Sommaire

  • Cet exposé a été présenté le 18 janvier 2019.

Description

  • Orateur

    Adrien Koutsos (LSV)

The 5G mobile communications standards are being finalized, and drafts are now available. This standard describes the 5G-AKA authentication and key exchange protocol. The previous version of AKA (3G and 4G) are well-known for their lack of privacy against an active adversary (e.g. a user can be massively tracked using IMSI-catcher). This new version of AKA tries to offer more privacy, notably through the use of asymmetric randomized encryption of the users permanent identities. Our first contribution is to show that, while this prevents the mass surveillance coming from IMSI-catchers, this is not sufficient for privacy. In particular, all the other known privacy attacks against 3G and 4G-AKA carry over to 5G-AKA. We also found a new type of vulnerabilities of stateful authentication protocols.Our main contribution is the following: we modify the 5G-AKA protocol to prevent all known privacy attacks. We do this while keeping the cost and efficiency constraints under which the 5G-AKA protocol was designed. In particular, we have a limited use of randomness, relying on a sequence number whenever 5G-AKA does. This sequence number has to be maintained by the user and the network, making the protocol stateful. Because of this statefulness, our modified 5G-AKA protocol is not unlinkable. Still, we show that our protocol satisfies a weaker notion of unlinkability called $\\sigma$-unlinkability. This is a new security notion, which allows for a finer-grained quantification of the privacy provided by a protocol. The security proof is carried out in the Bana-Comon indistinguishability logic, which is well-suited for stateful complex protocols. We also prove mutual authentication between the user and the network as a secondary result.

Infos pratiques

Prochains exposés

  • NEAT: A Nile-English Aligned Translation Corpus based on a Robust Methodology for Intent Based Networking and Security

    • 26 septembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Métivier

    Orateur : Pierre Alain - IUT de Lannion

    The rise of Intent Based Networking (IBN) has paved the way for more efficient network and security management, reduced errors, and accelerated deployment times by leveraging AI processes capable of translating natural language intents into policies or configurations. Specialized neural networks could offer a promising solution at the core of translation operations. Still, they require dedicated,[…]

    • SoSysec

    • Network

    • Security policies

  • Black-Box Collision Attacks on Widely Deployed Perceptual Hash Functions and Their Consequences

    • 03 octobre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Métivier room

    Orateur : Diane Leblanc-Albarel - KU Leuven

    Perceptual hash functions identify multimedia content by mapping similar inputs to similar outputs. They are widely used for detecting copyright violations and illegal content but lack transparency, as their design details are typically kept secret. Governments are considering extending the application of these functions to Client-Side Scanning (CSS) for end-to-end encrypted services: multimedia[…]

    • Cryptography

    • SoSysec

  • Malware Detection with AI Systems: bridging the gap between industry and academia

    • 09 octobre 2025 (11:00)

    • Inria Center of the University of Rennes - Room Aurigny

    Orateur : Luca Demetrio - University of Genova

    With the abundance of programs developed everyday, it is possible to develop next-generation antivirus programs that leverage this vast accumulated knowledge. In practice, these technologies are developed with a mixture of established techniques like pattern matching, and machine learning algorithms, both tailored to achieve high detection rate and low false alarms. While companies state the[…]

    • SoSysec

    • Intrusion detection

    • Machine learning

  • CHERIoT RTOS: An OS for Fine-Grained Memory-Safe Compartments on Low-Cost Embedded Devices

    • 21 novembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Markov

    Orateur : Hugo Lefeuvre - The University of British Columbia

    Embedded systems do not benefit from strong memory protection, because they are designed to minimize cost. At the same time, there is increasing pressure to connect embedded devices to the internet, where their vulnerable nature makes them routinely subject to compromise. This fundamental tension leads to the current status-quo where exploitable devices put individuals and critical infrastructure[…]

    • SoSysec

    • Compartmentalization

    • Operating system and virtualization

    • Hardware/software co-design

    • Hardware architecture

Voir les exposés passés
Haut de page