一个切换认证的5G鉴权协议及其形式化分析
作者:
作者单位:

作者简介:

刘逸冰(1996-),男,博士研究生,主要研究领域为LTE通信技术、5G通信网络安全、机器学习;周刚(1977-),男,博士,教授,博士生导师,主要研究领域为移动通信、大数据和数据挖掘.

通讯作者:

刘逸冰,18121095425@163.com

中图分类号:

基金项目:


An 5G Authentication Protocol Based on Sub-Mode Switching Operation and Its Formal Analysis
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    随着移动通信的发展,我们迎来了第五代移动通信技术(5G)。5G认证与密钥协商(5G Authentication and Key Agreement, 5G-AKA)协议的提出主要是为了实现用户和服务网络的双向鉴权。然而,最近的研究认为其可能会遭受信息破译和消息重放攻击。同时,我们发现当前5G-AKA的一些变种不能满足协议的无连接性。针对上述缺陷,我们提出了一个改进方案:SM-AKA。SM-AKA由两个并行子协议组成,通过巧妙的模式切换使更加轻量的子协议(GUTI子模块)被频繁采用,而另一个子协议(SUPI子模块)则主要用于异常发生时的鉴权。依据这种机制,它不仅实现了用户和归属网之间的高效认证,还提升了鉴权的稳定性。此外,变量的新鲜性也得到了有效维持,可以防止消息的重放,而严格的加解密方式进一步提升了协议的安全性。最后,我们对SM-AKA展开完整的评估,通过形式建模、攻击假定和Tamarin推导,我们证明了该方案可以达到鉴权和隐私目标,而理论分析部分也论证了协议性能上的优势。

    Abstract:

    With the development of the Internet, we usher in the 5th Generation of mobile communication technology (5G). The 5G Authentication and Key Agreement (5G-AKA) protocol is proposed mainly to achieve two-way authentication between users and service networks. However, recent research suggests that it may be subject to information deciphering and message replay attacks. At the same time, we found that some variants of the current 5G-AKA cannot satisfy the unlinkability. Therefore, in response to the above-mentioned shortcomings, we propose an improvement plan called SM-AKA. SM-AKA is designed two parallel sub-protocols in a novel way. Through clever mode switching, lighter sub-protocols (GUTI submodule) are frequently adopted, and the other sub-protocol (SUPI submodule) is to deal with abnormalities caused by authentication. According to this mechanism, it not only realizes the efficient authentication, but also improves the stability of protocol. The freshness of variables has also been effectively maintained, which can prevent the replay of messages, and strict encryption and decryption methods have further improved the security of the protocol. Finally, we carry out a complete evaluation of SM-AKA. Through formal modeling, attack assumptions and Tamarin derivation, we prove that the scheme can achieve the authentication and privacy goals, and the theoretical analysis part also shows the correctness of the protocol design.

    参考文献
    相似文献
    引证文献
引用本文

刘逸冰,周刚.一个切换认证的5G鉴权协议及其形式化分析.软件学报,,():0

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2021-09-05
  • 最后修改日期:2021-10-14
  • 录用日期:
  • 在线发布日期: 2022-03-24
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号