A New Tracking-Attack Scenario Based on the Vulnerability and Privacy Violation of 5G AKA Protocol
The security architecture and procedure for 5G systems (TS 33.501) is based on the 3rd Generation Partner Project (3GPP) security specification draft that is released in 2018. Since its debut, the security violations in the 5G security protocol have been intensively studied and discussed. Based on t...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2022-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9837923/ |
| _version_ | 1818163569182638080 |
|---|---|
| author | Ya-Chu Cheng Chung-An Shen |
| author_facet | Ya-Chu Cheng Chung-An Shen |
| author_sort | Ya-Chu Cheng |
| collection | DOAJ |
| description | The security architecture and procedure for 5G systems (TS 33.501) is based on the 3rd Generation Partner Project (3GPP) security specification draft that is released in 2018. Since its debut, the security violations in the 5G security protocol have been intensively studied and discussed. Based on the 5G security protocol, this paper illustrates a new tracking-attack scenario that feasibly makes subscribers suffer in a breakdown of personal privacy. Specifically, it is shown in this paper that patterns of personal behavior are leaked without any awareness during the synchronization procedures in the 5G protocol. An in-depth analysis of the privacy violations is presented in this paper and potential countermeasures for protecting the sensitive information of genuine subscribers are given. A lemma model based on the TAMARIN Prover is illustrated to analyze the privacy vulnerabilities in the depicted attack scenario. Furthermore, a practical experiment based on the srsLTE framework is setup to demonstrate how the privacy information of genuine subscribers are violated based on the scenario that is reported in this paper. |
| first_indexed | 2024-12-11T16:51:38Z |
| format | Article |
| id | doaj.art-cf589902547848dd848dd6732488d0bd |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-11T16:51:38Z |
| publishDate | 2022-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-cf589902547848dd848dd6732488d0bd2022-12-22T00:58:05ZengIEEEIEEE Access2169-35362022-01-0110776797768710.1109/ACCESS.2022.31933729837923A New Tracking-Attack Scenario Based on the Vulnerability and Privacy Violation of 5G AKA ProtocolYa-Chu Cheng0Chung-An Shen1https://orcid.org/0000-0002-0628-5129Department of Electronic and Computer Engineering, National Taiwan University of Science and Technology, Taipei, TaiwanDepartment of Electronic and Computer Engineering, National Taiwan University of Science and Technology, Taipei, TaiwanThe security architecture and procedure for 5G systems (TS 33.501) is based on the 3rd Generation Partner Project (3GPP) security specification draft that is released in 2018. Since its debut, the security violations in the 5G security protocol have been intensively studied and discussed. Based on the 5G security protocol, this paper illustrates a new tracking-attack scenario that feasibly makes subscribers suffer in a breakdown of personal privacy. Specifically, it is shown in this paper that patterns of personal behavior are leaked without any awareness during the synchronization procedures in the 5G protocol. An in-depth analysis of the privacy violations is presented in this paper and potential countermeasures for protecting the sensitive information of genuine subscribers are given. A lemma model based on the TAMARIN Prover is illustrated to analyze the privacy vulnerabilities in the depicted attack scenario. Furthermore, a practical experiment based on the srsLTE framework is setup to demonstrate how the privacy information of genuine subscribers are violated based on the scenario that is reported in this paper.https://ieeexplore.ieee.org/document/9837923/Tracking and monitoring attack scenariovulnerabilityexploit5G AKA protocol3GPPauthentication and key agreement |
| spellingShingle | Ya-Chu Cheng Chung-An Shen A New Tracking-Attack Scenario Based on the Vulnerability and Privacy Violation of 5G AKA Protocol IEEE Access Tracking and monitoring attack scenario vulnerability exploit 5G AKA protocol 3GPP authentication and key agreement |
| title | A New Tracking-Attack Scenario Based on the Vulnerability and Privacy Violation of 5G AKA Protocol |
| title_full | A New Tracking-Attack Scenario Based on the Vulnerability and Privacy Violation of 5G AKA Protocol |
| title_fullStr | A New Tracking-Attack Scenario Based on the Vulnerability and Privacy Violation of 5G AKA Protocol |
| title_full_unstemmed | A New Tracking-Attack Scenario Based on the Vulnerability and Privacy Violation of 5G AKA Protocol |
| title_short | A New Tracking-Attack Scenario Based on the Vulnerability and Privacy Violation of 5G AKA Protocol |
| title_sort | new tracking attack scenario based on the vulnerability and privacy violation of 5g aka protocol |
| topic | Tracking and monitoring attack scenario vulnerability exploit 5G AKA protocol 3GPP authentication and key agreement |
| url | https://ieeexplore.ieee.org/document/9837923/ |
| work_keys_str_mv | AT yachucheng anewtrackingattackscenariobasedonthevulnerabilityandprivacyviolationof5gakaprotocol AT chunganshen anewtrackingattackscenariobasedonthevulnerabilityandprivacyviolationof5gakaprotocol AT yachucheng newtrackingattackscenariobasedonthevulnerabilityandprivacyviolationof5gakaprotocol AT chunganshen newtrackingattackscenariobasedonthevulnerabilityandprivacyviolationof5gakaprotocol |