SoK: Evaluating 5G Protocols Against Legacy and Emerging Privacy and Security Attacks

Abstract: Ensuring user privacy remains a critical concern within mobile cellular networks, particularly given the proliferation of interconnected devices and services. In fact, a lot of user privacy issues have been raised in 2G, 3G, 4G/LTE networks. Recognizing this general concern, 3GPP has prioritized addressing these issues in the development of 5G, implementing numerous modifications to enhance user privacy since 5G Release 15. In this systematization of knowledge paper, we first provide a framework for studying privacy and security related attacks in cellular networks, setting as privacy objective the User Identity Confidentiality defined in 3GPP standards. Using this framework, we discuss existing privacy and security attacks in pre-5G networks, analyzing the weaknesses that lead to these attacks. Furthermore, we thoroughly study the security characteristics of 5G up to the new Release 19, and examine mitigation mechanisms of 5G to the identified pre-5G attacks. Afterwards, we analyze how recent 5G attacks try to overcome these mitigation mechanisms. Finally, we identify current limitations and open problems in security of 5G, and propose directions for future work.