TY - CONF
T1 - On the Efficacy of New Privacy Attacks against 5G AKA
AU - Khan, Haibat
AU - Martin, Keith
PY - 2019/8/16
Y1 - 2019/8/16
N2 - The AKA protocol is the primary mechanism in mobile telephony for establishment of a secure channel between mobile subscribers and their service providers. In addition to the requisite security guarantees, provisioning subscription privacy is an essential requirement for AKA. A recent paper by Borgaonkar et al. has uncovered a new vulnerability in one of the associated mechanisms of the AKA protocol. Based upon this vulnerability, Borgaonkar et al. have presented two privacy attacks; namely, activity monitoring attack and location confidentiality attack. In this paper, we analyze these attacks for their effectiveness, practicability and potency against 5G. Our analysis reveal that the activity monitoring attack is not as effective against 5G as it is against the previous generations (3G/4G). The analysis also bring to light the fact that the location confidentiality attack is a direct extension of an existing privacy vulnerability that affects all generations (including 5G) of mobile telephony in a much severe manner. In this paper we also establish that any countermeasure introduced to fix this existing vulnerability will also render these two new attacks ineffective.
AB - The AKA protocol is the primary mechanism in mobile telephony for establishment of a secure channel between mobile subscribers and their service providers. In addition to the requisite security guarantees, provisioning subscription privacy is an essential requirement for AKA. A recent paper by Borgaonkar et al. has uncovered a new vulnerability in one of the associated mechanisms of the AKA protocol. Based upon this vulnerability, Borgaonkar et al. have presented two privacy attacks; namely, activity monitoring attack and location confidentiality attack. In this paper, we analyze these attacks for their effectiveness, practicability and potency against 5G. Our analysis reveal that the activity monitoring attack is not as effective against 5G as it is against the previous generations (3G/4G). The analysis also bring to light the fact that the location confidentiality attack is a direct extension of an existing privacy vulnerability that affects all generations (including 5G) of mobile telephony in a much severe manner. In this paper we also establish that any countermeasure introduced to fix this existing vulnerability will also render these two new attacks ineffective.
KW - 5G AKA, mobile telephony, privacy, unlinkability.
UR - http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0007919704310438
U2 - 10.5220/0007919704310438
DO - 10.5220/0007919704310438
M3 - Paper
SP - 431
EP - 438
T2 - 16th International Conference on Security and Cryptography
Y2 - 26 July 2019 through 28 July 2019
ER -