{"title":"基于petri网的5G AKA协议安全验证与改进","authors":"Zhiping Yan, Chonglin Gu, Yue Gu, Hejiao Huang","doi":"10.1109/iccc52777.2021.9580325","DOIUrl":null,"url":null,"abstract":"Ensuring the security of 5G Authentication and Key Agreement (5G AKA) is utmost important in the context of the upcoming widespread use of 5G. In this paper, we focus on the formal specification and security verification of 5G AKA. We propose three attack methods including: Sequence Number (SQN) mismatch attack, Subscription Concealed Identifier (SUCI) replay attack and bogus serving network (SN) attack based on the most general assumptions on entities. For the three attacks occurred in wireless channel and SN, we also give an improved scheme by adopting challenge response mechanism and designing Unique Identifier (UNI) for the AKA protocol. The former is used to prevent an attacker with a fake SN interfering the authentication process, while the latter ensures the security of messages in wireless channel. With the advantages such as graphical nature, the simplicity of modeling and the firm mathematical foundation, Petri net is applied for the attack-driven modeling. To the best of our knowledge, this is the first time that Petri net has been introduced to validate security scheme for 5G AKA protocol in the literature.","PeriodicalId":425118,"journal":{"name":"2021 IEEE/CIC International Conference on Communications in China (ICCC)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security Verification and Improvement of 5G AKA Protocol Based on Petri-net\",\"authors\":\"Zhiping Yan, Chonglin Gu, Yue Gu, Hejiao Huang\",\"doi\":\"10.1109/iccc52777.2021.9580325\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ensuring the security of 5G Authentication and Key Agreement (5G AKA) is utmost important in the context of the upcoming widespread use of 5G. In this paper, we focus on the formal specification and security verification of 5G AKA. We propose three attack methods including: Sequence Number (SQN) mismatch attack, Subscription Concealed Identifier (SUCI) replay attack and bogus serving network (SN) attack based on the most general assumptions on entities. For the three attacks occurred in wireless channel and SN, we also give an improved scheme by adopting challenge response mechanism and designing Unique Identifier (UNI) for the AKA protocol. The former is used to prevent an attacker with a fake SN interfering the authentication process, while the latter ensures the security of messages in wireless channel. With the advantages such as graphical nature, the simplicity of modeling and the firm mathematical foundation, Petri net is applied for the attack-driven modeling. To the best of our knowledge, this is the first time that Petri net has been introduced to validate security scheme for 5G AKA protocol in the literature.\",\"PeriodicalId\":425118,\"journal\":{\"name\":\"2021 IEEE/CIC International Conference on Communications in China (ICCC)\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-07-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE/CIC International Conference on Communications in China (ICCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/iccc52777.2021.9580325\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/CIC International Conference on Communications in China (ICCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/iccc52777.2021.9580325","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Verification and Improvement of 5G AKA Protocol Based on Petri-net
Ensuring the security of 5G Authentication and Key Agreement (5G AKA) is utmost important in the context of the upcoming widespread use of 5G. In this paper, we focus on the formal specification and security verification of 5G AKA. We propose three attack methods including: Sequence Number (SQN) mismatch attack, Subscription Concealed Identifier (SUCI) replay attack and bogus serving network (SN) attack based on the most general assumptions on entities. For the three attacks occurred in wireless channel and SN, we also give an improved scheme by adopting challenge response mechanism and designing Unique Identifier (UNI) for the AKA protocol. The former is used to prevent an attacker with a fake SN interfering the authentication process, while the latter ensures the security of messages in wireless channel. With the advantages such as graphical nature, the simplicity of modeling and the firm mathematical foundation, Petri net is applied for the attack-driven modeling. To the best of our knowledge, this is the first time that Petri net has been introduced to validate security scheme for 5G AKA protocol in the literature.