A man-in-the-middle attack on UMTS

Meyer, Ulrike; Wetzel, Susanne

doi:10.1145/1023646.1023662

Cited by 162 publications

(97 citation statements)

References 2 publications

(1 reference statement)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Avoiding the weaknesses in the UMTS security mechanism such as man-in-the-middle attacks, rogue base station attacks, and deny of service (DoS) attacks, The LTE security architecture makes better and more attractive the previous generations [11][12][13]. The expectations from the next generation mobile communication systems are to provide more security functionality than the UMTS systems in order To achieve a mutual authentication between the user equipment (UE) and the mobility management entity (MME) through the evolved-universal terrestrial radio access network (E-UTRAN).…”

Section: G-lte Securitymentioning

confidence: 99%

A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems

Ramadan

et al. 2016

Symmetry

View full text Add to dashboard Cite

Abstract:Mobile communication security techniques are employed to guard the communication between the network entities. Mobile communication cellular systems have become one of the most important communication systems in recent times and are used by millions of people around the world. Since the 1990s, considerable efforts have been taken to improve both the communication and security features of the mobile communications systems. However, these improvements divide the mobile communications field into different generations according to the communication and security techniques such as A3, A5 and A8 algorithms for 2G-GSM cellular system, 3G-authentication and key agreement (AKA), evolved packet system-authentication and key agreement (EPS-AKA), and long term evolution-authentication and key agreement (LTE-AKA) algorithms for 3rd generation partnership project (3GPP) systems. Furthermore, these generations have many vulnerabilities, and huge security work is involved to solve such problems. Some of them are in the field of the public key cryptography (PKC) which requires a high computational cost and more network flexibility to be achieved. As such, the public key infrastructure (PKI) is more compatible with the modern generations due to the superior communications features. This paper surveys the latest proposed works on the security of GSM, CDMA, and LTE cellular systems using PKI. Firstly, we present the security issues for each generation of mobile communication systems, then we study and analyze the latest proposed schemes and give some comparisons. Finally, we introduce some new directions for the future scope. This paper classifies the mobile communication security schemes according to the techniques used for each cellular system and covers some of the PKI-based security techniques such as authentication, key agreement, and privacy preserving.

show abstract

Section: G-lte Securitymentioning

confidence: 99%

A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems

Ramadan

et al. 2016

Symmetry

View full text Add to dashboard Cite

show abstract

“…Most of the reported attacks of this kind take advantage of well-known weaknesses of the GSM authentication and key agreement protocol, such as the lack of mutual authentication and the use of weak encryption. These attacks allow an active attacker to violate the user identity confidentiality, to eavesdrop on outbound communications [56] and to masquerade as a legitimate subscriber obtaining services which will be billed on the victim's account [44]. However, these attacks cannot be carried out on pure 3G networks, because they rely on the lack of mutual authentication in GSM and on the possibility of downgrading the communication from 3G to GSM.…”

Section: G Vulnerabilitiesmentioning

confidence: 99%

Analysis of privacy in mobile telephony systems

Arapinis

Mancini

Ritter

et al. 2016

Int. J. Inf. Secur.

View full text Add to dashboard Cite

We present a thorough experimental and formal analysis of users' privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user's privacy. We also expose some protocol's vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.

show abstract

“…For instance, whenever the UE visits a new MME and the new MME cannot acquire the IM SI of the UE from the old MME. Such a recovery mechanism provides an opening for a fake MME to compromise a subscribers IM SI [9]. -The SN, whose trustworthiness we question, has full knowledge about the IM SIs of all subscribers to whom it provides services.…”

Section: Identity Privacy Related Vulnerabilities In Eps-akamentioning

confidence: 99%

A New Trust Model for Improved Identity Privacy in Cellular Networks

Choudhury¹,

Roychoudhury²,

Saikia³

2012

IJCA

View full text Add to dashboard Cite

Cellular networks have evolved through various generations, starting with 1G, followed by 2G and then by 3G, cellular networks have come a long way. A recent technology that has marked the beginning of 4G is Long Term Evolution (LTE). While transmission technologies, authentication mechanisms, confidentiality protection, etc., improved significantly through the generations, not much has improved with regards to the subscriber's identity privacy, and LTE is no exception. Much of this could be due to the trust model adopted in these networks. Introduction of sensitive services like mobile-banking, mobile-commerce, etc., has increased the importance of identity privacy by many folds. Identification of threats like location tracking and comprehensive profiling -where data about movement, usage, etc., of a subscriber is amassed and linked to his/her identity to explore various attacks -is quite alarming. In this paper, we propose a new trust model for strengthening identity privacy in cellular networks; it has an additional capacity to enhance interoperability among different cellular operators. We also propose a security extension that adopts this trust model to improve identity privacy and interoperability in LTE. A formal analysis of the extension proves that it meets its security goals. General Terms:Wireless networks, Security and privacy

show abstract

A man-in-the-middle attack on UMTS

Cited by 162 publications

References 2 publications

A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems

A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems

Analysis of privacy in mobile telephony systems

A New Trust Model for Improved Identity Privacy in Cellular Networks

Contact Info

Product

Resources

About