Authentication and key agreement (AKA) protocol is an important security mechanism for access services in mobile communication systems. The 3GPP group has standardized the AKA protocol for 5G mobile communication systems. Even though 5G AKA protocol has improved security compared with 3G and 4G AKA protocols, several studies have shown that some critical goals are still not fulfilled, such as violation of untracebility and lack of session key confirmation. In this article, we propose a security enhanced AKA protocol for 5G to overcome the previous identified weaknesses. In our protocol, random number based challenge-response mechanism is used to resist replay attacks, which also saves the communication cost since our protocol has no sequence number de-synchronization problem. Besides, our protocol guarantees the feature of session key confirmation, which allows the subscriber and serving network confirm that they share a session key after successful authentication. Through the formal verification of Proverif, the security of our proposed protocol is proved. Moreover, elliptic-curve Diffie–Hellman mechanism is adopted by our protocol, and therefore the property of perfect forward secrecy can be achieved.

身份验证和密钥协商（AKA）协议是移动通信系统中接入服务的重要安全机制。3GPP 小组已经为 5G 移动通信系统标准化了 AKA 协议。尽管与 3G 和 4G AKA 协议相比，5G AKA 协议提高了安全性，但多项研究表明，一些关键目标仍未实现，例如违反不可追踪性和缺乏会话密钥确认。在本文中，我们提出了一种用于 5G 的安全增强型 AKA 协议，以克服之前确定的弱点。在我们的协议中，使用基于随机数的挑战-响应机制来抵抗重放攻击，这也节省了通信成本，因为我们的协议没有序列号去同步问题。此外，我们的协议保证了会话密钥确认的特性，这允许订户和服务网络在成功验证后确认他们共享会话密钥。通过Proverif的形式验证，证明了我们提出的协议的安全性。此外，我们的协议采用了椭圆曲线 Diffie-Hellman 机制，因此可以实现完全前向保密的特性。