New Privacy Issues in Mobile Telephony: Fix and Verification
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
New Privacy Issues in Mobile Telephony:
Fix and Verification
Myrto Arapinis, Loretta Mancini, Nico Golde, Kevin Redon,
Eike Ritter, Mark Ryan Ravishankar Borgaonkar
University of Birmingham Technische Universität Berlin and
School of Computer Science Deutsche Telekom Laboratories
Birmingham, UK Berlin, DE
m.d.arapinis, l.mancini, e.ritter, nico, kredon,
m.d.ryan@cs.bham.ac.uk ravii@sec.t-labs.tu-berlin.de
ABSTRACT cols have been designed to prevent third parties, eavesdrop-
Mobile telephony equipment is daily carried by billions of ping on the radio link, from identifying wireless messages as
subscribers everywhere they go. Avoiding linkability of sub- coming from a particular mobile phone. Therefore, mobile
scribers by third parties, and protecting the privacy of those phones identify themselves, whenever possible, by means of
subscribers is one of the goals of mobile telecommunication temporary identifiers (TMSIs) instead of using their long
protocols. We use formal methods to model and analyse the term unique identities (IMSIs). Temporary identities are
security properties of 3G protocols. We expose two novel periodically updated by the network. To avoid linkability,
threats to the user privacy in 3G telephony systems, which the assignment of a new temporary identity is encrypted us-
make it possible to trace and identify mobile telephony sub- ing a session key established through the 3G Authentication
scribers, and we demonstrate the feasibility of a low cost and Key Agreement (AKA) protocol.
implementation of these attacks. We propose fixes to these When 3G protocols were first introduced in 1999, ac-
privacy issues, which also take into account and solve other tive attack scenarios were a remote possibility because of
privacy attacks known from the literature. We successfully the high cost of the equipment required, the closedness of
prove that our privacy-friendly fixes satisfy the desired un- the hardware design and the lack of open source imple-
linkability and anonymity properties using the automatic mentations of the protocol stack. This scenario has re-
verification tool ProVerif. cently changed. Cheap base stations [19] can be produced by
programming USRP (Universal Software Radio Peripheral)
boards [21]. These lower the cost of producing radio devices
Categories and Subject Descriptors thanks to software emulation of specialized functions once
D.2.4 [Software Program Verification]: Formal Methods
executed by expensive hardware. The increasing popular-
ity of USRPs led for example to a cheap implementation of
General Terms fake base station attacks on GSM (Global System for Mo-
Verification, Security bile Communication) [31], which were considered sufficiently
costly to prevent wide-scale attacks. Shorter range base sta-
Keywords tions, available at affordable prices, have been targeted as
Unlinkability, Anonymity, ProVerif, Mobile Telephony well by open source developers (e.g. openBSC project [33]),
security researchers [23]. Certain old mobile phones based on
the Ti Calypso GSM baseband chips, can be reprogrammed
1. INTRODUCTION by flashing an open source version of the protocol stack (de-
While most mobile phone users accept that the network veloped by the osmocom-BB project [34]). These new devel-
operator can track their geographical movements, few would opments open at the same time the way for the exploration
be happy if an arbitrary third party could do so. Such a of new uses of mobile telephony technology [1, 30] and for
possibility would enable all kinds of undesirable behaviour, the exploitation of its weaknesses [20, 23, 31, 29], making
ranging from criminal stalking and harassment to more mun- active attack scenarios an increasingly likely reality.
dane monitoring of spouse or employee movements, as well Hence, we believe active attackers should now be consid-
as profiling for commercial and advertisement purposes. For ered when analysing mobile systems in order to obtain con-
this reason, 3G (Third Generation) mobile phone proto- vincing and reliable results on their security. From this per-
spective we present a formal analysis of the 3G subscribers
privacy. We expose two novel threats and we demonstrate
that these threats can lead to real implementations which
make use of cheap equipment. Furthermore, we propose pri-
vacy friendly fixes to thwart the detected privacy issues and
we formally verify that our fixes achieve the desired privacy
goals.
CCS’12, October 16–18, 2012, Raleigh, North Carolina, USA. Our Contributions. Linkability of transactions has been
identified and often reported by the media as an impor- In order to achieve these two privacy-related properties,
tant threat for user privacy [14, 17, 24] though it has been 3G (and GSM) relies on the use of temporary identities TM-
overlooked so far by most of the existing studies of mobile SIs (Temporary Mobile Subscriber Identities) for identifying
telecommunication protocols which instead focus on confi- and paging mobile phones (more precisely mobile stations,
dentiality and authentication requirements (Section 2.2). In MSs) instead of using their long-term identities IMSIs (In-
this paper, we present the first formal analysis of 3G proto- ternational Mobile Subscriber Identities). Indeed, the eaves-
cols w.r.t. privacy of mobile phone users from third party at- dropping of the IMSI in plaintext communications would
tackers and in particular w.r.t. unlinkability and anonymity allow the identification of mobile telephony users by third
of 3G subscribers. For our analysis we use automated formal parties. Moreover, the 3G standard requires periodic up-
methods. The use of formal methods allows us to: (i) pre- dates of the temporary identity, to avoid the traceability of
cisely and unambiguously define the desired privacy prop- a mobile station by third parties. New temporary identi-
erties in terms of third-party strong anonymity and strong ties are periodically assigned by the network through the
unlinkability; (ii) identify new vulnerabilities with respect TMSI reallocation procedure. The newly assigned TMSI is
to subscriber privacy thanks to a rigorous specification of encrypted using a session key which is established by exe-
the protocols and of the analysed properties. cuting the 3G Authentication and Key Agreement protocol
However, the currently available automated tools are still (AKA). The 3G AKA protocol allows MS and network to
quite limited and cannot straightforwardly be used to ver- achieve mutual authentication and establish a pair of shared
ify unlinkability and anonymity properties [11]. Here we de- session keys, namely a ciphering key and an integrity key.
velop ways to model the protocols and the desired properties These keys are used to ensure the secrecy and integrity of
as biprocesses in order to use the ProVerif tool on our 3G the subsequent communications.
case study. The automatic verification with the ProVerif
tool allows us to: (i) verify strong unlinkability and strong 2.2 Related Work
anonymity. To the best of our knowledge, it is the first
Known 3G Vulnerabilities. Three categories of attacks
time these definitions of privacy properties have been suc-
on mobile telephony systems have been described in the past.
cessfully used for verification using an automated tool; (ii)
IMSI Catcher. The identification procedure, consisting
verify that the fixes we propose do preserve the privacy of
in the request of the user identity by the network followed
the mobile phone users from third parties in terms of un-
by a cleartext reply containing the user identity, is acknowl-
linkability and anonymity; (iii) automatically verify privacy
edged in the 3G standard as a breach of the user identity
properties expressed as equivalence relations between sys-
confidentiality [6, p. 19, s. 6.2]. This procedure is exploited
tems consisting of an unbounded number of agents execut-
by the well-known “IMSI catcher” attack, which is the best
ing an unbounded number of sessions;(iv) obtain a higher
known attack to mobile telephony users’ privacy. It consists
level of confidence in the resulting proofs than the ones pro-
in forcing a mobile phone to reveal its identity (IMSI) [22, 32]
vided by more error-prone manual techniques. With our
by triggering the identification procedure from a fake oper-
method ProVerif successfully detects the privacy vulnera-
ator base station (configured with the corresponding mobile
bilities (described in Section 3) and also successfully proves
network and country code settings). Until fairly recently,
that the fixed protocols (presented in Section 5) satisfy both
implementing an IMSI catcher required specialised software
unlinkability and anonymity (Section 6).
and equipment such as base stations. However, such devices
Moreover, we demonstrate how these vulnerabilities can
have become more and more affordable thanks to software
lead to practical attacks, by implementing them in real 3G
emulation [31]. To the best of our knowledge the only imple-
networks in Germany (Vodafone, O2, T-Mobile) and in France
mentation of a 3G IMSI catcher is the one presented in [23]
(SFR) (Section 4).
and is realised using a modified femtocell.
3G/GSM-interoperability. Previously proposed attacks
2. BACKGROUND AND RELATED WORK on 3G security exploit the vulnerabilities which are propa-
Third Generation telecommunications systems (3G) is a gated from GSM to 3G when providing interoperability be-
mobile telephony standard specified and maintained by the tween the two systems. Most of the reported attacks of this
Third Generation Partnership Project (3GPP). It was in- kind take advantage of well-known weaknesses of the GSM
troduced in 1999, with the birth of UMTS, to offer better authentication and key agreement protocol, such as the lack
support for mobile data applications, increased data rates of mutual authentication and the use of weak encryption.
and to lower costs of mobile data communications. Fur- These attacks allow an active attacker to violate the user
thermore, 3G offers an improved security architecture with identity confidentiality, to eavesdrop on outbound commu-
respect to previous mobile telecommunication systems such nications [28] and to masquerade as a legitimate subscriber
as GSM (Global System for Mobile Communication). obtaining services which will be billed on the victim’s ac-
count [10]. However, these attacks cannot be carried out
2.1 3G Security Requirements on pure 3G networks, which are the scope of our analysis,
3G aims to provide authentication, confidentiality of data because they rely on the lack of mutual authentication in
and voice communication, as well as user privacy [6]. In par- GSM and on the possibility of downgrading the communi-
ticular, 3G privacy goals include the following [6]: cation from 3G to GSM.
User identity confidentiality: the property that the per- 3G specific. To the best of our knowledge, the only at-
manent user identity (IMSI) of a user to whom a service is tack that does not rely on GSM/3G interoperability has been
delivered cannot be eavesdropped on the radio access link; presented by Zhang and Fang in [36]. This attack is a vari-
User untraceability: the property that an intruder can- ant of the false base station attack and takes advantage of
not deduce whether different services are delivered to the the fact that the mobile station does not authenticate the
same user by eavesdropping on the radio access link. serving network. It allows the redirection of the victim’soutgoing traffic to a different network, for example a net-
work which uses a weaker encryption algorithm or one which MS Network
charges higher rates than the victim’s one. Zhang and Fang’s KIMSI , IMSI , TMSI KIMSI , IMSI
attack concerns impersonation, service theft and data con-
Pag Req, IMSI
fidentiality, while our work exhibits privacy issues arising in
3G. Pag Res, TMSI
Our work is based on the formal analysis of pure 3G proto-
cols. It relies on the study and modelling of the 3G standard
Figure 1: 3G IMSI Paging Procedure
and does not make assumptions about interoperability be-
tween GSM and 3G. We focus on subscriber privacy and
same considered in most of the previous work on GSM/3G
discover further breaches other than the ones caused by the
security [28, 10, 36].
identification procedure and the propagation of GSM weak-
In the rest of this paper, we consider a simplified network
nesses to 3G.
architecture. This architecture involves simply the mobile
stations and the network. The network models both the
Previous Formal Analysis The 3G AKA protocol in its
Base Station (BS) which directly communicates with the MS
pure form (i.e. with no GSM support) has been formally
on the radio link, and the complex structure of databases
proved to meet some of the specified security requirements [3],
and servers connected with it and forming the 3G control
such as authentication and confidentiality of data and voice
network. Hence, we abstract away from any communication
communication. However, privacy related properties such
within the network and model only communication between
as unlinkability and anonymity, which are the focus of our
mobile stations and the network. This abstraction allows us
work, are not analysed in [3]. The framework applied in [3]
to hide details which are uninteresting for the purposes of
cannot be used to specify unlinkability and anonymity prop-
our analysis and keep the models used for verification small,
erties, let alone reason about them. The formal framework
but at the same time precisely specify the interactions on
used in our paper allows us to precisely define and verify pri-
the air between MS and network, which are the subject of
vacy related properties. Hence, we can discover privacy at-
our analysis.
tacks on the modelled protocols and propose solutions which
are formally proved to satisfy the desired privacy properties.
3.1 IMSI Paging Attack
Other Work on 3G Privacy Enhancement A new frame- The paging procedure is used to locate a mobile station
work for authentication has been proposed to provide sub- in order to deliver a service to it, for example an incom-
scriber privacy with respect to the network [26]. In particu- ing call. Paging request messages are sent by the network
lar, the authors aim to achieve MSs anonymity with respect in all the location areas most recently visited by the mo-
to the serving network, and location privacy with respect to bile station in order to locate it and deliver a service to it.
the home network. To achieve this purpose, they propose The paging request message is sent on a Common Control
a new mechanism for the location update and a three way Channel (CCCH) and contains the identity of one or more
handshake protocol, to be used for authentication instead of mobile stations. The paging procedure is typically run using
the currently used 3G AKA protocol. However, unlike our the TMSI to identify a MS. However, the IMSI can be used
work, this work is not supported by a formal model of the when the TMSI is not known by the network. A mobile
AKA protocol, nor does it provide a formal verification of station receiving a paging request establishes a dedicated
the properties of the proposed protocols. Moreover, their channel to allow the delivery of the service and sends a pag-
attacker model considers the network as not fully trusted, ing response containing the most recently assigned TMSI
while we are only concerned about third party attackers con- (see Figure 1).
trolling the radio link communications. The possibility of triggering a paging request for a spe-
cific IMSI allows an attacker to check a specific area for the
presence of mobile stations of whom he knows the identity,
3. NOVEL PRIVACY THREATS and to correlate their IMSI and TMSI. As we will detail in
In this section we describe two breaches of privacy, which
Section 4.2, in a real setting, the link between the paged
expose a subscriber’s identity and allow an attacker capable
IMSI and the related TMSI would need to be confirmed by
of sending and receiving messages on the air to identify the
replaying the attack several times.
presence of a target mobile phone (MS) in a monitored area,
or even track its movements across a set of monitored ar-
eas. As we will see, the attacker does not need to know any 3.2 AKA Protocol Linkability Attack
keys, nor perform any cryptographic operation. This kind of The Authentication and Key Agreement (AKA) proto-
vulnerabilities usually look trivial once uncovered but often col achieves mutual authentication between a MS and the
remain unnoticed for long time, since they do not involve network, and establishes shared session keys to be used to se-
fancy cryptography but are caused by errors in the protocol cure the subsequent communications. The MS with identity
logic. IMSI and the network share a secret long-term key, KIMSI ,
As argued in Section 1 and as witnessed by the attacks assigned to the subscriber by the mobile operator and stored
implementation presented in Section 4, a convincing analysis in the USIM. The secret key allows the MS and the network
of 3G privacy and security should consider active attackers to compute shared ciphering and integrity session keys to be
instead of passive ones. For this reason, we assume that the used for encryption and integrity check of communications.
attacker has unlimited access to the radio link between the The 3G AKA protocol [6], shown in Figure 2, consists
mobile station and the base station. He can sniff, inject, in the exchange of two messages: the authentication request
replay, and modify messages. This attacker model is the and the authentication response. Before sending an authen-MS Network MS Attacker Network
KIMSI , IMSI , SQN M S KIMSI , IMSI , SQN N KIMSI , IMSI , SQN M S KIMSI , IMSI , SQN N
new RAND Auth Req, RAND, AUTN
AK ← f5KIMSI (RAND) Auth Resp, RES
MAC ← f1KIMSI (SQN N ||RAND)
AUTN ← (SQN N ⊕ AK)||MAC
save RAND, AUTN
Auth Req, RAND, AUTN
Auth Req, RAND, AUTN
AK ← f5KIMSI (RAND) Auth Resp, RES ′
XMSG||XMAC ← AUTN
XSQN ← XMSG ⊕ AK
MAC ← f1KIMSI (XSQN ||RAND) if RES ′ = Sync Fail
if MAC 6= XMAC then M Sv Found
then RES ← Mac Fail
elseif XSQN < SQN M S
then RES ← Sync Fail Figure 3: AKA Protocol Linkability Attack
else RES ← f2KIMSI (RAND)
Auth Resp, RES sends this response to the network.The network authenti-
cates the mobile station by verifying whether the received
CK ← f3KIMSI (RAND) if RES = f2KIMSI (RAND) response is equal to the expected one (RES = f2K (RAND)).
IK ← f4KIMSI (RAND) then CK ← f3KIMSI (RAND)
The authentication procedure can fail on the MS side either
IK ← f4KIMSI (RAND)
else if RES 6= f2KIMSI (RAND) because the MAC verification failed, or because the received
then Recover sequence number XSQN , is not in the correct range with
respect to the sequence number SQN M S stored in the mo-
Figure 2: 3G Authentication and Key Agreement bile station. In the former case, the mobile station sends
an authentication failure message indicating MAC failure
(Mac Fail) as the failure cause. In the latter case, the au-
tication request to the mobile station, the network computes thentication failure message indicates synchronisation fail-
the authentication data: a fresh random challenge RAND, ure (Sync Fail) as the failure cause. When a MAC failure
the authentication token AUTN , the expected authentica- occurs the network may initiate the identification procedure.
tion response f2K (RAND), the integrity key IK, and the en- When a synchronisation failure occurs the network performs
cryption key CK (see Figure 2). The functions f1, f2, f3, f4 re-synchronisation.
and f5, used to compute the authentication parameters, are To detect the presence of a victim mobile station M Sv , in
keyed cryptographic functions computed using the shared one of his monitored areas, an active attacker just needs to
key KIMSI [8]. The authentication function f1 is used to have previously intercepted one legitimate authentication re-
calculate the message authentication code MAC ; f2 is used quest message containing the pair (RAND, AUTN ) sent by
to produce the authentication response parameter RES ; the the network to M Sv . The captured authentication request
key generation functions, f3, f4 and f5 are used to gener- can now be replayed by the adversary each time he wants
ate the ciphering key CK, the integrity key IK and the to check the presence of M Sv in a particular area. In fact,
anonymity key AK, respectively. thanks to the error messages, the adversary can distinguish
The network always initiates the protocol by sending the any mobile station from the one the authentication request
authentication challenge RAND and the authentication to- was originally sent to. On reception of the replayed authenti-
ken AUTN to the mobile station. AUTN contains a MAC cation challenge and authentication token (RAND, AUTN ),
of the concatenation of the random number with a sequence the victim mobile station M Sv successfully verifies the MAC
number SQN N generated by the network using an individ- and sends a synchronisation failure message. However, the
ual counter for each subscriber. A new sequence number MAC verification fails when executed by any other mobile
is generated either by increment of the counter or through station, and as a result a MAC failure message is sent. The
time based algorithms as defined in [6]. The sequence num- implementation of few false BS would then allow an attacker
ber SQN N allows the mobile station to verify the freshness to trace the movements of a victim mobile station, resulting
of the authentication request to defend against replay at- in a breach of the subscriber’s untraceability. The proposed
tacks (see Figure 2). attack is shown in Figure 3.
The MS receives the authentication request, retrieves the
sequence number SQN N and then verifies the MAC (condi-
tion MAC = XMAC in Figure 2). This step ensures that 3.3 Formal Verification
the MAC was generated by the network using the shared While the paging procedure is obviously a breach of
key KIMSI , and thus that the authentication request was users’ privacy, the traceability attack on the AKA protocol is
intended for the mobile station with identity IMSI . The much more subtle. Indeed, the messages exchanged through
mobile station stores the greatest sequence number used this procedure contain neither the IMSI nor the TMSI of
for authentication, so far SQN M S . This value is used to the MS. So one could think that the AKA protocol provides
check the freshness of the authentication request (condition untraceability by construction. But we just saw that this is
XSQN < SQN M S in Figure 2). not the case. Only careful analysis w.r.t. precisely defined
The mobile station computes the ciphering key CK , the privacy requirements could reveal this flaw.
integrity key IK and the authentication response RES and We run the ProVerif tool on the IMSI paging procedureand on the AKA protocol 1 . Details of how unlinkability
and anonymity were defined using the ProVerif calculus are
given in Section 6. ProVerif fails to prove the unlinkability
and anonymity of the IMSI paging procedure and exhibits
actual attack traces. In the case of the AKA protocol, the
anonymity property is proved to hold, while the unlinkabil-
ity property verification fails. Although, the trace provided
by ProVerif is a false attack, it does give a hint of the real
Figure 4: Experimental Attack Setup
attack by highlighting the test of the MAC received from
the network as the source of the problem. The adoption of
formal verification tools during protocol design could have versa. The MS does not need any special GAN support, it
thus revealed design flaws. just connects to the femtocell in the same way as it connects
to a standard base station. The femtocell maps all Layer-3
4. THE ATTACKS IN PRACTICE radio signalling to TCP/IP based GAN messages and passes
In order to test the attacks presented in Section 3 in them to the GANC. Thus, it transparently encapsulates all
a deployed telecommunication network, we use a commer- traffic generated by the phone and the network.
cially available femtocell. Although, the particular femtocell
hardware is tied to the network operator SFR, the proposed
attacks are not. Indeed, we tested the attacks using mobile 4.2 Attack Procedure
phones registered to different operators, hence just using For the purpose of implementing our attacks (Section 3),
SFR as serving network. The authentication token AU T N we use a compromised femtocell like the one described in [23].
is still provided by the victim’s Home network. So by test- More specifically, we reproduce the hacking performed in [23]
ing our attacks on T-Mobile, O2, SFR, and Vodafone victim to gain root access of our femtocell and redirect the traffic
MSs, we establish that all these tested networks are vulner- to a Man in the Middle (MitM) GAN proxy, positioned be-
able to the attacks described above. However, we want to tween the femtocell and the GANC. We use this MitM GAN
stress here that our implementation has the only purpose of proxy as entry point for message injection. In particular, us-
showing the feasibility of our attacks and confirm that real ing the MitM GAN proxy we can inject messages into the
cellular networks follow the 3GPP standard specifications connection between the MNO and the femtocell. The fem-
and thus are vulnerable to the proposed attacks. The same tocell forwards these messages to the mobile phone, mak-
attacks could be mounted by appropriately programming a ing them appear as if legitimately delivered by the MNO.
USRP [21], which is a hardware device able to emit and To perform the attacks, we intercept, modify and inject
receive radio signals. In this case, one could obtain wider 3G Layer-3 messages into the communication from the base
range attack devices in order to monitor larger areas. station to the mobile phone in both directions, GANC-to-
femtocell and femtocell-to-GANC. We redirect all the traffic
4.1 Femtocell architecture between the femtocell and the GANC to our GAN proxy.
A femtocell is a device that acts as a small base station The GAN traffic is cleartext travelling over an IP Sec tun-
to enhance 3G coverage and connectivity, especially inside nel for which we own the key material, thanks to the initial
buildings with otherwise bad coverage. Its coverage radius rooting/hacking of the femtocell. Additionally, we devel-
ranges from 10 to 50 meters. It connects mobile phones to oped a set of applications which allow us to intercept, ma-
the network of the corresponding MNO (Mobile Network nipulate or insert selected messages, and distinguish differ-
Operator) using an existing wired Internet connection pro- ent types of GAN messages. This allows us, for example, to
vided by the femtocell user, not the operator. 3G femto- cache subscribers information used to perform the attacks.
cells, also called Home Node B (HNB) support most of the In particular, we store the random challenge RAND, the au-
functionalities provided by a typical 3G base station (Node thentication token AUTN , the TMSI and the IMSI of our
B), e.g. physical layer (radio signalling) functions. In ad- victim MS. This information is directly extracted from the
dition, the HNB establishes an authenticated secure tunnel traffic that is passed through the MitM GAN proxy.
over the Internet with the network of the operator. Using
this encrypted connection, the femtocell forwards all radio IMSI-Paging Procedure Attack To perform the IMSI
signalling and user-generated traffic to the GANC (GAN paging attack, our software crafts a paging message encod-
Controller), which is connected to the core network of the ing the necessary paging headers and parameters and a mo-
operator (refer to [7] for more details of the femtocell archi- bile station identity, i.e. one of the previously stored victim
tecture). IMSIs. The crafted paging request is then sent by the GAN
The communication between the femtocell and the GANC proxy to the femtocell. When the victim mobile phone re-
is based on the Generic Access Network (GAN) protocol. ceives the IMSI paging request, it readily answers with a
The GAN protocol, was originally designed to allow mobile paging response containing the victim’s TMSI. Thus, by in-
communication over Wi-Fi access points. The protocol was jecting a paging request, we can check whether a phone be-
standardised by MNOs in 2004 [25] and led to the GAN spec- longing to a designated victim is in the area covered by our
ification [4, 5] in 2005. This specification has been adopted device. In case of success, the phone generates the paging
and extended to be used in femtocell environments [35] . response, while a failed attempt generates no message. In
The femtocell uses this protocol to forward communication general, it is possible that more than one phone replies to
from a mobile station via the GANC to the network or vice a paging request during the same time slot. However, one
can repeat this procedure multiple times and correlate the
1
The ProVerif code is available online [2] timing and TMSI usage from the multiple replies as in [20].Figure 5: Successful Linkability-Attack
AKA Protocol attack To perform the AKA attack we re- inside the building could be tracked as well by placing addi-
play a given authentication message for a specific target for tional devices to cover different areas of the building. Sim-
which the GAN proxy cached the legitimate authentication ilarly, these attacks could be used to collect large amount
data, i.e. RAND, AUTN . This data is sent unencrypted of data on users’ movements in defined areas for profiling
on the radio link and could be captured with any equip- purposes, as an example of how mobile systems have al-
ment capable of sniffing the radio link. As soon as a dedi- ready been exploited in this direction is available in [1] If
cated channel is allocated to the MS, e.g. after being paged devices with wider area coverage than a femtocell are used,
or when initiating a phone call, our software crafts an au- the adversary should use triangulation to obtain finer posi-
thentication request Auth Req using the previously cached tion data.
RAND and AUTN , i.e. replays a previous request. This
request is encapsulated into a GAN message and sent to the
femtocell. The femtocell takes care of delivering the authen- 5. PRIVACY PRESERVING FIXES
tication request message on the dedicated channel assigned Despite the use of temporary identities to avoid link-
to the MS, as illustrated in Figure 4. The phone performs ability and to ensure anonymity of 3G subscribers, active
a validation of the authentication request and answers with attackers can rely on the paging procedure to break both
the authentication response. If the response to the replayed anonymity and unlinkability. Moreover, the AKA protocol
authentication is a Synchronisation Failure (Figure 5), then provides a way to trace 3G subscribers without the need
the MS on this dedicated channel is the victim’s phone, and to identify them in any way. As described in the previous
the victim is indeed in the femtocell area. Otherwise, the section, these two attacks on privacy can be implemented
attacker needs to inject the same message to the other mo- using cheap devices which are widely available. This shows
bile stations in his area in order to find out if the victim MS that the analysed procedures are a real threat for the users’
is present or not. privacy, and countermeasures should be promptly taken to
The 3G AKA protocol is performed at each new session provide an effectively privacy friendly mobile telephony sys-
in the femtocell setting, this makes the caching of the au- tem.
thentication parameters very easy. Though, we do not have In this section we propose a set of countermeasures in-
the tools to test if this applies when connecting to a typical volving symmetric and public key-based cryptography. The
Node B, we tested the 3G/GSM interoperability scenario public key infrastructure we propose is lightweight and easy
by using the Osmocom-BB software and we observed that to deploy because we only require one public/private key
in this setting the execution of the AKA protocol can be pair per mobile network operator, and none for the mo-
triggered by calling for example the victim mobile phone a bile stations. More generally, the solutions we present re-
given number of times (by hanging up within a short time quire only small changes to the current security architecture
window this activity can be made non detectable by the vic- and to the cryptographic functions currently used in 3G.
tim [20]). For instance, our experiments showed that the Hence we believe our solutions may be implemented in a
execution of the AKA protocol on the UK Vodafone net- cost-effective way, and thus could realistically be adopted
work can be triggered by calling six times the victim mobile by the telecommunication operators.
phone, and hanging up before it even rings. In addition to the solutions proposed to fix the IMSI
To illustrate the use of our attacks, consider an employer paging and the AKA protocol, in this section we give a pri-
interested in tracking one of his employee’s accesses to a vacy friendly version of the identification procedure to fix
building. He would first use the femtocell to sniff a valid au- the IMSI catcher attack. Indeed, the problem of privacy is
thentication request. This could happen in a different area a multilayer/multiprotocol problem [13] which requires all
than the monitored one. Then the employer would position protocols at all layers to satisfy the desired properties. Even
the device near the entrance of the building. Movements though, the analysis from the user privacy point of view of
the entire set of 3G protocols cannot be tackled in a singleMS Network MS Network
KIMSI , IMSI , SQNM S KIMSI , IMSI , SQNN KIM SI , IM SI, SQNM S , pbN KIM SI , IM SI, SQNN , pvN
new chall, rand new RAN D
U K ← fKIMSI (rand) AK ← f5KIM SI (RAN D)
M AC ← f1KIM SI (SQNN ||RAN D)
IMSI Pag Req, rand, AU T N ← (SQNN ⊕ AK)||M AC
{Page, IMSI , chall, SQNN }U K
Auth Req, RAN D, AU T N
U K ← fKIMSI (rand)
if SQNM S < SQNN
then RES ← IM SI P AG RES, chall AK ← f5KIM SI (RAN D)
else Discard XM SG||XM AC ← AU T N
XSQN ← XM SG ⊕ AK
IMSI Pag Res, chall M AC ← f1KIM SI (XSQN ||RAN D)
if M AC 6= XM AC or XSQN < SQNM S
then new rand
Figure 6: Paging Procedure Fix. The paging request is en- U K ← fKIMSI (rand)
crypted with the unlinkability key U K. RES ← Auth Fail,
′
{Fail, IM SI, rand, {synch, SQNM S }rU K }rpbN
else RES ← f2KIM SI (RAN D)
paper, we cannot ignore the best known privacy issue of mo-
Auth Resp, RES
bile telecommunication systems. For this reason, we include
a fixed version of the identification procedure in our privacy
CK ← f3KIM SI (RAN D) if RES = f2KIM SI (RAN D)
friendly solutions.
IK ← f4KIM SI (RAN D) then CK ← f3KIM SI (RAN D)
IK ← f4KIM SI (RAN D)
5.1 Lightweight Public Key Infrastructure else if RES = Auth Fail, x
then Recover
We propose the adoption of a lightweight public key in-
frastructure (PKI) providing each MNO with a private/public
key pair. The public key of a network provider can be stored Figure 7: The fixed AKA protocol. The error messages are
in the USIM. This public key makes it possible for a mo- encrypted using the network public key.
bile station to encrypt privacy related information such as
the IMSI, and deliver them to the network in a confiden-
tial manner. We do not require a public/private key pair the subscriber. To avoid this information leakage, the error
to be assigned to the mobile stations. The adoption of such messages sent in case of any type of failure should look in-
a lightweight PKI can also solve the problem exposed by distinguishable from an attacker’s point of view.
Zhang and Fang in [36] concerning the lack of serving net- Moreover, the 3G standard stipulates [6] different proce-
work authentication in the current infrastructure. dures to recover from each of the two kinds of failure, but this
is a source of additional information flow that can be used
to launch our privacy attack. In the solution we propose
5.2 Protecting the IMSI Paging Procedure we solve this problem since error recovery can be performed
To protect the paging procedure, we propose to encrypt within the network without the need to trigger further pro-
the paging request using a shared session key U K, which cedures on the air. Indeed, all the parameters needed for
we call unlinkability key. This key is generated by apply- error recovery are sent in the error message allowing the re-
ing a new one-way keyed function f to the long-term key covery procedure to be carried within the network.
KIMSI , and a random number rand contained in the paging The fixed version of the AKA protocol (Figure 7) carries
request. This key should be used for privacy preserving pur- on as specified by the standard, the network sends RAND,
poses only. Furthermore, we require the encrypted request AUTN and waits for a response. The response is RES =
message to include a random challenge chall and a sequence f2KIMSI (RAND), as in the standard, in case the checks of
number SQN . The network stores the random challenge MAC and sequence number are successful. If either of these
and checks it against the one sent by the MS in the paging checks fails, an error message is sent to the network. The
response (Figure 6). The aim of the SQN is to ensure fresh- failure message is now encrypted with the public key of the
ness of the paging request and avoid replay attacks. The network pbN , and contains a constant Fail, the IMSI, and
SQN should be handled in the same way as in the AKA the current sequence number SQN M S of the MS. The IMSI
protocol. A MS receiving a legitimate IMSI paging request sent encrypted in the error message allows the network to
should discard it if the SQN is not in the correct range. check the identity of the MS without triggering the iden-
The use of this procedure should still be kept minimal (pre- tification procedure. The current sequence number of the
ferring the paging with TMSI whenever possible) to avoid mobile station enables the network to perform resynchroni-
burdening the signalling communication with cryptographic sation with the Authentication Centre (AuC, the server stor-
operations. In fact, each MS has to decrypt and check all ing subscribers authentication data) of the operator of the
the received IMSI paging to determine if it is the recipient. mobile station, if needed. SQN M S is sent encrypted with the
unlinkability key (as defined in the fixed paging procedure)
5.3 Fixing the AKA Protocol in order to authenticate the error message to the Network
The AKA protocol is a threat for the unlinkability of as coming from the MS with permanent identity IMSI . The
3G subscribers because the error messages sent in case of Network can deduce the cause of the failure from the IMSI
authentication failure leak information about the identity of and SQNMS contained in the error message. Upon receipt ofHome Network can act as a certifying authority for the pub-
MS Network lic key of the different Serving Networks (see below). Thus,
KIMSI , IMSI , pbN KIMSI , IMSI , pvN the public key infrastructure is similar to that used on the
web, where corporations (not users) have certified keys.
Id Req, IMSI Req
Secondly, the computationally expensive public-key en-
Id Resp, {IMSI }rpbN cryption and decryption are required only for the identifi-
cation protocol and when the AKA-protocol fails. The exe-
cution of the identification and the IMSI paging procedures
Figure 8: Identification Procedure Fix. The identity response
is encrypted with the public key of the network. The r denotes should anyway be kept minimal according to the currently
randomised encryption. deployed standard. Moreover, failures during the execution
of the AKA-protocol rarely occur according to our experi-
this authentication failure message the action performed for ments. Hence, the computational overhead of the public-key
error recovery purposes should be the same regardless of the cryptography is not significant. Moreover, it is possible to
type of failure occurred. Indeed any difference in behaviour delegate the encryption and decryption to the mobile equip-
would be a source of additional information flows. ment, instead of executing them on the USIM. This would
not weaken the security properties of the 3G procedure, since
the mobile equipment in the current architecture has already
5.4 Protecting the Identification Procedure access to the IMSI, while the network public key is publicly
The identification procedure exposes the IMSI of a MS available information.
(the IMSI is sent in cleartext upon request by the network). For roaming purposes, each Home Network (HN) can act
Hence, it breaches both anonymity and unlinkability. Ac- as certifying authority of the Serving Network (SN) for its
cording to the standard, the use of the identification pro- own subscribers. The public key pbHN of the HN could be
cedure should be limited as much as possible, to avoid a stored in the USIM. At registration time with a SN, the MS
passive attacker overhearing the IMSI. However, the cost of would declare its HN, and the SN would provide the MS
devices allowing active attacks is constantly decreasing. As with its public key pbSN , together with a certificate from
a consequence, enhancing the protocol to protect the IMSI the mobile station’s HN (signskHN (pbSN )). Hence, a mobile
is vital to ensure privacy. station would only need to obtain a certified version of the
The fixed version of the identification procedure (Fig- SN’s public key, and verify it using its own network provider
ure 8) involves two messages: the first is sent by the network public key. This would provide, in a efficient way, the MS
to ask for the IMSI, the second, the identity response, is the with the necessary public keys to execute our fixed versions
randomised encryption of the IMSI of the mobile station us- of the protocols.
ing the public counterpart (pbN ) of the private key of the The introduction of cryptographic operations on the mo-
network operator (pvN ). bile equipment side could be a source of Denial of Service
(DoS) attacks aiming to consume the battery load of victim
mobile phones. To mitigate the effect of such attacks, the
5.5 Discussion of the Proposed Fixes mobile phone’s software could rate limit the phone’s willing-
While the fix we propose for the identification procedure
ness to respond to authentication, IMSI paging and identity
is intuitive and straightforward, this is not the case for the
request messages, so to guarantee a minimum battery life-
other two procedures. In particular, we take care of main-
time even in case of attempted DoS attacks. We have calcu-
taining the style of mobile telecommunication protocols and
lated that responding to such requests on average once per
at the same time ensuring privacy. We introduce the un-
minute would consume an additional one tenth of battery
linkability key, a new session key generated for privacy pur-
life.
poses, instead of using the long term key KIM SI (as in the
3G AKA), and make use of the sequence number SQN for
freshness purposes (this is needed to avoid user linkability 6. VERIFICATION
caused by replay attacks); We maintain the authentication Many deployed protocols have subsequently been found
flow of the AKA and modify only the way error messages are to be flawed [27, 18, 12, 16]. In this perspective and in
dealt with by including error recovery information inside the order to increase the confidence one can have in the solutions
error message (this avoids the triggering by the network of proposed at the previous section, we formally analyse our
diversified procedures in order to perform error recovery). proposed fixes w.r.t. privacy. We present the results of the
Our proposed fixes use public-key cryptography; intu- automatic verification of the privacy-friendly enhancement
itively, there is no way to avoid that, since if a mobile sta- discussed in Section 5. Table 1 summarises these results
tion’s TMSI is unknown to the serving network (hence the which apply for the protocols running both in parallel and
need to perform the identification procedure) then there is in isolation. We use the ProVerif tool [15] to verify the
no shared key by which they can communicate privately. unlinkability and anonymity properties of our fixes for the
The additional costs associated with deploying and using 3G procedures exposing the IMSI (identification and paging)
public-key cryptography are in fact small for the two follow- and the 3G AKA protocol. We use the formalisation of
ing reasons. privacy-related properties as given by Arapinis et al. in [11],
Firstly, only mobile telephony operators are required to namely strong unlinkability and strong anonymity.
have a public/private key pair. Neither subscribers, nor mo- Note that for verification purposes we use randomised
bile phone equipments nor USIMs need to have their own symmetric encryption to conceal the sequence number SQN
public/private key pair. The operator’s public key could be instead of using the exclusive-or. Indeed, even if the theory
stored in the USIM of the mobile station, as it is already allows to write a set of reduction rules to model the xor
the case for the IMSI and the long-term key KIM SI . The function, the ProVerif tool cannot deal with its algebraicproperties. The use of randomised encryption anyway would imsi, and long-term private key sk running along with the
achieve stronger properties with respect to the secrecy of the serving network, SN , can be modelled by the process:
sequence number, we hence recommend the adoption of this
modification in the standard protocol. S = new pvN ; let pbN = pub(pvN ) in
out(c, pbN ); !new sk; new imsi; !new sqn; (SN | MS).
6.1 ProVerif Calculus
We use the ProVerif calculus, which is similar to the The privacy related properties we verify are expressed
applied pi-calculus [9], to precisely model the privacy en- in terms of observational equivalence. Intuitively, two pro-
hancing solutions proposed in Section 5. It makes it possi- cesses P and Q are observationally equivalent denoted by
ble to automatically verify protocol models written in the P ≈ Q, if any interaction of P with the adversary, can be
language, using the ProVerif tool [15]. We introduce the matched with an interaction of Q (and vice versa, i.e. all
ProVerif calculus aiming to give a flavour of the verifica- interactions of Q can be matched by P ) and the same in-
tion process. The description of the calculus that we give put/output behaviour is observed.
here is not comprehensive (refer to [15] for a detailed pre- The ProVerif tool can prove diff-equivalence of bipro-
sentation). cesses, which implies observational equivalence. Biprocesses
Cryptographic primitives are modelled as functions and are pairs of processes which differ by some choice of terms,
messages are represented by terms built over an infinite set this choice is written choice[M, M ′ ]. For example, to test
of names a, b, c, . . . , an infinite set of variables x, y, z, . . . and if the processes out(c, a) and out(c,b) are equivalent,
a finite set of function symbols f1 . . . , fn . Function symbols one would check the following biprocess using ProVerif:
represent cryptographic primitives that can be applied to out(c, choice[a, b]).
messages. The effect of applying function symbols to terms
is described by a set of reduction rules. 6.2 Strong Unlinkability
Strong unlinkability is defined in [11] as follows. Let
Example 1. Using functions and reduction rules we can P = new ñ.(!R1 | · · · |!Rp ) be a p-party protocol where
define cryptographic functions, for example, let Σ={senc/3, ∀i ∈ {1, . . . , p}, Ri = new id.new m̃.initi .!(new s.maini ).
pub/1, aenc/3, f/2, f1/2, f2/2, f3/2, f4/2, f5/2}, For all i ∈ {1, . . . , p}, we build the protocol P Ri as follows:
and consider the reductions: reduc sdec(k, senc(k, m, r)) =
m and reduc adec(k, aenc(pub(k), m, r)) = m. Where, senc P Ri = new ñ.(!R1 | · · · |!Ri−1 |!Ri′′ |!Ri+1 | · · · |!Rp)
and aenc model, respectively, randomised symmetric and Ri′′ = new id.new m̃.initi .new s.maini .
asymmetric encryption and model the property that the
plaintext, m, can be retrieved from the cyphertext given P is said to preserve strong unlinkability of Ri if P ≈ P Ri .
the knowledge of the key k. Informally, this means that the adversary cannot distinguish
a situation where the role Ri was executed many times from
The syntax of ProVerif calculus processes is given by one in which it was executed at most once, i.e. he cannot
the following grammar: link two executions of the role Ri . Going back to our mobile
phone scenario, the strong unlinkability property holds when
P, Q, R ::= plain processes the situation where mobile stations access services multiple
0 null process times looks the same as the ideal situation where each mo-
P |Q parallel composition bile station accesses the services at most once, i.e. where
!P replication by construction unlinkability holds. Formally, we want the
new n; P name restriction process S, defined in Example 2, to be observationally equiv-
if M = N then P else Q conditional alent to the system SU N LIN K defined as follows:
let M = D in P else Q destructor application
in(M, x); P message input SU N LIN K = new pvN ; let pbN = pub(pvN ) in
out(M, N ); P message output out(c, pbN );
!new sk; new imsi; new sqn; (SN | MS).
We give here only the informal semantics of the calculus.
The null process does nothing. P | Q represents the parallel The absence of the replication before the new sqn construct
execution of P and Q. The replication !P of a process P means that in SU N LIN K each MS executes the protocol at
acts like the parallel execution of an unbounded number of most once. The above mentioned observational equivalence
copies of P . The name restriction new n; P creates a new can be verified with ProVerif, defining S and SU N LIN K as
name n whose scope is restricted to the process P and then the following biprocess PVU N LIN K , where sk1, sk2 are long
runs P . The message input in(M, x); P represents a process term keys and imsi1, imsi2 are long term identities:
ready to input from the channel M . The message output PVU N LIN K = new pvN ; let pbN = pub(pvN ) in
out(M, N ); P describes a process that sends a term N on the out(c, pbN );
channel M and then behaves like P . The let construct tries !new sk1; new imsi1;
to rewrite D and matches the result with M ; if this succeeds, !new sk2; new imsi2; new sqn;
then the variables in M are instantiated accordingly and P let (sk, imsi)=choice[(sk1, imsi1),(sk2, imsi2)]
is executed; otherwise Q is executed. The conditional checks in (SN | MS).
the equality of two terms M and N and then behaves as P
or Q accordingly. We will omit the else branch of a let or a We have that the left side of the choice represents a sys-
conditional when the process Q is 0. tem where a mobile station (with identity imsi1 and key
sk1) may execute the protocol many times, while the right
Example 2. Multiple mobile stations M S, with identity side represents a system where mobile stations execute theprotocol at most once (the identity imsi2 and the key sk2 Properties Identification Paging AKA
√ √ √
are always different and can be used at most once for the Unlinkability √ √ √
execution of the protocol). Hence, we reduce the problem of Anonymity
testing strong unlinkability to the diff-equivalence of a bipro- √
NA Not Applicable Proved to hold × Attack found
cess. ProVerif proves that the strong unlinkability property
is satisfied by our models of the fixes identification, paging Table 1: ProVerif Results on the Fixed Procedures
and AKA protocols as described in Section 5.
Properties Paging AKA
Unlinkability × ×
6.3 Strong Anonymity Anonymity ×
√
Strong Anonymity is defined in [11] as follows. Let P =
new ñ.(!R1 | · · · |!Rp ) be a p-party protocol where ∀ i ∈ √
NA Not Applicable Proved to hold × Attack found
{1, . . . , p}, Ri = new id.new m̃.initi .!(new s.maini ). For all
i ∈ {1, . . . , p}, we build the protocol P Ri as follows: Table 2: ProVerif Results on the current 3G Procedures
P Ri = new ñ.(!R1 | · · · |!Rp | RV ) and hence, although the above processes are observation-
RV = new m̃.initi {idV /id }.!(new s.maini {idV /id }). ally equivalent (P is executed regardless the result of the if
statement evaluation), they do not satisfy diff-equivalence.
Where the identity idV of the agent playing the role RV We are dealing with this issue in our code for the verifica-
is a public name not occurring in P . P is said to preserve tion at lines 4-5, 36, 73-74, 81, and 86-87 of the code in the
strong unlinkability of Ri if P ≈ P Ri . Informally, this means Appendix. As expected, the verification with the ProVerif
that the adversary cannot distinguish a situation where the tool fails to prove the anonymity of the 3G IMSI paging
role RV with known identity idV was executed from one in procedure and the unlinkability of both 3G IMSI paging
which it was not executed at all, i.e. he cannot breach the and AKA protocols (see Table 2) and finds counterexamples
anonymity of the agent with role RV . Going back to our showing that the two systems are distinguishable by the ad-
mobile phone scenario, strong anonymity requires a system versary. The modelling of unlinkability and anonymity into
in which a mobile station MSV with publicly known identity diff-equivalences we showed in this Section can in general be
IMSI V executes the protocol to be indistinguishable from a adopted for protocols which do not require an initialization
system in which the MSV is not present at all. Such a system phase preceding the main protocol procedure. Hence, our
obviously preserves IMSI V ’s anonymity. Formally, we want method is not specific for the analysed protocols, and shows
the system S, defined as in Example 2 to be observationally how to automatically verify unlinkability and anonymity on
equivalent to the system SV defined as follows: a wide class of protocols2 .
SV = new pvN ; let pbN = pub(pvN ) in
out(c, pbN ); 7. CONCLUSION
!new sk; new imsi; (!new sqn; (SN | MS)) The widely-deployed 3GPP 3G protocols aim to prevent
| new sk; !new sqn; (SN | MSV ). unauthorised parties (such as private organisations and in-
dividuals) from tracking the physical location of users by
In the system SV the mobile station MSV with publicly known
monitoring the signals from their mobile phone. Specifically,
identity imsiV can run the protocol. The mentioned ob-
the protocols use temporary identifiers and cryptography to
servational equivalence can be translated in the following
achieve this aim.
ProVerif biprocess PVAN ON , where imsiV , imsims are per-
We have shown that the protocols are vulnerable to new
manent mobile station identities:
privacy threats and that these threats lead to attacks that
free imsiV . can be mounted in practice at low cost. Currently, our
PVAN ON = new pvN ; let pbN = pub(pvN ) in demonstration relies on particular hardware/software using
out(c, pbN ); closed source implementation of the 3G protocol stack and
(!new sk; new imsi; radio signalling functions. We tested several networks of
(!new sqn; (MS | SN))) major operators (T-Mobile, O2, SFR, and Vodafone) and
| (new sk; new imsims ; demonstrated that these are vulnerable to our attacks.
let imsi=choice[imsiV , imsims ] in We used formal methods to show that the exposed pri-
!new sqn; (SN | MS)). vacy vulnerabilities could have been detected at design time,
We developed and verified lightweight solutions to avoid the
The left side of the choice represents a system where the mo- privacy vulnerabilities. The solutions we propose show that
bile station with public identity imsiV can run the protocol. privacy friendly measures could be adopted by the next gen-
Our fixes of the identification procedure, paging procedure eration of mobile telephony standards while keeping low the
and AKA protocol as described in Section 5 are proved by computational and economical cost of implementing them.
ProVerif to satisfy anonymity.
We took particular care in avoiding false attacks that Acknowledgement We are very grateful to Steve Babbage
could be reported by the tool due to its abstractions. Indeed, (Vodafone) for insightful comments, and are thankful to EP-
we formally define privacy properties through observational SRC for supporting this work through the projects Ver-
equivalence, however, ProVerif adopts a stronger equiv- ifying Interoperability Requirements in Pervasive Systems
alence relation called diff-equivalence. In particular, diff- (EP/F033540/1) and Analysing Security and Privacy Prop-
equivalence can distinguish between the execution of differ- erties (EP/H005501/1).
ent branches of a conditional statement even in the following
2
case: if a = a then P else P ≈ / diff if a = b then P else P The ProVerif code is available online [2]8. REFERENCES [19] D. Burgess et al. OpenBTS.
[1] http://www.pathintelligence.com. Path Intelligence http://openbts.sourceforge.net/.
Ltd. (2010) FootPath. [20] N. H. Denis Foo Kune, John Koelndorfer and Y. Kim.
[2] http://www.markryan.eu/research/UMTS/. Location leaks over the gsm air interface. In Annual
[3] 3GPP. Technical specification group services and Network & Distributed System Security Symposium,
system aspects; 3G security; formal analysis of the 3G NDSS, 2012.
authentication protocol (release 4). Technical Report [21] Ettus. USRP. http://www.ettus.com/products, 2009.
TR 33.902, V4.0.0, 3rd Generation Partnership [22] D. Fox. IMSI-Catcher. Datenschutz und
Project, 2001. Datensicherheit (DuD), 21:539–539, 1997.
[4] 3GPP. Generic Access Network (GAN); Mobile GAN [23] N. Golde, K. Redon, and R. Borgaonkar. Weaponizing
interface layer 3 specification. Technical Specification femtocells: The effect of rogue devices on mobile
TS 44.318 v9.2.0, 3rd Generation Partnership Project, telecommunications. In Annual Network & Distributed
2010. System Security Symposium, NDSS, 2012.
[5] 3GPP. Generic Access Network (GAN); Stage 2. [24] D. Goodin. Defects in e-passports allow real-time
Technical Specification TS 43.318 v9.0.0, 3rd tracking. The Register, 26th January 2010.
Generation Partnership Project, 2010. [25] Kineto Wireless Inc. official Unlicensed Mobile Access
[6] 3GPP. Technical specification group services and presentation webiste. http://www.smart-wi-fi.com/,
system aspects; 3G security; security architecture June 2010.
(release 9). Technical Report TS 33.102 V9.3.0, 3rd [26] G. Koien and V. Oleshchuk. Location privacy for
Generation Partnership Project, 2010. cellular systems; analysis and solution. In Privacy
[7] 3GPP. Security of Home Node B (HNB) / Home Enhancing Technologies Symposium, volume 3856,
evolved Node B (HeNB). Technical Specification TS 2006.
33.302 v11.2.0, 3rd Generation Partnership Project, [27] G. Lowe. Breaking and fixing the Needham-Schroeder
2011. public-key protocol using fdr. In Tools and Algorithms
[8] 3GPP. Technical specification group services and for the Construction and Analysis of Systems,
system aspects; 3G security; cryptographic algorithm TACAS, 1996.
requirements (release 10). Technical Report TS 33.105 [28] U. Meyer and S. Wetzel. A man-in-the-middle attack
V10.0.0, 3rd Generation Partnership Project, 2011. on UMTS. In ACM Workshop on Wireless Security,
[9] M. Abadi and C. Fournet. Mobile values, new names, WiSe, 2004.
and secure communication. In ACM [29] K. Nohl and S. Munaut. Wideband gsm sniffing.
SIGPLAN-SIGACT Symposium on Principles of http://events.ccc.de/congress/2010/Fahrplan/
Programming Languages, POPL, 2001. attachments/1783_101228.27C3.GSM-Sniffing.
[10] Z. Ahmadian, S. Salimi, and A. Salahi. New attacks Nohl_Munaut.pdf.
on UMTS network access. In Conference on Wireless [30] openBSC Project. GSM Network at 28C3.
Telecommunications Symposium, WTS’09, 2009. http://events.ccc.de/congress/2011/wiki/GSM#
[11] M. Arapinis, T. Chothia, E. Ritter, and M. Ryan. GSM_Network_at_28C3, December 2011.
Analysing unlinkability and anonymity using the [31] C. Paget. Practical cellphone spying. Def Con 18
applied pi calculus. In IEEE Computer Security Hacking Conference, 2010.
Foundations Symposium, CSF, 2010. [32] D. Strobel. IMSI Catcher, 2007. Seminar Work,
[12] A. Armando, R. Carbone, L. Compagna, J. Cuéllar, Ruhr-Universitat Bochum.
and M. L. Tobarra. Formal analysis of SAML 2.0 web [33] H. Welte, H. Freyther, D. Spaar, S. Schmidt,
browser single sign-on: breaking the SAML-based D. Willmann, J. Luebbe, T. Seiler, and A. Eversberg.
single sign-on for google apps. In ACM Workshop on OpenBSC. http://openbsc.osmocom.org.
Formal Methods in Security Engineering, FMSE, 2008. [34] H. Welte, S. Munaut, A. Eversberg, and other
[13] G. Avoine and P. Oechslin. RFID Traceability: A contributors. OsmocomBB. http://bb.osmocom.org.
Multilayer Problem. In Financial Cryptography, FC, [35] J. Zhang and G. de la Roche. Femtocells: Technologies
2005. and Deployment. John Wiley & Sons, Ltd, 2009.
[14] M. Barbaro and T. Zeller Jr. A face is exposed for [36] M. Zhang and Y. Fang. Security analysis and
AOL searcher no. 4417749. The New York Times, enhancements of 3GPP authentication and key
August 9, 2006. agreement protocol. IEEE Transactions on Wireless
[15] B. Blanchet. Proverif: Cryptographic protocol verifier Communications, 4(2):734–742, 2005.
in the formal model. http://www.proverif.ens.fr/.
[16] M. Bortolozzo, M. Centenaro, R. Focardi, and
G. Steel. Attacking and fixing PKCS#11 security
tokens. In ACM Conference on Computer and
Communications Security, CCS, 2010.
[17] C. Caldwell. A pass on privacy? The New York
Times, July 17, 2005.
[18] I. Cervesato, A. D. Jaggard, A. Scedrov, J.-K. Tsay,
and C. Walstad. Breaking and fixing public-key
kerberos. Inf. Comput., 206:402–424, February 2008.You can also read
