Novel 5G Authentication Protocol to Improve the Resistance Against Active Attacks and Malicious Serving Networks

Braeken, An; Liyanage, Madhusanka; Kumar, Pardeep; Murphy, John

doi:10.1109/access.2019.2914941

Cited by 75 publications

(46 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As a result, a new generation of security services has to be offered [58]. Novel 5G AKA, USIM and ECC based design of handoff authentication for 5G-WLAN HetNets will be needed that can extend the provisions of secure and seamless internet connectivity [59]. Many of these additional requirements come from the technology shift to SDN [55] and NF virtualization (NFV) [42], network slicing, massive MIMO [33], NOMA [60], ultra-dense small cell network [40], D2D and M2M communications, and the cloud, and they lead to the need of increased security on the network side.…”

Section: Security Challengesmentioning

confidence: 99%

The Potential Short- and Long-Term Disruptions and Transformative Impacts of 5G and Beyond Wireless Networks: Lessons Learnt From the Development of a 5G Testbed Environment

et al. 2020

View full text Add to dashboard Cite

The capacity and coverage requirements for 5G and beyond wireless connectivity will be significantly different from the predecessor networks. To meet these requirements, the anticipated deployment cost in the UK is predicted to be in between £30bn-£50bn, whereas the current annual capital expenditure (CapEX) of the mobile network operators (MNOs) is £2.5bn. This prospect has vastly impacted and has become one of the major delaying factors for building the 5G physical infrastructure, whereas other areas of 5G developments are progressing at their speeds. Due to the expensive and complicated nature of the physical network infrastructure and spectrum, the second-tier operators, widely known as mobile virtual network operators (MVNO), are entirely dependent on the MNOs. In this paper, an extensive study is conducted to explore the possibilities of reducing the 5G deployment cost and developing business models. This study suggests that the use of existing public infrastructure (e.g., streetlights, telephone poles, etc.) has a great potential to contribute to a reduction of about 40% to 60% anticipated cost for the 5G network. This paper also reviews the recent Ofcom initiatives to release location-based licenses of the 5G-compatible radio spectrum at a nominal cost. Our study suggests that simplification of infrastructure and spectrum will encourage the exponential growth of scenario-specific cellular networks and will potentially disrupt the current business models of telecommunication business stakeholders -specifically MNOs and TowerCos. These scenario-specific networks are expected to be: a) private networks, b) community networks, and c) microoperators. Furthermore, due to the feasibility of dense device connectivity with 5G, the resolution of traditional and nontraditional data availability will increase significantly. This will encourage extensive data harvesting as a business opportunity and function within small and medium-sized enterprises (SMEs) as well as within large social networks. Consequently, the rise of new infrastructures and spectrum stakeholders is anticipated. This will fuel the development of a 5G data exchange ecosystem where data transactions are deemed to be high-value business commodities. The privacy and security of such data, as well as definitions of the associated revenue models and ownership, are challenging areas -and these have yet to emerge and mature fully. In this direction, this paper proposes the development of a unified data hub with layered structured privacy and security along with blockchain and encrypted off-chain based ownership/royalty

show abstract

Section: Security Challengesmentioning

confidence: 99%

The Potential Short- and Long-Term Disruptions and Transformative Impacts of 5G and Beyond Wireless Networks: Lessons Learnt From the Development of a 5G Testbed Environment

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Despite the evolutions to the AKA protocol made in each generation, the nutshell of the AAC mechanism stays the same and is based on symmetric cryptography and a secret key shared between the UE and the HN [36]. In 3G and 4G, the identity of the UE (IMSI) is sent in a clear text in the identity request part of the AKA protocol, which allows privacy attacks against the UE [37][38][39][40][41][42][43][44][45][46][47][48]. To address this problem, in 5G, the UE sends its identity protected by asymmetric encryption using the HN's public key.…”

Section: Aka-based Aac Flawsmentioning

confidence: 99%

“…The security flaws of the AKA-based AAC mechanism used in cellular networks, the different attacks against them and their formal security analysis were studied in several pieces of research [38][39][40][41][42][43]. If we focus on 5G-AKA as the main AAC mechanism in 5G, we can see that although it is not in the operational stage yet, some security flaws have already been recognized.…”

Section: Aka-based Aac Flawsmentioning

confidence: 99%

“…The attacker can capture the authentication request message which is sent from the network to the UE (or device) and replay it after. If the UE (or device) answers with the Synchronization Failure message, the attacker determines the presence of the target UE (or device) in a particular area [40][41][42][43]. In [38] the authors introduce the "Location Confidentiality Attack" which is against the user location confidentiality but as it is mentioned in [44], this attack is an extension of the "Linkability Attack".…”

Section: Aka-based Aac Flawsmentioning

confidence: 99%

“…But in this case, there is a need for a global PKI (Public Key Infrastructure) among all the operators which is not feasible [41]. The authors in [36] also introduce another attack called "Activity Monitoring Attacks" which is also caused by the transmission of the Synchronization Failure message in clear [42]. They claimed that an attacker can break the confidentiality of the token's sequence number (which is sent from the network to the UE) and monitor the activity of the target UE or device and learn its typical service consumption from the difference between the sequence numbers at two different times.…”

Section: Aka-based Aac Flawsmentioning

confidence: 99%

See 2 more Smart Citations

A new scalable authentication and access control mechanism for 5G-based IoT

Behrad

Bertin

Tuffin

et al. 2020

Future Generation Computer Systems

View full text Add to dashboard Cite

The fifth generation of mobile networks, 5G, is expected to support a set of many requirements and use cases such as handling connectivity for a massive number of IoT (Internet of Things) devices. Authenticating IoT devices and controlling their access to the network plays a vital role in the security of these devices and of the whole cellular system. In current cellular networks, as well as in 3GPP specifications release 16 on 5G, the AAC (Authentication and Access Control) of IoT devices is done in the same manner as the AAC of MBB (Mobile Broadband) UE (User Equipment). Considering the expected growth of IoT devices, this will likely induce a very high load on the connectivity provider's CN (Core Network) and cause network failures.To manage the AAC of this massive number of devices, we propose an SSAAC (Slice Specific Authentication and Access Control) mechanism that makes use of the flexibility provided by virtualization technologies. This mechanism allows the authentication and access control of IoT devices to be delegated to the 3rd parties providing these devices, thereby decreasing the load of the connectivity provider's CN, while increasing the flexibility and modularity of the whole 5G network. We evaluate the feasibility of our proposal with the OAI (Open Air Interface) open-source platform. Next, we provide a security analysis of the proposal and highlight the security requirements to use with this proposal. We also evaluate the impact of this delegation approach on the network load considering the anticipated number of AAC signaling messages compared to the existing AAC mechanisms in cellular networks. According to these evaluations, our approach is feasible and it would provide cellular networks the opportunity to overcome the security shortcomings in their AAC mechanisms. It also considerably reduces the AAC signaling load on the connectivity provider's CN. IntroductionAlong with mobility, security is one of the most important aspects of cellular systems. AAC (Authentication and access control) plays a vital role in ensuring the expected security level. In 3G and 4G, authentication and access control of subscribers are done through AKA (authentication and key agreement) protocols. These protocols (UMTS-AKA protocol in 3G and EPS-AKA in 4G) are based on the unique identities of subscribers and symmetric cryptographic algorithms [1,2] The system subscribers' identities and the secret keys (that are used in symmetric cryptographic algorithms) are provisioned in secured elements (e.g., SIM cards or embedded SIM) and stored in cellular system's database as well. Executing these AKA protocols to establish a secure connection with the cellular system is mandatory for each UE (composed of a mobile device and a secured element) to obtain its cellular connectivity [1,2]. However, these well-established principles may prevent cellular systems from supporting the connectivity of a massive number of devices [3], in particular when considering the context of the IoT-where a high growth rate of connected devices...

show abstract

SDMN Security

Montes

2021

Wiley 5G Ref

View full text Add to dashboard Cite

Software‐Defined Mobile Networks (SDMNs) is a rapidly emerging paradigm that involves designing and implementing mobile networks and functions as software allowing the introduction of generic, commodity, and off‐the‐shelf hardware and software in the core and radio access parts. It involves separating the data and control planes (SDN) and introducing Network Function Virtualization (NFV). These architectural and technical changes introduce new capabilities with respect to manageability, scalability, and dynamicity but also new vulnerabilities that will be discussed in this section, followed by the presentation of different solutions. Particular focus is made on distributed and highly flexible and programmable security monitoring architectures since they are important for providing the awareness of the state of the network at all levels (i.e. from the application to physical layers, at the data, and control planes) and enable the prevention and reaction to security breaches involving anomalies, sensitive data loss, and cyber‐attacks.

show abstract

Novel 5G Authentication Protocol to Improve the Resistance Against Active Attacks and Malicious Serving Networks

Cited by 75 publications

References 26 publications

The Potential Short- and Long-Term Disruptions and Transformative Impacts of 5G and Beyond Wireless Networks: Lessons Learnt From the Development of a 5G Testbed Environment

The Potential Short- and Long-Term Disruptions and Transformative Impacts of 5G and Beyond Wireless Networks: Lessons Learnt From the Development of a 5G Testbed Environment

A new scalable authentication and access control mechanism for 5G-based IoT

SDMN Security

Contact Info

Product

Resources

About