Security Verification and Improvement of 5G AKA Protocol Based on Petri-net

2021 IEEE/CIC International Conference on Communications in China (ICCC) Pub Date : 2021-07-28 DOI:10.1109/iccc52777.2021.9580325

Zhiping Yan, Chonglin Gu, Yue Gu, Hejiao Huang

{"title":"Security Verification and Improvement of 5G AKA Protocol Based on Petri-net","authors":"Zhiping Yan, Chonglin Gu, Yue Gu, Hejiao Huang","doi":"10.1109/iccc52777.2021.9580325","DOIUrl":null,"url":null,"abstract":"Ensuring the security of 5G Authentication and Key Agreement (5G AKA) is utmost important in the context of the upcoming widespread use of 5G. In this paper, we focus on the formal specification and security verification of 5G AKA. We propose three attack methods including: Sequence Number (SQN) mismatch attack, Subscription Concealed Identifier (SUCI) replay attack and bogus serving network (SN) attack based on the most general assumptions on entities. For the three attacks occurred in wireless channel and SN, we also give an improved scheme by adopting challenge response mechanism and designing Unique Identifier (UNI) for the AKA protocol. The former is used to prevent an attacker with a fake SN interfering the authentication process, while the latter ensures the security of messages in wireless channel. With the advantages such as graphical nature, the simplicity of modeling and the firm mathematical foundation, Petri net is applied for the attack-driven modeling. To the best of our knowledge, this is the first time that Petri net has been introduced to validate security scheme for 5G AKA protocol in the literature.","PeriodicalId":425118,"journal":{"name":"2021 IEEE/CIC International Conference on Communications in China (ICCC)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/CIC International Conference on Communications in China (ICCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/iccc52777.2021.9580325","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Ensuring the security of 5G Authentication and Key Agreement (5G AKA) is utmost important in the context of the upcoming widespread use of 5G. In this paper, we focus on the formal specification and security verification of 5G AKA. We propose three attack methods including: Sequence Number (SQN) mismatch attack, Subscription Concealed Identifier (SUCI) replay attack and bogus serving network (SN) attack based on the most general assumptions on entities. For the three attacks occurred in wireless channel and SN, we also give an improved scheme by adopting challenge response mechanism and designing Unique Identifier (UNI) for the AKA protocol. The former is used to prevent an attacker with a fake SN interfering the authentication process, while the latter ensures the security of messages in wireless channel. With the advantages such as graphical nature, the simplicity of modeling and the firm mathematical foundation, Petri net is applied for the attack-driven modeling. To the best of our knowledge, this is the first time that Petri net has been introduced to validate security scheme for 5G AKA protocol in the literature.

查看原文本刊更多论文

基于petri网的5G AKA协议安全验证与改进

在5G即将广泛使用的背景下，确保5G身份验证和密钥协议(5G AKA)的安全性至关重要。本文重点研究了5G AKA的形式规范和安全验证。基于对实体的最一般假设，提出了三种攻击方法:序列号(SQN)错配攻击、订阅隐藏标识符(SUCI)重放攻击和虚假服务网络(SN)攻击。针对发生在无线信道和SN中的三种攻击，提出了采用挑战响应机制和为AKA协议设计唯一标识符(UNI)的改进方案。前者用于防止假序列号攻击者干扰认证过程，后者用于保证无线信道中消息的安全性。Petri网具有图形化、建模简单、数学基础牢固等优点，可用于攻击驱动建模。据我们所知，这是文献中首次引入Petri网来验证5G AKA协议的安全方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE/CIC International Conference on Communications in China (ICCC)

自引率

0.00%

发文量