Security and Protocol Exploit Analysis of the 5G Specifications

The third generation partnership project released its first 5G security specifications in March 2018. This paper reviews the proposed security architecture and its main requirements and procedures and evaluates them in the context of known and new protocol exploits. Although security has been improved from previous generations, our analysis identifies potentially unrealistic 5G system assumptions and protocol edge cases that can render 5G communication systems vulnerable to adversarial attacks. For example, null encryption and null authentication are still supported and can be used in valid system configurations. With no clear proposal to tackle pre-authentication message-based exploits, mobile devices continue to implicitly trust any serving network, which may or may not enforce a number of optional security features, or which may not be legitimate. Moreover, several critical security and key management functions are considered beyond the scope of the specifications. The comparison with known 4G long-term evolution protocol exploits reveals that the 5G security specifications, as of Release 15, Version 1.0.0, do not fully address the user privacy and network availability challenges.

[1]  Jeffrey H. Reed,et al.  How to enhance the immunity of LTE systems against RF spoofing , 2016, 2016 International Conference on Computing, Networking and Communications (ICNC).

[2]  王家志 Technical Specification Group Services and System Aspects ; 3 G Security ; Specification of the MILENAGE Algorithm Set : An example algorithm set for the 3 GPP authentication and key generation functions , 2001 .

[3]  Adrien Koutsos,et al.  The 5G-AKA Authentication Protocol Privacy , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[4]  Elisa Bertino,et al.  LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE , 2018, NDSS.

[5]  Vuk Marojevic,et al.  Analyzing and enhancing the resilience of LTE/LTE-A systems to RF spoofing , 2015, 2015 IEEE Conference on Standards for Communications and Networking (CSCN).

[6]  Ralf Sasse,et al.  A Formal Analysis of 5G Authentication , 2018, CCS.

[7]  Roger Piqueras Jover,et al.  LTE security, protocol exploits and location tracking experimentation with low-cost software radio , 2016, ArXiv.

[8]  Valtteri Niemi,et al.  Defeating the Downgrade Attack on Identity Privacy in 5G , 2018, SSR.

[9]  Valtteri Niemi,et al.  Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems , 2015, NDSS.

[10]  Jeffrey H. Reed,et al.  LTE PHY layer vulnerability analysis and testing using open-source SDR tools , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[11]  Jeffrey H. Reed,et al.  Extending LTE into the Unlicensed Spectrum: Technical Analysis of the Proposed Variants , 2017, IEEE Communications Standards Magazine.

[12]  Elena Dubrova,et al.  Protecting IMSI and User Privacy in 5G Networks , 2016, MobiMedia.

[13]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[14]  KambourakisGeorgios,et al.  Performance evaluation of public key-based authentication in future mobile communication systems , 2004 .

[15]  Jeffrey H. Reed,et al.  Performance Analysis of a Mission-Critical Portable LTE System in Targeted RF Interference , 2017, 2017 IEEE 86th Vehicular Technology Conference (VTC-Fall).

[16]  Thorsten Holz,et al.  Breaking LTE on Layer Two , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[17]  Robert W. Heath,et al.  Five disruptive technology directions for 5G , 2013, IEEE Communications Magazine.

[18]  Jeffrey H. Reed,et al.  Enhancing the Robustness of LTE Systems: Analysis and Evolution of the Cell Selection Process , 2017, IEEE Communications Magazine.

[19]  Roger Piqueras Jover The Impact of Open Source on Mobile Security Research , 2016 .

[20]  Alan O. Freier,et al.  Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[21]  A. Lee Swindlehurst,et al.  Millimeter-wave massive MIMO: the next wireless revolution? , 2014, IEEE Communications Magazine.