Vincent Quentin Ulitzsch
ABSTRACT
5G saw the introduction of an encrypted user identifier, the Subscriber Concealed Identifier (SUCI), to provide confidentiality of the subscriber's whereabouts and identities. The SUCI protects the new generation of cellular networks against tracking devices, so-called IMSI-catchers, which have undermined users' confidentiality ever since the inception of cellular networks. However, the potential advent of large-scale quantum computers in the near future threatens to compromise the confidentiality provided by the SUCI yet again. The security of the public-key cryptography that underpins the SUCI relies on the hardness of the discrete logarithm problem. Using Shor's algorithm, a quantum adversary could break the SUCI's cryptography and once more gain the capability to track and identify users. Advancements in quantum computing are unpredictable, and a breakthrough might be only a decade away. Given the slow nature of standards and their implementation, it is thus necessary to already integrate now quantum-resistant cryptography into the current and also next-generation (6G) cellular networks. To contribute to this development, we propose a post-quantum secure scheme for the SUCI calculation, \textttKEMSUCI. To this end, we first analyze the weak points in the current SUCI calculation scheme when considering quantum attacks. We then describe an alternative SUCI calculation scheme based on post-quantum secure key-encapsulation mechanisms (KEMs). Our proposed scheme can use any of the KEMs submitted to the NIST call for standardization of post-quantum secure cryptography (PQC) schemes. For the usage in \textttKEMSUCI, the KEM should provide efficient execution on a SIM card and induce little network communication overhead. We evaluate all of the NIST PQC finalists under these aspects and identify Kyber and Saber as the best fit. Instantiated with these KEMs, \textttKEMSUCI can be integrated into 5G and 6G. Compared to the existing SUPI protection schemes, \textttKEMSUCI exhibits faster execution speed and only little communication overhead.
- 3GPP. 2019. Release description; Release 15. Technical Report (TR) 21.915. 3rd Generation Partnership Project (3GPP). http://www.3gpp.org/DynaReport/21915. htm Version 15.0.0.Google Scholar
- 3GPP. 2020. 3G security; Security architecture. Technical Specification (TS) 33.102. 3rd Generation Partnership Project (3GPP). http://www.3gpp.org/DynaReport/ 33102.htm Version 16.0.0.Google Scholar
- 3GPP. 2020. 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 2: Algorithm specification. Technical Specification (TS) 35.206. 3rd Generation Partnership Project (3GPP). http://www.3gpp.org/ DynaReport/35206.htm Version 16.0.0.Google Scholar
- 3GPP. 2021. Numbering, addressing and identification. TS 23.003. 3rd Generation Partnership Project. http://www.3gpp.org/dynareport/23003.htm Version 17.4.0.Google Scholar
- 3GPP. 2021. System architecture for the 5G System (5GS). Technical Specification (TS) 23.501. 3rd Generation Partnership Project (3GPP). http://www.3gpp.org/ DynaReport/23501.htm Version 17.3.0.Google Scholar
- 3GPP. 2022. Security architecture and procedures for 5G System. Technical Specification (TS) 33.501. 3rd Generation Partnership Project (3GPP). http: //www.3gpp.org/DynaReport/33501.htm Version 17.4.2.Google Scholar
- Dakshi Agrawal, Bruce Archambeault, Josyula R Rao, and Pankaj Rohatgi. 2002. The EM side-channel (s). In International workshop on cryptographic hardware and embedded systems. Springer, 29--45.Google Scholar
- Martin R. Albrecht, Daniel J. Bernstein, Tung Chou, Carlos Cid, Jan Gilcher, Tanja Lange, Varun Maram, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Kenneth G. Paterson, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Cen Jung Tjhai, Martin Tomlinson, and Wen Wang. 2020. Classic McEliece. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantumcryptography/round-3-submissions.Google Scholar
- X9 ANSI. 1998. 63: Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography. American National Standards Institute (1998).Google Scholar
- Frank Arute, Kunal Arya, Ryan Babbush, Dave Bacon, Joseph C Bardin, Rami Barends, Rupak Biswas, Sergio Boixo, Fernando GSL Brandao, David A Buell, et al. 2019. Quantum supremacy using a programmable superconducting processor. Nature 574, 7779 (2019), 505--510.Google Scholar
- Xavier Bonnetain, Gaëtan Leurent, María Naya-Plasencia, and André Schrottenloher. 2021. Quantum linearization attacks. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 422--452.Google ScholarDigital Library
- Kevin Bürstinghaus-Steinbach, Christoph Krauß, Ruben Niederhagen, and Michael Schneider. 2020. Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with Mbed TLS. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (Taipei, Taiwan) (ASIA CCS '20). Association for Computing Machinery, New York, NY, USA, 841--852. https://doi.org/10.1145/3320269.3384725Google ScholarDigital Library
- Cong Chen, Oussama Danba, Jeffrey Hoffstein, Andreas Hulsing, Joost Rijneveld, John M. Schanck, Peter Schwabe, William Whyte, Zhenfei Zhang, Tsunekazu Saito, Takashi Yamakawa, and Keita Xagawa. 2020. NTRU. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist. gov/projects/post-quantum-cryptography/round-3-submissions.Google Scholar
- Merlin Chlosta, David Rupprecht, Christina Pöpper, and Thorsten Holz. 2021. 5G SUCI-catchers: still catching them all?. In Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 359--364.Google ScholarDigital Library
- T Charles Clancy, Robert W McGwier, and Lidong Chen. 2019. TUTORIAL: Post-Quantum Cryptography and 5G Security.. In WiSec'19: ACM Conference on Security and Privacy in Wireless and Mobile Networks.Google ScholarDigital Library
- Jan-Pieter D'Anvers, Angshuman Karmakar, Sujoy Sinha Roy, Frederik Vercauteren, Jose Maria Bermudo Mera, Michiel Van Beirendonck, and Andrea Basso. 2020. SABER. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-3- submissions.Google Scholar
- Alexander W Dent. 2003. A designer's guide to KEMs. In IMA International Conference on Cryptography and Coding. Springer, 133--151.Google ScholarCross Ref
- Oliver Dial, Jerry Chow, and Jay Gambetta. 2021. IBM quantum breaks the 100-qubit processor barrier. https://research.ibm.com/blog/127-qubit-quantumprocessor-eagleGoogle Scholar
- Martin Ekerå. 2021. Quantum algorithms for computing general discrete logarithms and orders with tradeoffs. Journal of Mathematical Cryptology 15, 1 (2021), 359--407. https://doi.org/doi:10.1515/jmc-2020-0006Google ScholarCross Ref
- ETSI. 2020. ETSI releases migration strategies and recommendations for Quantum-Safe schemes. https://www.etsi.org/newsroom/press-releases/1805- 2020-08-etsi-releases-migration-strategies-and-recommendations-forquantum-safe-schemesGoogle Scholar
- Hayato Fujii and Diego F Aranha. 2017. Curve25519 for the Cortex-M4 and beyond. In International Conference on Cryptology and Information Security in Latin America. Springer, 109--127.Google Scholar
- Roger A Grimes. 2019. Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto. John Wiley & Sons.Google ScholarCross Ref
- Lov K Grover. 1996. A fast quantum mechanical algorithm for database search. In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing. 212--219.Google ScholarDigital Library
- Christoph G Günther. 1989. An identity-based key-exchange protocol. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 29--37.Google Scholar
- Andreas Hülsing, Kai-Chun Ning, Peter Schwabe, Florian Weber, and Ralf Zimmermann. 2020. Post-quantum WireGuard. IACR Cryptol. ePrint Arch. 2020 (2020), 379.Google Scholar
- Syed Rafiul Hussain, Mitziu Echeverria, Ankush Singla, Omar Chowdhury, and Elisa Bertino. 2019. Insecure connection bootstrapping in cellular networks: the root of all evil. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. 1--11.Google ScholarDigital Library
- Infineon. 2022. Product Brief: SLC 14 -- 65nm Innovation for SIM Cards. https://www.infineon.com/dgdl/SLC+14+Product+Brief+-+65nm+Innovation+ for+SIM+Cards+(2013).pdf?fileId=5546d46149b40f650149d256d791045cGoogle Scholar
- Infineon. 2022. World's first post-quantum cryptography on a contactless security chip. https://www.infineon.com/cms/en/product/promopages/post-quantumcryptography/Google Scholar
- Intel Corporation. 2019. Intel introduces 'horse ridge' to enable commercially viable quantum computers. https://newsroom.intel.com/news/intel-introduceshorse-ridge-enable-commercially-viable-quantum-computers/#gs.ngayltGoogle Scholar
- Samuel Jaques, Michael Naehrig, Martin Roetteler, and Fernando Virdia. 2020. Implementing Grover oracles for quantum key search on AES and LowMC. Advances in Cryptology--EUROCRYPT 2020 12106 (2020), 280.Google Scholar
- DongHyun Je. 2021. Towards 6G Security: Technology Trends, Threats, and Solutions. https://research.samsung.com/blog/Towards-6G-Security-TechnologyTrends-Threats-and-SolutionsGoogle Scholar
- Gil Kalai. 2020. The Argument against Quantum Computers, the Quantum Laws of Nature, and Google's Supremacy Claims. arXiv preprint arXiv:2008.05188 (2020).Google Scholar
- Matthias J Kannwischer, Joost Rijneveld, Peter Schwabe, and Ko Stoffelen. 2019. pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4. (2019).Google Scholar
- Jonathan Katz and Yehuda Lindell. 2020. Introduction to modern cryptography. CRC press.Google ScholarDigital Library
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Annual international cryptology conference. Springer, 388--397.Google Scholar
- Junrong Liu, Yu Yu, François-Xavier Standaert, Zheng Guo, Dawu Gu, Wei Sun, Yijie Ge, and Xinjun Xie. 2015. Small tweaks do not help: Differential power analysis of milenage implementations in 3G/4G USIM cards. In European Symposium on Research in Computer Security. Springer, 468--480.Google ScholarDigital Library
- Soundes Marzougui and Juliane Krämer. 2019. Post-Quantum Cryptography in Embedded Systems. In Proceedings of the 14th International Conference on Availability, Reliability and Security (Canterbury, CA, United Kingdom) (ARES '19). Association for Computing Machinery, New York, NY, USA, Article 48, 7 pages. https://doi.org/10.1145/3339252.3341475Google ScholarDigital Library
- Microsoft. 2022. Cryptography in the era of quantum computers. https://www. microsoft.com/en-us/research/project/post-quantum-cryptography/Google Scholar
- Chris J Mitchell. 2020. The impact of quantum computing on real-world security: A 5G case study. Computers & Security 93 (2020), 101825.Google ScholarCross Ref
- Michele Mosca. 2018. Cybersecurity in an Era with Quantum Computers: Will We Be Ready? IEEE Security & Privacy 16 (09 2018), 38--41. https://doi.org/10. 1109/MSP.2018.3761723Google Scholar
- Kalle Ngo, Elena Dubrova, and Thomas Johansson. 2021. Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis. Association for Computing Machinery, New York, NY, USA, 51--61. https://doi.org/10.1145/3474376.3487277Google ScholarDigital Library
- NIST. 2017. Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process. Technical Report. National Institute of Standards and Technology (NIST), Washington, D.C. https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantumcryptography-standardizationGoogle Scholar
- NIST. 2021. Post-Quantum Cryptography - CSRC, NIST. https://csrc.nist.gov/ projects/post-quantum-cryptographyGoogle Scholar
- Ivan Palamà, Francesco Gringoli, Giuseppe Bianchi, and Nicola Blefari-Melazzi. 2021. IMSI catchers in the wild: A real world 4G/5G assessment. Computer Networks 194 (2021), 108137.Google ScholarCross Ref
- Shinjo Park, Altaf Shaik, Ravishankar Borgaonkar, and Jean-Pierre Seifert. 2019. Anatomy of commercial IMSI catchers and detectors. In Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society. 74--86.Google ScholarDigital Library
- Sebastian Paul and Patrik Scheible. 2020. Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication. In Computer Security -- ESORICS 2020, Liqun Chen, Ninghui Li, Kaitai Liang, and Steve Schneider (Eds.). Springer International Publishing, Cham, 295--316.Google ScholarDigital Library
- Sebastian Paul, Felix Schick, and Jan Seedorf. 2021. TPM-Based Post-Quantum Cryptography: A Case Study on Quantum-Resistant and Mutually Authenticated TLS for IoT Environments. In The 16th International Conference on Availability, Reliability and Security (Vienna, Austria) (ARES 2021). Association for Computing Machinery, New York, NY, USA, Article 3, 10 pages. https://doi.org/10.1145/ 3465481.3465747Google ScholarDigital Library
- John Proos and Christof Zalka. 2004. Shor's discrete logarithm quantum algorithm for elliptic curves. arXiv:quant-ph/0301141 [quant-ph]Google Scholar
- Emmanuel Prouff and Matthieu Rivain. 2013. Masking against side-channel attacks: A formal security proof. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 142--159.Google ScholarCross Ref
- Rigetti Computing. 2021. Rigetti computing announces next-generation 40Q and 80Q Quantum Systems. https://www.globenewswire.com/newsrelease/2021/12/15/2352647/0/en/Rigetti-Computing-Announces-NextGeneration-40Q-and-80Q-Quantum-Systems.htmlGoogle Scholar
- Yosef Rinott, Tomer Shoham, and Gil Kalai. 2020. Statistical aspects of the quantum supremacy demonstration. arXiv preprint arXiv:2008.05177 (2020).Google Scholar
- Martin Roetteler, Michael Naehrig, Krysta M Svore, and Kristin Lauter. 2017. Quantum resource estimates for computing elliptic curve discrete logarithms. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 241--270.Google ScholarCross Ref
- Markku-Juhani O Saarinen. 2020. Mobile energy requirements of the upcoming NIST post-quantum cryptography standards. In 2020 8th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud). IEEE, 23--30.Google ScholarCross Ref
- Peter Schwabe, Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, and Damien Stehlé. 2020. CRYSTALS-KYBER. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantumcryptography/round-3-submissions.Google Scholar
- Altaf Shaik, Ravishankar Borgaonkar, N. Asokan, Valtteri Niemi, and Jean-Pierre Seifert. 2016. Practical attacks against privacy and availability in 4G/LTE mobile communication systems. In 23rd Annual Network and Distributed System Security Symposium, NDSS San Diego, California, USA, February 21--24, 2016.Google ScholarCross Ref
- Peter W. Shor. 1997. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput. 26, 5 (Oct 1997), 1484--1509. https://doi.org/10.1137/s0097539795293172Google ScholarDigital Library
- Bo-Yeon Sim, Aesun Park, and Dong-Guk Han. 2021. Chosen-ciphertext Clustering Attack on CRYSTALS-KYBER using the Side-channel Leakage of Barrett Reduction. Cryptology ePrint Archive, Report 2021/874. https://ia.cr/2021/874.Google Scholar
- Ankush Singla, Rouzbeh Behnia, Syed Rafiul Hussain, Attila Yavuz, and Elisa Bertino. 2021. Look before you leap: Secure connection bootstrapping for 5g networks to defend against fake base-stations. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. 501--515.Google ScholarDigital Library
- Statista. 2021. Forecast 5G-enabled smartphone shipments as share of total smartphone shipments worldwide from 2019 to 2023.Google Scholar
- Daehyun Strobel. 2007. IMSI-Catcher. Technical Report. http://citeseerx.ist.psu. edu/viewdoc/download?doi=10.1.1.397.8140&rep=rep1&type=pdfGoogle Scholar
- TÜVit. 2022. Post-Quantum Cryptography: IT Security in the Era of Quantum Technology. https://www.tuvit.de/en/innovations/post-quantum-cryptography/Google Scholar
- Fabian van den Broek, Roel Verdult, and Joeri de Ruiter. 2015. Defeating IMSI Catchers. CCS '15 (2015), 340--351. https://doi.org/10.1145/2810103.2813615Google ScholarDigital Library
- Jing Yang and Thomas Johansson. 2020. An overview of cryptographic primitives for possible use in 5G and beyond. Science China InfGoogle Scholar
Index Terms
- A Post-Quantum Secure Subscription Concealed Identifier for 6G
Recommendations
Post-quantum cryptography and 5G security: tutorial
WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile NetworksThe Fifth Generation (5G) mobile broadband standards make a fundamental shift in cryptography. Prior generations based their security and privacy principally on symmetric key cryptography. The Subscriber Identity Module (SIM) and its successors contain ...
Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications securityThis paper discusses how to realize practical post-quantum authenticated key exchange (AKE) with strong security, i.e., CK+ security (Krawczyk, CRYPTO 2005). It is known that strongly secure post-quantum AKE protocols exist on a generic construction ...
An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case
AbstractCode-based public key encryption (PKE) is a popular choice to achieve post-quantum security, partly due to its capability to achieve fast encryption/decryption. However, code-based PKE has larger ciphertext and public key sizes in comparison to ...
Comments