Dependability Analysis of 5G-AKA Authentication Service From Server and User Perspectives

,


I. INTRODUCTION
The tremendously increased capacities of the 5th-Generation (5G) networks [1] enable 5G to offer ultra-reliable and affordable broadband access to a huge number of various devices, including mobile hand-held, Machine-to-Machine communication (M2M), Internet of Things (IoT) [2], and Cyber-Physical Systems (CPSs) devices [3]. Moreover, 5G system offers several security services for secure communication [4]. The ''5G Authentication and Key Agreement'' (5G-AKA) protocol, which is used to authenticate and establish keys between the involved parties in 5G network, acts as the first step of securing the 5G network communication [5]. Designing authentication and access control mechanisms for 5G networks should consider service-specific security requirements. For example, fast communications need the design of fast AKA procedures [6]. FIGURE 1 illustrates three security entities in the 5G Core Network (5GC), which are involved in the 5G-AKA The associate editor coordinating the review of this manuscript and approving it for publication was Yi Qian . authentication service provisioned to User Equipment (UE) [7]. These entities are Security Anchor Function (SEAF), Authentication Server Function (AUSF), and Authentication credential Repository and Processing Function (ARPF). It is known that the design flows, misconfiguration, and implementation bugs of 5G system can cause 5G system failures. Furthermore, those entities are facing software aging problem like other software. No matter which problem happens will lead to the failure of the entity and the failure of the whole protocol process, and finally result in loss of authentications, i.e., newly arriving UE authentication requests will be dropped. Backup entity can alleviate this authentication request loss but increase cost to 5G service providers. 5G-AKA authentication service provider must consider the balance among maintenance cost for handling network element failure, loss of revenue and other associated costs of loss of service. Cost tradeoff studies can help service provider provide attractive and profitable services.
This paper explores an analytical modeling approach to quantitatively analyze the dependability of 5G-AKA authentication service from the perspectives of both service provider and end user. Without loss of generality, we only consider the SEAF failure and assume that all the other entities will never fail. That is, 5G-AKA authentication service fails only due to SEAF entity failure. Notice that, AUSF and ARPF in 5G-AKA authentication service also suffer from failure. The model proposed in this paper is also suitable to the scenario where AUSF or ARPF fails. We choose SEAF as an example because SEAF is the first functional element for the UE accessing the 5GC. Also, the SEAF receives the anchor key, K SEAF , from the AUSF upon a successful primary authentication procedure in each serving network, and the SEAF shall never transfer K SEAF to an entity outside the SEAF. Keys for more than one security context can be derived from K SEAF without the need of the running of a new authentication [7]. Finally, the channel between UE and SEAF is more likely been attacked by adversaries which makes SEAF more prone to failure [5].
The main contributions of this paper are summarized as follows: • We develop continuous-time Markov chain (CTMC) models for capturing the behaviors of 5G-AKA service that suffers from failure under non-backup and backup policies, respectively. The details of these two policies are given in Section III. The availability models will be applied for deriving the formulas for computing metrics of interest. Note that CTMC modeling is an evaluation approach for quantitatively analyzing the target performance, dependability and security [24].
• We quantitatively analyze the user-oriented dependability of 5G-AKA by deriving the formulas for computing defects per million (DPM) computation under each policy. DPM denotes the number of authentication requests not served per million as in [8].
• We quantitatively analyze the service-provider-oriented dependability of 5G-AKA by deriving the formulas for computing the 5G-AKA authentication service's first restoration time from SEAF failure and total cost of ownership TCO) under each policy. The later includes infrastructure cost, power consumption and cooling cost, operation cost and drop cost.
The rest of the paper is organized as follows. Section II introduces background and related work. Section III provides a brief description and presents the proposed model. Section IV presents the experimental results. Finally, we conclude this paper and possible directions for future work in Section V.

II. BACKGROUND AND RELATED WORK
This section first introduces the 5G-AKA protocol developed by 3GPP [7]. Then we present the existing studies of AKA protocol which are closely related to our research.
A. 5G-AKA PROTOCOL 5G-AKA protocol developed by the 3rd Generation Partnership Project (3GPP) [7] is an essential security protocol in 5G networks in order to ensure the communication security, and its authentication procedure is shown in FIGURE 2 [7]. It is an evolution of the AKA variants used in 3G and 4G [7]. It is used to authenticate and establish keys between the involved parties [5] in 5G networks. AUSF compares the received RES * with the stored XRES * . If RES * and XRES * are equal, the authentication is successful from the home network point of view. Anyone who wants to use 5G network needs to complete the protocol before accessing the network. FIGURE 1 describes the main security entities involved in the 5G-AKA authentication. The channel between UE and SEAF belongs to Radio Access Network and other two channels belong to 5G core network (5GC). Unlike 3G or 4G network, those function modules are virtualized software functions on a unified platform, not specialized hardware.

B. RELATED WORK
There was no real secure authentication [9]. Many researches have been carried out to analyze or/and address this weakness by improving or modifying AKA protocol. Gupta et al. [10] proposed a dynamic group based efficient and secure (DGBES-AKA) protocol for M2M communication in LTE/LTE-A network, which improved some overhead. Li et al. [11] proposed the group-based AKA (GR-AKA) protocol which not only could authenticate several communication devices simultaneously, but also made the system to dynamically update its access-policy in an efficient way. Parne et al. [12] proposed the security enhanced group-based (SEGB) AKA protocol for M2M communication in LTE/LTE-A network, which overcame the problem of the single key, signaling congestion and high bandwidth consumption. Parne et al. [13] proposed the performance and security enhanced (PSE-AKA) protocol for LTE/LTE-A network, which generated the authentication vectors with small overhead. 5G AKA protocol enhances the AKA protocol of 4G LTE [14] [15] by providing the next party and channel with proof of successful authentication of the UE from the visited network [16]. Idrissi et al. [17] proposed enhancement of AKA protocol in order to meet the requirements of authentication and authorization in 5G networks by using a new key framework, which not only improved performance, but also enabled fast re-authentication during handover. Basin et al. [18] analyzed the 5G AKA algorithms and demonstrated that the protocol failed in meeting several security goals, which were explicitly required, and then made explicit recommendations for the attacks and weaknesses with finding. Differently, in this paper we analyze the dependability of 5G-AKA authentication service when facing the failure of SEAF service, which can be used to help the assessment of the capability of the aforementioned protocols.
Note that researchers have investigated the reasons for the authentication requests to be dropped in the authentication process. Some researchers focused on the authentication failure, which caused the requests to be dropped. Abdoet al. [19] considered that RandomEncKey, RandomIntKey, UESecCapabilities and some other information were encrypted by using the Home network's public key stored in UICC, in order to get A. Then A was checked for integrity in EC-AKA2 signaling messages. If failing, Home Subscriber Server (HSS) dropped the request and replied with an error code. Differently, we consider the failure of SEAF entity of 5G-AKA protocol will result in the loss of authentication and provide the Authentication Request Loss (ARL) model for the failure.
Finally, TCO can help providers make decisions to minimize their costs. There is a crucial need to provide TCO for analyzing the services. Zhang et al. [20] evaluated the authentication cost of RUSH based on the computation cost, the communication overhead and the storage cost. Sun et al. [21] analyzed the performance of proposed scheme in terms of computational cost, signaling overhead and communication overhead. Cao et al. [22] proposed a fast mutual authentication and data transfer scheme for massive NB-IoT devices, and compared the signaling cost, the transmission cost and the total computational cost of existing policies. Differently, we consider the failure and recovery of SEAF entities of 5G-AKA protocol, and then define different components for TCO of authentication service, i.e., infrastructure cost, power consumption and cooling cost, operation cost and drop cost. Moreover, the formula of the different component costs is given.
To the best of our knowledge, we are the first to consider DPM, the first restoration time and TCO by developing the model to capture the failure of 5G-AKA authentication service. Our work can be divided into two tasks. We first propose the model under non-backup and backup policies, and give the formulas of DPM, the first restoration time and TCO. Then we investigate the relationships among parameters and the impact of parameters on evaluation measures.

III. MODELS OF NON-BACKUP AND BACKUP POLICIES
This section first presents the availability models under nonbackup and backup policies, respectively. Then we present the methods for computing DPM and service's first restoration time from failure in Section III-B and Section III-C, respectively. In Section III-D, we discuss how to calculate TCO. TABLE 1 gives the definition of variables to be used in the rest of the paper. The details of the two policies are given as follows:

Non-backup
• policy. Under this policy, there is only one SEAF entity.
When the entity fails, it will take time to detect and repair the failure. The authentication service is not provisioned to end users until the failing entity completes its repairing.
• Backup policy. Under this policy, there are two homogeneous SEAF entities, which process the arriving authentication requests in parallel. When one fails, the failure detection is first made and then the failover [24] is applied such that the other SEAF entity can handle all arriving requests. Finally, it is repaired. During these three processes, the other SEAF entities may also fail.  A. AVAILABILITY MODELS 1) NON-BACKUP POLICY FIGURE 3 describes the CTMC availability model for capturing one SEAF entity state transitions, namely, 5G-AKA authentication service state transition. State 0 denotes the healthy state and then all incoming authentication requests can be processed. The SEAF entity can fail at the rate γ and then enters state 1. SEAF at state 1 is considered unavailable to work. Detecting the SEAF entity failure takes an exponentially distributed time with rate 1/δ. The system reaches state 2 in which recovery is initiated. The recovery time from state 2 to state 0 is exponentially distributed with rate 1/τ . Then we get the steady-state probabilities of three states: , which are to be used later.

2) BACKUP POLICY
Under this policy, there are two SEAF entities processing authentication requests in parallel. FIGURE 4 shows the CTMC model for capturing the behaviors of two SEAF entities. The arrival rate is λ/2 for each SEAF entity. In this model, state 0 represents that both SEAF entities are up for handling incoming authentications. Either of them can fail with rate 1/γ . When failure occurs to one of the SEAF entities, the system goes to state 1 with rate 2γ , (i.e., one SEAF entity is down). The failure is detected at rate δ upon which the system enters state 2. During the failure detection, the other SEAF entity may fail. Hence, if another failure occurs before the detection of the first failure, the system goes to state 5 with rate γ . In state 2, the failover is performed (System enters state 3). The time for completing the failover is assumed to be exponentially distributed with rate 1/τ f . Also, during the failover, the other SEAF entity may fail. Hence, if the other entity fails before the failover completion, the system goes to state 4 with rate γ . In state 4, another failure is detected at the rate δ upon which the system enters state 6. VOLUME 8, 2020 State 5 represents that both SEAF entities are down. The failures are detected and the system enters state 6 with rate δ. State 6 represents that both failures are detected. Since both SEAF entities have failed, two recovery processes need to be started independently with rate τ . When the failures are recovered, the system enters state 0 with rate τ .
In state 3, when the failure is recovered and the system enters state 0 with rate τ . In addition, if another failure occurs before the recovery, the system goes to state 4 with rate γ . Eqs. (1)-(7) give the steady-state probabilities of all states, which are used later.
This section first discusses how to calculate the number of authentication request loss per Failure and then presents DPM computation.

a: NUMBER OF AUTHENTICATION REQUEST LOSS PER FAILURE
We consider the ARL model shown in FIGURE 5, which is developed from FIGURE 3. It shows the state transitions after the failure occurrence. State 1 and 2 are defined as same as in FIGURE 3. State H is an absorbing state, denoting that SEAF entity has successfully recovered from failure. Define T d to denote the time to state H from state 1. From FIGURE 5, we can obtain its cumulative distribution function where π H (t) is the transient probability that the CTMC is in state H at time t. According to the Kolmogorov equation, we can get: Eq. (8) indicates that the cumulative distribution function of T d is a two stage Hypo-exponential distribution HYPO(δ, τ ). Therefore, we obtain the mean number of authentication request loss due to the SEAF entity failure as in Eq. (9): The failure frequency of the availability model in given in [25], we get the DPM caused by SEAF failure as in Eq. (10): 2) BACKUP POLICY When one SEAF entity fails, the system goes to state 1 in FIGURE 4. Subsequently, three scenarios may occur: (S1). Only one SEAF entity fails (with probability δ/(γ + δ)): the transition follows 1→2→3; (S2). The other SEAF entity fails before completing the detection of the first failure (with probability γ /(γ + δ)): the transition follows 1→5→6→0; (S3). The other SEAF entity fails before the recovery of the first failure (with probability [δ/(γ + δ)] · γ /(γ + τ f ) + τ f /(γ + τ f ) · [γ /(γ + τ )] ): the transition follows 1→2→4→6→0 or 1→2→3→4→6→0.
The authentication losses in these three scenarios are different and hence we compute the authentication loss for these three scenarios separately and then combine them in the total DPM computation. We also find that the sojourn time for the system in state 1 is exponentially distributed with parameter δ + γ , based on which FIGURE 6 and FIGURE 7 are constructed.
The rest of this section first discusses how to calculate the number of authentication request loss per failure and then presents DPM computation.

a: NUMBER OF AUTHENTICATION REQUEST LOSS PER FAILURE
To compute the mean number of newly arriving authentication request loss, we consider the CTMC ARL models shown in FIGURE 6, FIGURE 7, FIGURE 8 and FIGURE 9, which illustrate the state transitions. H 1 is an absorbing state, which is obtained by merging states 0 and 3 from model in We assume that the first failure occurs at time 0. Hence the system of FIGURE 4 enters state 1 in scenario (S1). The cumulative distribution function of T d1 can be computed in the way similar to that of non-backup policy. Thus, we can obtain: With Eq. (11), we can calculate the mean number of authentication request loss due to one SEAF entity failure in Eq. (12).
So the mean number n sc1 of authentication request loss for scenario (S1) can be computed as in Eq. (13).
We assume that the first failure occurs at time 0. Hence the system of FIGURE 4 enters state 1 in scenario (S2). The cumulative distribution function of T d21 can be computed from the CTMC in the way similar to that of non-backup policy. Eq. (14) describes F T d21 (t).
Eq. (14) indicates that the cumulative distribution function of T d21 is a three-stage Hypo-exponential distribution HYPO((δ + γ ), δ, τ ). We then can compute the mean number n ba21 of authentication request loss due to the SEAF entity failure as in Eq. (15).
If the second failure occurs at time 0, the system of FIGURE 4 enters state 5 in scenario (S2). The cumulative distribution function for T d22 can be computed as in Eq. (16): The mean number n ba22 of authentication request loss due to the SEAF entity failure is computed in Eq. (17).
Eq. (18) gives the mean number n sc2 of authentication request loss for scenario (S2).
If the second failure occurs at time 0, the system of FIGURE 4 enters state 4 in scenario (S3). The cumulative distribution function of T d3 can be computed as in Eq. (19).
We get the mean number n ba3 of authentication request loss due to the SEAF entity failure in Eq. (20) and then obtain the mean number of authentication request loss for scenario (S3) as in Eq. (21) The failure frequency of the availability model in FIGURE 4 is f = π 0 2γ , where π 0 = δ(δ+γ )(τ f +γ )(τ +γ )τ is the probability that the system is in state 0. We get DPM caused by the SEAF entity failure as in Eq. (22). DPM = f · n ba 10 6 λ = π 0 2γ (n sc1 + n sc2 + n sc3 )

C. THE FIRST RESTORATION TIME OF AUTHENTICATION SERVICE FROM FAILURE
The first restoration time for authentication service is crucial. Providers can make that the service is recovered faster to its healthy state (i.e., state 0) via configuring parameters (e.g., mean time for recovery) after the failure occurring, which causes the increasing of the associated costs. Therefore, it is necessary to analyze the first restoration time. In this section, we describe how to calculate the first restoration time under each policy.
The expected value of the random time at which the system passes into each state of {0,1,2} for the first time can be calculated by using first passage times of FIGURE 3. The first passage time T k into state k starting from state i is defined as T k = E(T |X (0) = i). Here, E is the expected value, T = min{t ≥ 0 : X (t) = k} and k ∈ S no_ba .
Define t i→k = E[T k |X (0) = i] to denote the mean time for the first passage from i to k. Here, k ∈ S no_ba . For each k, the first passage time for FIGURE 3 satisfies the equation r i t i→k = 1 + j∈S no_ba ,j =i r i,j · t j→k , i = k [27]. Here, i ∈ S no_ba and r i = l∈S no_ba r i,l .
State 0 denotes the healthy state and Eq. (24) gives the calculation of the first restoration time of the model of FIGURE 3. The detailed derivation processes are given in Appendix A-1.

2) BACKUP POLICY
Let X (t) with finite State-Space S ba = {0, 1, 2, · · · , 6} denote the state of system at time t. Eq. (25) describes the rate matrix R = [r i,j ], i ∈ S ba , j ∈ S ba for the CTMC of FIGURE 4.
The expected value of the random time at which the system passes into each of the states {0, 1, 2, · · · , 6} for the first time can be calculated by using first passage times of FIGURE 4. Therefore, the first restoration time for state 0 will be as Eq. (26) in the model of FIGURE 4, and the detailed derivation processes are given in Appendix A-2.

D. TOTAL COST OF SERVICE PROVIDER (TCO)
High availability for 5G-AKA protocol is crucial. A few minutes of service failure can cause a large loss of revenue and business reputation. While providers try to achieve reduce DPM (or reduce the first restoration time) via several means (e.g., recovery strategies), the associated costs also increase. Hence, understanding the trade-offs between cost and DPM is an important issue. In this section, we describe our assumptions in terms of cost components and show how to compute them using the ARL model. We define different components for TCO, as follows: • Infrastructure Cost C inf . Define n s as the number of SEAF entities in service, C s ($) as the capital expenditure (CapEx) per SEAF entity and C s_γ ($) as the capital expenditure of mean time for failure. We define the infrastructure cost as C inf = n s · (C s + C s_γ · 1 γ ). • Power Consumption and Cooling Cost C pow . Define C p ($/Wh) as the power consumption and cooling cost in dollar per Watt-hr, and p(x) as the steady state probability with x non-failed SEAF entities in SEAF service. The power consumption and cooling cost C pow ($) [28] over the operational period L (hr) is defined as Here W p(x) (Watt) is the power consumption with x non-failed SEAF entities in service. When there are x SEAF entities running simultaneously on service, the reward rate of each state of CTMC is h idle + x · v s , where h idle (Watt) is the idle power consumption and v s is the power consumption of a SEAF entity during its average utilization. If there are n s SEAF entities, we define power consumption in x non-failed SEAF entities as W p(x) = n s · (h idle + x · v s ) [29].
• Operation Cost C ope . Let C o ($) be the operation cost (include detection, failover and recovery cost) per unit time after each failure. With C o , we can compute the operation cost C ope = C o · γ · (L/24) · t. Here, t = i∈S t i→0 p i , S is finite State-Space without state 0, and • Drop Cost C dro . Let C d ($) be the penalty cost for an authentication request is dropped. With C d . The formula for computing the drop cost C dro ($) during the operational period L as C dro = C d · ρ dro · λ · L · 3600, where ρ dro = DPM 10 6 .

IV. NUMERICAL ANALYSIS
This section aims to compare two policies in terms of DPM, the first restoration time and TCO. Default values of the model parameters are summarized in TABLE 1 for numerical analysis. Several default values are set according to [23]- [26]. Numerical analysis is conducted on MAPLE [30]. The results and discussions of DPM computation, the first restoration time and TCO are presented in Section IV-A, IV-B and IV-C, respectively.

A. DPM COMPUTATION
This section presents the DPM by varying τ , δ and γ in Section IV-A-1) and IV-A-2), respectively.

1) EFFECT OF FAILURE RATE (γ )
1/γ varies from 1 to 6 days and let 1/δ = 1 sec and 1/τ f = 2 sec. FIGURE 10 (a) and (b) show the results of DPM over γ under two policies. More explanations of results are given as follows. FIGURE 10 shows that DPM decreases with the increasing 1/γ , and increases with the increasing 1/τ under both policies. We illustrate these phenomena by taking an example of FIGURE 10 (a). The reason is that the SEAF entity is less prone to failure and then DPM decreases when the failure time 1/γ increases. DPM = 10 6 γ (τ +δ) δτ +τ γ +δγ , so DPM (γ ) = 10 6 δτ (δ+τ ) [δτ +τ γ +δγ ] 2 . γ plays a decisive role due to the existence of the square, so there is always DPM (γ ) > 0, i.e., the DPM decreases with the increasing 1/γ . FIGURE 10 shows that the DPM under backup policy is much smaller than under non-backup policy for each γ . The reason is that there are two SEAF entities in backup policy, which leads to fewer authentications being dropped. Thus, DPM under backup policy is less than DPM under non-backup policy. because the failure is detected slowly. Then, the time from failure to recovery is longer. Therefore, DPM increases with the increasing 1/δ. DPM = 10 6 γ (τ +δ) δτ +τ γ +δγ , so DPM (δ) = −10 6 τ 2 γ [δτ +τ γ +δγ ] 2 . δ plays a decisive role due to the existence of the square, so there is always DPM (δ) < 0, i.e., the DPM increases with the increasing 1/δ.
• FIGURE 11 (b) shows that the increasing 1/τ results in the increasing of DPM under backup policy. This is due to DPM (τ ) < 0, DPM increases with the increasing 1/τ .

B. THE FIRST RESTORATION TIME
This section presents the first restoration time by varying τ . 1/τ varies from 10 to 20 sec. Let 1/γ = 3 days, 1/δ = 1 sec and 1/τ f = 2 sec. FIGURE 12 shows the first restoration time under each policy, respectively. More explanations of results are given as follows. FIGURE 12 shows that the first restoration time increases with the increasing 1/τ under each policy. The reason for non-backup policy is that with mean time for recovery 1/τ increases, the time from failure to recovery is longer, so the time into state 0 from state 1, state 2 and other states are increases. Therefore, the first restoration time increases with the increasing 1/τ .
Under each policy, with the increasing 1/τ , the first restoration times into state 0 from other states are almost different. The first restoration time from state 1 to state 0 is always higher than the first restoration time of other states to state 0. The reason is that the system enters state 1 and then enters other states for fixed 1/τ when one failure occurs. So the first restoration time from state 1 to state 0 is higher than the first restoration time from other states to state 0.

C. THE TOTAL COST OF OWNERSHIP (TCO)
Section IV-A and IV-B analyze the DPM and the first restoration time under two policies. According to DPM and the first restoration time, we analyze the TCO below.

1) EFFECT OF FAILURE RATE (γ )
The parameter settings are the same as in Section IV-A-1). In order to better reflect the impact of a policy on TCO, we set L = 70 hours under non-backup policy and L = 700 hours under backup policy.   (ii) C pow represents the power consumption and cooling cost. Note that C pow is very small and then it is not considered in the following. (iii) C ope , denoted as ''C_ope'' in FIGURE 14, represents the operation cost. (iv) C dro , denoted as ''C_dro'' in FIGURE 14, represents the drop cost.
From FIGURE 14 (a), we observe: • When 1/γ is less than 2 and 1/τ is fixed, ''C_inf'' increases and ''C_ope'' decreases slowly with the increasing 1/γ . And ''C_dro'' decreases and plays a dominant role in decreasing TCO with the increasing 1/γ . The reason is that with the increasing 1/γ , the SEAF entity is less prone to failure, which leads to the number of authentication requests being dropped decreases, i.e., ''C_dro'' decreases. But the margin of ''C_dro'' decrease is greater than that of ''C_inf'' increase. Therefore, TCO decreases with the increasing 1/γ .
• When 1/γ is more than 2 and 1/τ is fixed, ''C_ope'' decreases slowly and ''C_dro'' decreases with the increasing 1/γ . And ''C_inf'' increases and plays a dominant role in increasing TCO with the increasing 1/γ . The reason is that the margin of ''C_inf'' increase is greater than that of ''C_dro'' decrease. So TCO increases with the increasing 1/γ . From FIGURE 14 (b), we observe: • When 1/γ is less than 3 and 1/τ is fixed, ''C_inf'' increases with the increasing1/γ . And ''C_dro'' and ''C_ope'' also decrease and play a dominant role in decreasing TCO with the increasing1/γ . The reason is that the failure rate decreases when 1/γ increases. Then, the SEAF entity is less prone to failure, which leads to the number of authentication requests being dropped decreases. Thus, the drop cost and operation cost decrease. But the margin of ''C_dro'' and ''C_ope'' decrease is greater than that of ''C_inf'' increase. Therefore, TCO decreases with the increasing 1/γ .

2) EFFECT OF FAILURE DETECTION RATE (δ) AND RECOVERY RATE (τ )
The parameter settings are the same as in Section IV-A-2). We set L = 700 hours under two policies. shows that the TCO increases with both the increase of 1/δ and 1/τ no matter which policy is applied. We first explain the reason of non-backup policy by using FIGURE 16(a) of 1/δ = 1 sec. From FIGURE 16(a), we can observe that with the increasing 1/τ , ''C_inf'' is unchanged and ''C_ope'' and ''C_dro'' increase. The reason is that, with the increasing 1/τ , the time from the failure state of the SEAF entity to its healthy state increases. Hence, ''C_ope'' increases. The time from the state of failure occurrence to healthy state increases, which leads to the number of authentication requests being dropped increases, i.e., ''C_dro'' increases. Therefore, TCO increases with the increasing 1/τ . Now we explain the results of backup policy by using FIGURE 16(b) of 1/δ = 1 sec. From FIGURE 16(b), we can observe that with the increasing 1/τ , ''C_inf'' is unchanged and ''C_ope'' increases. And ''C_dro'' increases slowly with the increasing 1/τ . The reason is that there are two SEAF entities in backup policy. With the increasing 1/τ , the number of authentication requests being dropped increases slowly. So ''C_dro'' increases slowly. Therefore, TCO increases with the increasing 1/τ .

V. CONCLUSION AND FUTURE WORK
This paper explores analytical modeling approaches to quantitatively analyze the dependability of 5G-AKA authentication service. We first present the availability models under non-backup and backup policies, respectively. Then we present the methods for computing DPM and service's first restoration time from failure. Finally, we discuss the TCO, including infrastructure cost, power consumption and cooling cost, operation cost and drop cost. Extensive numerical analyses are applied to illustrate the impact of various parameters on DPM, the first restoration time and TCO. This paper assumes that all time intervals are exponentially distributed. Future work will relax this assumption and explore the semi-Markov process that the time intervals follow general distributions in order to make the models better capture the operational details of the 5G-AKA authentication services when facing the service failure. In addition, recover policy can affect the authentication service availability. We plan to consider the recovery policy in our model. Finally, we will extend our model to the simultaneous failure of multiple entities.

THE FIRST RESTORATION TIME OF AUTHENTICATION SERVICE FROM FAILURE 3) NON-BACKUP POLICY
We can get k = 0 according to the first restoration time for state 0. Based on Eq. (23) and r i t i→k = 1 + j∈S no_ba ,j =i r i,j · t j→k , i = k [27], where i ∈ S no_ba = {0, 1, 2} and r i = l∈S no_ba r i,l .

4) BACKUP POLICY
We can get k = 0 according to the first restoration time for state 0. Based on Eq. (25) and r i t i→k = 1 + j∈S ba ,j =i r i,j · t j→k , i = k [27], where i ∈ S ba = {0, 1, 2, · · · , 6} and r i = l∈S ba r i,l .