5G-IPAKA: An Improved Primary Authentication and Key Agreement Protocol for 5G Networks

Xiao, Yuelei; Yang, Wu

doi:10.3390/info13030125

Cited by 12 publications

(7 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, ref. [ 17 ] identified shortcomings, such as the lack of support for forward secrecy through an analysis of 5G-AKA. In this regard, improved protocols, including [ 3 , 16 , 17 , 20 , 21 ], have been proposed to address such vulnerabilities in 5G-AKA.…”

Section: Related Workmentioning

confidence: 99%

“…Furthermore, ref. [ 17 ] presented shortcomings of 5G-AKA, including the lack of support for forward secrecy, also known as perfect forward secrecy.…”

Section: Introductionmentioning

confidence: 99%

“…Regarding EAP-AKA

, there has been a standardization effort aimed at enhancing the protocol to incorporate support for forward secrecy (known as EAP-AKA

-FS) [ 19 ]. On the 5G-AKA side, there are existing works proposed to support unlinkability and forward secrecy, such as [ 3 , 16 , 17 , 20 , 21 ]. In particular, those 5G-AKA enhancements attempted to reuse the ECIES shared key, which is used to protect the UE’s identifier in the initiation phase.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

5G-AKA-FS: A 5G Authentication and Key Agreement Protocol for Forward Secrecy

You,

Kim,

Shin

et al. 2023

Sensors

View full text Add to dashboard Cite

5G acts as a highway enabling innovative digital transformation and the Fourth Industrial Revolution in our lives. It is undeniable that the success of such a paradigm shift hinges on robust security measures. Foremost among these is primary authentication, the initial step in securing access to 5G network environments. For the 5G primary authentication, two protocols, namely 5G Authentication and Key Agreement (5G-AKA) and Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA′), were proposed and standardized, where the former is for 3GPP devices, and the latter is for non-3GPP devices. Recent scrutiny has unveiled vulnerabilities in the 5G-AKA protocol, exposing it to security breaches, including linkability attacks. Moreover, mobile communication technologies are dramatically evolving while 3GPP has standardized Authentication and Key Management for Applications (AKMA) to reuse the credentials, generated during primary authentication, for 5G network applications. That makes it so significant for 5G-AKA to be improved to support forward secrecy as well as address security attacks. In response, several protocols have been proposed to mitigate these security challenges. In particular, they tried to strengthen security by reusing secret keys negotiated through the Elliptic Curve Integrated Encryption Scheme (ECIES) and countering linkability attacks. However, they still have encountered limitations in completing forward secrecy. Motivated by this, we propose an augmentation to 5G-AKA to achieve forward security and thwart linkability attacks (called 5G-AKA-FS). In 5G-AKA-FS, the home network (HN), instead of using its static ECIES key pair, generates a new ephemeral key pair to facilitate robust session key negotiation, truly realizing forward security. In order to thoroughly and precisely prove that 5G-AKA-FS is secure, formal security verification is performed by applying both BAN Logic and ProVerif. As a result, it is demonstrated that 5G-AKA-FS is valid. Besides, our performance comparison highlights that the communication and computation overheads are intrinsic to 5G-AKA-FS. This comprehensive analysis showcases how the protocol effectively balances between security and efficiency.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Furthermore, ref. [ 17 ] presented shortcomings of 5G-AKA, including the lack of support for forward secrecy, also known as perfect forward secrecy.…”

Section: Introductionmentioning

confidence: 99%

“…Regarding EAP-AKA

, there has been a standardization effort aimed at enhancing the protocol to incorporate support for forward secrecy (known as EAP-AKA

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

5G-AKA-FS: A 5G Authentication and Key Agreement Protocol for Forward Secrecy

You,

Kim,

Shin

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…The proposal facilitates fast 5G handover authentication by using time-to-live (TTL) attributes and encrypting the next hop chaining counter (NCC) with the Chinese remainder theorem. There are also some other schemes, including [24][25][26][27][28], proposed recently to fix other security issues in EPS-AKA and 5G-AKA. However, all of them suffer from single-point-of-failure due to the centralized protocol designs.…”

Section: Aka Schemes Against Dos and Ddos Attacksmentioning

confidence: 99%

“…Vulnerable to DDoS due to centralized design [24] Formally verified protocol [25] Lightweight symmetric key-based protocol [26] Formally verified protocol [27] Backward compatibility with 5G-AKA [28] DDoS prevention using zero-knowledge proof Centralized design, lack of formally verified protocol…”

Section: Lightweight and Formally Verified Handover Authenticationmentioning

confidence: 99%

A Secure Blockchain-Based Authentication and Key Agreement Scheme for 3GPP 5G Networks

Chow

2022

Sensors

View full text Add to dashboard Cite

The futuristic fifth-generation cellular network (5G) not only supports high-speed internet, but must also connect a multitude of devices simultaneously without compromising network security. To ensure the security of the network, the Third Generation Partnership Project (3GPP) has standardized the 5G Authentication and Key Agreement (AKA) protocol for mutually authenticating user equipment (UE), base stations, and the core network. However, it has been found that 5G-AKA is vulnerable to many attacks, including linkability attacks, denial-of-service (DoS) attacks, and distributed denial-of-service (DDoS) attacks. To address these security issues and improve the robustness of the 5G network, in this paper, we introduce the Secure Blockchain-based Authentication and Key Agreement for 5G Networks (5GSBA). Using blockchain as a distributed database, our 5GSBA decentralizes authentication functions from a centralized server to all base stations. It can prevent single-point-of-failure and increase the difficulty of DDoS attacks. Moreover, to ensure the data in the blockchain cannot be used for device impersonation, our scheme employs the one-time secret hash function as the device secret key. Furthermore, our 5GSBA can protect device anonymity by mandating the encryption of device identities with Subscription Concealed Identifiers (SUCI). Linkability attacks are also prevented by deprecating the sequence number with Elliptic Curve Diffie–Hellman (ECDH). We use Burrows–Abadi–Needham (BAN) logic and the Scyther tool to formally verify our protocol. The security analysis shows that 5GSBA is superior to 5G-AKA in terms of perfect forward secrecy, device anonymity, and mutual Authentication and Key Agreement (AKA). Additionally, it effectively deters linkability attacks, replay attacks, and most importantly, DoS and DDoS attacks. Finally, the performance evaluation shows that 5GSBA is efficient for both UEs and base stations with reasonably low computational costs and energy consumption.

show abstract