Abstract
As a critical component of the security architecture of 5G network, the authentication protocol plays a role of the first safeguard in ensuring the communication security, such as the confidentiality of user data. EAP-TLS is one of such protocols being defined in the 5G standards to provide key services in the specific IoT circumstances. This protocol is currently under the process of standardization, and it is vital to guarantee that the standardized protocol is free from any design flaws, which may result in severe vulnerabilities and serious consequences when implemented in real systems. However, it is still unclear whether the proposed 5G EAP-TLS authentication protocol provides the claimed security guarantees. To fill this gap, we present in this work a comprehensive formal analysis of the security related properties of the 5G EAP-TLS authentication protocol based on the symbolic model checking approach. Specifically, we build the first formal model of the 5G EAP-TLS authentication protocol in the applied pi calculus, and perform an automated security analysis of the formal protocol model by using the ProVerif model checker. Our analysis results show that there are some subtle flaws in the current protocol design that may compromise the claimed security objectives. To this end, we also propose and verify a possible fix that is able to mitigate these flaws. To the best of our knowledge, this is the first thorough formal analysis of the 5G EAP-TLS authentication protocol.
Highlights
As an indispensable infrastructure, mobile networks have evolved over several generations in the past decades
PRELIMINARY ON APPLIED PI CALCULUS we present both the syntax and the semantics of the applied pi calculus [13], [16], which is a formal language for security protocol modeling and popularized by the ProVerif [15] model checker
FORMAL MODEL OF THE 5G EAP-TLS AUTHENTICATION PROTOCOL we present the formal model of the 5G EAP-TLS protocol in applied pi calculus, and we present the formalization of the intended security properties
Summary
Mobile networks have evolved over several generations in the past decades. The analysis results of the 5G AKA protocol in [19], [20] cannot be applied to our case, because the 5G EAP-TLS protocol differs from the 5G AKA protocol significantly in both cryptographic primitives that are used and the way to derive session keys. We take a different modeling framework based on a process calculus that is specific for security protocols, while their modeling is based on the term rewriting rules [22] To this end, we make the following contributions in this work: 1) We construct the first formal model of the 5G EAP-TLS authentication protocol in the applied pi calculus, which is a formal language for security protocols.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
