{"title":"5G移交:当向前安全突破时","authors":"Navya Sivaraman, S. Nadjm-Tehrani","doi":"10.5220/0012128400003555","DOIUrl":null,"url":null,"abstract":": 5G mobility management is dependent on a couple of complex protocols for managing handovers, based on the available network interfaces (such as Xn and N2). In our work, we focus on the 5G Xn handover procedure, as defined by the 3GPP standard. In Xn handovers, the source base station hands the user equipment (UE) over to a target base station through two different mechanisms: horizontal or vertical key derivation. To ascertain the security of these complex protocols, recent works have formally described the protocols and proved some security properties. In this work, we formulate a new property, forward security, which ensures the secrecy of future handovers following a session key exchange in one handover. Using a formal model and the Tamarin prover, we show that forward security breaks in the 5G Xn handover in presence of an untrusted base station. We also propose a solution to mitigate this counter-example with a small modification of the 3GPP Xn handover procedures based on the perceived source base station state.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"52 1","pages":"503-510"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"5G Handover: When Forward Security Breaks\",\"authors\":\"Navya Sivaraman, S. Nadjm-Tehrani\",\"doi\":\"10.5220/0012128400003555\",\"DOIUrl\":null,\"url\":null,\"abstract\":\": 5G mobility management is dependent on a couple of complex protocols for managing handovers, based on the available network interfaces (such as Xn and N2). In our work, we focus on the 5G Xn handover procedure, as defined by the 3GPP standard. In Xn handovers, the source base station hands the user equipment (UE) over to a target base station through two different mechanisms: horizontal or vertical key derivation. To ascertain the security of these complex protocols, recent works have formally described the protocols and proved some security properties. In this work, we formulate a new property, forward security, which ensures the secrecy of future handovers following a session key exchange in one handover. Using a formal model and the Tamarin prover, we show that forward security breaks in the 5G Xn handover in presence of an untrusted base station. We also propose a solution to mitigate this counter-example with a small modification of the 3GPP Xn handover procedures based on the perceived source base station state.\",\"PeriodicalId\":74779,\"journal\":{\"name\":\"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography\",\"volume\":\"52 1\",\"pages\":\"503-510\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5220/0012128400003555\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0012128400003555","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
: 5G mobility management is dependent on a couple of complex protocols for managing handovers, based on the available network interfaces (such as Xn and N2). In our work, we focus on the 5G Xn handover procedure, as defined by the 3GPP standard. In Xn handovers, the source base station hands the user equipment (UE) over to a target base station through two different mechanisms: horizontal or vertical key derivation. To ascertain the security of these complex protocols, recent works have formally described the protocols and proved some security properties. In this work, we formulate a new property, forward security, which ensures the secrecy of future handovers following a session key exchange in one handover. Using a formal model and the Tamarin prover, we show that forward security breaks in the 5G Xn handover in presence of an untrusted base station. We also propose a solution to mitigate this counter-example with a small modification of the 3GPP Xn handover procedures based on the perceived source base station state.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
