Yanjiao Chen,Jian Wang,Ruming Yin,Bo Liang

DOI: https://doi.org/10.1109/ICACTE.2010.5579435

2010-01-01

Abstract:In this paper, we have implemented a secure communication platform based on a new stream cipher called Gemstone which stems from coupled map lattices (CML), a nonlinear system of coupled chaotic maps. On the platform, we have realized duplex text, image and voice transmission. We have also analyzed the randomness of the keystream generated by the platform based on the statistical tests suggested by the National Institute of Standards and Technology (NIST). The test results are compared with other four stream ciphers'. Moreover, a series of experiments of duplex text, image and voice transmissions were made through university local network. Both the statistical test and the transmission experiments have shown that the platform is highly secure with fast encryption speed, which confirms that the Gemstone platform is promising for cryptographic applications.

WANG Qi-hua,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.02.049

2005-01-01

Abstract:The GSM and GPRS system provides solutions to a few important aspects of security: subscriber authentication, subscriber identity confidentiality and confidentiality of voice and data over the radio path. An analysis of the security features provided in a GSM and GPRS network is given.

M. Toorani,A. A. Beheshti

DOI: https://doi.org/10.1109/NGMAST.2008.88

2012-03-17

Abstract:Recently, the mobile industry has experienced an extreme increment in number of its users. The GSM network with the greatest worldwide number of users succumbs to several security vulnerabilities. Although some of its security problems are addressed in its upper generations, there are still many operators using 2G systems. This paper briefly presents the most important security flaws of the GSM network and its transport channels. It also provides some practical solutions to improve the security of currently available 2G systems.

Cryptography and Security,Networking and Internet Architecture

Chi-Chun Lo,Yu-Jen Chen

DOI: https://doi.org/10.1109/30.809184

1999-01-01

IEEE Transactions on Consumer Electronics

Abstract:With the advance of wireless communications technology, mobile communications has become more convenient than ever. However, because of the openness of wireless communications, the protection of the privacy between communicating parties is becoming a very important issue. We focus on the security of the Global System for Mobile communication (GSM) networks. A secure communication architecture for the GSM network is proposed. In the proposed architecture, we use public-key cryptography for user authentication and stream cipher for message encryption and decryption. An authentication protocol and a key generation method are presented in conjunction with the proposed architecture. Cryptanalysis and operational analysis show that the authentication protocol is secure and efficient. Simulation results indicate that the key generation method can always produce key strings of evenly distributed 0s and 1s and with infinite period.

telecommunications,engineering, electrical & electronic

Zheng Wu,Lin Ding,Zhengting Li,Xinhai Wang,Ziyu Guan

DOI: https://doi.org/10.1049/2024/6674019

2024-03-02

IET Information Security

Abstract:GEA-1, a proprietary stream cipher, was initially designed and used to protect against eavesdropping general packet radio service (GPRS) between the phone and the base station. Now, a variety of current mobile phones still support this standard cipher. In this paper, a structural weakness of the GEA-1 stream cipher that has not been found in previous works is discovered and analyzed. That is the probability that two different inputs of GEA-1 generate the identical keystream can be up to 2 − 7.30 , which is quite high compared with an ideal stream cipher that generates random sequences. Based on this newfound weakness, a new practical distinguishing attack on GEA-1 is proposed, which shows that the keystreams generated by GEA-1 are far from random and can be easily distinguished with a practical time cost. After then, a new practical key recovery attack on GEA-1 is presented. It has a time complexity of 2 21.02 GEA-1 encryptions and requires only seven related keys, which is much less than the existing related key attack on GEA-1. The experimental results show that GEA-1 can be broken within about 41.75 s on a common PC in the related key setting. These cryptanalytic results show that GEA-1 cannot provide enough security and should be immediately prohibited to be supported in the massive GPRS devices.

computer science, information systems, theory & methods

Animesh Agarwal,Vaibhav Shrimali,Manik Lal Das

DOI: https://doi.org/10.48550/arXiv.0911.0727

2009-11-04

Cryptography and Security

Abstract:Current security model in Global System for Mobile Communications (GSM) predominantly use symmetric key cryptography. The rapid advancement of Internet technology facilitates online trading, banking, downloading, emailing using resource-constrained handheld devices such as personal digital assistants and cell phones. However, these applications require more security than the present GSM supports. Consequently, a careful design of GSM security using both symmetric and asymmetric key cryptography would make GSM security more adaptable in security intensive applications. This paper presents a secure and efficient protocol for GSM security using identity based cryptography. The salient features of the proposed protocol are (i) authenticated key exchange; (ii) mutual authentication amongst communicating entities; and (iii) user anonymity. The security analysis of the protocol shows its strength against some known threats observed in conventional GSM security.

Steffen Klee,Alexandros Roussos,Max Maass,Matthias Hollick

DOI: https://doi.org/10.48550/arXiv.2008.03913

2020-08-10

Abstract:Near-Field Communication (NFC) is being used in a variety of security-critical applications, from access control to payment systems. However, NFC protocol analysis typically requires expensive or conspicuous dedicated hardware, or is severely limited on smartphones. In 2015, the NFCGate proof of concept aimed at solving this issue by providing capabilities for NFC analysis employing off-the-shelf Android smartphones. In this paper, we present an extended and improved NFC toolkit based on the functionally limited original open-source codebase. With in-flight traffic analysis and modification, relay, and replay features this toolkit turns an off-the-shelf smartphone into a powerful NFC research tool. To support the development of countermeasures against relay attacks, we investigate the latency incurred by NFCGate in different configurations. Our newly implemented features and improvements enable the case study of an award-winning, enterprise-level NFC lock from a well-known European lock vendor, which would otherwise require dedicated hardware. The analysis of the lock reveals several security issues, which were disclosed to the vendor.

Cryptography and Security

Zongyue Wang,Xiaoyang Dong,Keting Jia,Jingyuan Zhao

DOI: https://doi.org/10.1155/2014/251853

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:The confidentiality of GSM cellular telephony depends on the security of A5 family of cryptosystems. As an algorithm in this family survived from cryptanalysis, A5/3 is based on the block cipher KASUMI. This paper describes a novel differential fault attack on KAUSMI with a 64-bit key. Taking advantage of some mathematical observations on the FL, FO functions, and key schedule, only one 16-bit word fault is required to recover all information of the 64-bit key. The time complexity is only 2(32) encryptions. We have practically simulated the attack on a PC which takes only a few minutes to recover all the key bits. The simulation also experimentally verifies the correctness and complexity.

Jezabel Molina-Gil,Pino Caballero-Gil,Cándido Caballero-Gil,Amparo Fúster-Sabater

DOI: https://doi.org/10.48550/arXiv.2208.06593

2022-08-13

Cryptography and Security

Abstract:The fourth generation of cell phones, marketed as 4G/LTE (Long-Term Evolution) is being quickly adopted worldwide. Given the mobile and wireless nature of the involved communications, security is crucial. This paper includes both a theoretical study and a practical analysis of the SNOW 3G generator, included in such a standard for protecting confidentiality and integrity. From its implementation and performance evaluation in mobile devices, several conclusions about how to improve its efficiency are obtained.

Lee Jun Quan,Tan Jia Ye,Goh Geok Ling,Vivek Balachandran

2024-08-14

Abstract:This paper explores the use of Grover's Algorithm in the classical rainbow table, uncovering the potential of integrating quantum computing techniques with conventional cryptographic methods to develop a Quantum Rainbow Table Proof-of-Concept. This leverages on Quantum concepts and algorithms which includes the principle of qubit superposition, entanglement and teleportation, coupled with Grover's Algorithm to enable a more efficient search through the rainbow table. The paper also details on the hardware constraints and the work around to produce better results in the implementation stages. Through this work we develop a working prototype of quantum rainbow table and demonstrate how quantum computing could significantly improve the speed of cyber tools such as password crackers and thus impact the cyber security landscape.

Quantum Physics,Cryptography and Security

Jeffrey Knockel,Thomas Ristenpart,Jedidiah Crandall

DOI: https://doi.org/10.48550/arXiv.1802.03367

2018-02-09

Cryptography and Security

Abstract:We evaluate Tencent's QQ Browser, a popular mobile browser in China with hundreds of millions of users---including 16 million overseas, with respect to the threat model of a man-in-the-middle attacker with state actor capabilities. This is motivated by information in the Snowden revelations suggesting that another Chinese mobile browser, UC Browser, was being used to track users by Western nation-state adversaries. Among the many issues we found in QQ Browser that are presented in this paper, the use of "textbook RSA"---that is, RSA implemented as shown in textbooks, with no padding---is particularly interesting because it affords us the opportunity to contextualize existing research in breaking textbook RSA. We also present a novel attack on QQ Browser's use of textbook RSA that is distinguished from previous research by its simplicity. We emphasize that although QQ Browser's cryptography and our attacks on it are very simple, the impact is serious. Thus, research into how to break very poor cryptography (such as textbook RSA) has both pedagogical value and real-world impact.

Rajakumar Arul,Gunasekaran Raja,Ali Kashif Bashir,Junaid Chaudry,Amjad Ali

DOI: https://doi.org/10.48550/arXiv.1905.07607

2019-05-18

Networking and Internet Architecture

Abstract:The growing popularity of multimedia applications, pervasive connectivity, higher bandwidth, and euphoric technology penetration among the bulk of the human race that happens to be cellular technology users, has fueled the adaptation to Long Term Evolution (LTE)/ System Architecture Evolution (SAE). The LTE fulfills the resource demands of the next generation applications for now. We identify security issues in the authentication mechanism used in LTE that without countermeasures might give superuser rights to unauthorized users. The LTE uses static LTE Key (LTE-K) to derive the entire key hierarchy such as LTE follows Evolved Packet System-Authentication and Key Agreement (EPS-AKA) based authentication which discloses user identity, location, and other Personally Identifiable Information (PII). To counter this, we propose a public key cryptosystem named International mobile subscriber identity Protected Console Grid-based Authentication and Key Agreement (IPG-AKA) protocol to address the vulnerabilities related to weak key management. From the data obtained from threat modeling and simulation results, we claim that the IPG-AKA scheme not only improves the security of authentication procedures, it also shows improvements in authentication loads and reduction in key generation time. The empirical results and qualitative analysis presented in this paper proves that IPG-AKA improves security in authentication procedure and performance in the LTE.

Junrong Liu,Yu Yu,François-Xavier Standaert,Zheng Guo,Dawu Gu,Wei Sun,Yijie Ge,Xinjun Xie

DOI: https://doi.org/10.1007/978-3-319-24174-6_24

2015-01-01

Abstract:Side-channel attacks are an increasingly important concern for the security of cryptographic embedded devices, such as the SIM cards used in mobile phones. Previous works have exhibited such attacks against implementations of the 2G GSM algorithms (COMP-128, A5). In this paper, we show that they remain an important issue for USIM cards implementing the AES-based MILENAGE algorithm used in 3G/4G communications. In particular, we analyze instances of cards from a variety of operators and manufacturers, and describe successful Differential Power Analysis attacks that recover encryption keys and other secrets (needed to clone the USIM cards) within a few minutes. Further, we discuss the impact of the operator-defined secret parameters in MILENAGE on the difficulty to perform Differential Power Analysis, and show that they do not improve implementation security. Our results back up the observation that physical security issues raise long-term challenges that should be solved early in the development of cryptographic implementations, with adequate countermeasures.

Yubo Song,Kan Zhou,Xi Chen

DOI: https://doi.org/10.4304/jnw.7.2.275-281

2012-01-01

Abstract:The 2G GSM communication system only provides one-way authentication mechanism which just authenticate the identities of mobile users. As we know, this is not resistant to fake BTS attack. But for the huge cost for building a fake BTS before, this kind of attack were not really implemented before. This paper presents an implement of fake BTS based on software radio technologies. Furthermore, this paper discusses two types of fake BTS attacks on our software radio platform. The first attack is IMSI/IMEI catch attack, which can get the mobile phone’s IMSI and IMEI. With this information, attacker can got the track of the man with this phone. The second attack is selective jamming attack. After get the IMSI and IMEI of the mobile phone, the attackers can decide whether the mobile phone is blocked or not. We will analyze the GSM protocol which is relevant to the interception system and later present the performance of such a system by real tests and demonstrate its feasibility.

Stig F. Mjølsnes,Ruxandra F. Olimid

DOI: https://doi.org/10.48550/arXiv.1702.04434

2017-02-15

Abstract:IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities (IMSIs) within an area or location within a few seconds of operation and then denies access of subscribers to the commercial network. Moreover, we demonstrate that these attack devices can be easily built and operated using readily available tools and equipment, and without any programming. We describe our experiments and procedures that are based on commercially available hardware and unmodified open source software.

Cryptography and Security

Scott C. Forbes

DOI: https://doi.org/10.48550/arXiv.cs/0109112

2001-09-25

Abstract:Commercial cellular telecommunications networks are routinely used as key means of voice and data transport by both businesses and the Public. Despite advances in encryption and other security measures, these commercial cellular networks remain extremely vulnerable to malicious attacks and the loss of user and data privacy and integrity. Such losses can result not only in mere inconvenience, but in serious corporate and national security breaches. Because of the potentially catastrophic nature of such security breaches, it behooves cellular network operators, distributors, and users to explore these network risk areas and mitigate them to the extent that current resources allow.

Computers and Society

Ivan Palamà,Francesco Gringoli,Giuseppe Bianchi,Nicola Blefari-Melazzi

DOI: https://doi.org/10.1016/j.comnet.2021.108137

IF: 5.493

2021-07-01

Computer Networks

Abstract:IMSI catching attacks are a type of privacy threats designed to locate and track specific users by gathering their long-term identifiers, i.e., their International Mobile Subscriber Identity (IMSI). In order to understand how different mobile phone brands respond to different attack methods, this article makes a twofold contribution. We first address the feasibility and practicality of IMSI Catchers using off-the-shelf Software-Defined-Radio (SDR) platforms and two open source frameworks - OpenAirInterface and srsLTE. Second, we evaluate the behavior of different mobile phone brands/modems, when they are under attack. Specifically, we performed experiments on 26 4G devices and four more recent ones also supporting 5G. In each experiment we performed two different attack types, and we tested the attacks when using/not using a radio-frequency jammer specifically designed for our purposes. Our tests show that the sheer majority of the devices under test (also the last ones 3GPP Release 15 compliant) surrender even without any jamming. Finally, we have verified that network deployments have no impact — we repeated tests on four different operator's networks —, and we also developed a portable IMSI Catcher using a Raspberry Pi4 so as to test the attacks over early 5G Non Stand-Alone deployments we could find in our cities.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Norbert Ludant,Marinos Vomvas,Guevara Noubir

DOI: https://doi.org/10.48550/arXiv.2403.06717

2024-03-11

Abstract:Over the years, several security vulnerabilities in the 3GPP cellular systems have been demonstrated in the literature. Most studies focus on higher layers of the cellular radio stack, such as the RRC and NAS, which are cryptographically protected. However, lower layers of the stack, such as PHY and MAC, are not as thoroughly studied, even though they are neither encrypted nor integrity protected. Furthermore, the latest releases of 5G significantly increased the number of low-layer control messages and procedures. The complexity of the cellular standards and the high degree of cross-layer operations, makes reasoning about security non-trivial, and requires a systematic analysis. We study the control procedures carried by each physical channel, and find that current cellular systems are susceptible to several new passive attacks due to information leakage, and active attacks by injecting MAC and PHY messages. For instance, we find that beamforming information leakage enables fingerprinting-based localization and tracking of users. We identify active attacks that reduce the users' throughput by disabling RF front ends at the UE, disrupt user communications by tricking other connected UEs into acting as jammers, or stealthily disconnect an active user. We evaluate our attacks against COTS UEs in various scenarios and demonstrate their practicality by measuring current operators' configurations across three countries. Our results show that an attacker can, among other things, localize users with an accuracy of 20 meters 96% of the time, track users' moving paths with a probability of 90%, reduce throughput by more than 95% within 2 seconds (by spoofing a 39 bits DCI), and disconnect users.

Cryptography and Security

George Cosmin Stănică,Petre Anghelescu

DOI: https://doi.org/10.3390/electronics13132515

IF: 2.9

2024-06-27

Electronics

Abstract:The increasing reliance on telecommunication technologies across various domains has raised concerns surrounding data security and privacy during transmission. In response to these concerns, this study introduces a different approach to cryptographic algorithm construction, utilizing cellular automata (CA). The idea involves designing an encryption algorithm based on a specific class of one-dimensional CA, incorporating elementary evolution rules specifically constructed to establish a reversible system, thereby enhancing information preservation and security. The encryption process involves forward iteration of the system, while decryption employs backward iteration, both processes being based on the same rule. Classified as a symmetric key cryptosystem within the stream cipher framework, the proposed algorithm was implemented using a Field Programmable Gate Array (FPGA) device (XILINX Spartan3E) at the hardware-level, complemented by software applications developed using the C# programming language. Testing on the experimental findings was conducted to check the efficacy of the proposed algorithm in ensuring information security and randomness, confirming its viability for practical encryption applications.

engineering, electrical & electronic,physics, applied,computer science, information systems

Mohamad Saalim Wani,Michael Rademacher,Thorsten Horstmann,Mathias Kretschmer

DOI: https://doi.org/10.3390/jcp4010002

2024-01-02

Journal of Cybersecurity and Privacy

Abstract:5G networks, pivotal for our digital mobile societies, are transitioning from 4G to 5G Stand-Alone (SA) networks. However, during this transition, 5G Non-Stand-Alone (NSA) networks are widely used. This paper examines potential security vulnerabilities in 5G NSA networks. Through an extensive literature review, we identify known 4G attacks that can theoretically be applied to 5G NSA. We organize these attacks into a structured taxonomy. Our findings reveal that 5G NSA networks may offer a false sense of security, as most security and privacy improvements are concentrated in 5G SA networks. To underscore this concern, we implement three attacks with severe consequences and successfully validate them on various commercially available smartphones. Notably, one of these attacks, the IMSI Leak, consistently exposes user information with no apparent security mitigation in 5G NSA networks. This highlights the ease of tracking individuals on current 5G networks.

computer science, information systems, interdisciplinary applications, software engineering