The security context used in 5G authentication is generated during the Authentication and Key Agreement (AKA) procedure and stored in both the user equipment (UE) and the network sides for the subsequent fast registration procedure. Given its importance, it is imperative to formally analyze the security mechanism of the security context. The security context in the UE can be stored in the Universal Subscriber Identity Module (USIM) card or in the baseband chip. In this work, we present a comprehensive and formal verification of the fast registration procedure based on the security context under the two scenarios in ProVerif. Our analysis identifies two vulnerabilities, including one that has not been reported before. Specifically, the security context stored in the USIM card can be read illegally, and the validity checking mechanism of the security context in the baseband chip can be bypassed. Moreover, these vulnerabilities also apply to 4G networks. As a consequence, an attacker can exploit these vulnerabilities to register to the network with the victim's identity and then launch other attacks, including one-tap authentication bypass leading to privacy disclosure, location spoofing, etc. To ensure that these attacks are indeed realizable in practice, we have responsibly confirmed them through experimentation in three operators. Our analysis reveals that these vulnerabilities stem from design flaws of the standard and unsafe practices by operators. We finally propose several potential countermeasures to prevent these attacks. We have reported our findings to the GSMA and received a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.

翻译：5G鉴权过程中生成的安全上下文存储于用户设备（UE）与网络端，用于后续快速注册流程。鉴于其重要性，有必要对安全上下文的安全机制进行形式化分析。UE中的安全上下文可存储于通用用户身份模块（USIM）卡或基带芯片中。本研究基于两种场景，利用ProVerif工具对安全上下文驱动的快速注册流程进行了全面的形式化验证。分析发现两个漏洞，其中一项此前未见报道：具体而言，存储在USIM卡中的安全上下文可被非法读取，且基带芯片中安全上下文的有效性验证机制可被绕过。此外，这些漏洞同样适用于4G网络。攻击者可利用这些漏洞以受害者身份完成网络注册，进而实施包括一键鉴权绕过导致隐私泄露、位置欺骗在内的多重攻击。为确保攻击可行性，我们已在三家运营商网络中进行实验验证。分析表明，这些漏洞源于标准设计缺陷及运营商的不安全实践。最后，我们提出多项潜在防御措施并已向GSMA报告相关发现，获得协同漏洞披露编号CVD-2022-0057。