A New Tracking-Attack Scenario Based on the Vulnerability and Privacy Violation of 5G AKA Protocol

The security architecture and procedure for 5G systems (TS 33.501) is based on the 3rd Generation Partner Project (3GPP) security specification draft that is released in 2018. Since its debut, the security violations in the 5G security protocol have been intensively studied and discussed. Based on the 5G security protocol, this paper illustrates a new tracking-attack scenario that feasibly makes subscribers suffer in a breakdown of personal privacy. Specifically, it is shown in this paper that patterns of personal behavior are leaked without any awareness during the synchronization procedures in the 5G protocol. An in-depth analysis of the privacy violations is presented in this paper and potential countermeasures for protecting the sensitive information of genuine subscribers are given. A lemma model based on the TAMARIN Prover is illustrated to analyze the privacy vulnerabilities in the depicted attack scenario. Furthermore, a practical experiment based on the srsLTE framework is setup to demonstrate how the privacy information of genuine subscribers are violated based on the scenario that is reported in this paper.