PGUP: Pretty Good User Privacy for 5G-enabled Secure Mobile Communication Protocols
Authors: Rabiah Alnashwan (Imam Mohammad Ibn Saud Islamic University, University of Sheffield), Prosanta Gope (University of Sheffield), Benjamin Dowling (King's College London), Yang Yang (National University of Singapore)
Volume: 2025
Issue: 2
Pages: 450–478
DOI: https://doi.org/10.56553/popets-2025-0071
Abstract: With the proliferation of 5G networks, it is essential to prioritise robust security and seamless compatibility with existing infrastructure. The Authentication and Key Agreement (AKA) and Handover (HO) protocols are crucial in securing communication links and maintaining user privacy in 5G networks. While 5G-AKA represents a significant improvement over its predecessors, it still cannot achieve some important security features, such as perfect forward security (PFS) and forward privacy (PFP), leaving data confidentiality and user privacy susceptible to compromise. Moreover, linkability vulnerabilities in the 5G-AKA pose additional privacy concerns, particularly in the face of active adversaries seeking to compromise user anonymity. To enhance the security and privacy of 5G protocols (5G-AKA and 5G-HO) , we aim to achieve PFS and PFP while aligning with 5G's symmetric-key foundations. In this article, we introduce Pretty Good User Privacy (PGUP), a novel symmetric-based scheme aimed at addressing security and privacy vulnerabilities in the current 5G-AKA and HO protocols. In this article, we introduce a new variant of Puncturable Key Wrapping (i.e., PKW+), which allows us to ensure PFS and PFP while maintaining resilience against DoS (desynchronization) attacks in our proposed protocols. We demonstrate that our proposed scheme is resilient against all the essential security threats by performing a comprehensive formal security analysis. We also conduct relevant experiments to show the cost-effectiveness of the proposed scheme.
Keywords: PGUP, 5G, Authentication and key agreement, Handover, User privacy, Unlinkability, Perfect forward security
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
