Abstrakt | 5G saw the introduction of an encrypted user identifier, the Subscriber Concealed Identifier (SUCI), to provide confidentiality of the subscriber's whereabouts and identities. The SUCI protects the new generation of cellular networks against tracking devices, so-called IMSI-catchers, which have undermined users' confidentiality ever since the inception of cellular networks. However, the potential advent of large-scale quantum computers in the near future threatens to compromise the confidentiality provided by the SUCI yet again. The security of the public-key cryptography that underpins the SUCI relies on the hardness of the discrete logarithm problem. Using Shor's algorithm, a quantum adversary could break the SUCI's cryptography and once more gain the capability to track and identify users. Advancements in quantum computing are unpredictable, and a breakthrough might be only a decade away. Given the slow nature of standards and their implementation, it is thus necessary to already integrate now quantum-resistant cryptography into the current and also next-generation (6G) cellular networks. To contribute to this development, we propose a post-quantum secure scheme for the SUCI calculation, KEMSUCI. To this end, we first analyze the weak points in the current SUCI calculation scheme when considering quantum attacks. We then describe an alternative SUCI calculation scheme based on post-quantum secure key-encapsulation mechanisms (KEMs). Our proposed scheme can use any of the KEMs submitted to the NIST call for standardization of post-quantum secure cryptography (PQC) schemes. For the usage in KEMSUCI, the KEM should provide efficient execution on a SIM card and induce little network communication overhead. We evaluate all of the NIST PQC finalists under these aspects and identify Kyber and Saber as the best fit. Instantiated with these KEMs, KEMSUCI can be integrated into 5G and 6G. Compared to the existing SUPI protection schemes, KEMSUCI exhibits faster execution speed and only little communication overhead. |
---|