5G technology is called to support the next generation of wireless communications and realize the “Internet of Everything” through its mMTC (massive Machine-Type-Communications) service. The recently standardized 5G-AKA protocol is intended to deal with security and privacy issues detected in earlier generations. Nevertheless, several 5G-AKA shortcomings have been reported, including a possibly excessive computational complexity for many IoT devices. To address these, a promising lightweight 2-pass authentication and key agreement (AKA) protocol for 5G mobile communications has recently been proposed by Braeken. Compared to the 5G-AKA protocol, this does not require the use of public key encryption. This paper analyzes the security claims of Braeken’s protocol and shows that it does not provide full unlinkability, but only session unlinkability, and is (still) subject to Linkability of AKA Failure Messages (LFM) attacks. We propose solutions to such problems and prove that symmetric-key based protocols cannot offer higher privacy protection levels without compromising availability. We then describe an enhanced version of this protocol that addresses these vulnerabilities and supports forward secrecy, which is a desirable feature for low-cost IoT devices.

5G技术被称为支持下一代无线通信并通过其mMTC（大规模机器类型通信）服务实现“万物互联”。最近标准化的 5G-AKA 协议旨在处理前几代检测到的安全和隐私问题。尽管如此，已经报告了几个 5G-AKA 的缺点，包括许多物联网设备可能存在过多的计算复杂性。为了解决这些问题，Braeken 最近提出了一种用于 5G 移动通信的有前途的轻量级 2 次认证和密钥协商 (AKA) 协议。与5G-AKA协议相比，这不需要使用公钥加密。本文分析了 Braeken 协议的安全声明，并表明它不提供完全的不可链接性，而仅提供会话不可链接性，并且（仍然）受到 AKA 失败消息 (LFM) 攻击的可链接性的影响。我们针对此类问题提出了解决方案，并证明基于对称密钥的协议无法在不影响可用性的情况下提供更高的隐私保护级别。然后，我们描述了该协议的增强版本，该版本解决了这些漏洞并支持前向保密，这是低成本物联网设备的理想功能。