A Formal Analysis of 5G Authentication

David A. Basin, Jannik Dreier, Lucca Hirschi, Sasa Radomirovic, Ralf Sasse, and Vincent Stettler. A Formal Analysis of 5G Authentication. In 25th ACM Conference on Computer and Communications Security (CCS'18), pp. 1383–1396, ACM, 2018.
doi:10.1145/3243734.3243846

Download

[PDF] [HTML] 

Abstract

Mobile communication networks connect much of the world's population. The security of users' calls, SMSs, and mobile data depends on the guarantees provided by the Authenticated Key Exchange protocols used. For the next-generation network (5G), the 3GPP group has standardized the 5G AKA protocol for this purpose. We provide the first comprehensive formal model of a protocol from the AKA family: 5G AKA. We also extract precise requirements from the 3GPP standards defining 5G and we identify missing security goals. Using the security protocol verification tool Tamarin, we conduct a full, systematic, security evaluation of the model with respect to the 5G security goals. Our automated analysis identifies the minimal security assumptions required for each security goal and we find that some critical security goals are not met, except under additional assumptions missing from the standard. Finally, we make explicit recommendations with provably secure fixes for the attacks and weaknesses we found.

BibTeX

@InProceedings{PrivVerif-CCS18,
  author =	 {David A. Basin and Jannik Dreier and Lucca Hirschi
                  and Sasa Radomirovic and Ralf Sasse and Vincent
                  Stettler},
  abstract =	 {Mobile communication networks connect much of the
                  world's population. The security of users' calls,
                  SMSs, and mobile data depends on the guarantees
                  provided by the Authenticated Key Exchange protocols
                  used. For the next-generation network (5G), the 3GPP
                  group has standardized the 5G AKA protocol for this
                  purpose. We provide the first comprehensive formal
                  model of a protocol from the AKA family: 5G AKA. We
                  also extract precise requirements from the 3GPP
                  standards defining 5G and we identify missing
                  security goals. Using the security protocol
                  verification tool Tamarin, we conduct a full,
                  systematic, security evaluation of the model with
                  respect to the 5G security goals. Our automated
                  analysis identifies the minimal security assumptions
                  required for each security goal and we find that
                  some critical security goals are not met, except
                  under additional assumptions missing from the
                  standard. Finally, we make explicit recommendations
                  with provably secure fixes for the attacks and
                  weaknesses we found.},
  title =	 {A Formal Analysis of 5G Authentication},
  booktitle =	 {25th ACM Conference on Computer and Communications
                  Security (CCS'18)},
  year =	 2018,
  pages =	 {1383--1396},
  publisher =	 {ACM},
  doi =		 {10.1145/3243734.3243846},
                  ={https://hal.archives-ouvertes.fr/hal-01898050/file/CCS18_finalcrc2_Fixed-Typo.pdf},
}