RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Kryptonite: ECIES + 5G-AKA authentication protocol

Product
Developers: Kryptonite GC (UK Kryptonite, IC Kryptonite, NPK Kryptonite)
Last Release Date: 2021/09/01
Technology: Information Security - Authentication

The main articles are:

2021: Getting approval in 3GPP

On September 1, 2021, a working group SA3 the international standardization organization 3GPP approved a more secure version of the ECIES + 5G-AKA authentication protocol developed by employees of the Russian technology company Kryptonit.

File:Aquote1.png
For the entire period of its existence, the 3GPP consortium, which develops mobile communication standards, for the first time accepted the Russian technical proposal. In just six months, we not only joined the work of a huge standardizing organization, but also were able to develop a significantly safer solution that qualitatively exceeds all options developed by giant companies of the Ericsson, Huawei and Nokia level for several years, "explained Ekaterina Griboedova, head of the standardization department of the Kryptonite cryptography laboratory.
File:Aquote2.png

At the beginning of 2021, Kryptonit began developing cryptographic solutions related to [1] and headed for their further standardization both in Russia and internationally.

The latter was made possible by the fact that Kryptonite is a member of the European Institute of Telecommunications Standards (ETSI). Through it, the company was represented in 3GPP, in particular, in the SA3 group, which discusses cryptography in 5G.

One of the problems the SA3 is working on is the presence of vulnerabilities in the ECIES and 5G-AKA protocols inherited from previous generations of mobile communications. They allow you to carry out various attacks that violate the privacy of subscribers.

Earlier, experts from different countries demonstrated a number of attacks on 5G-AKA that violate the privacy of subscribers. Their implementation allows an attacker to find out the permanent subscriber identifier (SUPI), track its location and network activity.

5G-AKA vulnerabilities and proposed ways to eliminate them were collected in a single document 3GPP TR 33.846, the purpose of which is to develop methods to ensure the privacy of subscribers and fix the best of them as the next standard in all mobile networks.

The corresponding technical proposal from Kryptonite came after the SA3 group decided to stop adding additional options for solving privacy problems in 5G to this document and consider only those already received.

However, our experts have shown that all the proposals of other participants previously included in TR 33.846 have fundamental shortcomings and protect against a maximum of two out of five current types of attacks, while the development of Kryptonite protects against four of them (excluding DDoS attacks).

As a result, the SA3 group assigned the Russian version of the ECIES + 5G-AKA authentication protocol the status "Approved" and included it in the main document TR 33.846 for further consideration. This is an important stage in the development of a secure protocol part for 5G networks and the subsequent introduction of Russian cryptography tools into it.