| Developers: | Kryptonite GC (UK Kryptonite, IC Kryptonite, NPK Kryptonite) |
| Last Release Date: | 2021/09/01 |
| Technology: | Information Security - Authentication |
The main articles are:
2021: Getting approval in 3GPP
On September 1, 2021, a working group SA3 the international standardization organization 3GPP approved a more secure version of the ECIES + 5G-AKA authentication protocol developed by employees of the Russian technology company Kryptonit.
 | For the entire period of its existence, the 3GPP consortium, which develops mobile communication standards, for the first time accepted the Russian technical proposal. In just six months, we not only joined the work of a huge standardizing organization, but also were able to develop a significantly safer solution that qualitatively exceeds all options developed by giant companies of the Ericsson, Huawei and Nokia level for several years, "explained Ekaterina Griboedova, head of the standardization department of the Kryptonite cryptography laboratory. |  |
At the beginning of 2021, Kryptonit began developing cryptographic solutions related to [1] and headed for their further standardization both in Russia and internationally.
The latter was made possible by the fact that Kryptonite is a member of the European Institute of Telecommunications Standards (ETSI). Through it, the company was represented in 3GPP, in particular, in the SA3 group, which discusses cryptography in 5G.
One of the problems the SA3 is working on is the presence of vulnerabilities in the ECIES and 5G-AKA protocols inherited from previous generations of mobile communications. They allow you to carry out various attacks that violate the privacy of subscribers.
Earlier, experts from different countries demonstrated a number of attacks on 5G-AKA that violate the privacy of subscribers. Their implementation allows an attacker to find out the permanent subscriber identifier (SUPI), track its location and network activity.
5G-AKA vulnerabilities and proposed ways to eliminate them were collected in a single document 3GPP TR 33.846, the purpose of which is to develop methods to ensure the privacy of subscribers and fix the best of them as the next standard in all mobile networks.
The corresponding technical proposal from Kryptonite came after the SA3 group decided to stop adding additional options for solving privacy problems in 5G to this document and consider only those already received.
However, our experts have shown that all the proposals of other participants previously included in TR 33.846 have fundamental shortcomings and protect against a maximum of two out of five current types of attacks, while the development of Kryptonite protects against four of them (excluding DDoS attacks).
As a result, the SA3 group assigned the Russian version of the ECIES + 5G-AKA authentication protocol the status "Approved" and included it in the main document TR 33.846 for further consideration. This is an important stage in the development of a secure protocol part for 5G networks and the subsequent introduction of Russian cryptography tools into it.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |