AAKA: An Anti-Tracking Anonymous Authentication Scheme for Next Generation Mobile Networks

"The geographic data and timestamps of subscribers held by mobile carriers have long been used by law enforcement and intelligence agencies to conduct legal investigations, largescale surveillance, or even unconstitutional search. Meanwhile, with the surge in popularity of Location-based Services (LBS) over the past decade, selling the geolocation information of average mobile users has become a lucrative enterprise. Many mobile carriers, the leading aggregators of user location data, have repeatedly breached user privacy agreements and sold users’ location history to third parties without user consent. Location privacy is exacerbated by the reality that cellular-connected mobile devices will inevitably be localized more precisely as a result of continual enhancements to the positioning and localization technologies of 5G, 6G, and beyond networks. To address these challenges, we propose AAKA, a privacypreserving anonymous mutual authentication and key agreement scheme that is compatible with the cellular architecture and SIM standardized by 3GPP.1 At its core, AAKA leverages anonymous credentials (AC) to offer anonymity, unlinkability, unforgeability, and accountability in addition to meeting 3GPP’s fundamental security requirements for the User Equipment(UE) authentication and key agreement process. The evaluation demonstrates that the scheme is practical, with a credential presentation taking ∼52 ms on a constrained host device equipped with a standard cellular SIM card. "