WANG Qi-hua,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.02.049

2005-01-01

Abstract:The GSM and GPRS system provides solutions to a few important aspects of security: subscriber authentication, subscriber identity confidentiality and confidentiality of voice and data over the radio path. An analysis of the security features provided in a GSM and GPRS network is given.

Ming-Feng Lee,Nigel P. Smart,Bogdan Warinschi,Gaven J. Watson

DOI: https://doi.org/10.1007/s10207-014-0231-3

2014-03-19

International Journal of Information Security

Abstract:The UMTS/LTE protocol for mobile phone networks has been designed to offer a limited form of anonymity for mobile phone users. In this paper, we quantify precisely what this limited form of anonymity actually provides via a formal security model. The model considers an execution where the home and roaming network providers are considered as one entity. We consider two forms of anonymity, one where the mobile stations under attack are statically selected before the execution, and a second where the adversary selects these stations adaptively. We prove that the UMTS/LTE protocol meets both of these security definitions. Our analysis requires new assumptions on the underlying keyed functions for UMTS, namely that a set of pseudorandom functions are “agile”. This assumption, while probably true, has not previously been brought to the fore.

computer science, information systems, theory & methods, software engineering

JIANG Rui,LI Jian-hua,PAN Li

DOI: https://doi.org/10.3321/j.issn:1006-2467.2006.05.019

2006-01-01

Abstract:The 3GPP(Third Generation Partnership Project) authentication and key agreement(AKA) was formally analyzed with the strand space model and authentication tests.It was pointed out that the 3GPP AKA has two security shortages on secrecy and authentication when applied in the insecure chanoel,and two attacks were given.Then,an improved 3GPP authentication and key agreement was proposed to overcome the two security shortages.Finally,the improved protocol was formally analyzed with the strand space model and the authentication tests,and was proven to ensure the secrecy,the mutual authentication between the mobile subscriber and the visiting network, and the recency of the cipher key and integrity key in the insecure channel.

David Basin,Jannik Dreier,Lucca Hirschi,Saša Radomirović,Ralf Sasse,Vincent Stettler

DOI: https://doi.org/10.48550/arXiv.1806.10360

2018-06-27

Cryptography and Security

Abstract:Mobile communication networks connect much of the world's population. The security of users' calls, SMSs, and mobile data depends on the guarantees provided by the Authenticated Key Exchange protocols used. For the next-generation network (5G), the 3GPP group has standardized the 5G AKA protocol for this purpose. We provide the first comprehensive formal model of a protocol from the AKA family: 5G AKA. We also extract precise requirements from the 3GPP standards defining 5G and we identify missing security goals. Using the security protocol verification tool Tamarin, we conduct a full, systematic, security evaluation of the model with respect to the 5G security goals. Our automated analysis identifies the minimal security assumptions required for each security goal and we find that some critical security goals are not met, except under additional assumptions missing from the standard. Finally, we make explicit recommendations with provably secure fixes for the attacks and weaknesses we found.

Yubo Song,Xili Hu,Zhiling Lan

DOI: https://doi.org/10.1109/MINES.2011.153

2011-11-04

Abstract:For the individual privacy protection, the GSM system transmits the IMSI or TMSI number over the air instead of the phone number which will leak the identity of the users. The MSC, HLR/VLR will translate the IMSI/TMSI to the phone number in the core network. This paper proposed an idea about catching the GSM/UMTS Phone Number over the air by man-in-the-middle attack. The GSM/UMTS phone number catcher proposed in this paper was implemented on a pseudo base station with a mobile terminal which can transmit any frames we wanted. While the legal terminals are trying to access, the phone number catcher will relay all its frame to the operator's network and try to break the shared authentication key Ki. Then the system will get the phone number by pretending the legal terminal to call a designated phone. We will analyze the GSM protocol which is relevant to the phone number catcher and later present the performance of such a system by real tests and demonstrate its feasibility.

Engineering,Computer Science

Xinxin Liu,Shaohua Tang

DOI: https://doi.org/10.1109/CIS.2008.114

2008-01-01

Abstract:We present the formalization of a recent electronic voting scheme using GSM mobile technology (GVS) in the applied pi calculus and analyze its privacy property. A refined threat model considering notonly the attacks from outsiders but also from the insiders and the collusion between them, is defined to represent the hostile voting environment, in which the privacy property is analyzed.

Qiong Pu,Jian Wang,Shuhua Wu

DOI: https://doi.org/10.1504/ijahuc.2013.052345

2013-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:User privacy is a notable security issue in wireless communications support roaming. However, the mobile authentication schemes existing in the literature cannot achieve this goal in an efficient way. In this paper, we propose a novel lightweight authentication scheme with anonymity and unlinkability for roaming service in large-scale wireless networks. Moreover, we formally analyse our proposed scheme with the BAN-logic and show that it can withstand the several possible attacks.

Su, Li,Du, Haitao

DOI: https://doi.org/10.1007/s00500-023-09486-x

IF: 3.732

2024-01-11

Soft Computing

Abstract:The security context, generally stored in the universal subscriber identity module card or the baseband chip, is the critical information applied by the subscriber to access the 5G network during the fast authentication procedure. Once exposed or illegally used, the security context can be exploited to derive various keys for authentication and encryption. Despite its importance, challenges and questions still remain in the previous relevant research. To fill this gap, by adopting the security protocol verification tool ProVerif, we provide a comprehensive formal model of the fast authentication procedure based on the security context to analyze whether security goals can be met. Unfortunately, we uncover two vulnerabilities, including one never reported before. Our analysis shows that these vulnerabilities stem from fundamental design flaws in the cellular network protocol and thus apply to the 4G network. These vulnerabilities could be exploited to launch several attacks, including impersonation and eavesdropping. We have validated these attacks using 5 mobile phones from 5 different baseband manufacturers through experimentation in three mobile carriers. We find an insecure implementation of one of these phones, which exposed it to replay attacks. And we further discuss the security threats posed by the impersonation attack, such as location spoofing and one-tap authentication bypass, which is verified on 10 popular apps. We finally propose several countermeasures to eliminate these security issues. Actually, we have reported the novel vulnerability to the GSM Association and received a confirmation in the form of a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.

computer science, artificial intelligence, interdisciplinary applications

Chi-Chun Lo,Yu-Jen Chen

DOI: https://doi.org/10.1109/30.809184

1999-01-01

IEEE Transactions on Consumer Electronics

Abstract:With the advance of wireless communications technology, mobile communications has become more convenient than ever. However, because of the openness of wireless communications, the protection of the privacy between communicating parties is becoming a very important issue. We focus on the security of the Global System for Mobile communication (GSM) networks. A secure communication architecture for the GSM network is proposed. In the proposed architecture, we use public-key cryptography for user authentication and stream cipher for message encryption and decryption. An authentication protocol and a key generation method are presented in conjunction with the proposed architecture. Cryptanalysis and operational analysis show that the authentication protocol is secure and efficient. Simulation results indicate that the key generation method can always produce key strings of evenly distributed 0s and 1s and with infinite period.

telecommunications,engineering, electrical & electronic

Caixia Liu,Xinsheng Ji,Jiangxing Wu,Xiao Qin

DOI: https://doi.org/10.1007/s11432-017-9428-6

2018-01-01

Science China Information Sciences

Abstract:>Dear editor,Several studies have recently reported on major vulnerabilities in the Signaling System No.7 (SS7)used in mobile networks [1, 2]. The reported vulnerabilities and security issues would lead to the illegal acquisition and tampering of mobile communication user data, known as cellphone user data. The cellphone user data contain important information such as identity identification, location identification, security parameter-set. Due to

L Min,B Hai,ZJ Feng

DOI: https://doi.org/10.1109/tencon.2002.1180245

2002-01-01

Abstract:The security architecture and mechanism of 3rd generation mobile communication are discussed in this paper. Five UMTS security features are given. Then the security architecture is introduced. We analyzed the basic network access security mechanism and give the flow description regarding to the signalling procedure. For the integrity protection and data confidentiality, the corresponding algorithm is also discussed.

Mohamed Amine Ferrag,Leandros Maglaras,Antonios Argyriou,Dimitrios Kosmanos,Helge Janicke

DOI: https://doi.org/10.48550/arXiv.1708.04027

2017-08-14

Abstract:This paper presents a comprehensive survey of existing authentication and privacy-preserving schemes for 4G and 5G cellular networks. We start by providing an overview of existing surveys that deal with 4G and 5G communications, applications, standardization, and security. Then, we give a classification of threat models in 4G and 5G cellular networks in four categories, including, attacks against privacy, attacks against integrity, attacks against availability, and attacks against authentication. We also provide a classification of countermeasures into three types of categories, including, cryptography methods, humans factors, and intrusion detection methods. The countermeasures and informal and formal security analysis techniques used by the authentication and privacy preserving schemes are summarized in form of tables. Based on the categorization of the authentication and privacy models, we classify these schemes in seven types, including, handover authentication with privacy, mutual authentication with privacy, RFID authentication with privacy, deniable authentication with privacy, authentication with mutual anonymity, authentication and key agreement with privacy, and three-factor authentication with privacy. In addition, we provide a taxonomy and comparison of authentication and privacy-preserving schemes for 4G and 5G cellular networks in form of tables. Based on the current survey, several recommendations for further research are discussed at the end of this paper.

Cryptography and Security

Zhiwei Cui,Baojiang Cui,Li Su,Haitao Du,Hongxin Wang,Junsong Fu

2023-03-20

Abstract:The security context used in 5G authentication is generated during the Authentication and Key Agreement (AKA) procedure and stored in both the user equipment (UE) and the network sides for the subsequent fast registration procedure. Given its importance, it is imperative to formally analyze the security mechanism of the security context. The security context in the UE can be stored in the Universal Subscriber Identity Module (USIM) card or in the baseband chip. In this work, we present a comprehensive and formal verification of the fast registration procedure based on the security context under the two scenarios in ProVerif. Our analysis identifies two vulnerabilities, including one that has not been reported before. Specifically, the security context stored in the USIM card can be read illegally, and the validity checking mechanism of the security context in the baseband chip can be bypassed. Moreover, these vulnerabilities also apply to 4G networks. As a consequence, an attacker can exploit these vulnerabilities to register to the network with the victim's identity and then launch other attacks, including one-tap authentication bypass leading to privacy disclosure, location spoofing, etc. To ensure that these attacks are indeed realizable in practice, we have responsibly confirmed them through experimentation in three operators. Our analysis reveals that these vulnerabilities stem from design flaws of the standard and unsafe practices by operators. We finally propose several potential countermeasures to prevent these attacks. We have reported our findings to the GSMA and received a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.

Cryptography and Security

Norbert Ludant,Marinos Vomvas,Guevara Noubir

DOI: https://doi.org/10.48550/arXiv.2403.06717

2024-03-11

Abstract:Over the years, several security vulnerabilities in the 3GPP cellular systems have been demonstrated in the literature. Most studies focus on higher layers of the cellular radio stack, such as the RRC and NAS, which are cryptographically protected. However, lower layers of the stack, such as PHY and MAC, are not as thoroughly studied, even though they are neither encrypted nor integrity protected. Furthermore, the latest releases of 5G significantly increased the number of low-layer control messages and procedures. The complexity of the cellular standards and the high degree of cross-layer operations, makes reasoning about security non-trivial, and requires a systematic analysis. We study the control procedures carried by each physical channel, and find that current cellular systems are susceptible to several new passive attacks due to information leakage, and active attacks by injecting MAC and PHY messages. For instance, we find that beamforming information leakage enables fingerprinting-based localization and tracking of users. We identify active attacks that reduce the users' throughput by disabling RF front ends at the UE, disrupt user communications by tricking other connected UEs into acting as jammers, or stealthily disconnect an active user. We evaluate our attacks against COTS UEs in various scenarios and demonstrate their practicality by measuring current operators' configurations across three countries. Our results show that an attacker can, among other things, localize users with an accuracy of 20 meters 96% of the time, track users' moving paths with a probability of 90%, reduce throughput by more than 95% within 2 seconds (by spoofing a 39 bits DCI), and disconnect users.

Cryptography and Security

Yang Liu,Andrew Simpson

DOI: https://doi.org/10.1007/978-3-319-47072-6_7

2016-01-01

Abstract:Targeted Mobile Advertising (TMA) has emerged as a significant driver of the Internet economy. TMA gives rise to interesting challenges: there is a need to balance privacy and utility; there is a need to guarantee that applications' access to resources is appropriate; and there is a need to ensure that the targeting of ads is effective. As many authors have argued, formal models are ideal vehicles for reasoning about privacy, as well as for reasoning about the relationship between privacy and utility. To this end, we describe how the formal notation Z has been used to develop formal models to underpin a prototype privacy-preserving TMA system. We give consideration to how formal models can help in underpinning the prototype system, in analysing privacy in the context of targeted mobile advertising, and in allowing users to specify control of their personal information.

Ali Elouafiq

DOI: https://doi.org/10.48550/arXiv.1204.1651

2012-04-07

Abstract:Mobile communication touches every aspect of our life, it become one of the major dependencies that the 21st Century civilizations rely on. Thereby, security is a major issue that should be targeted by communication technologies. In this paper we will target authentication and encryption in GSM and 3G/UMTS. In order to understand clearly how things work, we will start by presenting the architecture of each network, its major components, its authentication algorithms, protocols used, and KASUMI Block Cipher.

Cryptography and Security,Networking and Internet Architecture

Abu Shohel Ahmed,Aleksi Peltonen,Mohit Sethi,Tuomas Aura

2023-08-23

Abstract:Remote SIM provisioning (RSP) for consumer devices is the protocol specified by the GSM Association for downloading SIM profiles into a secure element in a mobile device. The process is commonly known as eSIM, and it is expected to replace removable SIM cards. The security of the protocol is critical because the profile includes the credentials with which the mobile device will authenticate to the mobile network. In this paper, we present a formal security analysis of the consumer RSP protocol. We model the multi-party protocol in applied pi calculus, define formal security goals, and verify them in ProVerif. The analysis shows that the consumer RSP protocol protects against a network adversary when all the intended participants are honest. However, we also model the protocol in realistic partial compromise scenarios where the adversary controls a legitimate participant or communication channel. The security failures in the partial compromise scenarios reveal weaknesses in the protocol design. The most important observation is that the security of RSP depends unnecessarily on it being encapsulated in a TLS tunnel. Also, the lack of pre-established identifiers means that a compromised download server anywhere in the world or a compromised secure element can be used for attacks against RSP between honest participants. Additionally, the lack of reliable methods for verifying user intent can lead to serious security failures. Based on the findings, we recommend practical improvements to RSP implementations, future versions of the specification, and mobile operator processes to increase the robustness of eSIM security.

Cryptography and Security

Habiba Farzand,Melvin Abraham,Stephen Brewster,Mohamed Khamis,Karola Marky

DOI: https://doi.org/10.1080/10447318.2024.2361519

IF: 4.92

2024-06-14

International Journal of Human-Computer Interaction

Abstract:Mobile phones are most likely the subject of targeted attacks, such as software exploits. The resources needed to carry out such attacks are becoming increasingly available and, hence, easily executable, putting users' privacy at risk. We conducted a systematic literature analysis to understand the relationship between resources and attack feasibility and present a categorisation of social engineering and side-channel attacks on mobile phones focusing on the resources attackers require. Our proposed categorisation levels facilitate an in-depth understanding of how mobile phone attacks can be executed using different combinations of partly simple resources. The analysis reveals that discrete protection mechanisms are insufficient to provide all-inclusive protection. The proposed categorisation assists in building novel solutions for safeguarding users' privacy from diverse attacks by carefully considering the potential misuse of resources. We conclude by outlining future research directions highlighting the urgent need for a holistic user defense.

computer science, cybernetics,ergonomics

Marco Pistoia

DOI: https://doi.org/10.1145/2810103.2812703

2015-10-12

Abstract:Program analysis has become an essential tool to verify the correctness of programs before these are deployed to end users' computers and devices. Detecting security problems in today's mobile applications by just relying on manual code inspection is unrealistic. Testing is also limited because there is often no guarantee that all the possible paths of execution of an application are tested under all the possible inputs, and so false negatives may arise. Static analysis is a very promising solution but suffers from the dual problem of false positives. A combination of static and dynamic analysis mitigates the disadvantages that arise when static and dynamic analysis are executed individually and is, therefore, the recommended solution to detect and correct application-level cyber security attacks in mobile applications. This tutorial presents both static and dynamic analysis approaches to enforce privacy of mobile applications, and includes a hands-on lab that teaches the audience how to use create a static-analysis solution that verifies the integrity and confidentiality of the data managed by the program itself.

Behzad Abdolmaleki,Karim Baghery,Shahram Khazaei,Mohammad Reza Aref

DOI: https://doi.org/10.1007/s11277-017-4145-z

IF: 2.017

2017-04-29

Wireless Personal Communications

Abstract:Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed recently. For privacy analysis, we use the well-known RFID formal privacy model proposed by Ouafi and Phan. We show that all the studied protocols have some privacy drawbacks, making them vulnerable to various traceability attacks. Moreover, in order to overcome all the reported weaknesses and prevent the presented attacks, we apply some modifications in the structures of the studied protocols and propose an improved version of each one. Our analyses show that the modified protocols are more efficient than their previous versions and new modifications can omit all the existing weaknesses on the analyzed protocols. Finally, we compare the modified protocols with some new-found RFID authentication protocols in the terms of security and privacy.

telecommunications