Symmetric key based 5G AKA authentication protocol satisfying anonymity and unlinkability

Symmetric key based 5G AKA authentication protocol satisfying anonymity and unlinkability

Symmetric key based 5G AKA authentication protocol satisfying anonymity and unlinkability Journal Pre-proof Symmetric key based 5G AKA authenticatio...

604KB Sizes 0 Downloads 1 Views

Symmetric key based 5G AKA authentication protocol satisfying anonymity and unlinkability

Journal Pre-proof

Symmetric key based 5G AKA authentication protocol satisfying anonymity and unlinkability An Braeken PII: DOI: Reference:

S1389-1286(20)31113-0 https://doi.org/10.1016/j.comnet.2020.107424 COMPNW 107424

To appear in:

Computer Networks

Received date: Revised date: Accepted date:

13 December 2019 3 April 2020 13 July 2020

Please cite this article as: An Braeken, Symmetric tion protocol satisfying anonymity and unlinkability, https://doi.org/10.1016/j.comnet.2020.107424

key based 5G AKA authenticaComputer Networks (2020), doi:

This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2020 Published by Elsevier B.V.

Symmetric key based 5G AKA authentication protocol satisfying anonymity and unlinkability An Braeken INDI Industrial Engineering, Vrije Universiteit Brussel, Belgium

Abstract The recently standardised 5G AKA protocol, to be used in the next generation of mobile communications, possesses some severe shortcomings. In particular, different types of attacks, leaking parts of the identity, activity pattern and localisation of the user, have been proposed in literature. In this paper, we propose a new version of the 5G AKA protocol, capable of offering resistance to all the known attacks and providing the required security features like anonymity, unlinkability, mutual authentication and confidentiality. The proposed protocol is completely symmetric key based and relies on cryptographic primitives currently available in the hardware of the universal subscriber identity module (USIM). Compared to the original protocol or other recently proposed versions, our protocol does not require the usage of public key encryption for hiding the real identity. Also the number of communication phases in the protocol is optimised and limited to two. The security of the protocol has been demonstrated using RUBIN logic. Keywords: 5G AKA protocol, Unlinkability, Anonymity, Symmetric key 1. Introduction There are currently over 9.32 Billion mobile connections and 5.16 Billion unique mobile subscribers worldwide according to GSMA real-time intelligence data. These numbers are enormous, given a world population of around 7.74 Billion [1]. Wireless technology has also significantly evolved since the late nineties. Starting from voice-only 2G technology, to internet supporting 3G networks, most of the wireless connections are now relying on 4G technology. Today, the fifth generation of wireless networks, also called 5G, is even rolled out in several major cities worldwide and is expected to Preprint submitted to Computer Networks

July 15, 2020

cover up to 65 % of the global population by the end of 2025, handling 45 % of global mobile data traffic [2]. As a consequence, dealing with the security and privacy of the users is a tremendous important task. The standardisation group for 3G, 4G, and 5G technologies, also called the 3rd Generation Partnership Project (3GPP), has proposed an Authentication and Key Agreement (AKA) protocol in this perspective. This protocol has the goal to offer on the one hand mutual authentication between devices consisting of a universal subscriber identity module (USIM) and a network provider and on the other hand enable the construction of a common shared secret key for subsequent communications. All the current communications in 3G, 4G and cellular networks rely on the security of these protocols. For the 5G network technology, these protocols have been revised and standardised as 5G AKA protocols, in order to explicitly include also user privacy and to avoid the different fake base station attacks compromising the subscriber privacy with respect to traceability and location privacy [3, 4, 5, 6, 7, 8, 10, 9]. These attacks mainly rely on the fact that the identity of the subscriber is not protected during transmission [3, 4, 5, 6, 7] (also called the International Mobile Subscriber Identity (IMSI) catcher attacks), on the exploitation of the type of failure message [8, 10] and on the usage of the exclusive or (xor) operation to conceal the sequence number [9]. An important change in 5G AKA is the inclusion of a randomised public key encryption to send the identity of the subscriber. The latest version containing the technical specifications, Release 15, dates from June 2018 [11]. Unfortunately, it is shown by Koutsos et al. in [12] and Basin et al. [13], that also for this new standard all known attacks [8, 10] to privacy can still be applied, accept for the IMSI catcher attacks. In addition, there is also the so called encrypted IMSI replay attack presented by Fougue et al. in [14] breaking the unlinkability, which is valid for the 5G AKA protocols and was originally constructed for an improved version defined in [8] by Arapinis et al. using encrypted identifiers. The main contributions of this paper are as follows. • We propose a new 5G AKA protocol, which offers anonymity, unlinkability, mutual authentication and confidentiality. In addition, the protocol is resistant to all known attacks in literature. • Compared to related work, our protocol is highly efficient as it only 2

relies on symmetric key based operations, which are already currently available in the hardware of the USIM. • The number of communication phases in the protocol is optimised to the minimum of 2. • The security of the protocol has been thoroughly analysed by means of RUBIN logic. The paper is outlined as follows. In Section 2, we give an overview of relevant related work. Section 3 deals with preliminaries on the 5G AKA protocol. In Section 4, we present our protocol. Both a formal and informal security analysis has been given in Section 5. The comparison in performance between our proposed protocol and the current 5G AKA protocol together with some recently proposed new versions is discussed in Section 6. Finally, we end the paper with some conclusions in Section 7. 2. Related work As a reaction on the multitude of attacks on AKA and in particular 5G AKA protocols, several new variants have been proposed in literature. Some of them only contain a small modification, while others drastically change the whole architecture. In [8], as protection measure to the exploitation of message error, Arapinis et al. proposed to encrypt the different message types of the response of the subscriber to the serving network (SN) using the public key of the home network (HN) in order to make them indistinguishable. However, it has been shown in [14] that by a simple replay attack of the identification message an attacker can break the unlinkability. As a reaction, Fouque et al. in [14] proposed a new version of the protocol. Also this version turned out to be not secure and suffers from the desynchronization attack and thus also unlinkability attack, as explained by Koutsos et al. in [12]. There are currently two variants of the 5G AKA protocol proposed in literature, for which none of the existing attacks can be applied. First, there is the protocol described in [12], which basically consists of two types, being the Subscriber Permanent Identifier (SUPI) and Globally Unique Temporary Identity (GUTI) subprotocols. The protocols have been developed by using only the cryptographic primitives available in the hardware of the IMSI, thus basically limited to keyed one-way cryptographic hash functions and at most 3

one random generation and public key encryption. Moreover, these last two operations are only required for the SUPI protocol in case there is no GUTI exchanged between user and HN. The security of the protocols have been thoroughly analysed. The other protocol, proposed by Braeken et al. [15], is also restricted to cryptographic operations available in the USIM hardware, but requires in each call the construction of one random number and one public key encryption. No sequence numbers need to be maintained. The corresponding session key is constructed by means of this random number, making the protocol also to satisfy the perfect forward secrecy feature. To conclude, both [12, 15] still rely on a public key encryption operation, while our proposed protocol not. The constructions used in our scheme are inspired from [16], where based on an attack on [17], Chen et al. proposed a symmetric key based authentication protocol for RFID devices offering full anonymity and unlinkability has been proposed. In particular, the idea of dynamically updating the identity of the nodes to achieve anonymity and untraceability, has been exploited. We solve the main drawback in the scheme of [16], which is the fact that it is not resistant to offline dictionary attacks. In these attacks, the identity of the sensor node is guessed, can be verified by collecting the messages sent in the scheme, and if successful results in a complete security failure of the node. The consequences of adapting our construction with respect to performance compared to [12, 15] and the standard 5G AKA protocol are discussed in detail in this paper. 3. Preliminaries 3.1. 5G AKA protocol There are two authentication protocols proposed in the 5G standard, EAP AKA and 5G AKA. Their differences do not have any impact on the privacy and therefore we can limit the description to the 5G AKA protocol. In this protocol, three entities are involved. • The User Equipment (UE) consists of the user’s physical device, typically a smart phone or IoT device. The UE contains a cryptographic chip, USIM, which stores subscriber-related information and implements security functions required to run the 5G AKA protocol. The UE is uniquely identified by its SUPI, which plays the same role as the IMSI in pre-5G standards. 4

The identity of the subscriber in 5G is not sent anymore in cleartext like in the previous standards. It is either sent encrypted using the public key of the Home Network (HN), which is called the Subscription Concealed Identifier (SUCI). Or, it can also be sent as Globally Unique Temporary Identity (GUTI), which is a temporary identity only to be used once and exchanged at the end of a previously successful authentication procedure. • A Home Network (HN) corresponds with the subscriber’s service provider and is responsible for the authentication of its users. It maintains a database with authentication related information for each of its subscribers. The HN consists of multiple sub-entities in the 5G architecture. The Authentication Server Function (AUSF) plays the key role in the authentication process by making the decisions. However, it relies on the backend services for computing the parameters in the authentication protocol and for receiving the keying materials. The Unified data management (UDM) computes the authentication data and keying materials for the AUSF and hosts functions related to data management, like the Authentication Credential Repository and Processing Function (ARPF). Finally, the Subscription Identifier De-concealing Function (SIDF) possesses the private key of the HN and is the only entity able to decrypt the SUCI to obtain the SUPI. Note that without any impact on the security of the protocols and for clarity in the explanations, we further refer to HN, which is considered as the group of these different entities. • The Serving Network (SN) represents the antenna or base station (different from the one of the HN) to which the UE is communicating, e.g. like in the case of roaming. In 5G, it is the Security Anchor Function (SEAF) of the SN, who acts at the middleman in the authentication process between UE and its HN. For clarity and without security consequences, we also model HN and SN as one single entity by including the SN with the HN, similar like in [12]. This follows from the fact that the SN simply forwards the information from UE and HN. It is the HN who possesses the secret key information of the UE and who is able to compute all the required data needed in the 5

authentication process, which are then again forwarded to the UE by the SN. As mentioned in the standard [11]-[TS 33.501, Sec. 5.9.3], a secure and authenticated channel is considered between both. As a consequence, it is sufficient to focus on the communication between UE and HN. The USIM of the UE has implemented several cryptographic primitives in hardware, which are restricted to symmetric keyed one-way cryptographic hash functions (f1 , f1∗ , f5 , f5∗ ), key derivation functions (Challenge(), KeySeed()) and random number generation, public key encryption, and some simple operations like xoring, increments by one, and boolean tests. In order to avoid additional implementations at the USIM, it is good to restrict the required operations to this set. Moreover, for efficiency reasons, it is also good to avoid random generations and public key encryptions. In the current 5G AKA protocol, only one random generation and one public key encryption is required in case no GUTI is available from previous authentication, e.g. when there has been desynchronisation. In our proposed protocol, we will only need one one-way cryptographic function, which is resistant to collision, pre-image, and second image attacks. This function is denoted by h. The standard 5G AKA protocol first submits the SUCI or GUTI from UE to HN. Then the HN transmits the challenge from HN to UE, which is then followed by a corresponding response of the UE. In order to do a successful authentication, the USIM needs to securely store in tamper resistant secure hardware [11]-[TS 33.501, Sec. 5.2.4] the following parameters: • The public key pkHN of the HN. • The SUPI or GUTI. • The unique symmetric shared key K between UE and HN • The Sequence Number (SQNU E ) for offering protection to replay attacks. The HN securely stores besides its private key, for each UE, the key K and the corresponding sequence number SQNHN . Both parameters, SQNU E and SQNHN , may slightly differ up to a certain threshold range. However if the difference is too large, a new synchronisation request is needed, resulting in the usage of a freshly generated SUCI. After a succesful run of the protocol, all entities have mutually authenticated each other and a common shared session key, called KSEAF , is derived. 6

3.2. Security requirements In [11], the authors enumerated the list of security features required for the 5G AKA to fullfil. 1. Authentication between UE and SN/HN. 2. Authentication between SN and HN. 3. Confidentiality on KSEAF even in case the attacker has knowledge on previous or consequent session keys. 4. Confidentiality of SUPI under passive attacks, where eavesdropping, monitoring, and collection of data sent over the channel is done. 5. Confidentiality of SQN under passive attacks in order to avoid leakage of the activity pattern. 6. Protection to anonymity and unlinkability under passive attacks to enable location privacy to the subscriber. 3.3. Weaknesses in the current version There are three main types of attacks identified in the current 5G AKA. All these attacks result in a failure to fully ensure the 6th requirement, as mentioned above. The particular constructions, exploited in each of these attacks, together with their consequences are as follows. • Type of error message [8, 10] breaking the location privacy. • Usage of encrypted SUPI [14] resulting in desynchronisation and unlinkability attacks. • Usage of xor operation in concealing the sequence number [9] breaking the privacy on the activity pattern and thus achieve linkability. 4. Proposed protocol In our protocol, we distinguish a registration and actual authentication phase.

7

4.1. Registration phase Denote the master key of the HN by km and kn a temporary random value generated by HN. For each UE with identity id, the HN computes the following parameters using the hash function h: an = id ⊕ h(km , kn ) bn = an ⊕ km ⊕ kn c = h(km , id) The HN now securely shares the parameters id, an , bn , c, n, K with the UE. Note that id here represents the SUPI of the UE, n the sequence number and K the common shared secret key. The parameter c can be seen as a certificate on the identity of the user and replaces the public key required to be stored in 5G AKA. As a consequence, compared to the standard 5G AKA protocol, two additional identity related parameters an , bn are included. All these parameters id, c, n, K should be securely stored, except an , bn as they represent the temporary identity of the subscriber and are updated in each phase of the authentication procedure. In fact, they can be compared with the GUTI parameter of the 5G AKA protocol. 4.2. Authentication protocol The proposed protocol consists of two communication phases, starting with an authentication request of the UE and ending with a corresponding response by the HN. 4.2.1. Authentication request of UE In case both UE and HN are synchronised, the UE can submit the message an , bn , hn with hn = h(K, id, c, an , bn , n). The UE also increments its sequence number with one to n + 1. If there is desynchronisation, the UE sends the message an , bn , yn , zn , hn with yn = an ⊕ id ⊕ rn zn = n ⊕ h(K, rn , yn ) hn = h(K, id, c, an , bn , n, zn ) with rn a randomly chosen parameter. Also the sequence number n is incremented with one to n + 1. 8

4.2.2. Authentication response by HN Upon arrival of one of the two messages defined above, the HN first performs the following steps, according to synchronisation or not. • In case of synchronisation, the HN is able to derive the temporary random value kn = an ⊕ bn ⊕ km . Then, it finds id = an ⊕ h(km , kn ) and c = h(km , id). Next, the HN looks up in its database the secret key K belonging to id and the corresponding sequence number n∗ . Using these values, it verifies hn∗ = h(K, id, c, an , bn , n∗ ), where it tries for n∗ ∈ {n, ..., n + ∆} with ∆ a predefined fixed threshold value. Denote by n the value which satisfies the equality. If it does not find a satisfying value for n inside the range ∆, the HN aborts the procedure. • When the message an , bn , yn , zn , hn arrives, the HN again starts deriving kn , id, c and looking up for K, n∗ , similar as in the situation above. However, now it also needs to find the random value rn = an ⊕ id ⊕ yn , resulting in the sequence number n = zn ⊕ h(K, rn , yn ). Also hn∗ = h(K, id, c, an , bn , n, zn ) is computed. Only if hn∗ == hn and n is larger than the sequence number stored at the HN, the HN further proceeds. Otherwise the HN aborts the process as otherwise the encrypted IMSI replay attack can be executed. Next, the HN increments n with one to obtain n + 1, similar as the UE. Then, a new temporary identity of the UE should be generated. Therefore, the HN chooses two random values fn+1 , kn+1 and derives an+1 bn+1 η µ α

= = = = =

id ⊕ h(km , kn+1 ) an+1 ⊕ km ⊕ kn+1 h(fn+1 , c) ⊕ an+1 h(c, fn+1 ) ⊕ bn+1 c ⊕ fn+1

Finally, the common shared key KSEAF = h(K, fn+1 , η, µ, n + 1) is constructed, together with a value β = h(KSEAF , an+1 , bn+1 , id, c) for guaranteeing the integrity of the process. The message α, β, η, µ is sent to the UE. 4.2.3. Authentication response by UE If the message α, β, η, µ arrives at the UE, it first derives fn+1 = c ⊕ α in order to compute an+1 , bn+1 . Next, the UE is in possession of its new temporary identity and can compute the common shared session key KSEAF = 9

h(K, fn+1 , η, µ, n+1). In order to verify the integrity of the message, also the hash value h(KSEAF , an+1 , bn+1 , id, c) is computed and checked for equality with the received parameter β. Figure 1 presents the different steps in the authentication protocol as explained above. 5. Security evaluation 5.1. Attack model Since the HN and SN are modelled as one entity, the attack model is limited to the communication channel between UE and HN. On the messages exchanged over this channel, we assume the standard Dolev-Yao model [18] in which the adversary can eavesdrop, forge, replay, delay and rush, reorder and delete the exchanged messages. This corresponds with the profiles of a so-called active and passive attacker, in which the active attacker is in the possession of some 5G-specific hardware. Furthermore, we assume that the attacker has no access to the security material stored in tamper resistant hardware, being K, n, id, c in the UE and (km , (ID, K, n)) at the HN. The goals of the adversary are to impersonate one of the participants, to derive the session key, to retrieve the identity or to track a particular user. 5.2. Formal security evaluation We first provide a non-monotonic logic-based verification proof for formally verifying the security of the proposed scheme. This logic is known as RUBIN logic [19] and has been applied in multiple papers to prove the corresponding security [20, 21]. The advantage of the RUBIN logic is that the method is closely related to the actual implementation of the protocol. We refer to [19] for the specifications of the logic and give a short summary in Appendix A. Since we consider the HN to be trusted, we only need to focus on the verification of the authentication protocol. 5.2.1. The protocol definition For the global sets, we distinguish the principal, rule, secret and observer set. The principal set P S = {U E, HN } contains the entities involved in the scheme. Without loss of generality, we here consider one particular UE, which is desynchronised. A similar and slightly more simple proof holds for a synchronised UE. The rule set consists of the inference rules and are defined in [19]. The secret set SS = {K, n, id, c, km , KSEAF } is built of all the secrets 10

available in the scheme at any given time. The observer set describes the principles who might know the secrets, either by listening to the network traffic or by pre-storage of the key material and thus construction of the scheme. • Observer Set: Observer(K): {UE, HN} Observer(id, c): {UE, HN} Observer(n): {UE,HN} Observer(km ): {HN} Observer(KSEAF ): {UE,HN} For the local sets, we here describe the possession sets POSS, belief sets BEL, and behavior list BL, of both the UE and HN. Principal UE: • POSS(UE): {K, n, id, c, an , bn } • BEL(UE): {#an , #bn , #n} • BL(UE) = UA1: Generate nonce(rn ) UA2: yn ← an ⊕ id ⊕ rn UA3: zn ← n ⊕ h(K, rn , yn ) UA4: hn ← h(K, id, c, an , bn , n, zn ) UA5: Send(HN ; {an , bn , yn , hn }) UA6: n++ UA7: Forget (yn , hn , rn ) UA8: Receive(HN,{α, β, η, µ}) UA9: fn+1 ← c ⊕ α UA10: an+1 ← h(fn+1 , c) ⊕ η UA11: bn+1 ← h(c, fn+1 ) ⊕ µ UA12: KSEAF ← h(K, fn+1 , η, µ, n + 1) UA13: β ∗ ← h(KSEAF , an+1 , bn+1 , id, c) UA14: Check (β ∗ , β) UA15: Update(KSEAF , an , bn , n) UA16: Forget (α, β, η, µ) Principal HN: 11

• POSS(HN): {km , (id : K, n)} • BEL(HN): {#n} • BL(HN) = HA1: Receive(U E; {an , bn , yn , hn }) HA2 kn ← an ⊕ bn ⊕ km HA3: id ← an ⊕ h(km , kn ) HA4: rn ← an ⊕ id ⊕ yn HA5: c ← h(km , id) HA6: Look Up (id; K, n∗ ) HA7: n ← zn ⊕ h(K, rn , yn ) HA8: hn∗ ← h(K, id, c, an , bn , n, zn ) HA9: Check(n ≥ n∗ ) HA10: Check (hn∗ , hn ) HA11: n + + HA12: Generate nonces fn+1 , kn+1 HA13: an+1 ← id ⊕ h(km , kn+1 ) HA14: bn+1 ← an+1 ⊕ km ⊕ kn+1 HA15: η ← h(fn+1 , c) ⊕ an+1 HA16: µ ← h(c, fn+1 ) ⊕ bn+1 HA17: α ← c ⊕ fn+1 HA18: KSEAF ← h(K, fn+1 , η, µ, n + 1) HA19: β ∗ ← h(KSEAF , an+1 , bn+1 , id, c) HA20: Update(KSEAF , n) HA21: Send(UE,{α, β, η, µ}) HA22: Forget (α, β, η, µ, an , bn , an+1 , bn+1 , kn , kn+1 , fn+1 , hn∗ ) 5.2.2. The protocol verification The analysis starts with the execution of UA1-UA5 RUBIN actions of BL(U E), resulting in new local sets of UE as given below. Since the parameter rn is randomly generated, the variables yn , hn are believed to be fresh. • POSS(UE): {K, n, id, c, an , bn , rn , yn , hn } • BEL(UE): {#an , #bn , #n, #rn , #yn , #hn } 12

After executing UA6-UA7, rn , hn , yn are removed from the above local sets of UE. Next, the actions HA1-HA10 from the action list of HN are executed. Note that the received values an , bn , yn , hn are only considered fresh after a positive check in HA9 since Observer(kn ∈ {HN } and Observer((id : K, n) ∈ {U E, HN }. Only if the check of HA10 is successful given that {HN, U E} ∈ Observer(id : K, n, c), the other actions HA11-HA22 of the action list of HN can be executed. This results in the following local sets of HN: • POSS(HN): {km , (id : K, n, KSEAF )} • BEL(HN): {#n, #KSEAF } As a result of HA21, the actions UA8-UA16 from the action list of UE are executed. If UA14 is positive, Observer(KSEAF ) ∈ {U E, HN } is proven since {U E, HN } ∈ Observer(id, c). The freshness of KSEAF is guaranteed due to the fact that it depends on the updated value n for which Observer(n) ∈ {U E, HN }. As a result, the following local sets of UE are obtained. • POSS(UE): {K, n, id, c, an , bn , KSEAF } • BEL(UE): {#an , #bn , #n, #KSEAF } Finally, at the end of the protocol, the observer list contains the following sets. • Observer Set: Observer(K): {UE, HN} Observer(id, c): {UE, HN} Observer(n): {UE,HN} Observer(km ): {HN} Observer(KSEAF ): {UE,HN} Observer(an , bn ): {UE} To conclude, this analysis implies that • The variable n is fresh and updated in each session. Moreover it is only known by UE and HN, guaranteeing protection to replay attacks and linkability. 13

• The variables an , bn are updated after each successful authentication protocol, for which a valid construction can only be defined by a legitimate HN and it can only be derived by a legitimate UE after receiving the auxiliary data of the HN. This ensures protection with respect to anonymity. • The established session key KSEAF is only known by UE and HN and is independent and fresh for each session as it relies on the sequence number n, also only known by UE and HN. • UE and HN are mutually authenticated during the execution of the protocol, since UE can proof knowledge of valid an , bn variables to HN and HN can proof knowledge of unique identity parameters id, c possessed by UE. This verifies the security claims for the proposed scheme, which are also defined in 5G AKA, as mentioned in Paragraph 3.2. 5.3. Informal security evaluation Next, an informal security analysis is performed in order to demonstrate the strength of the proposed protocol with respect to well known classical attacks and dedicated 5G AKA attacks. • Encrypted IMSI Replay attack. In this attack, the adversary stores a sent message Mn = {an , bn , yn , zn , hn } of a certain subscriber. In order to distinguish later if another user is similar to the first subscriber, the adversary replaces the authentication request of that user by the previously stored message Mn . The attack does not work as the HN will in any case, both for the subscriber under attack and a random user, reject the received authentication request. This follows from the fact that the currently stored sequence number n∗ with the HN will be larger than the one received through the message Mn since the HN increases the number n after each generated authentication response. • Desynchronisation attack. If the attacker intercepts several consequent authentication requests, the sequence number of the UE and not of the HN increases. This is possible up to a certain threshold range ∆. If this number is reached, the request of desynchronisation is used and thus both UE and HN can still communicate. If the authentication 14

response of the HN is intercepted, the HN has already increased its sequence number and thus both UE and HN still possess the same sequence number. Consequently, the main protection to this type of attack is that both the UE and the HN increase their sequence number before submission of their message in the protocol. • The sequence number concealment mechanism. Also in our protocol, the sequence number n is concealed with a simple xor operation in the parameter zn . However, the attack of [9] does not apply as there is no similar response from the UE side in case of unsuccessful authentication, which can be used to cancel out the other parameter in the xor operation and to result in a xor of two different sequence numbers. • Man in the middle attacks and impersonation attacks are avoided due to the usage of the pre-stored key material. Only a legitimate HN is able to derive the validity of the request and to define an associated correct response. This response is only meaningful for a legitimate UE, which stores the required pre-defined parameters. • Replay attacks are not possible due to the usage of sequence numbers, which are always synchronised or have a higher value only at the side of the UE. In this last case, there is still the possibility to synchronise using the second type of resynchronisation request. • Privacy attacks. The identity of the user cannot be revealed from the transmitted messages, containing the temporary identities an , bn or concealed values η, β. • Linkability attacks. These types of attacks are not possible due to the usage of temporary identities an , bn that are updated after each successful authentication request and are completely independent of each other in each separated process due to the construction by means of the random values fn+1 , kn+1 , chosen by the HN. Also from the authentication response of the HN, no link can be made with the resulting temporary identities an+1 , bn+1 . 6. Performance We now compare our proposed protocol with the original 5G AKA protocol and the protocols proposed in [12, 15], both from the point of view of 15

storage, computation and communication at the most constrained entity in the scheme, being the UE. 6.1. Storage demands at UE • In 5G AKA, the UE needs to store the parameters SU P I, K, SQN and the public key of the home network P KHN in tamper proof memory. • In [12], the protocol requires the same storage demands as the classical 5G AKA protocol. • The protocol of [15] requires the storage of SU P I, K, P KHN in tamper resistant memory and no sequence number SQN as the protocol only relies on random values generated by both UE and HN. • In our protocol, we require storage of K, n, id, c in tamper proof storage. The parameters an , bn do not require secure storage because if they would be tampered, it would be notified by the HN. Note that n takes the same role as SQN, id can be seen as SUPI and the parameter c as a certificate of the identity and thus comparable with P KHN . To conclude, our proposed protocol has similar storage constraints with respect to tamper proof storage compared to the standard 5G AKA protocol and [12]. Only [15], has one parameter less to store, being the sequence number that typically consists of a 48-bit integer, resulting thus in a negligible difference. 6.2. Computational complexity at UE We here limit our analysis to the most compute intensive operations, thus neglecting xor operations, increments and boolean comparisons and only consider up to the stage that the session key is computed. As a consequence, we do not take into account the calculation of the response to the SN, which is similar in all protocols in case the verifications are positive. • In 5G AKA, if a GUTI is available at the UE, then only 3 keyed one way cryptographic functions are needed to derive the session key. If there is no GUTI, the SUPI needs a randomized public key encryption and thus an additional random number generation and public key encryption is required.

16

• The protocol proposed in [12] has exactly the same computational requirements than the classical 5G AKA protocol. • The protocol of [15] requires in each situation a random number generation and public key encryption in addition to 3 hash operations. • In our protocol, in case of synchronisation we need 5 one way cryptographic hash functions and two additional one way cryptographic hash functions in case of desynchronisation. To conclude, our proposed protocol requires a slightly higher number of oneway cryptographic hash functions, but does not need to use very compute intensive public key encryption operations. In order to illustrate the impact, in [22] measurements were done on the Zolertia RE-mote sensor device, which is endowed with an ARM Cortex-M3 32 MHz clock speed as microcontroller, 512 KB of flash memory and 32 KB of RAM, in order to find the timings to perform elliptic curve multiplication Tmp and symmetric key encryption Ts (required for ECIES protocol to enable public key encryption) and hash Th operations. As a result, it turned out that Tmp = 342.39ms, Ts = 0.12ms and Th = 0.03 ms. Consequently, at the cost of one ECIES operation, more than 10000 hash operations can be realised. 6.3. Communication complexity We here look at the number of communication phases and the number of bits, sent and received by the UE. Note that for comparison reasons, we limit the protocols up to the stage that the UE has derived the session key, as the rest is similar for all other protocols in case the verifications are positive. • In 5G AKA, there are 2 communication phases, from UE to HN and back in the case a SUCI is used. Otherwise, one additional phase is needed (in previous authentication request) to transmit the GUTI. In the first phase, the UE sends the SUCI or GUTI. In the second phase, the UE receives three system variables (R, AU T N, M AC). • The GUTI protocol proposed in [12] requires 2 phases and one additional phase to send a new version of the GUTI. In the first phase, the UE sends its GUTI. Next it receives 2 system parameters and a session number. For the update of the GUTI, the UE receives from the HN another 2 system parameters. 17

In the SUPI protocol, the scheme consists of 3 phases. In the first phase, the UE receives a random number of the HN. In the second phase, the UE sends the SUCI together with a MAC value to guarantee the integrity. In the third phase, the UE receives another MAC value. • The protocol of [15] requires three phases. First a random value should be received by the UE. Next, the SUCI is sent to the HN and as response three system parameters like in 5G AKA are received by the UE. • Our protocol only consists of 2 communication phases, both for a synchronisation and desynchronisation state. The UE in case of synchronisation sends a message containing 3 system parameters, while 2 additional parameters are added in case of desynchronisation. As a response, 4 system parameters are received by the UE. To conclude, our protocol contains the least number of communication phases compared to the other protocols, which equals to two in all situations. However, if we consider the length of the SUCI parameter similar to two system parameters (being SUPI and a random number) and the length of SUPI similar to one system parameter, we conclude that our protocol has the largest number of bytes to submit. In our scheme, we need 7 and 9 system parameters to be transmitted in the protocol, cf. synchronisation and desynchronisation state. This number is at most 5 in 5G AKA, at most 5 in [12] and always 5 in [15]. 7. Conclusion This paper proposes a new variant for the 5G AKA protocol. Our protocol is solely based on symmetric key based operations and does not require compute intensive public key encryptions. Therefore, it perfectly fits for very lightweight devices. The system does not require additional tamper resistant storage requirements compared to the standard 5G AKA. Moreover, it also needs only two communication rounds to successfully derive a common shared session key and to ensure mutual authentication. We have shown that our scheme satisfies the same security features and strengths with respect to the classical attacks, as intended by the 5G AKA protocol. In addition, we have designed the protocol in such a way that it is resistant to the already identified dedicated attacks on 5G AKA.

18

Since the same type of operations, currently available at the USIMs and the HNs, are used, replacement of our protocol should be a feasible task. Note that the perfect forward secrecy requirement, like in [15], can be easily added with a negligible computation cost and without any additional communication cost to our scheme by the inclusion of a hash chain at both UE and HN side, which follows the synchronisation pattern indicated by the sequence number n. This feature can have indeed an added value in order to guarantee the secrecy of the previous session keys in case a device is captured. References [1] WorldoMeters U.N. data, GSMA Intelligence, [Online]. Available: https://www.bankmycell.com/blog/how-many-phones-are-in-the-world [2] P. Jonsson, S. Carson, G., J. Kyohun Shim, B. Arendse, A. Husseini, P. Lindberg, K. Ohman, Ericsson Mobility Report November 2019, [Online]. Available: https://www.ericsson.com/4acd7e/assets/local/mobilityreport/documents/2019/emr-november-2019.pdf [3] A.N. Bikos, N. Sklavos, LTE/SAE Security issues on 4G Wireless Networks, IEEE Security Privacy, 11(2), pp. 55–62, 2013. [4] M. Khan, A. Ahmed, A. R. Cheema, Vulnerabilities of UMTS Access Domain Security Architecture, Software Engineering, Aritificial Intelligence, Networking and Parallel Distributed Computing, pp. 350-355, 2008. [5] A. Shaik, J.-P. Seifert, R. Borgaonkar, N. Asokan, V. Niemi, Practical attacks against privacy and availability in 4G/LTE Mobile Communication Systems, Proceedings of 23nd Annual Network and Distributed System Security Symposium, pp. 21-24, 2016. [6] F. van den Broeck, R. Verdult, J. de Ruiter, Defeating IMSI Catchers, Proceedings of the 2015 ACM Conference on Computer and Communications Security, 2015. [7] M. Zhang, Y. Fang, Security analysis and enhancements of 3GPP authentication and key agreement protocol, IEEE Transactions on Wireless Communications, 4 (2), pp. 734–742, 2005.

19

[8] M. Arapinis, L. Mancini, E. Ritter, M. Ryan, N. Golde, K. Redon, R. Borgaonkar, New privacy issues in mobile telephony: fix and verficiation, Proceedings of the 2012 ACM Conference on Computer and communications security, pp. 205–216, 2012. [9] R. Borganokar, L. Hirshi, S. Park, A. Shaik, A. Martin, J.P. Seifert, New privacy threat on 3G, 4G, and Upcoming 5G AKA protocols, Proceedings on privacy enhancing technologies, 3, pp. 108–12, 2019. [10] C. Hahn, H. Kwon, D. Kim, K. Kang, J. Hur, A privacy threat in 4th generation mobile telephony and its countermeasure, Proceedings of 9th International Conference on Wireless Algorithms, Systems and Applications, pp. 624–635, 2014. [11] 3GPP, Security architecture and procedures System, (3GPP), TS 33.501. [Online]. http://www.3gpp.org/DynaReport/33501.htm

for 5G Available:

[12] A. Koutsos, The 5G-AKA Authentication Protocol Privacy (Technical report). [13] D. Basin, J. Dreier, L. Hirschi, S. Radomirovic, R. Sasse, and V. Stettler, A Formal Analysis of 5G Authentication, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1383-1396, 2018. [14] P. Fouque, C. Onete, B. Richard, Achieving better privacy for the 3gpp AKA protocol, PoPETs, 2016 (4), pp. 255-275, 2016. [15] A. Braeken, M. Liyanage, P. Kumar, J. Murphy, Novel 5G Authentication Protocol to Improve the Resistance Against Active Attacks and Malicious Serving Networks, IEEE Access, 7, pp. 64040–64052, 2019. [16] C.M. Chen, B. Xiang, T.Y. Wu, K.H. Wang, An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks. Applied Sciences 8(7), 1074 (2018). [17] X. Li, M.H. Ibrahim, S. Kumari, A.K. Sangaiah, V. Gupta, K.K.R. Choo, Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks, Computer Networks, 129, pp. 429–443, 2017. 20

[18] D. Dolev, A.C. Yao, On the security of public key protocols, IEEE Transactions on Information Theory, 29 (2), pp. 198-208, 1983. [19] A. D. Rubin and P. Honeyman, Nonmonotonic cryptographic protocols, Proceedings Computer Security Foundation Workshop VII, pp. 100–116, 1994. [20] Y. Choi, D. Lee, J. Kim, J. Jung, J. Nam, and D. Won, Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography, Sensors, 14 (6), pp. 10081–10106, 2014. [21] P. Kumar, A. J. Choudhury, M. Sain, S.-G. Lee, and H.-J. Lee, RUASN: A robust user authentication framework for wireless sensor networks, Sensors, 11 (5), pp. 5020–5046, 2011. [22] S. Patonico, A. Braeken, K. Steenhaut, Identity-based and anonymous key agreement protocol for fog computing resistant in the CanettiKrawczyk security model, Wireless Networks, pp. 1–13, 2019. Appendix A. Background of Rubin logic In Rubin logic, the protocol analysis is specified by means of global set, local set, and actions. These concepts are defined as follows. Global Set This set consists of four other sets, whose content changes during the course of the protocol. It provides an overall representation of the protocol. 1. Principal Set: contains the different entities participating in the protocol. 2. Rule Set: contains the inference rules for deriving new statements from existing statements. These rules are explained below. 3. Secret Set: contains all the secret parameters present at any possible time during the run of the protocol. 4. Observer set: contains all entities, who can derive the secrets from the different messages sent across the network.

21

Local Set A Local Set consists of five other sets and is defined for each entity participating in the protocol. These different sets are privately available at each entity Pi . 1. Possession set (P OSS(Pi ) = (poss1 , poss2 , ..., possn )): contains all the relevant data, available at the entity, and required to successfully execute the protocol. This includes secret keys, public keys, random values, etc. 2. Belief set (BEL(Pi ) = bel1 , bel2 , ...beln ): contains all the beliefs held by the entity. This includes beliefs related to freshness, to possessions of other involved entities, etc. 3. Seen set (SEEN (Pi )): contains plaintext message parts that the entity Pi sees from the network traffic and that enable the construction of the secrets. 4. Behavior list (BL(Pi ) = AL, bev1 , bev2 , ...bevn ): contains an ordered list of actions, action list AL, executed by the entity Pi . Some special actions, denoted by bevk , are either Send or Receive operations. A Send operation results in an update of the Observer set by means of the Update Action. And an Update action activates the Receive operation of another entity, which is specified in the definition of the Send Action. 5. Haskeys set (HK(Pi )): contains the keys that Pi can derive. These keys are already in the possession set P OSS(Pi ) set or follow from an update of the Seen set SEEN (Pi ). Inference rulest Consider the following definitions as in [19]: • X contain Y: Y appears as a sub-message of X • S:= F(S): S is replaced by the value of F(S) • X from P: X is received from P; • LINK(N): links a response to a challenge N by adding N to BEL(Pi ) These definitions are now used in the following inference rules, defined in [19], and applied in the proof verification.

22

1. Message-meaning rule: {X}k from Pi ∈ P OSS(Pi ), {Pi , Pj } ⊆ P OSS(Pi ) BEL(Pi ) = BEL(Pi ) ∪ {X ∈ P OSS(Pi )} 2. Origin rule: X ∈ P OSS(Pi ), X contain x1, Pj ∈ Observers(x1) x1 fromPj ∈ P OSS(Pi ) 3. Sub-message origin rule: X ∈ P OSS(Pi ), X contain {x1, x2} from Pj x2 from Ej ∈ P OSS(Pi )

23

User Equipment (UE) (K, id, c, an , bn )

Home Network (HN) (km , (id; K, n))

Syn. hn = h(K, id, c, an , bn , n) an ,bn ,hn

−−−−−→ Desyn. Choose random rn yn = an ⊕ id ⊕ rn zn = n ⊕ h(K, rn , yn ) hn = h(K, id, c, an , bn , n, zn ) an ,bn ,yn ,zn ,hn

−−−−−−−−→

n←n+1

kn = an ⊕ bn ⊕ km id = an ⊕ h(km , kn ) c = h(km , id) Look up for id: K, n∗ Syn. hn∗ = h(K, id, c, an , bn , n) Check (hn∗ == hn ) with n∗ ∈ {n, ..., n + ∆} Desyn. rn = yn ⊕ an ⊕ id n = zn ⊕ h(K, rn , yn ) hn∗ = h(K, id, c, an , bn , n, zn ) Check (hn∗ == hn ) and n ≥ n∗ n←n+1 Choose random kn+1 , fn+1 an+1 = id ⊕ h(km , kn+1 ) bn+1 = an+1 ⊕ km ⊕ kn+1 η = h(fn+1 , c) ⊕ an+1 µ = h(c, fn+1 ) ⊕ bn+1 α = c ⊕ fn+1 KSEAF = h(K, fn+1 , η, µ, n + 1) β = h(KSEAF , an+1 , bn+1 , id, c)

α,β,η,µ

fn+1 = c ⊕ α an+1 = η ⊕ h(c, fn+1 ) bn+1 = η ⊕ h(fn+1 , c) KSEAF = h(K, fn+1 , η, µ, n + 1) β ∗ = h(KSEAF , an+1 , bn+1 , id, c) Check (β == β ∗ )

←−−−− 24

Figure 1: Steps and computations in proposed AKA scheme

25

Biography

26

An Braeken obtained her MSc Degree in Mathematics from the University of Gent in 2002. In 2006, she received her PhD in engineering sciences from the KULeuven at the research group COSIC (Computer Security and Industrial Cryptography). She became professor in 2007 at the Erasmushogeschool Brussel (currently since 2013, Vrije Universiteit Brussel) in the Industrial Sciences Department. Prior to joining the Erasmushogeschool Brussel, she worked for almost 2 years at the management consulting company Boston Consulting Group (BCG). Her current interests include the development, analysis and implementation of security protocols for embedded systems, wireless sensor networks, IoT,... She is (co-) author of over 150 publications. She has been member of the program committee for numerous conferences and workshops and member of the editorial board for Security and Communications magazine. She has also been member of the organizing committee for the IEEE Cloudtech 2018 conference and the Blockchain in IoT workshop at Globecom 2018. In addition, she is since 2015 reviewer for several EU proposals and ongoing projects, submitted under the programs of H2020, Marie Curie and ITN. She has cooperated and coordinated more than 12 national and international projects. She has been STSM manager in the COST AAPELE project (2014-2017) and is currently in the management committee of the COST RECODIS project (2016-2019).

27

Declaration of Interest The author declares no conflict of interest.

28

Author Contribution As there is only one author that did the work, an author statement is not relevant here.

29