New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols

Open access

Abstract

Mobile communications are used by more than two-thirds of the world population who expect security and privacy guarantees. The 3rd Generation Partnership Project (3GPP) responsible for the worldwide standardization of mobile communication has designed and mandated the use of the AKA protocol to protect the subscribers’ mobile services. Even though privacy was a requirement, numerous subscriber location attacks have been demonstrated against AKA, some of which have been fixed or mitigated in the enhanced AKA protocol designed for 5G.

In this paper, we reveal a new privacy attack against all variants of the AKA protocol, including 5G AKA, that breaches subscriber privacy more severely than known location privacy attacks do. Our attack exploits a new logical vulnerability we uncovered that would require dedicated fixes. We demonstrate the practical feasibility of our attack using low cost and widely available setups. Finally we conduct a security analysis of the vulnerability and discuss countermeasures to remedy our attack.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Tamarin tool code.

  • [2] 3GPP. 3G Security; Formal Analysis of the 3G Authentication Protocol. TS 33.902 (3GPP).

  • [3] 3GPP. 3G security; Security architecture. TS 33.102 (3GPP).

  • [4] 3GPP. 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1 f1* f2 f3 f4 f5 and f5*; Document 2: Algorithm specification. Technical Specification (TS) 35.206 (3GPP).

  • [5] 3GPP. 3GPP System Architecture Evolution (SAE); Security architecture. TR 33.401 (3GPP).

  • [6] 3GPP. AT command set for User Equipment (UE). TS 27.007 (3GPP).

  • [7] 3GPP. SA3 - Security.

  • [8] 3GPP. Security architecture and procedures for 5G System. TS 33.501 (3GPP).

  • [9] 3GPP. Service requirements for the Evolved Packet System (EPS). TS 122.278 (3GPP).

  • [10] 3GPP. Specification of the TUAK algorithm set: A second example algorithm set for the 3GPP authentication and key generation functions f1 f1* f2 f3 f4 f5 and f5*; Document 1: Algorithm specification. Technical Specification (TS) 35.231 (3GPP).

  • [11] 3GPP. Study on subscriber privacy impact in 3GPP. TR 33.849 (3GPP).

  • [12] 3GPP. Study on the security aspects of the next generation system. TR 33.899 (3GPP).

  • [13] Advanced Card Systems Holdings Limited. ACR38 Smart Card Reader.

  • [14] Anand R. Prasad Alf Zugenmaier Adrian Escott and Mirko Cano Soveri. 3GPP 5G Security.

  • [15] Myrto Arapinis Tom Chothia Eike Ritter and Mark Ryan. Analysing unlinkability and anonymity using the applied pi calculus. In 2010 23rd IEEE Computer Security Foundations Symposium pages 107–121. IEEE 2010.

  • [16] Myrto Arapinis Loretta Mancini Eike Ritter Mark Ryan Nico Golde Kevin Redon and Ravishankar Borgaonkar. New privacy issues in mobile telephony: fix and verification. In Proceedings of the 2012 ACM conference on Computer and communications security pages 205–216. ACM 2012.

  • [17] Jari Arkko. Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAPAKA). RFC 4187.

  • [18] D. Basin C. Cremers K. Miyazaki S. Radomirovic and D. Watanabe. Improving the Security of Cryptographic Protocol Standards. IEEE Security Privacy 13(3):24–31 May 2015.

  • [19] David Basin Jannik Dreier Lucca Hirschi Saša Radomirovic Ralf Sasse and Vincent Stettler. A Formal Analysis of 5G Authentication. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security pages 1383–1396. ACM 2018.

  • [20] A. N. Bikos and N. Sklavos. LTE/SAE Security Issues on 4G Wireless Networks. IEEE Security Privacy 11(2):55–62 March 2013.

  • [21] B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In Proceedings of CSFW’01 pages 82–96. IEEE Comp. Soc. Press 2001.

  • [22] Vincent Cheval and Bruno Blanchet. Proving more observational equivalences with ProVerif. In Principles of Security and Trust pages 226–246. Springer 2013.

  • [23] Stephanie Clifford and Quentin Hardy. Attention Shoppers: Store is Tracking Your Cell. New York Times 14 2013.

  • [24] S. Delaune and L. Hirschi. A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols. ArXiv e-prints October 2016.

  • [25] Jannik Dreier Lucca Hirschi Sasa Radomirovic and Ralf Sasse. Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR. In 31st IEEE Computer Security Foundations Symposium (CSF’2018) 2018.

  • [26] Tobias Engel. Locating Mobile Phones using Signalling System 7. https://berlin.ccc.de/~tobias/25c3-locating-mobile-phones.pdf.

  • [27] Ettus Research. USRP B210.

  • [28] Dan Forsberg Gnther Horn Wolf-Dietrich Moeller and Valtteri Niemi. LTE Security. Wiley Publishing 2nd edition 2012.

  • [29] Gamry Instrumens. Faraday Cage: What Is It? How Does It Work?

  • [30] Ismael Gomez-Miguelez Andres Garcia-Saavedra Paul D. Sutton Pablo Serrano Cristina Cano and Douglas J. Leith. srsLTE: An Open-Source Platform for LTE Evolution and Experimentation. CoRR abs/1602.04629 2016.

  • [31] GSMA. Definitive data and analysis for the mobile industry. https://www.gsmaintelligence.com/.

  • [32] Changhee Hahn Hyunsoo Kwon Daeyoung Kim Kyungtae Kang and Junbeom Hur. A Privacy Threat in 4th Generation Mobile Telephony and Its Countermeasure. The 9th International Conference on Wireless Algorithms Systems and Applications pages 624–635 2014.

  • [33] Lucca Hirschi David Baelde and Stéphanie Delaune. A method for verifying privacy-type properties: the unbounded case. In Michael Locasto Vitaly Shmatikov and Ulfar Erlingsson editors Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P’16).

  • [34] M. Khan A. Ahmed and A. R. Cheema. Vulnerabilities of UMTS Access Domain Security Architecture. In Software Engineering Artificial Intelligence Networking and Parallel/Distributed Computing 2008. SNPD ’08. Ninth ACIS International Conference on pages 350–355 Aug 2008.

  • [35] Mohammed Shafiul Alam Khan and Chris J Mitchell. Another look at privacy threats in 3G mobile telephony. In Australasian Conference on Information Security and Privacy pages 386–396. Springer 2014.

  • [36] F. Y. Leu I. You Y. L. Huang K. Yim and C. R. Dai. Improving security level of LTE authentication and key agreement procedure. In 2012 IEEE Globecom Workshops pages 1032–1036 Dec 2012.

  • [37] X. Li and Y. Wang. Security Enhanced Authentication and Key Agreement Protocol for LTE/SAE Network. In Wireless Communications Networking and Mobile Computing (WiCOM) 2011 7th International Conference on pages 1–4 Sept 2011.

  • [38] S. Meier B. Schmidt C. Cremers and D. Basin. The Tamarin Prover for the Symbolic Analysis of Security Protocols. In Proc. 25th International Conference on Computer Aided Verification (CAV’13) volume 8044 of LNCS pages 696–701. Springer 2013.

  • [39] ABM Musa and Jakob Eriksson. Tracking unmodified smart-phones using Wi-Fi monitors. In Proceedings of the 10th ACM conference on embedded network sensor systems pages 281–294. ACM 2012.

  • [40] Piers O’Hanlon Ravishankar Borgaonkar and Lucca Hirschi. Mobile subscriber WiFi privacy. In Proceedings of Mobile Security Technologies (MoST’17) held as part of the IEEE Computer Society Security and Privacy Workshops (SPW’17) 2017. To appear.

  • [41] Open5GCore. Open5GCore – The Next Mobile Core Network Testbed Platform.

  • [42] OpenAirInterface. History.

  • [43] Osmocom Project. pySIM: A python tool to program magic SIMs. http://cgit.osmocom.org/pysim/.

  • [44] PC/SC Workgroup. PC/SC Workgroup Specifications.

  • [45] Peter Howard. AKA usage in 3GPP.

  • [46] SecT- TU Berlin. SCAT: Signaling Collection and Analysis Tool.

  • [47] Altaf Shaik Jean-Pierre Seifert Ravishankar Borgaonkar N. Asokan and Valtteri Niemi. Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems. In 23nd Annual Network and Distributed System Security Symposium NDSS 2016 San Diego California USA February 21-24 2016.

  • [48] Sysmocom. sysmoUSIM-SJS1.

  • [49] Telegraphy. TeliaSonera launches world’s first commercial LTE networks in Sweden and Norway.

  • [50] Swapnil Udar and Ravishankar Borgaonkar. Understanding IMSI Privacy. https://www.isti.tu-berlin.de/fileadmin/fg214/ravi/Darshak-bh14.pdf.

  • [51] Fabian van den Broek Roel Verdult and Joeri de Ruiter. Defeating IMSI Catchers. Proceedings of the 2015 ACM Conference on Computer and Communications Security -CCS ’15 2015.

  • [52] Venturebeat. DEMO: Range Networks rings in cell-phone service for USD 2 a month.

  • [53] Ben Wojtowicz. OpenLTE. https://sourceforge.net/projects/openlte/.

  • [54] Muxiang Zhang and Yuguang Fang. Security analysis and enhancements of 3GPP authentication and key agreement protocol. IEEE Transactions on Wireless Communications 4(2):734–742 March 2005.

Search
Journal information
Cited By
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 131 131 78
PDF Downloads 92 92 45