Two protocols for improving security during the authentication and key agreement procedure in the 3GPP networks

Abstract

In the fifth generation of cellular networks (5G), data transmission with the highest possible speed and the lowest latency is one of the most essential 5G designing criteria. Furthermore, this generation is supposed to add new applications, features, and services to mobile phone networks with a high commitment to security and privacy. Hence, primitive protocols proposed for the 5G networks generally should be able to achieve the security requirements and also have low network overheads. In this paper, we focus on improving two primitive authentication and key agreement (AKA) protocols (5G AKA and EAP-AKA’). Our two improved protocols meet the security and performance requirements along with proper compatibility with the 3GPP security architecture. The paper’s security approach is to first construct a fixed-length key derivation scheme and show that it is strongly unforgeable under the adaptive chosen-ciphertext attack. Then, we demonstrate that, unlike the 3GPP AKA protocols, the message authentication codes (MACs) and session keys used in the improved protocols are also strongly unforgeable under the adaptive chosen-ciphertext attack. Moreover, we show that the improved protocols achieve some security requirements, such as mutual authentication, secure key agreement, and forward and backward secrecy of session keys. Furthermore, we explain informally that the improved protocols achieve other security requirements, such as following the 3GPP security architecture and resistance against known attacks. Finally, we compare the improved protocols with other AKA protocols regarding communication, computational, and storage overheads. This comparison shows that the improved protocols have appropriate overheads among other AKA protocols.