Mohsin Khan,Philip Ginzboorg,Kimmo Järvinen,Valtteri Niemi

DOI: https://doi.org/10.48550/arXiv.1811.02293

2018-11-06

Cryptography and Security

Abstract:3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.

Namin Hou,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603286

2024-01-01

Abstract:The advancement of Fifth-Generation (5G) technology has greatly enriched individuals' access to a broad array of convenient services, offering significant benefits in mobile communications, autonomous driving, smart homes, and the Internet of Things. However, with the increase in the number of network access devices, large and frequent data interactions have brought potential security risks to wireless networks, which are related to user privacy security, traffic safety, and even social security. Malicious intrusions targeting wireless communications have resulted in significant disruptions and incurred substantial losses. Presently, user identities in wireless communications rely on software-based data identifiers, which can be forged easily. This paper proposes a hardware-level device authentication mechanism that uses the intrinsic hardware characteristics of the transmitter (shown as impairments in the radio signal of the transmission link) for identity authentication. The resulting fingerprint is naturally distinctive and highly resistant to counterfeiting attempts. We use 5 devices across different models and 10 devices of the same model for experimental evaluation. Then we apply machine learning algorithms to construct a fingerprint database and device authentication, achieving an average of 82.4% precision, 89.9% recall, and 85.9% F1-score, which can help to safeguard the security of 5G communication.

John Preuß Mattsson,Prajwol Kumar Nakarmi

DOI: https://doi.org/10.1145/3465481.3470076

2021-08-17

Abstract:IMSI catchers have been a long standing and serious privacy problem in pre-5G mobile networks. To tackle this, 3GPP introduced the Subscription Concealed Identifier (SUCI) and other countermeasures in 5G. In this paper, we analyze the new SUCI mechanism and discover that it provides very poor anonymity when used with the variable length Network Specific Identifiers (NSI), which are part of the 5G standard. When applied to real-world name length data, we see that SUCI only provides 1-anonymity, meaning that individual subscribers can easily be identified and tracked. We strongly recommend 3GPP and GSMA to standardize and recommend the use of a padding mechanism for SUCI before variable length identifiers get more commonly used. We further show that the padding schemes, commonly used for network traffic, are not optimal for padding of identifiers based on real names. We propose a new improved padding scheme that achieves much less message expansion for a given k-anonymity.

Imran Memon,Ibrar Hussain,Rizwan Akhtar,Gencai Chen

DOI: https://doi.org/10.1007/s11277-015-2699-1

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:Past few years, the mobile technology and location based services have experienced a great increment in number of its users. The privacy issues related to these services are becoming main concerns because of the leakage of users' private information and contents. To prevent revelation of private information, many researchers have proposed several secure and authentication schemes which apply various technologies to provide integral security properties, such as symmetric encryption, digital signature, timestamp, etc. Unfortunately, some of these schemes still exhibit security and efficiency issues. In this research paper, we proposed an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme over the wireless system was attempted missing some system detail. We also proposed the prevent user private information and secure communication by asymmetric cryptography scheme. We solved the wireless communication problem in A3 algorithm such as eavesdropping and this problem solved by asymmetric cryptography scheme because of its robustness against this type of attack by providing mutual authentication make the system more secure. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited wireless system and thus availability for real implementation. According to our security analysis and performance, we can prove that our proposed asymmetric cryptography scheme is able to improve wireless communication system security and enhance efficiency in comparison to previous schemes.

Mohamed Abid,Songbo Song,Hassnaa Moustafa,Hossam Afifi

DOI: https://doi.org/10.48550/arXiv.1004.0762

2010-04-06

Abstract:Nowadays, the IP Multimedia Subsystem (IMS) is a promising research field. Many ongoing works related to the security and the performances of its employment are presented to the research community. Although, the security and data privacy aspects are very important in the IMS global objectives, they observe little attention so far. Secure access to multimedia services is based on SIP and HTTP digest on top of IMS architecture. The standard deploys AKA-MD5 for the terminal authentication. The third Generation Partnership Project (3GPP) provided Generic Bootstrapping Architecture (GBA) to authenticate the subscriber before accessing multimedia services over HTTP. In this paper, we propose a new IMS Service Authentication scheme using Identity Based cryptography (IBC). This new scheme will lead to better performances when there are simultaneous authentication requests using Identity-based Batch Verification. We analyzed the security of our new protocol and we presented a performance evaluation of its cryptographic operations

Cryptography and Security,Multimedia

Nardine Basta,Ming Ding,Muhammad Ikram,Mohamed Ali Kaafar

DOI: https://doi.org/10.48550/arXiv.2203.10673

2022-03-21

Abstract:Cooperative Intelligent Transportation Systems (C-ITS) enable communications between vehicles, road-side infrastructures, and road-users to improve users' safety and to efficiently manage traffic. Most, if not all, of the intelligent vehicles-to-everything (V2X) applications, often rely on continuous collection and sharing of sensitive information such as detailed location information which raises privacy concerns. In this light, a common approach to concealing the long-term identity of C-ITS vehicles is using multiple temporary identifiers, called pseudonyms. However, the legacy pseudonyms management approach is prone to linking attacks. The introduction of 5G network to V2X offers enhanced location accuracy, better clock synchronisation, improved modular service-based architecture, and enhanced security and privacy preservation controls. Motivated by the above enhancements, we study 5G-enabled pseudonyms for protecting vehicle identity privacy in C-ITS. We highlight the gaps in the current standards of pseudonyms management. We further provide recommendations regarding the pseudonyms management life-cycle.

Networking and Internet Architecture,Cryptography and Security

Varun Chandrasekaran,Fareeha Amjad,Ashlesh Sharma,Lakshminarayanan Subramanian

DOI: https://doi.org/10.48550/arXiv.1604.04667

2016-04-16

Abstract:The unique identities of every mobile user (phone number,IMSI) and device (IMEI) are far from secure and are increasingly vulnerable to a variety of network-level threats. The exceedingly high reliance on the weak SIM authentication layer does not present any notion of end-to-end security for mobile users. We propose the design and implementation of Secure Mobile Identities (SMI), a repetitive key-exchange protocol that uses this weak SIM authentication as a foundation to enable mobile users to establish stronger identity authenticity. The security guarantees of SMI are directly reliant on the mobility of users and are further enhanced by external trusted entities providing trusted location signatures (e.g. trusted GPS, NFC synchronization points). In this paper, we demonstrate the efficacy of our protocol using an implementation and analysis across standard mobility models.

Cryptography and Security,Networking and Internet Architecture

Guan-Hua Tu,Min-Yue Chen,Chunyi Peng,Sihan Wang,Jingwen Shi,Chi-Yu Li,Tian Xie,Man-Hsin Chen,Yiwen Hu

DOI: https://doi.org/10.1145/3636534.3649377

2024-05-29

Abstract:IMS (IP Multimedia Subsystem) is vital for delivering IP-based multimedia services in mobile networks. Despite constant upgrades by 3GPP over the past two decades to support heterogeneous radio access networks (e.g., 4G LTE, 5G NR, and Wi-Fi) and enhance IMS security, the focus has primarily been on cellular infrastructure. Consequently, IMS security measures on mobile equipment (ME), such as smartphones, lag behind rapid technological advancements. Our study reveals that mandated IMS security measures on ME fail to keep pace, resulting in new vulnerabilities and attack vectors, including denial of service (DoS) across all networks, named SMS source spoofing, and covert communications over Video-over-IMS attacks. All vulnerabilities and proof-of-concept attacks have been experimentally validated in operational 5G/4G networks across various phone models and network operators. Finally, we propose and prototype standard-compliant remedies for these vulnerabilities.

Computer Science,Engineering

V Mora-Afonso,Pino Caballero-Gil

DOI: https://doi.org/10.1007/978-3-319-01854-6_54

2022-08-13

Abstract:This work includes a review of two cases study of mobile applications that use Identity-Based Cryptography (IBC) to protect communications. It also describes a proposal of a new mobile application that combines the use of IBC for Wi-Fi or Bluetooth communication between smartphones, with the promising Near Field Communication (NFC) technology for secure authentication. The proposed scheme involves NFC pairing to establish as public key a piece of information linked to the device, such as the phone number, so that this information is then used in an IBC scheme for peer-to-peer communication. This is a work in progress, so the implementation of a prototype based on smartphones is still being improved.

Cryptography and Security

Animesh Agarwal,Vaibhav Shrimali,Manik Lal Das

DOI: https://doi.org/10.48550/arXiv.0911.0727

2009-11-04

Cryptography and Security

Abstract:Current security model in Global System for Mobile Communications (GSM) predominantly use symmetric key cryptography. The rapid advancement of Internet technology facilitates online trading, banking, downloading, emailing using resource-constrained handheld devices such as personal digital assistants and cell phones. However, these applications require more security than the present GSM supports. Consequently, a careful design of GSM security using both symmetric and asymmetric key cryptography would make GSM security more adaptable in security intensive applications. This paper presents a secure and efficient protocol for GSM security using identity based cryptography. The salient features of the proposed protocol are (i) authenticated key exchange; (ii) mutual authentication amongst communicating entities; and (iii) user anonymity. The security analysis of the protocol shows its strength against some known threats observed in conventional GSM security.

Liling Cao,Zhang Yu,Yuqing Liu,Shouqi Cao

DOI: https://doi.org/10.1109/access.2021.3080839

IF: 3.9

2021-01-01

IEEE Access

Abstract:Aiming at to avoid the drawbacks of the identity privacy protection scheme in Long Term Evolution-Wireless Local Area Network (LTE-WLAN) heterogeneous converged network proposed by the 3rd Generation Partnership Project (3GPP), an improved scheme based on identity index is proposed to achieve anonymity, untraceability and dynamic identity. Security analysis shows that our proposed scheme can prevent replay attack and man-in-the-middle attack for network layer authentication. The results of comparison with the related schemes show that security and efficiency of our proposed scheme is prior to some other existing ones with low computation cost and short time delay.

computer science, information systems,telecommunications,engineering, electrical & electronic

Karwan Mustafa Kareem

2024-05-02

Abstract:IMSI (International Mobile Subscriber Identity) catchers, also known as "Stingrays" or "cell site simulators," are rogue devices that pose a significant threat to cellular network security [1]. IMSI catchers can intercept and manipulate cellular communications, compromising the privacy and security of mobile devices and their users. With the advent of 4G and 5G networks, IMSI catchers have become more sophisticated and pose new challenges to cellular network security [2]. This paper provides an overview of the impact of IMSI catcher deployments on cellular network security in the context of 4G and 5G networks. It discusses the challenges posed by IMSI catchers, including the unauthorized collection of IMSI numbers, interception of communications, and potential misuse of subscriber information. It also highlights the potential consequences of IMSI catcher deployments, including the compromise of user privacy, financial fraud, and unauthorized surveillance. The paper further reviews the countermeasures that can be employed to mitigate the risks posed by IMSI catchers. These countermeasures include network-based solutions such as signal analysis, encryption, and authentication mechanisms, as well as user-based solutions such as mobile applications and device settings. The paper also discusses the limitations and effectiveness of these countermeasures in the context of 4G and 5G networks. Finally, the paper identifies research gaps and future directions for enhancing cellular network security against IMSI catchers in the era of 4G and 5G networks. This includes the need for improved encryption algorithms, authentication mechanisms, and detection techniques to effectively detect and prevent IMSI catcher deployments. The paper also emphasizes the importance of regulatory and policy measures to govern the deployment and use of IMSI catchers to protect user privacy and security.

Cryptography and Security

Xuqiu Chen,Wei Wang,Wei Gan,Yi Yang,Su Yuan,Meng Li

DOI: https://doi.org/10.1007/978-3-030-97774-0_10

2022-01-01

Abstract:With the rapid development of the power mobile Internet, traditional identity authentication and authentication modes still have identity information theft, are unable to prevent illegal behaviors of internal users, etc., which can no longer meet the security requirements of identity authentication in mobile Internet services. In response to this problem, this paper proposes a mobile terminal identity authentication method on the Identity-Based Cryptography (IBC). During registration, the user's voice is collected through the mobile terminal to establish an identity vector (i-vector) voiceprint model, and features are extracted and added to the identity mark to generate a user ID and a corresponding identity password system; during authentication, the legitimacy of the user is judged based on voice recognition to prevent illegal user intrusion, And then based on the identity password combined with the symmetric encryption algorithm AES to encrypt and decrypt data to achieve terminal identity authentication to resist common attacks in the mobile Internet. Finally, the experimental analysis shows that the method effectively improves the security of the power mobile Internet identity authentication process and has the advantages of low cost and high efficiency. In the power mobile Internet business scenario, this method greatly improves the identification ability of illegal users and the resistance to network malicious attacks.

Stig F. Mjølsnes,Ruxandra F. Olimid

DOI: https://doi.org/10.48550/arXiv.1702.04434

2017-02-15

Abstract:IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities (IMSIs) within an area or location within a few seconds of operation and then denies access of subscribers to the commercial network. Moreover, we demonstrate that these attack devices can be easily built and operated using readily available tools and equipment, and without any programming. We describe our experiments and procedures that are based on commercially available hardware and unmodified open source software.

Cryptography and Security

Zishuai Cheng,Mihai Ordean,Flavio Garcia,Baojiang Cui,Dominik Rys

DOI: https://doi.org/10.56553/popets-2023-0053

2023-04-01

Proceedings on Privacy Enhancing Technologies

Abstract:Voice over LTE (VoLTE) and Voice over NR (VoNR), are two similar technologies that have been widely deployed by operators to provide a better calling experience in LTE and 5G networks, respectively. The VoLTE/NR protocols rely on the security features of the underlying LTE/5G network to protect users' privacy such that nobody can monitor calls and learn details about call times, duration, and direction. In this paper, we introduce a new privacy attack which enables adversaries to analyse encrypted LTE/5G traffic and recover any VoLTE/NR call details. We achieve this by implementing a novel mobile-relay adversary which is able to remain undetected by using an improved physical layer parameter guessing procedure. This adversary facilitates the recovery of encrypted configuration messages exchanged between victim devices and the mobile network. We further propose an identity mapping method which enables our mobile-relay adversary to link a victim's network identifiers to the phone number efficiently, requiring a single VoLTE protocol message. We evaluate the real-world performance of our attacks using four modern commercial off-the-shelf phones and two representative, commercial network carriers. We collect over 60 hours of traffic between the phones and the mobile networks and execute 160 VoLTE calls, which we use to successfully identify patterns in the physical layer parameter allocation and in VoLTE traffic, respectively. Our real-world experiments show that our mobile-relay works as expected in all test cases, and the VoLTE activity logs recovered describe the actual communication with 100% accuracy. Finally, we show that we can link network identifiers such as International Mobile Subscriber Identities (IMSI), Subscriber Concealed Identifiers (SUCI) and/or Globally Unique Temporary Identifiers (GUTI) to phone numbers while remaining undetected by the victim.

English Else

Christina Pöpper,David Rupprecht,Merlin Chlosta,Thorsten Holz

DOI: https://doi.org/10.1145/3448300.3467826

2021-06-28

Abstract:In mobile networks, IMSI-Catchers identify and track users simply by requesting all users' permanent identities (IMSI) in range. The 5G standard attempts to fix this issue by encrypting the permanent identifier (now SUPI) and transmitting the SUCI. Since the encrypted SUCI is re-generated with an ephemeral key for each use, an attacker can no longer derive the user's identity. However, this scheme does not prevent all tracking and linking: if the identity of a user is already known, an attacker can probe users for that identity. We demonstrate a proof-of-concept 5G SUCI-Catcher attack in a 5G standalone network. Based on prior work on linkability through the Authentication and Key Agreement (AKA) procedure, we introduce an attack variant that enables practical, repeatable attacks. We capture encrypted SUCIs and use the AKA-procedure to link the encrypted identities between sessions. This answers Is user X present now? --- a typical scenario for IMSI-Catchers. We analyze the attack's scalability, discuss real-world applicability, and possible countermeasures by network operators.

Computer Science

Su, Li,Du, Haitao

DOI: https://doi.org/10.1007/s00500-023-09486-x

IF: 3.732

2024-01-11

Soft Computing

Abstract:The security context, generally stored in the universal subscriber identity module card or the baseband chip, is the critical information applied by the subscriber to access the 5G network during the fast authentication procedure. Once exposed or illegally used, the security context can be exploited to derive various keys for authentication and encryption. Despite its importance, challenges and questions still remain in the previous relevant research. To fill this gap, by adopting the security protocol verification tool ProVerif, we provide a comprehensive formal model of the fast authentication procedure based on the security context to analyze whether security goals can be met. Unfortunately, we uncover two vulnerabilities, including one never reported before. Our analysis shows that these vulnerabilities stem from fundamental design flaws in the cellular network protocol and thus apply to the 4G network. These vulnerabilities could be exploited to launch several attacks, including impersonation and eavesdropping. We have validated these attacks using 5 mobile phones from 5 different baseband manufacturers through experimentation in three mobile carriers. We find an insecure implementation of one of these phones, which exposed it to replay attacks. And we further discuss the security threats posed by the impersonation attack, such as location spoofing and one-tap authentication bypass, which is verified on 10 popular apps. We finally propose several countermeasures to eliminate these security issues. Actually, we have reported the novel vulnerability to the GSM Association and received a confirmation in the form of a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.

computer science, artificial intelligence, interdisciplinary applications

Mohammed Ramadan,Guohong Du,Fagen Li,Chun Xiang Xu

DOI: https://doi.org/10.14257/ijsia.2016.10.6.22

2016-01-01

International Journal of Security and Its Applications

Abstract:GSM system is widely used by hundreds of millions of people. In fact there is no encryption scheme provides the reasonable security level (user-to-user encryption), it's just provide the Air-interface encryption i.e. between the mobile station and the base station. Furthermore, there are other wireless links are vulnerable to attacks. It is therefore of great importance to provide reasonable security techniques to ensure the privacy of the mobile users especially circuit switching-based services, as well as prevent unauthorized use of the service. In this paper, a new approach is proposed to provide end-to-end encryption for the GSM system (EEE-GSM). This is achieved by using CL-PKC with some modifications and follow some assumptions in GSM system architecture in order to make the scheme compliant to the GSM cellular system. However, the proposed scheme not only efficient due to end-to-end security, but can also provide a secure system against IMSI catcher, man-in-the-middle, and replay attacks.

Yu Zheng,Dake He,Xiaohu Tang,Hongxia Wang

DOI: https://doi.org/10.1109/ICICS.2005.1689196

2005-01-01

Abstract:Future 4G mobile communication networks are expected to provide all IP-based services for heterogeneous wireless access technologies. Security service for mobile user as a major challenge in developing such 4G networks becomes more complicated to handle. Since the mobile equipment (ME) becomes ever more powerful but still remain open to possible attacks, the neglect of the security of ME in developing traditional security scheme for mobile networks will remain many risks in the coming 4G systems. In this paper we associate trusted computing (TC) with PKI to provide a considerable robust platform for user's access to sensitive service and data in the scenario of 4G systems. Then over the trusted mobile platform (TMP) we present an hybrid AKA (authentication and key agreement) and authorization scheme, in which password is in combination with fingerprint as well as public key to achieve mutual authentication among user/ME/USIM (universal subscriber identity module) and that among user/AN (accessed network)/HE (home environment). Compared with other AKA for future mobile networks and 3G AKA, our scheme with well scalability and acceptable efficiency is more robust and secure to resist potential attacks on/from ME and attacks in heterogeneous network infrastructure

V Mora-Afonso,Pino Caballero-Gil,Jezabel Molina-Gil

DOI: https://doi.org/10.48550/arXiv.2208.03541

2022-08-06

Cryptography and Security

Abstract:The rapid deployment of wireless technologies has given rise to the current situation where mobile phones and other wireless devices have become essential elements in all types of activities, including in the home. In particular, smartphones and laptops are used for wirelessly sharing photos and documents, playing games, browsing websites, and viewing multimedia, for example. This work describes a proposal for both desktop and mobile applications that use Identity-Based Cryptography (IBC) to protect communications between smart wireless devices in the home. It combines the use of IBC for Wi-Fi and Bluetooth communication, with the promising Near Field Communication (NFC) technology for secure authentication. The proposed scheme involves NFC pairing to establish as public key a piece of information linked to the device, such as a phone number or an IP address. In this way, such information can be then used in an IBC scheme for peer-to-peer communication. This is a work in progress, but preliminary implementations of prototypes on several mobile platforms have already produced promising results.