Security and Protocol Exploit Analysis of the 5G Specifications

September 18, 2018 Β· Declared Dead Β· πŸ› IEEE Access

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Roger Piqueras Jover, Vuk Marojevic arXiv ID 1809.06925 Category cs.CR: Cryptography & Security Citations 93 Venue IEEE Access Last Checked 4 months ago
Abstract
The Third Generation Partnership Project (3GPP) released its first 5G security specifications in March 2018. This paper reviews the 5G security architecture, requirements and main processes and evaluates them in the context of known and new protocol exploits. Although the security has been enhanced when compared to previous generations to tackle known protocol exploits, our analysis identifies some potentially unrealistic system assumptions that are critical for security as well as a number protocol edge cases that could render 5G systems vulnerable to adversarial attacks. For example, null encryption and null authentication are supported and can be used in valid system configurations, and certain key security functions are still left outside of the scope of the specifications. Moreover, the prevention of pre-authentcation message exploits appears to rely on the implicit assumption of impractical carrier and roaming agreements and the management of public keys from all global operators. In parallel, existing threats such as International Mobile Subscriber Identity (IMSI) catchers are prevented only if the serving network enforces optional security features and if the UE knows the public key of the home network operator. The comparison with 4G LTE protocol exploits reveals that the 5G security specifications, as of Release 15, do not fully address the user privacy and network availability concerns, where one edge case can compromise the privacy, security and availability of 5G users and services.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Cryptography & Security

Died the same way β€” πŸ‘» Ghosted