5G AKA analysis

• Authentication vulnerability in the most recent 5G AKA drafts (February 2018)

  Martin Dehnel-Wild and Cas Cremers

  The 5th Generation (5G) mobile networks and telecommunications standards are currently under development, and are nearly finalised. We analyse the security properties of the main 5G-AKA protocol within the February 2018 version of the draft standard. Our analysis reveals a security vulnerability in the proposed 5G-AKA protocol as specified within the most recent version of 3GPP TS 33.501 (v0.7.0, Feb 2018). Without very specific additional assumptions on the underlying infrastructure, the discovered protocol vulnerability would allow a malicious actor (with no privileged network access) to impersonate another user to a Serving Network, for example in a roaming scenario.

  We found the vulnerability by performing formal symbolic analysis of the protocol standard using the TAMARIN Prover. We provide two possible fixes for the issue.

  • Download vulnerability report v1.0, 8th February 2018
  • The above report is subsumed by our NDSS 2019 paper, For the paper we provide the full formal models of the 5G AKA protocol for the Tamarin prover: 5g-aka.zip.