5G Handover: When Forward Security Breaks

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2023-01-01 DOI:10.5220/0012128400003555

Navya Sivaraman, S. Nadjm-Tehrani

{"title":"5G Handover: When Forward Security Breaks","authors":"Navya Sivaraman, S. Nadjm-Tehrani","doi":"10.5220/0012128400003555","DOIUrl":null,"url":null,"abstract":": 5G mobility management is dependent on a couple of complex protocols for managing handovers, based on the available network interfaces (such as Xn and N2). In our work, we focus on the 5G Xn handover procedure, as defined by the 3GPP standard. In Xn handovers, the source base station hands the user equipment (UE) over to a target base station through two different mechanisms: horizontal or vertical key derivation. To ascertain the security of these complex protocols, recent works have formally described the protocols and proved some security properties. In this work, we formulate a new property, forward security, which ensures the secrecy of future handovers following a session key exchange in one handover. Using a formal model and the Tamarin prover, we show that forward security breaks in the 5G Xn handover in presence of an untrusted base station. We also propose a solution to mitigate this counter-example with a small modification of the 3GPP Xn handover procedures based on the perceived source base station state.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"52 1","pages":"503-510"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0012128400003555","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

: 5G mobility management is dependent on a couple of complex protocols for managing handovers, based on the available network interfaces (such as Xn and N2). In our work, we focus on the 5G Xn handover procedure, as defined by the 3GPP standard. In Xn handovers, the source base station hands the user equipment (UE) over to a target base station through two different mechanisms: horizontal or vertical key derivation. To ascertain the security of these complex protocols, recent works have formally described the protocols and proved some security properties. In this work, we formulate a new property, forward security, which ensures the secrecy of future handovers following a session key exchange in one handover. Using a formal model and the Tamarin prover, we show that forward security breaks in the 5G Xn handover in presence of an untrusted base station. We also propose a solution to mitigate this counter-example with a small modification of the 3GPP Xn handover procedures based on the perceived source base station state.

查看原文本刊更多论文

5G移交:当向前安全突破时

: 5G移动性管理依赖于基于可用网络接口(如Xn和N2)的几个复杂协议来管理移交。在我们的工作中，我们专注于3GPP标准定义的5G Xn移交程序。在Xn移交中，源基站通过两种不同的机制将用户设备(UE)移交给目标基站:水平或垂直密钥派生。为了确定这些复杂协议的安全性，最近的工作正式描述了这些协议并证明了一些安全特性。在这项工作中，我们制定了一个新的属性，即前向安全性，它确保了在一次移交中会话密钥交换后的未来移交的保密性。使用正式模型和绢毛猴证明器，我们证明了在不可信基站存在的情况下，5G Xn切换中的前向安全漏洞。我们还提出了一种解决方案，通过基于感知到的源基站状态对3GPP Xn切换过程进行小修改来减轻这种反例。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography

自引率

0.00%

发文量