Component-based formal analysis of 5G-AKA: channel assumptions and session confusion

Conference item

Abstract:: The 5G mobile telephony standards are nearing completion; upon adoption these will be used by billions across the globe. Ensuring the security of 5G communication is of the utmost importance, building trust in a critical component of everyday life and national infrastructure.

We perform fine-grained formal analysis of 5G’s main authentication and key agreement protocol (AKA), and provide the first models to explicitly consider all parties defined by the protocol specification. Our analysis reveals that the security of 5G-AKA critically relies on unstated assumptions on the inner workings of the underlying channels. In practice this means that following the 5G-AKA specification, a provider can easily and ‘correctly’ implement the standard insecurely, leaving the protocol vulnerable to a security-critical race condition. We provide the first models and analysis considering component and channel compromise in 5G, whose results further demonstrate the fragility and subtle trust assumptions of the 5G-AKA protocol.

We propose formally verified fixes to the encountered issues, and have worked with 3GPP to ensure these fixes are adopted.

Files:: CrDe2018-5G.pdf

(Preview, Version of record, pdf, 872.3KB, Terms of use)

Publisher:: Internet Society
Host title:: Network and Distributed System Security Symposium (NDSS) 2019
Journal:: Network and Distributed System Security Symposium (NDSS) More from this journal
Publication date:: 2019-02-27
Acceptance date:: 2018-12-13
DOI:: 10.14722/ndss.2019.23394

Notes:: This paper was presented at the Network and Distributed System Security Symposium (NDSS) 2019, 24-27 February 2019, San Diego, CA, USA

Licence:: Terms and Conditions of Use for Oxford University Research Archive

If you are the owner of this record, you can report an update to it here: Report update to this record