Another Look at Privacy Threats in 3G Mobile Telephony

Khan, Muhammad Suleman; Mitchell, Chris J.

doi:10.1007/978-3-319-08344-5_25

Cited by 9 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper we focus on the (provable) privacy of AKA, but also consider its security. Three attacks in the literature, namely IMSI catcher attacks [8], IMSI paging attacks [13,27], and impersonation by servercorruption [20], already prove that AKA does not offer the desired degree of client privacy. IMSI catchers allow passive and active adversaries to track clients by exploiting the fact that during the protocol run, the server will require clients to send their permanent identifier IMSI if the TMSI value cannot be traced back to an IMSI.…”

Section: Introductionmentioning

confidence: 99%

“…As we show in this work, their variant does not in fact guarantee user untraceability. The attack we present breaks client-indistinguishability by exploiting the fact that an adversary can forge the encrypted IMSI message proposed by Arapinis et al In work orthogonal to ours, Khan et al [13] also critically examined the variant of [22], pointing out impracticalities and security/privacy failures. An important criticism addresses the PKI for clients and servers; as we explain below, in our own variant, we minimize the modifications both in terms of computation and administration costs.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Achieving Better Privacy for the 3GPP AKA Protocol

Fouque

Onete

Richard

2016

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

International audienceProposed by the 3rd Generation Partnership Project (3GPP) as a standard for 3G and 4G mobile-network communications, the AKA protocol is meant to provide a mutually-authenticated key-exchange between clients and associated network servers. As a result AKA must guarantee the indistinguishability from random of the session keys (key-indistinguishability), as well as client- and server-impersonation resistance. A paramount requirement is also that of client privacy, which 3GPP defines in terms of: user identity confidentiality, service untraceability, and location untraceability. Moreover, since servers are sometimes untrusted (in the case of roaming), the AKA protocol must also protect clients with respect to these third parties. Following the description of client-tracking attacks e.g. by using error messages or IMSI catchers, van den Broek et al. and respectively Arapinis et al. each proposed a new variant of AKA, addressing such problems. In this paper we use the approach of provable security to show that these variants still fail to guarantee the privacy of mobile clients. We propose an improvement of AKA, which retains most of its structure and respects practical necessities such as key-management, but which provably attains security with respect to servers and Man-in-the- Middle (MiM) adversaries. Moreover, it is impossible to link client sessions in the absence of client-corruptions. Finally, we prove that any variant of AKA retaining its mutual authentication specificities cannot achieve client-unlinkability in the presence of corruptions. In this sense, our proposed variant is optimal

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Achieving Better Privacy for the 3GPP AKA Protocol

Fouque

Onete

Richard

2016

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…The feasibility of implementing the solutions we propose to fix the identification procedure, IMSI paging procedure and AKA protocol in the current 2G/3G infrastructure is discussed in [60].…”

Section: Lte Privacymentioning

confidence: 99%

“…Indeed any difference in behaviour would be a source of additional information flows. Note that, as suggested in [60], simpler solutions such as not sending any error message or sending a constant error message are also possible. However, these solutions do not allow the network to perform neither resynchronization nor any other sort of error recovery procedure since no information on the cause of the failure is given to it.…”

Section: Fixes Of the Analysed Proceduresmentioning

confidence: 99%

Analysis of privacy in mobile telephony systems

Arapinis

Mancini

Ritter

et al. 2016

Int. J. Inf. Secur.

View full text Add to dashboard Cite

We present a thorough experimental and formal analysis of users' privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user's privacy. We also expose some protocol's vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.

show abstract

“…when registering with the network after switching on a phone. This user privacy issue has been discussed extensively in the literature [5,6,7,20,21,27,28], and many modifications to existing protocols have been proposed to avoid the problem [5,7,19,28]. All these proposals involve making major modifications to the air interface protocol, which would require changes to the operation of all the serving networks as well as all the deployed phones.…”

Section: Introductionmentioning

confidence: 99%

Improving Air Interface User Privacy in Mobile Telephony

Khan

Mitchell

2015

Security Standardisation Research

Self Cite

View full text Add to dashboard Cite

Although the security properties of 3G and 4G mobile networks have significantly improved by comparison with 2G (GSM), significant shortcomings remain with respect to user privacy. A number of possible modifications to 2G, 3G and 4G protocols have been proposed designed to provide greater user privacy; however, they all require significant modifications to existing deployed infrastructures, which are almost certainly impractical to achieve in practice. In this article we propose an approach which does not require any changes to the existing deployed network infrastructures or mobile devices, but offers improved user identity protection over the air interface. The proposed scheme makes use of multiple IMSIs for an individual USIM to offer a degree of pseudonymity for a user. The only changes required are to the operation of the authentication centre in the home network and to the USIM, and the scheme could be deployed immediately since it is completely transparent to the existing mobile telephony infrastructure. We present two different approaches to the use and management of multiple IMSIs.

show abstract

Another Look at Privacy Threats in 3G Mobile Telephony

Cited by 9 publications

References 7 publications

Achieving Better Privacy for the 3GPP AKA Protocol

Achieving Better Privacy for the 3GPP AKA Protocol

Analysis of privacy in mobile telephony systems

Improving Air Interface User Privacy in Mobile Telephony

Contact Info

Product

Resources

About