A Beyond-5G Authentication and Key Agreement Protocol

TL;DR

This paper introduces a new 5G and beyond authentication protocol that enhances security and privacy, supports quantum-safe cryptography, and maintains practical performance levels, addressing vulnerabilities in the current 5G AKA system.

Contribution

The paper presents a novel authentication protocol compatible with 5G AKA, incorporating quantum-safe cryptography and improved security features, with formal security proof and performance analysis.

Findings

Protocol achieves perfect forward secrecy and resistance to linkability.

Performance analysis shows feasibility and sometimes better efficiency than existing 5G cryptography.

Security is formally proven using ProVerif.

Abstract

The standardized Authentication and Key Agreement protocol for 5G networks (5G AKA) have several security and privacy vulnerabilities. In this paper, we propose a novel authentication and key agreement protocol for 5G and beyond that is compatible with the standardized 5G AKA. Our protocol has several privacy and security properties, e.g., perfect forward secrecy, resistance against linkability attacks, and protection against malicious SNs. Moreover, both the user identity protection and the perfect forward secrecy are handled using Key Encapsulation Mechanisms (KEM), which makes our protocol adaptable to the quantum-safe setting. To analyze the performance of the proposed protocol, we use the post-quantum KEM CRYSTALS-Kyber, recently chosen to be standardized by NIST, and NIST post-quantum Round 4 candidate KEMs. The results for communication and computation costs show that utilizing our protocol is feasible in practice and sometimes outperforms the public-key cryptography used in 5G AKA, i.e., ECIES. We further prove the security of our protocol by utilizing ProVerif.