On the Efficacy of New Privacy Attacks against 5G AKA

Haibat Khan, Keith Martin

Research output: Contribution to conferencePaperpeer-review

412 Downloads (Pure)

Abstract

The AKA protocol is the primary mechanism in mobile telephony for establishment of a secure channel between mobile subscribers and their service providers. In addition to the requisite security guarantees, provisioning subscription privacy is an essential requirement for AKA. A recent paper by Borgaonkar et al. has uncovered a new vulnerability in one of the associated mechanisms of the AKA protocol. Based upon this vulnerability, Borgaonkar et al. have presented two privacy attacks; namely, activity monitoring attack and location confidentiality attack. In this paper, we analyze these attacks for their effectiveness, practicability and potency against 5G. Our analysis reveal that the activity monitoring attack is not as effective against 5G as it is against the previous generations (3G/4G). The analysis also bring to light the fact that the location confidentiality attack is a direct extension of an existing privacy vulnerability that affects all generations (including 5G) of mobile telephony in a much severe manner. In this paper we also establish that any countermeasure introduced to fix this existing vulnerability will also render these two new attacks ineffective.
Original languageEnglish
Pages431-438
Number of pages8
DOIs
Publication statusPublished - 16 Aug 2019
Event16th International Conference on Security and Cryptography - Prague, Czech Republic
Duration: 26 Jul 201928 Jul 2019
http://www.secrypt.icete.org/

Conference

Conference16th International Conference on Security and Cryptography
Abbreviated titleSECRYPT 2019
Country/TerritoryCzech Republic
CityPrague
Period26/07/1928/07/19
Internet address

Keywords

  • 5G AKA, mobile telephony, privacy, unlinkability.

Cite this