Abstract
The 3\(^\mathrm{rd}\) Generation Partnership Project (3GPP) recently proposed a standard for 5G telecommunications, containing an identity protection scheme meant to address the long-outstanding privacy problem of permanent subscriber-identity disclosure. The proposal is essentially two disjoint phases: an identification phase, followed by an establishment of security context between mobile subscribers and their service providers via symmetric-key based authenticated key agreement. Currently, 3GPP proposes to protect the identification phase with a public-key based solution, and while the current proposal is secure against a classical adversary, the same would not be true of a quantum adversary. 5G specifications target very long-term deployment scenarios (well beyond the year 2030), therefore it is imperative that quantum-secure alternatives be part of the current specification. In this paper, we present such an alternative scheme for the problem of private identification protection. Our solution is compatible with the current 5G specifications, depending mostly on cryptographic primitives already specified in 5G, adding minimal performance overhead and requiring minor changes in existing message structures. Finally, we provide a detailed formal security analysis of our solution in a novel security framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The official 3GPP documentation uses the term “Identity Confidentiality” to refer to the privacy of user identity. We follow the 3GPP naming convention.
- 2.
Users can also be identified through other unique identifiers, for instance International Mobile Equipment Identity (IMEI) which uniquely identifies the mobile equipment. However, it is only the IMSI/SUPI which is used for initial identification purposes.
- 3.
The 3GPP documentation uses the term “key generating function” for these algorithms, while these are technically key derivation functions.
- 4.
This first Step is numbered 0 because its not an exclusive part of the AKA but rather the identification phase.
- 5.
The null-scheme is used only if the UE is making an unauthenticated emergency session or if the HN has configured “null-scheme” to be used or if the HN has not provisioned the public key needed to generate SUCI.
- 6.
Note that HN will maintain a separate distinct value of \( SQNID _{{ HN }}\) for each \( UE \) in its database.
- 7.
Note that \(\mathtt {label}_{\mathtt {ps}}\) is a constant value indicating the protection scheme, and \(\mathtt {label}_{{ HN }}\) is a constant value identifying the \({ HN }\).
- 8.
Note that here we are using \(\subset \) to indicate substrings.
References
Arkko, J., Lehtovirta, V., Eronen, P.: Improved extensible authentication protocol method for 3rd generation authentication and key agreement (EAP-AKA’). RFC 5448, 1–29 (2009). https://doi.org/10.17487/RFC5448
van den Broek, F., Verdult, R., de Ruiter, J.: Defeating IMSI catchers. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015, pp. 340–351. ACM (2015). https://doi.org/10.1145/2810103.2813615
Chen, L., et al.: Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology (2016)
ETSI-SAGE: First response on ECIES for concealing IMSI or SUPI, October 2017. https://portal.3gpp.org/ngppapp/CreateTdoc.aspx?mode=view&contributionId=832160
Fox, D.: Der imsi-catcher. Datenschutz und Datensicherheit 26(4), 212–215 (2002)
3rd Generation Partnership Project: Rationale and track of security decisions in Long Term Evolution (LTE) RAN/3GPP System Architecture Evolution (SAE) (3GPP TR 33.821 Version 9.0.0 Release 9), June 2009. http://www.3gpp.org/DynaReport/33821.htm
3rd Generation Partnership Project: Study on the security aspects of the next generation system (3GPP TR 33.899 Version 1.3.0 Release 14), August 2017. http://www.3gpp.org/DynaReport/33899.htm
3rd Generation Partnership Project: 3G Security; Security Architecture (3GPP TS 33.102 Version 15.0.0 Release 15), June 2018. http://www.3gpp.org/DynaReport/33102.htm
3rd Generation Partnership Project: Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) (3GPP TS 33.220 Version 15.2.0 Release 15), June 2018. http://www.3gpp.org/DynaReport/33220.htm
3rd Generation Partnership Project: Mobile Application Part (MAP) Specification (3GPP TS 29.002 Version 15.3.0 Release 15), March 2018. http://www.3gpp.org/DynaReport/29002.htm
3rd Generation Partnership Project: Security Architecture and Procedures for 5G Systems (3GPP TS 33.501 Version 15.0.0 Release 15), March 2018. http://www.3gpp.org/DynaReport/33501.htm
3rd Generation Partnership Project: System Architecture for the 5G System (3GPP TS 23.501 Version 15.1.0 Release 15), March 2018. http://www.3gpp.org/DynaReport/23501.htm
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22–24 May 1996, pp. 212–219. ACM (1996). http://doi.acm.org/10.1145/237814.237866
Kelly, J.: A Preview of Bristlecone, Google’s New Quantum Processor. https://ai.googleblog.com/2018/03/a-preview-of-bristlecone-googles-new.html. Accessed 08 June 2018
Khan, M.S.A., Mitchell, C.J.: Improving air interface user privacy in mobile telephony. In: Chen, L., Matsuo, S. (eds.) SSR 2015. LNCS, vol. 9497, pp. 165–184. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27152-1_9
Khan, M.S.A., Mitchell, C.J.: Trashing IMSI catchers in mobile networks. In: Noubir, G., Conti, M., Kasera, S.K. (eds.) Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Boston, MA, USA, 18–20 July 2017, pp. 207–218. ACM (2017). https://doi.org/10.1145/3098243.3098248
Lilly, A.: IMSI catchers: hacking mobile communications. Netw. Secur. 2017(2), 5–7 (2017). https://doi.org/10.1016/S1353-4858(17)30014-4
Mattsson, J.: Post-quantum cryptography in mobile networks (2017). https://www.ericsson.com/research-blog/post-quantum-cryptography-mobile-networks/
SECG SEC 1: Recommended Elliptic Curve Cryptography, Version 2.0 (2009). http://www.secg.org/sec1-v2.pdf
Shaik, A., Seifert, J., Borgaonkar, R., Asokan, N., Niemi, V.: Practical attacks against privacy and availability in 4G/LTE mobile communication systems. In: 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, 21–24 February 2016. The Internet Society (2016). http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/practical-attacks-against-privacy-availability-4g-lte-mobile-communication-systems.pdf
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134. IEEE Computer Society (1994). https://doi.org/10.1109/SFCS.1994.365700
Shoup, V.: A proposal for an ISO standard for public key encryption. IACR Cryptology ePrint Archive 2001, 112 (2001). http://eprint.iacr.org/2001/112
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Khan, H., Dowling, B., Martin, K.M. (2018). Identity Confidentiality in 5G Mobile Telephony Systems. In: Cremers, C., Lehmann, A. (eds) Security Standardisation Research. SSR 2018. Lecture Notes in Computer Science(), vol 11322. Springer, Cham. https://doi.org/10.1007/978-3-030-04762-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-04762-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04761-0
Online ISBN: 978-3-030-04762-7
eBook Packages: Computer ScienceComputer Science (R0)