nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Identity Confidentiality in 5G Mobile Telephony Systems

verfasst von : Haibat Khan, Benjamin Dowling, Keith M. Martin

Erschienen in: Security Standardisation Research

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The 3\(^\mathrm{rd}\) Generation Partnership Project (3GPP) recently proposed a standard for 5G telecommunications, containing an identity protection scheme meant to address the long-outstanding privacy problem of permanent subscriber-identity disclosure. The proposal is essentially two disjoint phases: an identification phase, followed by an establishment of security context between mobile subscribers and their service providers via symmetric-key based authenticated key agreement. Currently, 3GPP proposes to protect the identification phase with a public-key based solution, and while the current proposal is secure against a classical adversary, the same would not be true of a quantum adversary. 5G specifications target very long-term deployment scenarios (well beyond the year 2030), therefore it is imperative that quantum-secure alternatives be part of the current specification. In this paper, we present such an alternative scheme for the problem of private identification protection. Our solution is compatible with the current 5G specifications, depending mostly on cryptographic primitives already specified in 5G, adding minimal performance overhead and requiring minor changes in existing message structures. Finally, we provide a detailed formal security analysis of our solution in a novel security framework.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Defeating the Downgrade Attack on Identity Privacy in 5G

Nächstes Kapitel Great Expectations: A Critique of Current Approaches to Random Number Generation Testing & Certification

The official 3GPP documentation uses the term “Identity Confidentiality” to refer to the privacy of user identity. We follow the 3GPP naming convention.

Users can also be identified through other unique identifiers, for instance International Mobile Equipment Identity (IMEI) which uniquely identifies the mobile equipment. However, it is only the IMSI/SUPI which is used for initial identification purposes.

The 3GPP documentation uses the term “key generating function” for these algorithms, while these are technically key derivation functions.

This first Step is numbered 0 because its not an exclusive part of the AKA but rather the identification phase.

The null-scheme is used only if the UE is making an unauthenticated emergency session or if the HN has configured “null-scheme” to be used or if the HN has not provisioned the public key needed to generate SUCI.

Note that HN will maintain a separate distinct value of \( SQNID _{{ HN }}\) for each \( UE \) in its database.

Note that \(\mathtt {label}_{\mathtt {ps}}\) is a constant value indicating the protection scheme, and \(\mathtt {label}_{{ HN }}\) is a constant value identifying the \({ HN }\).

Note that here we are using \(\subset \) to indicate substrings.

Arkko, J., Lehtovirta, V., Eronen, P.: Improved extensible authentication protocol method for 3rd generation authentication and key agreement (EAP-AKA’). RFC 5448, 1–29 (2009). https://doi.org/10.17487/RFC5448

van den Broek, F., Verdult, R., de Ruiter, J.: Defeating IMSI catchers. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015, pp. 340–351. ACM (2015). https://doi.org/10.1145/2810103.2813615

Chen, L., et al.: Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology (2016)

ETSI-SAGE: First response on ECIES for concealing IMSI or SUPI, October 2017. https://portal.3gpp.org/ngppapp/CreateTdoc.aspx?mode=view&contributionId=832160

Fox, D.: Der imsi-catcher. Datenschutz und Datensicherheit 26(4), 212–215 (2002)

3rd Generation Partnership Project: Rationale and track of security decisions in Long Term Evolution (LTE) RAN/3GPP System Architecture Evolution (SAE) (3GPP TR 33.821 Version 9.0.0 Release 9), June 2009. http://www.3gpp.org/DynaReport/33821.htm

3rd Generation Partnership Project: Study on the security aspects of the next generation system (3GPP TR 33.899 Version 1.3.0 Release 14), August 2017. http://www.3gpp.org/DynaReport/33899.htm

3rd Generation Partnership Project: 3G Security; Security Architecture (3GPP TS 33.102 Version 15.0.0 Release 15), June 2018. http://www.3gpp.org/DynaReport/33102.htm

3rd Generation Partnership Project: Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) (3GPP TS 33.220 Version 15.2.0 Release 15), June 2018. http://www.3gpp.org/DynaReport/33220.htm

10.

3rd Generation Partnership Project: Mobile Application Part (MAP) Specification (3GPP TS 29.002 Version 15.3.0 Release 15), March 2018. http://www.3gpp.org/DynaReport/29002.htm

11.

3rd Generation Partnership Project: Security Architecture and Procedures for 5G Systems (3GPP TS 33.501 Version 15.0.0 Release 15), March 2018. http://www.3gpp.org/DynaReport/33501.htm

12.

3rd Generation Partnership Project: System Architecture for the 5G System (3GPP TS 23.501 Version 15.1.0 Release 15), March 2018. http://www.3gpp.org/DynaReport/23501.htm

13.

Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22–24 May 1996, pp. 212–219. ACM (1996). http://doi.acm.org/10.1145/237814.237866

14.

Kelly, J.: A Preview of Bristlecone, Google’s New Quantum Processor. https://ai.googleblog.com/2018/03/a-preview-of-bristlecone-googles-new.html. Accessed 08 June 2018

15.

Khan, M.S.A., Mitchell, C.J.: Improving air interface user privacy in mobile telephony. In: Chen, L., Matsuo, S. (eds.) SSR 2015. LNCS, vol. 9497, pp. 165–184. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27152-1_9CrossRef

16.

Khan, M.S.A., Mitchell, C.J.: Trashing IMSI catchers in mobile networks. In: Noubir, G., Conti, M., Kasera, S.K. (eds.) Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Boston, MA, USA, 18–20 July 2017, pp. 207–218. ACM (2017). https://doi.org/10.1145/3098243.3098248

17.

Lilly, A.: IMSI catchers: hacking mobile communications. Netw. Secur. 2017(2), 5–7 (2017). https://doi.org/10.1016/S1353-4858(17)30014-4CrossRef

18.

Mattsson, J.: Post-quantum cryptography in mobile networks (2017). https://www.ericsson.com/research-blog/post-quantum-cryptography-mobile-networks/

19.

SECG SEC 1: Recommended Elliptic Curve Cryptography, Version 2.0 (2009). http://www.secg.org/sec1-v2.pdf

20.

Shaik, A., Seifert, J., Borgaonkar, R., Asokan, N., Niemi, V.: Practical attacks against privacy and availability in 4G/LTE mobile communication systems. In: 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, 21–24 February 2016. The Internet Society (2016). http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/practical-attacks-against-privacy-availability-4g-lte-mobile-communication-systems.pdf

21.

Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134. IEEE Computer Society (1994). https://doi.org/10.1109/SFCS.1994.365700

22.

Shoup, V.: A proposal for an ISO standard for public key encryption. IACR Cryptology ePrint Archive 2001, 112 (2001). http://eprint.iacr.org/2001/112

Titel: Identity Confidentiality in 5G Mobile Telephony Systems
verfasst von: Haibat Khan
Benjamin Dowling
Keith M. Martin
Verlag: Springer International Publishing
Buch: Security Standardisation Research
Print ISBN: 978-3-030-04761-0

Electronic ISBN: 978-3-030-04762-7

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-030-04762-7_7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"