Formal Analysis of 5G EAP-TLS Authentication Protocol Using Proverif

As a critical component of the security architecture of 5G network, the authentication protocol plays a role of the first safeguard in ensuring the communication security, such as the confidentiality of user data. EAP-TLS is one of such protocols being defined in the 5G standards to provide key serv...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2020, Vol.8, p.23674-23688
Hauptverfasser: Zhang, Jingjing, Yang, Lin, Cao, Weipeng, Wang, Qiang
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 23688
container_issue
container_start_page 23674
container_title IEEE access
container_volume 8
creator Zhang, Jingjing
Yang, Lin
Cao, Weipeng
Wang, Qiang
description As a critical component of the security architecture of 5G network, the authentication protocol plays a role of the first safeguard in ensuring the communication security, such as the confidentiality of user data. EAP-TLS is one of such protocols being defined in the 5G standards to provide key services in the specific IoT circumstances. This protocol is currently under the process of standardization, and it is vital to guarantee that the standardized protocol is free from any design flaws, which may result in severe vulnerabilities and serious consequences when implemented in real systems. However, it is still unclear whether the proposed 5G EAP-TLS authentication protocol provides the claimed security guarantees. To fill this gap, we present in this work a comprehensive formal analysis of the security related properties of the 5G EAP-TLS authentication protocol based on the symbolic model checking approach. Specifically, we build the first formal model of the 5G EAP-TLS authentication protocol in the applied pi calculus, and perform an automated security analysis of the formal protocol model by using the ProVerif model checker. Our analysis results show that there are some subtle flaws in the current protocol design that may compromise the claimed security objectives. To this end, we also propose and verify a possible fix that is able to mitigate these flaws. To the best of our knowledge, this is the first thorough formal analysis of the 5G EAP-TLS authentication protocol.
doi_str_mv 10.1109/ACCESS.2020.2969474
format Article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_proquest_journals_2454735619</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8970242</ieee_id><doaj_id>oai_doaj_org_article_4be6e465a2ba455db2aa812457a2526e</doaj_id><sourcerecordid>2454735619</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-aee687f20520b59508f4c148c04b3df722a5365c3534c2a300591ebab3dd87433</originalsourceid><addsrcrecordid>eNqNkV9L5DAUxcviwor6CXwp-CidTW7-NHks3dEVBhRGn0OauXUz1EaTzorf3owV9dG8JPfmnJvDL0VxSsmCUqJ_N227XK8XQIAsQEvNa_6jOAQqdcUEkwdfzr-Kk5S2JC-VW6I-LP5chPhgh7IZ7fCSfCpDX4rLctncVLerddnspn84Tt7ZyYexvIlhCi4M5V3y4_2-_I_R98fFz94OCU_e96Pi7mJ52_6tVteXV22zqhwnaqosolR1D0QA6YQWRPXcUa4c4R3b9DWAzRmFy0m5A8sIEZpiZ_PlRtWcsaPiap67CXZrHqN_sPHFBOvNWyPEe2NjDjug4R1K5FJY6CwXYtOBtYoCF7UFARLzrLN51mMMTztMk9mGXcwUkskqXjMhqc4qNqtcDClF7D9epcTs6ZuZvtnTN-_0s0vNrmfsQp-cx9HhhzPTFyCY1mr_EbL10xvcNuzGKVvPv2_N6tNZ7RE_VUrXBDiwV78Knk4</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2454735619</pqid></control><display><type>article</type><title>Formal Analysis of 5G EAP-TLS Authentication Protocol Using Proverif</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><source>Web of Science - Science Citation Index Expanded - 2020&lt;img src="https://exlibris-pub.s3.amazonaws.com/fromwos-v2.jpg" /&gt;</source><creator>Zhang, Jingjing ; Yang, Lin ; Cao, Weipeng ; Wang, Qiang</creator><creatorcontrib>Zhang, Jingjing ; Yang, Lin ; Cao, Weipeng ; Wang, Qiang</creatorcontrib><description>As a critical component of the security architecture of 5G network, the authentication protocol plays a role of the first safeguard in ensuring the communication security, such as the confidentiality of user data. EAP-TLS is one of such protocols being defined in the 5G standards to provide key services in the specific IoT circumstances. This protocol is currently under the process of standardization, and it is vital to guarantee that the standardized protocol is free from any design flaws, which may result in severe vulnerabilities and serious consequences when implemented in real systems. However, it is still unclear whether the proposed 5G EAP-TLS authentication protocol provides the claimed security guarantees. To fill this gap, we present in this work a comprehensive formal analysis of the security related properties of the 5G EAP-TLS authentication protocol based on the symbolic model checking approach. Specifically, we build the first formal model of the 5G EAP-TLS authentication protocol in the applied pi calculus, and perform an automated security analysis of the formal protocol model by using the ProVerif model checker. Our analysis results show that there are some subtle flaws in the current protocol design that may compromise the claimed security objectives. To this end, we also propose and verify a possible fix that is able to mitigate these flaws. To the best of our knowledge, this is the first thorough formal analysis of the 5G EAP-TLS authentication protocol.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2020.2969474</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>PISCATAWAY: IEEE</publisher><subject>5G mobile communication ; 5G network ; Analytical models ; applied pi calculus ; Authentication ; Authentication protocol ; Computer Science ; Computer Science, Information Systems ; Critical components ; Cryptography ; EAP-TLS ; Engineering ; Engineering, Electrical &amp; Electronic ; formal verification ; Mathematical model ; model checking ; Protocol (computers) ; Protocols ; ProVerif ; Science &amp; Technology ; Security ; Standardization ; Technology ; Telecommunications ; Wireless networks</subject><ispartof>IEEE access, 2020, Vol.8, p.23674-23688</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>true</woscitedreferencessubscribed><woscitedreferencescount>33</woscitedreferencescount><woscitedreferencesoriginalsourcerecordid>wos000525399800006</woscitedreferencesoriginalsourcerecordid><citedby>FETCH-LOGICAL-c408t-aee687f20520b59508f4c148c04b3df722a5365c3534c2a300591ebab3dd87433</citedby><cites>FETCH-LOGICAL-c408t-aee687f20520b59508f4c148c04b3df722a5365c3534c2a300591ebab3dd87433</cites><orcidid>0000-0003-2414-6066 ; 0000-0002-9075-7810 ; 0000-0002-6956-8177 ; 0000-0001-5649-8694</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8970242$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>315,781,785,865,2103,2115,4025,27638,27928,27929,27930,28253,54938</link.rule.ids></links><search><creatorcontrib>Zhang, Jingjing</creatorcontrib><creatorcontrib>Yang, Lin</creatorcontrib><creatorcontrib>Cao, Weipeng</creatorcontrib><creatorcontrib>Wang, Qiang</creatorcontrib><title>Formal Analysis of 5G EAP-TLS Authentication Protocol Using Proverif</title><title>IEEE access</title><addtitle>Access</addtitle><addtitle>IEEE ACCESS</addtitle><description>As a critical component of the security architecture of 5G network, the authentication protocol plays a role of the first safeguard in ensuring the communication security, such as the confidentiality of user data. EAP-TLS is one of such protocols being defined in the 5G standards to provide key services in the specific IoT circumstances. This protocol is currently under the process of standardization, and it is vital to guarantee that the standardized protocol is free from any design flaws, which may result in severe vulnerabilities and serious consequences when implemented in real systems. However, it is still unclear whether the proposed 5G EAP-TLS authentication protocol provides the claimed security guarantees. To fill this gap, we present in this work a comprehensive formal analysis of the security related properties of the 5G EAP-TLS authentication protocol based on the symbolic model checking approach. Specifically, we build the first formal model of the 5G EAP-TLS authentication protocol in the applied pi calculus, and perform an automated security analysis of the formal protocol model by using the ProVerif model checker. Our analysis results show that there are some subtle flaws in the current protocol design that may compromise the claimed security objectives. To this end, we also propose and verify a possible fix that is able to mitigate these flaws. To the best of our knowledge, this is the first thorough formal analysis of the 5G EAP-TLS authentication protocol.</description><subject>5G mobile communication</subject><subject>5G network</subject><subject>Analytical models</subject><subject>applied pi calculus</subject><subject>Authentication</subject><subject>Authentication protocol</subject><subject>Computer Science</subject><subject>Computer Science, Information Systems</subject><subject>Critical components</subject><subject>Cryptography</subject><subject>EAP-TLS</subject><subject>Engineering</subject><subject>Engineering, Electrical &amp; Electronic</subject><subject>formal verification</subject><subject>Mathematical model</subject><subject>model checking</subject><subject>Protocol (computers)</subject><subject>Protocols</subject><subject>ProVerif</subject><subject>Science &amp; Technology</subject><subject>Security</subject><subject>Standardization</subject><subject>Technology</subject><subject>Telecommunications</subject><subject>Wireless networks</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>AOWDO</sourceid><sourceid>DOA</sourceid><recordid>eNqNkV9L5DAUxcviwor6CXwp-CidTW7-NHks3dEVBhRGn0OauXUz1EaTzorf3owV9dG8JPfmnJvDL0VxSsmCUqJ_N227XK8XQIAsQEvNa_6jOAQqdcUEkwdfzr-Kk5S2JC-VW6I-LP5chPhgh7IZ7fCSfCpDX4rLctncVLerddnspn84Tt7ZyYexvIlhCi4M5V3y4_2-_I_R98fFz94OCU_e96Pi7mJ52_6tVteXV22zqhwnaqosolR1D0QA6YQWRPXcUa4c4R3b9DWAzRmFy0m5A8sIEZpiZ_PlRtWcsaPiap67CXZrHqN_sPHFBOvNWyPEe2NjDjug4R1K5FJY6CwXYtOBtYoCF7UFARLzrLN51mMMTztMk9mGXcwUkskqXjMhqc4qNqtcDClF7D9epcTs6ZuZvtnTN-_0s0vNrmfsQp-cx9HhhzPTFyCY1mr_EbL10xvcNuzGKVvPv2_N6tNZ7RE_VUrXBDiwV78Knk4</recordid><startdate>2020</startdate><enddate>2020</enddate><creator>Zhang, Jingjing</creator><creator>Yang, Lin</creator><creator>Cao, Weipeng</creator><creator>Wang, Qiang</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AOWDO</scope><scope>BLEPL</scope><scope>DTL</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-2414-6066</orcidid><orcidid>https://orcid.org/0000-0002-9075-7810</orcidid><orcidid>https://orcid.org/0000-0002-6956-8177</orcidid><orcidid>https://orcid.org/0000-0001-5649-8694</orcidid></search><sort><creationdate>2020</creationdate><title>Formal Analysis of 5G EAP-TLS Authentication Protocol Using Proverif</title><author>Zhang, Jingjing ; Yang, Lin ; Cao, Weipeng ; Wang, Qiang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-aee687f20520b59508f4c148c04b3df722a5365c3534c2a300591ebab3dd87433</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>5G mobile communication</topic><topic>5G network</topic><topic>Analytical models</topic><topic>applied pi calculus</topic><topic>Authentication</topic><topic>Authentication protocol</topic><topic>Computer Science</topic><topic>Computer Science, Information Systems</topic><topic>Critical components</topic><topic>Cryptography</topic><topic>EAP-TLS</topic><topic>Engineering</topic><topic>Engineering, Electrical &amp; Electronic</topic><topic>formal verification</topic><topic>Mathematical model</topic><topic>model checking</topic><topic>Protocol (computers)</topic><topic>Protocols</topic><topic>ProVerif</topic><topic>Science &amp; Technology</topic><topic>Security</topic><topic>Standardization</topic><topic>Technology</topic><topic>Telecommunications</topic><topic>Wireless networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Zhang, Jingjing</creatorcontrib><creatorcontrib>Yang, Lin</creatorcontrib><creatorcontrib>Cao, Weipeng</creatorcontrib><creatorcontrib>Wang, Qiang</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>Web of Science - Science Citation Index Expanded - 2020</collection><collection>Web of Science Core Collection</collection><collection>Science Citation Index Expanded</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zhang, Jingjing</au><au>Yang, Lin</au><au>Cao, Weipeng</au><au>Wang, Qiang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Formal Analysis of 5G EAP-TLS Authentication Protocol Using Proverif</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><stitle>IEEE ACCESS</stitle><date>2020</date><risdate>2020</risdate><volume>8</volume><spage>23674</spage><epage>23688</epage><pages>23674-23688</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>As a critical component of the security architecture of 5G network, the authentication protocol plays a role of the first safeguard in ensuring the communication security, such as the confidentiality of user data. EAP-TLS is one of such protocols being defined in the 5G standards to provide key services in the specific IoT circumstances. This protocol is currently under the process of standardization, and it is vital to guarantee that the standardized protocol is free from any design flaws, which may result in severe vulnerabilities and serious consequences when implemented in real systems. However, it is still unclear whether the proposed 5G EAP-TLS authentication protocol provides the claimed security guarantees. To fill this gap, we present in this work a comprehensive formal analysis of the security related properties of the 5G EAP-TLS authentication protocol based on the symbolic model checking approach. Specifically, we build the first formal model of the 5G EAP-TLS authentication protocol in the applied pi calculus, and perform an automated security analysis of the formal protocol model by using the ProVerif model checker. Our analysis results show that there are some subtle flaws in the current protocol design that may compromise the claimed security objectives. To this end, we also propose and verify a possible fix that is able to mitigate these flaws. To the best of our knowledge, this is the first thorough formal analysis of the 5G EAP-TLS authentication protocol.</abstract><cop>PISCATAWAY</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2020.2969474</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0003-2414-6066</orcidid><orcidid>https://orcid.org/0000-0002-9075-7810</orcidid><orcidid>https://orcid.org/0000-0002-6956-8177</orcidid><orcidid>https://orcid.org/0000-0001-5649-8694</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2020, Vol.8, p.23674-23688
issn 2169-3536
2169-3536
language eng
recordid cdi_proquest_journals_2454735619
source IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals; Web of Science - Science Citation Index Expanded - 2020<img src="https://exlibris-pub.s3.amazonaws.com/fromwos-v2.jpg" />
subjects 5G mobile communication
5G network
Analytical models
applied pi calculus
Authentication
Authentication protocol
Computer Science
Computer Science, Information Systems
Critical components
Cryptography
EAP-TLS
Engineering
Engineering, Electrical & Electronic
formal verification
Mathematical model
model checking
Protocol (computers)
Protocols
ProVerif
Science & Technology
Security
Standardization
Technology
Telecommunications
Wireless networks
title Formal Analysis of 5G EAP-TLS Authentication Protocol Using Proverif
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-12T02%3A35%3A35IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Formal%20Analysis%20of%205G%20EAP-TLS%20Authentication%20Protocol%20Using%20Proverif&rft.jtitle=IEEE%20access&rft.au=Zhang,%20Jingjing&rft.date=2020&rft.volume=8&rft.spage=23674&rft.epage=23688&rft.pages=23674-23688&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2020.2969474&rft_dat=%3Cproquest_ieee_%3E2454735619%3C/proquest_ieee_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2454735619&rft_id=info:pmid/&rft_ieee_id=8970242&rft_doaj_id=oai_doaj_org_article_4be6e465a2ba455db2aa812457a2526e&rfr_iscdi=true