Security for 4G and 5G Cellular Networks∗

Shahla Atapoor

Supervised by Dr. Vitaly Skachek

University of Tartu, Estoniashahla.atapoor@ut.ee

June 20, 2018

Abstract

This report aims to present a short review on secu-rity of 4G and 5G cellular networks based on a re-cently published survey and a white paper which havefocused on authentication and privacy preserving is-sues [FMA+17b,NKNF18]. The report starts with a shortintroduction on the motivation behind the security in thenew generation of cellular networks and then goes throughthe structure and security of 5G systems. Classificationof the threat models in 4G and 5G cellular networks areconsidered and discussed with more details; Classifica-tions such as, attacks against privacy, integrity, availabil-ity and authentication. Later we consider classificationof countermeasures including cryptography methods, hu-mans factors and intrusion detection methods. Addition-ally, a short overview on the authentication and privacypreserving protocols of 4G and 5G networks is provided.Finally the report is concluded with presenting some pos-sible future research areas that mostly are proposed inthe studied materials.

1 Introduction

During the last decades the advances in wireless commu-nications changed our everyday life. The fifth generationnetworks will come to the practical daily life by applyingthis technology on the Internet of Things which consistsof a massive number of connected devices. 5G technologywill bring more than 10 gigabits per second as bit rateswith more capacity and significantly decreased latencywhen compared with 4G. The next generation of tech-nology will make a huge connected society by creatingvarious new network services such as mobile fog comput-ing, communication between cars, smart networks, smartcar parks, data networks using blockchain, unmannedaerial vehicles(UAV). With development well underway,5G networks are expected to launch across the world by2020. To present better Quality of Service (QoS), the5G will give the opportunity of switching between serviceproviders and wireless networks to the mobile devices bysharing an IP-based core network. There are several at-tacks including access control, communication security,

∗This report is prepared as partial fulfillment of the requirementsfor the course Research Seminar in Cryptography (MTAT.07.022) inSpring 2018 at Institute of Computer Science, University of Tartu.

data confidentiality, availability and privacy, which canbe applied to the 5G due to the general openness of thenetwork and fast vertical handover. Note that verticalhandover refers to the automatic fallover from one tech-nology (e.g. high speed wireless LAN) to another (e.g. acellular technology for Internet access) in order to main-tain communication. To provide a successful deploymentof 5G networks, guaranteeing high level security againstall the mentioned attacks is one of the basic requirementsof the network [PSS16].

One of important issues which needs to be considered inthe 5G networks, is the continuous connection of mobileusers to the network. In such a case, during the verticalhandover, there would be possibility to trace the usersand also present more attacks including impersonation,eavesdropping, man-in-the-middle, denial of-service, re-play and repudiation attack [FMA17a]. Note that in the5G networks, it is very important that while one keepsthe level of QoS fixed in terms of latency, they should alsokeep the level of security high to prevent possible mali-cious files from penetrating the system and propagatingquickly among mobile devices [BBMK16].

In this report we aim to present a short review on se-curity of 4G and 5G cellular networks which mostly isbased on a recently published survey [FMA+17b] and awhitepaper that recently is published by Ericsson’s re-search team [NKNF18]. It is worth to mention that allprevious similar survey articles only have dealt with se-curity and privacy issues but in this survey [FMA+17b]the authors cover authentication and privacy preservingissues of 4G and 5G cellular networks as well.

The structure of report is as follows: Section 2 presents ahigh level explanation of the structure and security of 5Gsystems. We go through the threat models and some ofthe proposed countermeasures in Section 3. Authentica-tion and privacy preserving schemes for 4G and 5G cel-lular networks are considered in Section 4. Some futureresearch directions recommended in the studied materialsare presented in Section 5. Finally we conclude the reportin Section 6.

2 Structure and Security of 5G Systems

In this section we present an overview on the securityof the 5G system. Additionally to the encryption suchas end-to-end point encryption, in order to ensure the

1

Figure 1: Simplified 3GPP 5G architecture [NKNF18].

security of a system taking a holistic view is very impor-tant and we should not only focus on individual parts inisolation. For example, interactions between user authen-tication, traffic encryption, mobility, overload situations,and network resilience aspects need to be considered to-gether. The 3rd Generation Partnership Project (3GPP)takes into account relevant risks. It was designed withthese risks in mind [HUA]. A 5G system contains a de-vice connected to a 5G access network which is calleda 5G core network that is connected to the rest of thesystem.

Due to ability to support cloud implementation and theIoT, the 5G core network has gained significantly betterarchitecture than the previous generation, with major im-provements in network slicing and service-based architec-ture (SBA). The 5G core network is shown in Fig 1.

There are several improvements in 5G system such asexpanding on 4G by adding new radio (NR) capabilities,doing so in such a way that Long-Term Evolution(LTE)and NR will be able to jointly evolve in complementaryways. By using the advantage of important new 4G sys-tem concepts, including energy saving narrow band IoT(NB-IoT) radio, secure low latency small data transmis-sion for low-power devices, and devices using energy pre-serving dormant states when possible, 5G systems appearmore secure.

In the following section we will focus on the security ofthe NR radio and the 5G core network.

2.1 Five properties that ensure trustwor-thiness

5G technology has five properties such as communicationsecurity, identity management, privacy and security as-

surance. These properties trustworthiness and providean opportunity to create new services which are shown inFig 2.

2.1.1 Resilience

The 5G systems are very beneficial for several use cases in-cluding industrial control, critical infrastructure and pub-lic safety applications. By deploying a single base stationas two split units there is a possibility to provide greaterresilience against failures and attacks. These two unitscalled a central unit and a distributed unit and facilitatescustomizable deployment of security sensitive functions ofthe 5G NR access, such as user plane encryption, in a se-cure central location while keeping non security sensitivefunctions in less secure distributed locations.

Slicing the core network of 5G networks, which isolatesgroups of network functions from other functions plays animportant role in a concept of resilience which is sown inFig 1. The other possibility of network slicing is that theoperator will be able to isolate low-priority IoT deviceson a separate slice to guarantee that these devices willnot interfere with other users.

The 5G system provides Service Base Architec-ture(SBA) principles which are another architectural con-cept that enhances resilience. SBA principles use softwareand cloud-based technologies that improve on the morestatic and node-centric designs of previous generations.One of the most important benefits of this kind of de-sign shift is that it provides functions that are scalableand depending on traffic load, and can be independentlyreplaced, restarted, or isolated when failing or under at-tack.

The 5G networks use stems from the strong mobilitysupport which was provided in 3GPP networks. This fea-

2

Figure 2: Five properties of 5G system [NKNF18].

ture provides ensuring continuous secure connectivity fordevices moving from one location to another and lettingstationary devices to connect to another base station.

In comparison with legacy systems, the 5G system getslower latency at mobility. Additionally, unlike mobility of4G systems, where security is reconfigured at handoversto ensure security, the 5G system can reuse the same con-figuration across handovers. This property is provided byprocessing the security sensitive functions in the centralunit of the base station.

2.1.2 Communication security

One of the most important properties of 5G system is pro-viding secure communication for devices and for its owninfrastructure. As it was shown above, its infrastructureincludes links such as front haul between distributed andcentral units of base stations, backhaul between accessand core network, and network domain links between corenetwork nodes. Speaking about this kind of design, theprinciple of security design is similar to the 4G systembut has been further improved. For example, the newSBA for core network communication takes threats fromthe interconnected network into account.

In 4G network security is that its use of cryptography

does not provide end-to-end security. It only encryptsthe traffic between the phone and the base station, butthere is no encryption while the data is communicatedover the wired network. This means that there is no se-curity against a malicious or compromised carrier (or acarrier who is sharing all of your data with the local gov-ernment), and no security for your data when it transitsthe Internet or the rest of the path. But 5G networkhas a new feature to solve this problem which is encrypt-ing user plane traffic and protecting its integrity. Thisfeature is helpful for small data transmissions, particu-larly for constrained IoT devices. The 5G networks in-clude encryption algorithms based on SNOW 3G [WIKf],AES-CTR [WIKc], and ZUC [WIKg]; and integrity algo-rithms based on SNOW 3G [WIKf], AES-CMAC [WIKe],and ZUC [WIKg]. The main key derivation function isbased on the secure HMAC-SHA-256 [WIKd]. These al-gorithms are passed on 5G networks from 4G networks.There are other similar features between 4G and 5G net-works such as: key separation for specific purposes, back-ward and forward security for keys at handovers and idlemode mobility, and secure algorithm negotiation. In the5G there are some new features such as: automatic recov-ery from malicious security algorithm mismatches, secu-rity key separation between core network functions, and

3

fast synchronization of security contexts in access andcore networks.

2.1.3 Identity management

The 5G system has the same primitives of secure identitymanagement with 4G network including strong crypto-graphic algorithm sets and key generation functions, andmutual authentication between device and network. Buthere also there some features which are provided for thefirst time. There are the new security features that usea new authentication framework where mobile operatorscan flexibly choose authentication credentials, identifierformats and authentication methods for subscribers andIoT devices. For example, the other mobile network gen-erations are required physical SIM cards for credentials,but the 5G system also allows other types of creden-tials such as certificates, pre-shared keys and token cards.There are several benefits that we can obtain from thesefeatures, for example instead of implementation and de-ploying SIM cards on the small temperature sensors whichbecomes very expensive, there is a possibility to use Non-SIMcard- based credentials which can save costs.

There are different authentication methods that mobileoperators can choose from the 5G authentications and keyagreement protocols such as (AKA) protocol [WIKb] andthe extensible authentication protocol (EAP) [WIKb].Using EAP protocol gives us the ability to choose the wayof choosing different authentication protocols and creden-tial types.

There is another security feature which gives the abil-ity to the subscriber’s operator to mitigate potential fraudand prevent security and privacy attacks against the sub-scriber or operator.

There is the same mechanism between 4G and 5G sys-tems is equipment identity register(EIR) check. By usingthis mechanism the system will be able to prevent stolendevices from using the network services and discouragingdevice theft.

2.1.4 Privacy

In this report by privacy we mean protection of informa-tion against attempts by unauthorized parties to iden-tify subscribers. During the last decades several pa-pers have been written about International Mobile Sub-scriber Identity(IMSI) catchers [JLK14] and false basestations(FBS ) [CDL16] which is useful in identifying andtracking subscribers, and even eavesdropping 2G phonecalls.

Due to some serious privacy concerns such as the Gen-eral Data Protection Regulation (GDPR) [NTT] and theongoing review of ePrivacy Directive [PSS16] in Europe,providing privacy of users has been one of high priorityfactors in designing the 5G system.

In the he 5G networks, by using state-of-the-art encryp-tion, it is possible to protect data traffic such as phonecalls, Internet traffic and text messages. The protectionmeans that the devices and the network mutually authen-ticate each other and use integrity-protected signaling. Itmakes difficult for an unauthorized third party to decryptthe information that is communicated over the air.

The other benefits of 5G networks is protection of sub-scriber identifiers both long-term such as 3GPP mecha-nism and temporarily.

3GPP has defined a mechanism that enables a homeoperator to hide a subscriber’s long-term identifier be-side complying with regulatory duties. The mentionedmechanism is based on the Elliptic Curve Integrated En-cryption Scheme (ECIES) and uses the home operator’spublic key. In addition, the 5G system enforces a stricterpolicy for update of temporary identifiers. This updatingguarantees that temporary identifiers are refreshed regu-larly that prevents passive attacks.

2.1.5 Security assurance

In order to ensure that network equipment meets securityrequirements and is implemented following secure devel-opment and product life cycle processes, security assur-ance plays a huge role in 3GPP. Mobile systems have thevery critical need to have this assurance, as they form thebackbone of the connected society and are even classifiedas critical infrastructure in some jurisdictions.

Needs of ensuring secure implementations in additionto the secure standardized system and protocol, was re-alized early on the telecom industry. 3GPP and GlobalSystem for Mobile Communications Association GSMAassociation created assurance scheme (NESAS ) in orderto guarantee security in the the network equipment. Twomain components which are supported by NESAS are se-curity requirements and an auditing infrastructure.

One of the goal of NESAS is to provide all the needsof many national and international cyber security regula-tions, such as the EU cyber security certification frame-work.

Transition to a broader use of software implementationsmakes the updates easier in the case that vulnerabilitiesare discovered.

3 Threat Models and Countermeasures

In this section we will discuss the threat models and coun-termeasures separately.

3.1 Threat models

There are almost thirty-five attacks, described in the lit-erature that were considered and prevented using privacyand authentication protocols for 5G and 4G Networks. In

4

Figure 3: Classification of attacks in 4G and 5G Cellular Network [FMA+17b].

this survey [FMA+17b] according to procedure of attacksin 5G and 4G cellular networks they have classified to 4group of attacks as,

1. attacks which violate privacy

2. attacks which violate integrity

3. attacks which violate availability

4. attacks which violate authentication

A detailed classification of the attacks is shown in Fig. 3which are discussed with more details in the rest of thesection.

3.1.1 attacks which violate privacy

There are fourteen attacks, according to Ferrag etal. [FMA+17b], which are counted as attack against pri-vacy such as, Man-In-The-Middle (MITM) attack, replayattack, eavesdropping, impersonation attack, parallel ses-sion attack, tracing attack, collaborated attack, masquer-ade attack, spoofing attack, disclosure attack, stalkingattack, privacy violation, chosen ciphertext attack andchosen plaintext attack. MITM attack is an attack wherethe attacker secretly relays and possibly alters the com-munication between two parties who believe they are di-rectly communicate to each other [WIKa]. This attackcan cause problems on availability of service. Accord-ing to Conti et al. [CDL16], attacker can apply MITMattack to system using False Base Station (FBS ) at-tack. FBS attack means an attacker pretends its BaseTransceiver Station (BTS ) as a real networks BTS. Chenet al. [CWW+13] proposed, by using mutual authentica-tion between user and BTS, authentication with password

base smart cards and key agreement protocols. With thisapproach there is a possibility to detect a replay attackby checking the time stamp. The steps of the protocolare shown in Fig. 4.

Intuitively, the main point in the structure of the proto-col (Fig. 4) is that, in Step 3, the user sends current timeTi and hash of it with some secret values to the serverthat makes the transmitted messages unique. Similarly,the servers computes the difference of current time andlogin request time (T

′

i ) and if the difference of two timesis not smaller than a constant value, the server abortsthe connection. Note that two parties always use currenttime as a unique message inside the exchanged messagesand sends hash of times to each other, which prevents thereply attack and consequently the MITM attack.

3.1.2 attacks which violate integrity

The system might be attacked based on the modificationof information which are exchanged between users andthe access points of 5G networks. The authenticationand privacy preserving protocols of 4G and 5G networksare secure due to using frequently the SHA-1 and MD5algorithms as hash functions.

There are several attacks in this classification suchas, message blocking, message insertion attack, messagemodification attack, tampering attack, cloning attack andspam attack.

3.1.3 Attacks which violate availability

As one can guess from the name of this attack, its goal isto make a service unavailable. Attacks against availabilitycan be categorized to six different attacks including First

5

Figure 4: The procedure of Chen et al.’s proto-col [CWW+13].

In First Out (FIFO) attack, physical attack, redirectionattack, free riding attack and skimming attack.

As an example of these kind of attacks, it is shown thatan adversary can perform FIFO attack to the system bygathering entering time and exiting time intervals of theusers. Note that the time of participators stays in the net-work can either be constant or vary. In the case that thestaying time is fixed, performing the FIFO attack is easy.Different approaches have been proposed to prevent thiskind of attacks, for example Gao et al. [GMS+13] pro-posed a trajectory mixzones graph model. The main idea

behind that approach is to mix the identity of users whichenter or exit the network (shuffling the identifiers of usersthat enter or exit). Similarly in the redirection attack,the adversary can gather the correct user entity informa-tion and increases the user’s signal strength and send itto other user which means redirect signal or impersonatesa BTS in the networks. To avoid this kind of attack, Sax-ena et al. [SGC16] and Li et al. [LWZ16] suggested an ideausing a Message authentication code(MAC) to maintainthe integrity of tracking area identity.

During recent years the use of IoT is increasing fast.Among various threats, DoS attacks which usually arecaused from smart tools and devices are getting moreimportant concern in cellular 4G and 5G networks. Inis undeniable that DoS attacks against infrastructure ofbig industrials such as transportation, military services,communications, resources and energy can lead to verydangerous consequences, consequently huge human andfinancial costs.

In novel cellular network DoS attack on industrial in-frastructures can leverage and probably target accessibil-ity to the network. In most of cases, such attacks willbe originated from particular places with huge numberof smart devices connected to 5G networks and IoT en-vironment. Here we discuss on DoS attacks on 5G cel-lular networks. Roughly speaking, these attacks aims toexhaust resources of the victim; resources such as time,power and etc. Generally in 5G cellular networks, DoSattacks are classified to two types which can be listed as,identified:

1. DOS Attacks Against Infrastructure of Network: At-tacks in this category are designed to straightfor-wardly exhaust the resources of target user or de-vice in network infrastructure of novel cellular net-work. More precisely, the attacks in this family aimto attack to the infrastructure of operator, withoutconsidering the fact that such attack indirectly willaffect on users and devices of the victim network.

2. DOS Attacks Against Users/Devices: Attacks in thiscategory are designed to exhaust resources of the vic-tim 5G user and device. The resource can containany possible resources such as time, power, reliabilityand etc. Unlike the previous case, in this item, usersand devices themselves are the main targets withoutconsidering the fact that such violations against biggroup of devices and users can influence on big partof a 5G cellular network infrastructure.

It is worth to mention that the DoS attacks which tar-get the infrastructure of 5G network, mostly will focuson resources which are tied to provide high-speed con-nectivity and consequently bandwidth. Such attacks canbe performed in areas such as,

6

• In the Signaling Plane phase which is required in au-thentication and providing suitable bandwidth, con-nection, or mobility demands for connected devicesto the 5G network.

• In the User Plane which is required to support two-way communications between devices or users.

• In the Management Plane phase which is required toprovide configuration of connected users and devicesin network that cover user planes and signaling.

• In the Support Systems which are required to sup-port devices or users that are operating on the 5Gnetwork.

• In the Radio resources that are required to provideeasy access to large number of devices or users in the5G networks.

• On the resources of network which among with vir-tualized infrastructure are used to support providedservices in the network; e.g. network clouds.

From the physical resources perspective, DOS attackswhich target devices or users, mostly will attack to thefollowing items, [All16]:

• Memory

• CPU

• Disk

• Battery

• Radio

• Sensors

And similarly, from logical resources perspective, DOSattacks which target devices or users, mostly will attackto the following items, [All16]:

• Applications

• Information of Configuration

• Operating Systems

• Patching Support System

3.1.4 Attacks against authentication

This attack is considered to be lunched in the cases thatauthentication between server-client and vise versa is vi-olated. This family of attacks can be listed as: passwordcorruption and reusing, impersonating a legitimate user,desynchronizing the server and a target user, brute forc-ing secret keys, dictionary attack, smart card corruptionand some similar cases [All16].

An an example, in order to perform an attack againstpassword-based authentication schemes, an adversary canguess various terms from a dictionary as target password,and then she can pretend to be a legitimate user and ifshe succeeded, she will try to attack to the log-in systemof the server and will access to the services which was notallowed.

Or in a different scenario, in order to attack against au-thentication of schemes which are based on smart cards,it is possible that an adversary will stole smart card ofa victim user and then she will be able to get access tosome private log-in information without having access tothe password which makes it possible to adversary to per-form off-line brute force or corrupted smart-card attack.

3.2 Countermeasures

In general, there are 3 different types of improvementson privacy and authentication of forth and fifth genera-tions of cellular networks which are illustrated in Fig. 5.The expanded version of these improvements are given infuture section with more details.

Figure 5: Classification of countermeasures [FMA+17b].

3.2.1 Cryptography methods

1. Asymmetric or public key cryptography: In this ap-proach, one party (e.g. Alice) can encrypt her mas-sage with public key of a second party (e.g. Bob) andsend it to the second party. Now, since only secondparty (e.g. Bob) has the correponding secret key, sohe can decrypt the encrypted message.

2. Symmetric key cryptography: In this approach, twoparties (e.g. Alice and Bob) share the same secretkey which can be used for both encryption and de-cryption procedures. More precisely, first party (e.g.Alice) encrypts her message with the shared secretkey and sends the ciphertext to the second party (e.g.

7

Bob) and second party uses the same shared secretkey and decrypts the chiphertext to get plaintext.

3. Unkeyed cryptography: In this kind of approaches,parties does not have any secret keys; cryptographichash functions, randomness generators and one-wayfunctions are categorized in this family.

3.2.2 Human factors

Beside the discussed cryptographic approaches, humanfactors is one of the important countermeasures whichplays essential role on guarantying secure authentication.In summary, the proposed factors by researchers are de-cided into three main parts including,

1. First part is considering the information that a userknows and might be revealed or forgotten. Informa-tion related to personal identification number (PIN)codes or passwords are examples for this group. Thisis one important part which mostly should be man-aged be the user herself.

2. second group mentions to the physical objects whichwe need to log-in or authenticate. RFID cheaps,smart cards, passcodes are some example that couldbe categorized in this family. Elements in this fam-ily mostly are vulnerable to be stolen, lost or sharedwith malicious party.

3. Last category, considers the target users unique phys-ical information such as scan of eyes, fingerprints,voice of user and biometrics. Fingerprint and bi-metric approaches are two popular racehorses whichrecently have developed in various novel applications.

3.2.3 Intrusion detection methods

Intrusion Detection systems (IDS) are considered as 2ndstep of defense. In the case that an attacker was able tobreak all the countermeasures and he could get all lawfulof the network, in order to find efficient measures an IDSmust spot fast misbehavior.

Intrusion detection methods are divided into three cat-egory such as, Signature based, Anomaly based and Hy-brid IDS that with more details can be found in papers,[PDD+16], [SL17] and [AMZZ+17].

4 Authentication and Privacy Preserv-ing Schemes for 4G and 5G networks

We will compare authentication and privacy protocols inthis section, regarding authentication and privacy mod-els, of 4G and 5G Cellular networks. These schemes areclassified in six classification which are shown in Fig. 6.High overview on these classifications are as follows:

Figure 6: Classification of authentication and pri-vacy preserving schemes for 4G and 5G Cellular Net-works [FMA+17b].

1. Handover authentication with privacy: Using thecryptographic primitives, Symmetric key based pro-tocol, Public key-based protocol and are the han-dover authentication protocol for LTE wireless net-works.

2. Mutual authentication with privacy: to reach the re-ciprocal authentication with privacy, the suggestedsecurity protocols for 4G and 5G networks need toconserve the Identity privacy, Location privacy, Au-thenticity and Data integrity, as shown in Fig. 7.There are several papers which have been publishedin this area such as, [GMT+15], [DP06] and[MPTR11].

3. Radio Frequency Identification(RFID) authentica-tion with privacy: RFID systems cost less andthey easily and physical contact-less can iden-tify an object, which includes radio frequencytags(transponders) and radio frequency tag read-ers(transceivers). RFID systems have been discussedin a huge number of papers so far [ST09], [AAHS15]and [LWSH18].

4. Deniable authentication with privacy: In this au-thentication the receiver can not convince a thirdparty which is different from traditional authentica-tion [DRG05].

5. Authentication with mutual anonymity: Anonymity

8

Figure 7: Classification of three-factor authenticationschemes with privacy [FMA+17b].

by protecting the privacy of the users plays an impor-tant role in cellular networks, as discussed in surveyin [FMA17a].

6. Authentication and they agree for key with privacy:This protocol is a challenge-response based mecha-nism which uses symmetric cryptography [RLX+16].

7. To have authentication beside privacy three fac-tors needed:This protocol categorized into threemain categories such as, Biometrics based protocol,Passwords-based protocol and Smart cards-basedprotocol, which presented in Fig. 8

Figure 8: Classification of three-factor authenticationschemes with privacy [FMA+17b].

More details are presented in papers such as, [FL09],[HHC+09] and [CFN+15].

5 Future Directions

Based on the studied materials, currently authenticationand privacy conserving protocols for 4G and 5G networkshave some open problems which we will point them outas follows:

1. Privacy of Fog paradigm-based 5G networks

2. Efficient checking and verification in 5G-based smartgrids with small cells

3. Privacy of SDN and NFV based topologies

4. Extend the dataset of approaches that discovers theintrusion

5. Presenting protocols which provide strong anonymityfor UAV systems

6. Presenting protocols which provide strong anonymityin crowded vehicle networks with small cells

6 Conclusions

In this report, we discussed the privacy and security in5G systems and compared features of 5G networks to theprevious generations of mobile communication technol-ogy. This report mostly focused on authentication andprotocols which provide strong anonymity for recent gen-eration of cellular networks. Threat models classified into4 models namely attacks which violate anonymity andprivacy, attacks which break integrity of information, at-tacks which make system unavailable, and finally con-cerns related to secure identification and authentications.This report presented three main proposed improvementsincluding cryptography based techniques, improvementswhich mostly are related to users’ operations, and im-provments which mostly are based on unique physicalinformation (e.g. fingerprint). We classified the verifi-cation and privacy conserving protocols for 4G and 5Gnetworks. There exist several new research topics in pri-vacy conserving and authentication protocols on the 4Gand 5G networks which will need to be considered in thefuture which are pointed out in this report.

Acknowledgment: The author has received the ITacademy Achievement Stipend for the spring semester ofacademic year 2017/2018.

References

[AAHS15] Shahab Abdolmaleky, Shahla Atapoor, Moham-mad Hajighasemlou, and Hamid Sharini. Astrengthened version of a hash-based rfid server-less security scheme. Advances in Computer Sci-ence: an International Journal, 4(3):18–23, 2015.

9

[All16] NGMN Alliance. 5G security recommendations.pages 2659–2672, 06-May-2016.

[AMZZ+17] Shahid Anwar, Jasni Mohamad Zain, Mo-hamad Fadli Zolkipli, Zakira Inayat, SulemanKhan, Bokolo Anthony, and Victor Chang. Fromintrusion detection to an intrusion response sys-tem: fundamentals, requirements, and future di-rections. Algorithms, 10(2):39, 2017.

[BBMK16] Pavlos Basaras, Ioannis Belikaidis, LeandrosMaglaras, and Dimitrios Katsaros. Blocking epi-demic propagation in vehicular networks. InWireless On-demand Network Systems and Ser-vices (WONS), 2016 12th Annual Conference on,pages 1–8. IEEE, 2016.

[CDL16] Mauro Conti, Nicola Dragoni, and ViktorLesyk. A survey of man in the middle at-tacks. IEEE Communications Surveys & Tuto-rials, 18(3):2027–2051, 2016.

[CFN+15] Shehzad Ashraf Chaudhry, Mohammad Sabzine-jad Farash, Husnain Naqvi, Saru Kumari,and Muhammad Khurram Khan. An en-hanced privacy preserving remote user authen-tication scheme with provable security. Securityand Communication Networks, 8(18):3782–3795,2015.

[CWW+13] Chien-Ming Chen, King-Hang Wang, Tsu-YangWu, Jeng-Shyang Pan, and Hung-Min Sun. Ascalable transitive human-verifiable authentica-tion protocol for mobile devices. IEEE Trans-actions on Information Forensics and Security,8(8):1318–1330, 2013.

[DP06] Christos K Dimitriadis and Despina Polemi. Anidentity management protocol for internet appli-cations over 3g mobile networks. computers &security, 25(1):45–51, 2006.

[DRG05] Mario Di Raimondo and Rosario Gennaro. Newapproaches for deniable authentication. In Pro-ceedings of the 12th ACM conference on Com-puter and communications security, pages 112–121. ACM, 2005.

[FL09] Chun-I Fan and Yi-Hui Lin. Provably secureremote truly three-factor authentication schemewith privacy protection on biometrics. IEEETransactions on Information Forensics and Se-curity, 4(4):933–945, 2009.

[FMA17a] Mohamed Amine Ferrag, Leandros Maglaras,and Ahmed Ahmim. Privacy-preserving schemesfor ad hoc social networks: A survey. IEEE Com-munications Surveys & Tutorials, 19(4):3015–3045, 2017.

[FMA+17b] Mohamed Amine Ferrag, Leandros Maglaras,Antonios Argyriou, Dimitrios Kosmanos, andHelge Janicke. Security for 4g and 5g cellular net-works: A survey of existing authentication andprivacy-preserving schemes. Journal of Networkand Computer Applications, 2017.

[GMS+13] Sheng Gao, Jianfeng Ma, Weisong Shi, Guox-ing Zhan, and Cong Sun. Trpf: A trajec-tory privacy-preserving framework for participa-tory sensing. IEEE Transactions on InformationForensics and Security, 8(6):874–887, 2013.

[GMT+15] Stylianos Gisdakis, Vasileios Manolopoulos, ShaTao, Ana Rusu, and Panagiotis Papadimitratos.Secure and privacy-preserving smartphone-basedtraffic information systems. IEEE Trans-actions on intelligent transportation systems,16(3):1428–1438, 2015.

[HHC+09] Yueh-Min Huang, Meng-Yen Hsieh, Han-ChiehChao, Shu-Hui Hung, and Jong Hyuk Park. Per-vasive, secure access to a hierarchical sensor-based healthcare monitoring architecture in wire-less heterogeneous networks. IEEE journal onselected areas in communications, 27(4), 2009.

[HUA] ”huawei news.”[online]. available:http://www.huawei.com/en/events/mwc/2017/.

[JLK14] Uijin Jang, Hyungmin Lim, and Hyungjoo Kim.Privacy-enhancing security protocol in lte initialattack. Symmetry, 6(4):1011–1025, 2014.

[LWSH18] Hanguang Luo, Guangjun Wen, Jian Su, andZhong Huang. Slap: Succinct and lightweightauthentication protocol for low-cost rfid system.Wireless Networks, 24(1):69–78, 2018.

[LWZ16] Jinguo Li, Mi Wen, and Tao Zhang. Group-basedauthentication and key agreement with dynamicpolicy updating for mtc in lte-a networks. IEEEInternet of Things Journal, 3(3):408–417, 2016.

[MPTR11] Vasileios Manolopoulos, Panos Papadimitratos,Sha Tao, and Ana Rusu. Securing smartphonebased its. In ITS Telecommunications (ITST),2011 11th International Conference on, pages201–206. IEEE, 2011.

[NKNF18] Karl Norrman, Prajwol Kumar Nakarmi, andEva. Fogelstrm. ”5g security - enabling a trust-worthy 5g system”. 2018.

[NTT] ”ntt press releases.” [online]. available:http://www.ntt.co.jp/news2017/1703e/170327a.html.

[PDD+16] Stavros Papadopoulos, Anastasios Drosou, NikosDimitriou, Omer H Abdelrahman, Gokce Gorbil,and Dimitrios Tzovaras. A brpca based approachfor anomaly detection in mobile networks. In In-formation Sciences and Systems 2015, pages 115–125. Springer, 2016.

[PSS16] Nisha Panwar, Shantanu Sharma, and Awad-hesh Kumar Singh. A survey on 5g: The nextgeneration of mobile communication. PhysicalCommunication, 18:64–84, 2016.

[RLX+16] Mohammed Ramadan, Fagen Li, ChunXiangXu, Abdeldime Mohamed, Hisham Abdalla, andAhmed Abdalla Ali. User-to-user mutual authen-tication and key agreement scheme for lte cellu-lar system. IJ Network Security, 18(4):769–781,2016.

10

[SGC16] Neetesh Saxena, Santiago Grijalva, and Naren-dra S Chaudhari. Authentication protocol for aniot-enabled lte network. ACM Transactions onInternet Technology (TOIT), 16(4):25, 2016.

[SL17] Sok-Ian Sou and Chuan-Sheng Lin. Randompacket inspection scheme for network intrusionprevention in lte core networks. IEEE Transac-tions on Vehicular Technology, 66(9):8385–8397,2017.

[ST09] Hung-Min Sun and Wei-Chih Ting. A gen2-basedrfid authentication protocol for security and pri-vacy. IEEE Transactions on Mobile Computing,8(8):1052–1062, 2009.

[WIKa] Attacks in cryptography[online]. available:https://en.wikipedia.org/wiki/man-in-the-middle˙attack.

[WIKb] Authentication and Key Agree-ment(AKA) (protocol). [online]. available:https://en.wikipedia.org/wiki/authentication˙and˙key˙agreement˙(protocol).

[WIKc] Block cipher mode of op-eration [online]. available:https://en.wikipedia.org/wiki/block˙cipher˙modes˙of˙operation.

[WIKd] HMAC [online]. available:https://en.wikipedia.org/wiki/hmac.

[WIKe] IP˙CORES, AES˙CMAC[online]. available:http://ipcores.com/aes˙cmac˙xcbc˙ip˙core.htm?gclid=cjwkcajw9e3ybrbceiwazjcjuqymit5prxqupjtbtlbptcxod80pvtj3oc1-hobnqmwbbgys-akdxhoc0l8qavd˙bwe.

[WIKf] SNOW [online]. available:https://en.wikipedia.org/wiki/snow.

[WIKg] ZUC stream cipher [online]. available:https://en.wikipedia.org/wiki/zuc˙stream˙cipher.

11