required for each security goal and we find that some critical security goals are not met, except under additional assumptions missing from the standard. Finally, we make explicit recommendations with provably secure fixes for the attacks and weaknesses we found.
We then discuss a privacy vulnerability we manually found on 5G AKA but that also affects the 3G and 4G versions of AKA (PETS’19). Despite the practical relevance of this new attack, no prior automated analyses were able to find it. Even a posteriori, automatically finding the privacy attack and establishing claims about potential fixes are challenging. We discuss why is so and identify some remaining scientific and technical obstacles.