Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

5G-AKA-HPQC: Hybrid Post-Quantum Cryptography Protocol for Quantum-Resilient 5G Primary Authentication with Forward Secrecy

Yongho Ko, I Wayan Adi Juliawan Pawana, Ilsun You

TL;DR

The paper tackles quantum-era threats to 5G primary authentication by proposing 5G-AKA-HPQC, a hybrid post-quantum cryptography protocol that preserves compatibility with 3GPP standards while achieving forward secrecy. It integrates classical cryptography with the X-Wing PQC KEM to derive fresh session keys and anchor keys, validated through SVO Logic and ProVerif analyses. The formal verification demonstrates mutual authentication, secure key exchange, SUPI concealment, and resilience against compromised network elements, with a caveat on initial SUCI availability that may require non-cryptographic mitigations. Overall, the work provides a rigorous quantum-safe authentication framework with practical implications for next-generation mobile security standards and potential extensions to EAP-based frameworks.

Abstract

5G enables digital innovation by integrating diverse services, making security especially primary authentication crucial. Two standardized protocols, 5G AKA and EAP AKA', handle authentication for 3GPP and non 3GPP devices. However, 5G AKA has vulnerabilities, including linkability attacks. Additionally, quantum computing poses threats, requiring quantum resistant cryptography. While post-quantum cryptography (PQC) is being standardized, its real world robustness remains unproven. Conventional cryptographic schemes offer reliability due to decades of practical use. To bridge this gap, IETF is standardizing hybrid PQC (HPQC), combining classical and quantum resistant methods. Ensuring forward secrecy and quantum resilience in 5G-AKA is critical. To address these issues, we propose 5G AKA HPQC, a protocol maintaining compatibility with existing standards while enhancing security by integrating keys derived from Elliptic Curve Integrated Encryption Scheme (ECIES) and PQC Key Encapsulation Mechanism (KEM). We validate its security using SVO Logic and ProVerif, confirming its robustness. Performance evaluations assess computational and communication overheads, demonstrating a balance between security and efficiency. This research provides key insights into quantum-safe authentication, contributing to future standardization of secure mobile authentication protocols.

5G-AKA-HPQC: Hybrid Post-Quantum Cryptography Protocol for Quantum-Resilient 5G Primary Authentication with Forward Secrecy

TL;DR

The paper tackles quantum-era threats to 5G primary authentication by proposing 5G-AKA-HPQC, a hybrid post-quantum cryptography protocol that preserves compatibility with 3GPP standards while achieving forward secrecy. It integrates classical cryptography with the X-Wing PQC KEM to derive fresh session keys and anchor keys, validated through SVO Logic and ProVerif analyses. The formal verification demonstrates mutual authentication, secure key exchange, SUPI concealment, and resilience against compromised network elements, with a caveat on initial SUCI availability that may require non-cryptographic mitigations. Overall, the work provides a rigorous quantum-safe authentication framework with practical implications for next-generation mobile security standards and potential extensions to EAP-based frameworks.

Abstract

5G enables digital innovation by integrating diverse services, making security especially primary authentication crucial. Two standardized protocols, 5G AKA and EAP AKA', handle authentication for 3GPP and non 3GPP devices. However, 5G AKA has vulnerabilities, including linkability attacks. Additionally, quantum computing poses threats, requiring quantum resistant cryptography. While post-quantum cryptography (PQC) is being standardized, its real world robustness remains unproven. Conventional cryptographic schemes offer reliability due to decades of practical use. To bridge this gap, IETF is standardizing hybrid PQC (HPQC), combining classical and quantum resistant methods. Ensuring forward secrecy and quantum resilience in 5G-AKA is critical. To address these issues, we propose 5G AKA HPQC, a protocol maintaining compatibility with existing standards while enhancing security by integrating keys derived from Elliptic Curve Integrated Encryption Scheme (ECIES) and PQC Key Encapsulation Mechanism (KEM). We validate its security using SVO Logic and ProVerif, confirming its robustness. Performance evaluations assess computational and communication overheads, demonstrating a balance between security and efficiency. This research provides key insights into quantum-safe authentication, contributing to future standardization of secure mobile authentication protocols.

Paper Structure

This paper contains 28 sections, 5 theorems, 120 equations, 3 figures, 5 tables, 6 algorithms.

Table of Contents

  1. Preliminaries
  2. Notation
  3. X-Wing
  4. Proposed Protocol
  5. The Initiation Phase: Step 1
  6. The Challenge-Response Phase: Step 2
  7. Formal Security Analysis
  8. SVO Logic
  9. Extension of SVO Logic
  10. Formal Verification of 5G-AKA-HPQC using SVO Logic
  11. Initial State Assumptions
  12. Received Message Assumption
  13. Comprehension Assumptions
  14. Interpretation Assumptions
  15. Derivation
  16. ...and 13 more sections

Key Result

Lemma 1

The 5G-AKA-HPQC protocol provides mutual authentication between UE and HN

Figures (3)

  • Figure 1: Proposed 5G-AKA-HPQC Protocol
  • Figure 2: Formal verification categorization
  • Figure 3: Verification result of ProVerif of 5G-AKA-HPQC Protocol.

Theorems & Definitions (10)

  • Lemma 1
  • proof
  • Lemma 2
  • proof
  • Lemma 3
  • proof
  • Lemma 4
  • proof
  • Lemma 5
  • proof