Related papers: Active Attack Resilience in 5G: A New Take on Authentication and Key Agreement

Active Attack Resilience in 5G: A New Take on Authentication and Key Agreement

URL: http://arxiv.org/abs/2507.17491v2
Date: Mon, 28 Jul 2025 04:24:08 GMT
Title: Active Attack Resilience in 5G: A New Take on Authentication and Key Agreement
Authors: Nazatul H. Sultan, Xinlong Guan, Josef Pieprzyk, Wei Ni, Sharif Abuadbba, Hajime Suzuki,
Abstract summary: 5G-AKA protocol is central to authentication in current 5G deployments.<n>5G-AKA has known limitations in both security and performance.<n>This paper proposes an enhanced authentication protocol that builds on 5G-AKA's design while addressing its shortcomings.
Score: 13.49434164633215
License: http://creativecommons.org/licenses/by/4.0/
Abstract: As 5G networks expand into critical infrastructure, secure and efficient user authentication is more important than ever. The 5G-AKA protocol, standardized by 3GPP in TS 33.501, is central to authentication in current 5G deployments. It provides mutual authentication, user privacy, and key secrecy. However, despite its adoption, 5G-AKA has known limitations in both security and performance. While it focuses on protecting privacy against passive attackers, recent studies show its vulnerabilities to active attacks. It also relies on a sequence number mechanism to prevent replay attacks, requiring perfect synchronization between the device and the core network. This stateful design adds complexity, causes desynchronization, and incurs extra communication overhead. More critically, 5G-AKA lacks Perfect Forward Secrecy (PFS), exposing past communications if long-term keys are compromised-an increasing concern amid sophisticated threats. This paper proposes an enhanced authentication protocol that builds on 5G-AKA's design while addressing its shortcomings. First, we introduce a stateless version that removes sequence number reliance, reducing complexity while staying compatible with existing SIM cards and infrastructure. We then extend this design to add PFS with minimal cryptographic overhead. Both protocols are rigorously analyzed using ProVerif, confirming their compliance with all major security requirements, including resistance to passive and active attacks, as well as those defined by 3GPP and academic studies. We also prototype both protocols and evaluate their performance against 5G-AKA and 5G-AKA' (USENIX'21). Our results show the proposed protocols offer stronger security with only minor computational overhead, making them practical, future-ready solutions for 5G and beyond.

Related papers

Securing 5G Bootstrapping: A Two-Layer IBS Authentication Protocol [4.087348638056961]
Lack of authentication during the initial bootstrapping phase between cellular devices and base stations allows attackers to send malicious messages to the devices.<n>We propose E2IBS, a novel and efficient two-layer identity-based signature scheme for seamless integration with existing cellular protocols.<n>Compared to the state-of-the-art Schnorr-HIBS, E2IBS reduces attack surfaces, enables fine-grained lawful interception, and achieves 2x speed in verification.
arXiv Detail & Related papers (2025-02-07T13:32:48Z)
5G-AKA-HPQC: Hybrid Post-Quantum Cryptography Protocol for Quantum-Resilient 5G Primary Authentication with Forward Secrecy [2.154734752825087]
5G authentication is vulnerable to linkability attacks and quantum computing threats.<n>We propose 5G AKA HPQC, a protocol maintaining compatibility with existing standards while enhancing security.<n>This research provides key insights into quantum-safe authentication, contributing to future standardization of secure mobile authentication protocols.
arXiv Detail & Related papers (2025-02-05T03:05:45Z)
TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments [25.43682473591802]
We show how a spoofing attack is able to cause a production-ready O-RAN and 5G-compliant private cellular base station to catastrophically fail within 2 seconds of the attack.<n>To counter this, we design a Machine Learning-based monitoring solution capable of detecting various malicious attacks with over 97.5% accuracy.
arXiv Detail & Related papers (2024-12-17T16:13:37Z)
ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
arXiv Detail & Related papers (2024-11-21T18:26:05Z)
SoK: Evaluating 5G Protocols Against Legacy and Emerging Privacy and Security Attacks [2.5554069583567487]
We study existing privacy and security attacks in pre-5G networks, analyzing the weaknesses that lead to these attacks. We study the security characteristics of 5G up to the new Release 19, and examine mitigation mechanisms of 5G to the identified pre-5G attacks.
arXiv Detail & Related papers (2024-09-10T09:30:37Z)
TransLinkGuard: Safeguarding Transformer Models Against Model Stealing in Edge Deployment [34.8682729537795]
We propose TransLinkGuard, a plug-and-play model protection approach against model stealing on edge devices. The core part of TransLinkGuard is a lightweight authorization module residing in a secure environment. Extensive experiments show that TransLinkGuard achieves the same security protection as the black-box security guarantees with negligible overhead.
arXiv Detail & Related papers (2024-04-17T07:08:45Z)
UniHand: Privacy-preserving Universal Handover for Small-Cell Networks in 5G-enabled Mobile Communication with KCI Resilience [7.816521719452984]
Introducing Small Cell Networks (SCN) has significantly improved wireless link quality, spectrum efficiency and network capacity. This work proposes a secure privacy-preserving universal HO scheme ($UniHand$) for SCNs in 5G mobile communication.
arXiv Detail & Related papers (2024-03-12T16:56:31Z)
Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
arXiv Detail & Related papers (2024-03-04T09:27:11Z)
A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z)
DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving. Recent advancements in quantum computing jeopardize classical public key cryptography. We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
arXiv Detail & Related papers (2023-12-20T09:40:45Z)
Tamper-Evident Pairing [55.2480439325792]
Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
arXiv Detail & Related papers (2023-11-24T18:54:00Z)
Blockchain-based Privacy Preservation for 5G-enabled Drone Communications [47.852641639155664]
5G-enabled drones have potential applications in a variety of both military and civilian settings. There are security and privacy considerations underpinning 5G-enabled drone communications. We will review existing blockchain-based solutions after introducing the architecture for 5G-enabled drone communications and blockchain.
arXiv Detail & Related papers (2020-09-07T15:27:52Z)
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z)
A Secure Federated Learning Framework for 5G Networks [44.40119258491145]
Federated Learning (FL) has been proposed as an emerging paradigm to build machine learning models using distributed training datasets. There are two critical security threats: poisoning and membership inference attacks. We propose a blockchain-based secure FL framework to create smart contracts and prevent malicious or unreliable participants from involving in FL.
arXiv Detail & Related papers (2020-05-12T13:27:23Z)

This list is automatically generated from the titles and abstracts of the papers in this site.