With 5G about to explode on the scene, researchers in the Information Security Group subjected the upcoming 5G mobile communication standards to a comprehensive security analysis and the conclusion may not be what some want to hear. The researchers found that while data protection has heavily improved in comparison with the previous standards 3G and 4G, worrisome security gaps still remain.
Two-thirds of the world’s population (which is roughly about five billion people), use smartphones among other mobile devices on a daily basis. These devices connect to networks via SIM cards, which allow users to make calls, send texts, browse the internet and numerous other activities. And for mobile providers, this business is worth billions. But, they aren’t the only ones profiting from the mobile boom.
Cybercriminals are also taking a cut of this pretty penny. These criminals have somehow been able to access the communication between device and a network in order to intercept conversations and steal data.
Many thought security would be nailed down when the fifth mobile communication generation rolled out. However, in order to guarantee security, key factors must be considered: the device and network must be able to authenticate each other and the confidentiality of the data exchange and the privacy of the user concerning identity and location must be guaranteed.
This has been implemented through a protocol known as Authentication and Key Agreement (AKA) since the introduction of the 3G standard. The organization 3rd Generation Partnership Project (3GPP) is responsible for the specification of this protocol, and for the specification of the newest standard 5G AKA.
A team of ETH researchers from the group headed by David Basin, Professor of Information Security, has now taken a closer look at these specifications. With the aid of the security protocol verification tool Tamarin, they systematically examined the 5G AKA protocol, taking the specified security aims into account. Tamarin was developed and improved during the last eight years in this research group and is one of the most effective tools for analyzing cryptographic protocols.
The tool automatically identifies the minimum-security assumptions required in order to achieve the security objectives set by 3GPP. “It showed that the standard is insufficient to achieve all the critical security aims of the 5G AKA protocol,” says senior scientist and co-author Ralf Sasse. “It is therefore possible for a poor implementation of the current standard to result in users being charged for the mobile phone usage of a third party.”
As Basin’s team determined, data protection will be improved significantly with the new protocol in comparison with 3G and 4G technologies. In addition, 3GPP succeeded in closing a gap with the new standard that had previously been exploited by IMSI catchers. With these devices, the International Mobile Subscriber Identity (IMSI) of a mobile phone card can be read to determine the location of a mobile device. To achieve this, the device masquerades as a radio station in order not to be caught by the mobile phone.
“This gap is closed with the 5G AKA. However, we have determined that the protocol permits other types of traceability attacks,” explains senior scientist and co-author Lucca Hirschi. In these attacks, the mobile phone does not send the user’s full identity to the tracking device, but still indicates the phone’s presence in the immediate vicinity. “We assume that more sophisticated tracking devices could also be dangerous for 5G users in the future,” adds Hirschi. If the new mobile communication technology is introduced with these specifications, it may lead to numerous cyber attacks. Basin’s team is thus in contact with 3GPP, in order to jointly implement improvements in the 5G AKA protocol.