New Privacy Issues in Mobile Telephony: Fix and Verification
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
New Privacy Issues in Mobile Telephony: Fix and Verification Myrto Arapinis, Loretta Mancini, Nico Golde, Kevin Redon, Eike Ritter, Mark Ryan Ravishankar Borgaonkar University of Birmingham Technische Universität Berlin and School of Computer Science Deutsche Telekom Laboratories Birmingham, UK Berlin, DE m.d.arapinis, l.mancini, e.ritter, nico, kredon, m.d.ryan@cs.bham.ac.uk ravii@sec.t-labs.tu-berlin.de ABSTRACT cols have been designed to prevent third parties, eavesdrop- Mobile telephony equipment is daily carried by billions of ping on the radio link, from identifying wireless messages as subscribers everywhere they go. Avoiding linkability of sub- coming from a particular mobile phone. Therefore, mobile scribers by third parties, and protecting the privacy of those phones identify themselves, whenever possible, by means of subscribers is one of the goals of mobile telecommunication temporary identifiers (TMSIs) instead of using their long protocols. We use formal methods to model and analyse the term unique identities (IMSIs). Temporary identities are security properties of 3G protocols. We expose two novel periodically updated by the network. To avoid linkability, threats to the user privacy in 3G telephony systems, which the assignment of a new temporary identity is encrypted us- make it possible to trace and identify mobile telephony sub- ing a session key established through the 3G Authentication scribers, and we demonstrate the feasibility of a low cost and Key Agreement (AKA) protocol. implementation of these attacks. We propose fixes to these When 3G protocols were first introduced in 1999, ac- privacy issues, which also take into account and solve other tive attack scenarios were a remote possibility because of privacy attacks known from the literature. We successfully the high cost of the equipment required, the closedness of prove that our privacy-friendly fixes satisfy the desired un- the hardware design and the lack of open source imple- linkability and anonymity properties using the automatic mentations of the protocol stack. This scenario has re- verification tool ProVerif. cently changed. Cheap base stations [19] can be produced by programming USRP (Universal Software Radio Peripheral) boards [21]. These lower the cost of producing radio devices Categories and Subject Descriptors thanks to software emulation of specialized functions once D.2.4 [Software Program Verification]: Formal Methods executed by expensive hardware. The increasing popular- ity of USRPs led for example to a cheap implementation of General Terms fake base station attacks on GSM (Global System for Mo- Verification, Security bile Communication) [31], which were considered sufficiently costly to prevent wide-scale attacks. Shorter range base sta- Keywords tions, available at affordable prices, have been targeted as Unlinkability, Anonymity, ProVerif, Mobile Telephony well by open source developers (e.g. openBSC project [33]), security researchers [23]. Certain old mobile phones based on the Ti Calypso GSM baseband chips, can be reprogrammed 1. INTRODUCTION by flashing an open source version of the protocol stack (de- While most mobile phone users accept that the network veloped by the osmocom-BB project [34]). These new devel- operator can track their geographical movements, few would opments open at the same time the way for the exploration be happy if an arbitrary third party could do so. Such a of new uses of mobile telephony technology [1, 30] and for possibility would enable all kinds of undesirable behaviour, the exploitation of its weaknesses [20, 23, 31, 29], making ranging from criminal stalking and harassment to more mun- active attack scenarios an increasingly likely reality. dane monitoring of spouse or employee movements, as well Hence, we believe active attackers should now be consid- as profiling for commercial and advertisement purposes. For ered when analysing mobile systems in order to obtain con- this reason, 3G (Third Generation) mobile phone proto- vincing and reliable results on their security. From this per- spective we present a formal analysis of the 3G subscribers privacy. We expose two novel threats and we demonstrate that these threats can lead to real implementations which make use of cheap equipment. Furthermore, we propose pri- vacy friendly fixes to thwart the detected privacy issues and we formally verify that our fixes achieve the desired privacy goals. CCS’12, October 16–18, 2012, Raleigh, North Carolina, USA. Our Contributions. Linkability of transactions has been
identified and often reported by the media as an impor- In order to achieve these two privacy-related properties, tant threat for user privacy [14, 17, 24] though it has been 3G (and GSM) relies on the use of temporary identities TM- overlooked so far by most of the existing studies of mobile SIs (Temporary Mobile Subscriber Identities) for identifying telecommunication protocols which instead focus on confi- and paging mobile phones (more precisely mobile stations, dentiality and authentication requirements (Section 2.2). In MSs) instead of using their long-term identities IMSIs (In- this paper, we present the first formal analysis of 3G proto- ternational Mobile Subscriber Identities). Indeed, the eaves- cols w.r.t. privacy of mobile phone users from third party at- dropping of the IMSI in plaintext communications would tackers and in particular w.r.t. unlinkability and anonymity allow the identification of mobile telephony users by third of 3G subscribers. For our analysis we use automated formal parties. Moreover, the 3G standard requires periodic up- methods. The use of formal methods allows us to: (i) pre- dates of the temporary identity, to avoid the traceability of cisely and unambiguously define the desired privacy prop- a mobile station by third parties. New temporary identi- erties in terms of third-party strong anonymity and strong ties are periodically assigned by the network through the unlinkability; (ii) identify new vulnerabilities with respect TMSI reallocation procedure. The newly assigned TMSI is to subscriber privacy thanks to a rigorous specification of encrypted using a session key which is established by exe- the protocols and of the analysed properties. cuting the 3G Authentication and Key Agreement protocol However, the currently available automated tools are still (AKA). The 3G AKA protocol allows MS and network to quite limited and cannot straightforwardly be used to ver- achieve mutual authentication and establish a pair of shared ify unlinkability and anonymity properties [11]. Here we de- session keys, namely a ciphering key and an integrity key. velop ways to model the protocols and the desired properties These keys are used to ensure the secrecy and integrity of as biprocesses in order to use the ProVerif tool on our 3G the subsequent communications. case study. The automatic verification with the ProVerif tool allows us to: (i) verify strong unlinkability and strong 2.2 Related Work anonymity. To the best of our knowledge, it is the first Known 3G Vulnerabilities. Three categories of attacks time these definitions of privacy properties have been suc- on mobile telephony systems have been described in the past. cessfully used for verification using an automated tool; (ii) IMSI Catcher. The identification procedure, consisting verify that the fixes we propose do preserve the privacy of in the request of the user identity by the network followed the mobile phone users from third parties in terms of un- by a cleartext reply containing the user identity, is acknowl- linkability and anonymity; (iii) automatically verify privacy edged in the 3G standard as a breach of the user identity properties expressed as equivalence relations between sys- confidentiality [6, p. 19, s. 6.2]. This procedure is exploited tems consisting of an unbounded number of agents execut- by the well-known “IMSI catcher” attack, which is the best ing an unbounded number of sessions;(iv) obtain a higher known attack to mobile telephony users’ privacy. It consists level of confidence in the resulting proofs than the ones pro- in forcing a mobile phone to reveal its identity (IMSI) [22, 32] vided by more error-prone manual techniques. With our by triggering the identification procedure from a fake oper- method ProVerif successfully detects the privacy vulnera- ator base station (configured with the corresponding mobile bilities (described in Section 3) and also successfully proves network and country code settings). Until fairly recently, that the fixed protocols (presented in Section 5) satisfy both implementing an IMSI catcher required specialised software unlinkability and anonymity (Section 6). and equipment such as base stations. However, such devices Moreover, we demonstrate how these vulnerabilities can have become more and more affordable thanks to software lead to practical attacks, by implementing them in real 3G emulation [31]. To the best of our knowledge the only imple- networks in Germany (Vodafone, O2, T-Mobile) and in France mentation of a 3G IMSI catcher is the one presented in [23] (SFR) (Section 4). and is realised using a modified femtocell. 3G/GSM-interoperability. Previously proposed attacks 2. BACKGROUND AND RELATED WORK on 3G security exploit the vulnerabilities which are propa- Third Generation telecommunications systems (3G) is a gated from GSM to 3G when providing interoperability be- mobile telephony standard specified and maintained by the tween the two systems. Most of the reported attacks of this Third Generation Partnership Project (3GPP). It was in- kind take advantage of well-known weaknesses of the GSM troduced in 1999, with the birth of UMTS, to offer better authentication and key agreement protocol, such as the lack support for mobile data applications, increased data rates of mutual authentication and the use of weak encryption. and to lower costs of mobile data communications. Fur- These attacks allow an active attacker to violate the user thermore, 3G offers an improved security architecture with identity confidentiality, to eavesdrop on outbound commu- respect to previous mobile telecommunication systems such nications [28] and to masquerade as a legitimate subscriber as GSM (Global System for Mobile Communication). obtaining services which will be billed on the victim’s ac- count [10]. However, these attacks cannot be carried out 2.1 3G Security Requirements on pure 3G networks, which are the scope of our analysis, 3G aims to provide authentication, confidentiality of data because they rely on the lack of mutual authentication in and voice communication, as well as user privacy [6]. In par- GSM and on the possibility of downgrading the communi- ticular, 3G privacy goals include the following [6]: cation from 3G to GSM. User identity confidentiality: the property that the per- 3G specific. To the best of our knowledge, the only at- manent user identity (IMSI) of a user to whom a service is tack that does not rely on GSM/3G interoperability has been delivered cannot be eavesdropped on the radio access link; presented by Zhang and Fang in [36]. This attack is a vari- User untraceability: the property that an intruder can- ant of the false base station attack and takes advantage of not deduce whether different services are delivered to the the fact that the mobile station does not authenticate the same user by eavesdropping on the radio access link. serving network. It allows the redirection of the victim’s
outgoing traffic to a different network, for example a net- work which uses a weaker encryption algorithm or one which MS Network charges higher rates than the victim’s one. Zhang and Fang’s KIMSI , IMSI , TMSI KIMSI , IMSI attack concerns impersonation, service theft and data con- Pag Req, IMSI fidentiality, while our work exhibits privacy issues arising in 3G. Pag Res, TMSI Our work is based on the formal analysis of pure 3G proto- cols. It relies on the study and modelling of the 3G standard Figure 1: 3G IMSI Paging Procedure and does not make assumptions about interoperability be- tween GSM and 3G. We focus on subscriber privacy and same considered in most of the previous work on GSM/3G discover further breaches other than the ones caused by the security [28, 10, 36]. identification procedure and the propagation of GSM weak- In the rest of this paper, we consider a simplified network nesses to 3G. architecture. This architecture involves simply the mobile stations and the network. The network models both the Previous Formal Analysis The 3G AKA protocol in its Base Station (BS) which directly communicates with the MS pure form (i.e. with no GSM support) has been formally on the radio link, and the complex structure of databases proved to meet some of the specified security requirements [3], and servers connected with it and forming the 3G control such as authentication and confidentiality of data and voice network. Hence, we abstract away from any communication communication. However, privacy related properties such within the network and model only communication between as unlinkability and anonymity, which are the focus of our mobile stations and the network. This abstraction allows us work, are not analysed in [3]. The framework applied in [3] to hide details which are uninteresting for the purposes of cannot be used to specify unlinkability and anonymity prop- our analysis and keep the models used for verification small, erties, let alone reason about them. The formal framework but at the same time precisely specify the interactions on used in our paper allows us to precisely define and verify pri- the air between MS and network, which are the subject of vacy related properties. Hence, we can discover privacy at- our analysis. tacks on the modelled protocols and propose solutions which are formally proved to satisfy the desired privacy properties. 3.1 IMSI Paging Attack Other Work on 3G Privacy Enhancement A new frame- The paging procedure is used to locate a mobile station work for authentication has been proposed to provide sub- in order to deliver a service to it, for example an incom- scriber privacy with respect to the network [26]. In particu- ing call. Paging request messages are sent by the network lar, the authors aim to achieve MSs anonymity with respect in all the location areas most recently visited by the mo- to the serving network, and location privacy with respect to bile station in order to locate it and deliver a service to it. the home network. To achieve this purpose, they propose The paging request message is sent on a Common Control a new mechanism for the location update and a three way Channel (CCCH) and contains the identity of one or more handshake protocol, to be used for authentication instead of mobile stations. The paging procedure is typically run using the currently used 3G AKA protocol. However, unlike our the TMSI to identify a MS. However, the IMSI can be used work, this work is not supported by a formal model of the when the TMSI is not known by the network. A mobile AKA protocol, nor does it provide a formal verification of station receiving a paging request establishes a dedicated the properties of the proposed protocols. Moreover, their channel to allow the delivery of the service and sends a pag- attacker model considers the network as not fully trusted, ing response containing the most recently assigned TMSI while we are only concerned about third party attackers con- (see Figure 1). trolling the radio link communications. The possibility of triggering a paging request for a spe- cific IMSI allows an attacker to check a specific area for the presence of mobile stations of whom he knows the identity, 3. NOVEL PRIVACY THREATS and to correlate their IMSI and TMSI. As we will detail in In this section we describe two breaches of privacy, which Section 4.2, in a real setting, the link between the paged expose a subscriber’s identity and allow an attacker capable IMSI and the related TMSI would need to be confirmed by of sending and receiving messages on the air to identify the replaying the attack several times. presence of a target mobile phone (MS) in a monitored area, or even track its movements across a set of monitored ar- eas. As we will see, the attacker does not need to know any 3.2 AKA Protocol Linkability Attack keys, nor perform any cryptographic operation. This kind of The Authentication and Key Agreement (AKA) proto- vulnerabilities usually look trivial once uncovered but often col achieves mutual authentication between a MS and the remain unnoticed for long time, since they do not involve network, and establishes shared session keys to be used to se- fancy cryptography but are caused by errors in the protocol cure the subsequent communications. The MS with identity logic. IMSI and the network share a secret long-term key, KIMSI , As argued in Section 1 and as witnessed by the attacks assigned to the subscriber by the mobile operator and stored implementation presented in Section 4, a convincing analysis in the USIM. The secret key allows the MS and the network of 3G privacy and security should consider active attackers to compute shared ciphering and integrity session keys to be instead of passive ones. For this reason, we assume that the used for encryption and integrity check of communications. attacker has unlimited access to the radio link between the The 3G AKA protocol [6], shown in Figure 2, consists mobile station and the base station. He can sniff, inject, in the exchange of two messages: the authentication request replay, and modify messages. This attacker model is the and the authentication response. Before sending an authen-
MS Network MS Attacker Network KIMSI , IMSI , SQN M S KIMSI , IMSI , SQN N KIMSI , IMSI , SQN M S KIMSI , IMSI , SQN N new RAND Auth Req, RAND, AUTN AK ← f5KIMSI (RAND) Auth Resp, RES MAC ← f1KIMSI (SQN N ||RAND) AUTN ← (SQN N ⊕ AK)||MAC save RAND, AUTN Auth Req, RAND, AUTN Auth Req, RAND, AUTN AK ← f5KIMSI (RAND) Auth Resp, RES ′ XMSG||XMAC ← AUTN XSQN ← XMSG ⊕ AK MAC ← f1KIMSI (XSQN ||RAND) if RES ′ = Sync Fail if MAC 6= XMAC then M Sv Found then RES ← Mac Fail elseif XSQN < SQN M S then RES ← Sync Fail Figure 3: AKA Protocol Linkability Attack else RES ← f2KIMSI (RAND) Auth Resp, RES sends this response to the network.The network authenti- cates the mobile station by verifying whether the received CK ← f3KIMSI (RAND) if RES = f2KIMSI (RAND) response is equal to the expected one (RES = f2K (RAND)). IK ← f4KIMSI (RAND) then CK ← f3KIMSI (RAND) The authentication procedure can fail on the MS side either IK ← f4KIMSI (RAND) else if RES 6= f2KIMSI (RAND) because the MAC verification failed, or because the received then Recover sequence number XSQN , is not in the correct range with respect to the sequence number SQN M S stored in the mo- Figure 2: 3G Authentication and Key Agreement bile station. In the former case, the mobile station sends an authentication failure message indicating MAC failure (Mac Fail) as the failure cause. In the latter case, the au- tication request to the mobile station, the network computes thentication failure message indicates synchronisation fail- the authentication data: a fresh random challenge RAND, ure (Sync Fail) as the failure cause. When a MAC failure the authentication token AUTN , the expected authentica- occurs the network may initiate the identification procedure. tion response f2K (RAND), the integrity key IK, and the en- When a synchronisation failure occurs the network performs cryption key CK (see Figure 2). The functions f1, f2, f3, f4 re-synchronisation. and f5, used to compute the authentication parameters, are To detect the presence of a victim mobile station M Sv , in keyed cryptographic functions computed using the shared one of his monitored areas, an active attacker just needs to key KIMSI [8]. The authentication function f1 is used to have previously intercepted one legitimate authentication re- calculate the message authentication code MAC ; f2 is used quest message containing the pair (RAND, AUTN ) sent by to produce the authentication response parameter RES ; the the network to M Sv . The captured authentication request key generation functions, f3, f4 and f5 are used to gener- can now be replayed by the adversary each time he wants ate the ciphering key CK, the integrity key IK and the to check the presence of M Sv in a particular area. In fact, anonymity key AK, respectively. thanks to the error messages, the adversary can distinguish The network always initiates the protocol by sending the any mobile station from the one the authentication request authentication challenge RAND and the authentication to- was originally sent to. On reception of the replayed authenti- ken AUTN to the mobile station. AUTN contains a MAC cation challenge and authentication token (RAND, AUTN ), of the concatenation of the random number with a sequence the victim mobile station M Sv successfully verifies the MAC number SQN N generated by the network using an individ- and sends a synchronisation failure message. However, the ual counter for each subscriber. A new sequence number MAC verification fails when executed by any other mobile is generated either by increment of the counter or through station, and as a result a MAC failure message is sent. The time based algorithms as defined in [6]. The sequence num- implementation of few false BS would then allow an attacker ber SQN N allows the mobile station to verify the freshness to trace the movements of a victim mobile station, resulting of the authentication request to defend against replay at- in a breach of the subscriber’s untraceability. The proposed tacks (see Figure 2). attack is shown in Figure 3. The MS receives the authentication request, retrieves the sequence number SQN N and then verifies the MAC (condi- tion MAC = XMAC in Figure 2). This step ensures that 3.3 Formal Verification the MAC was generated by the network using the shared While the paging procedure is obviously a breach of key KIMSI , and thus that the authentication request was users’ privacy, the traceability attack on the AKA protocol is intended for the mobile station with identity IMSI . The much more subtle. Indeed, the messages exchanged through mobile station stores the greatest sequence number used this procedure contain neither the IMSI nor the TMSI of for authentication, so far SQN M S . This value is used to the MS. So one could think that the AKA protocol provides check the freshness of the authentication request (condition untraceability by construction. But we just saw that this is XSQN < SQN M S in Figure 2). not the case. Only careful analysis w.r.t. precisely defined The mobile station computes the ciphering key CK , the privacy requirements could reveal this flaw. integrity key IK and the authentication response RES and We run the ProVerif tool on the IMSI paging procedure
and on the AKA protocol 1 . Details of how unlinkability and anonymity were defined using the ProVerif calculus are given in Section 6. ProVerif fails to prove the unlinkability and anonymity of the IMSI paging procedure and exhibits actual attack traces. In the case of the AKA protocol, the anonymity property is proved to hold, while the unlinkabil- ity property verification fails. Although, the trace provided by ProVerif is a false attack, it does give a hint of the real Figure 4: Experimental Attack Setup attack by highlighting the test of the MAC received from the network as the source of the problem. The adoption of formal verification tools during protocol design could have versa. The MS does not need any special GAN support, it thus revealed design flaws. just connects to the femtocell in the same way as it connects to a standard base station. The femtocell maps all Layer-3 4. THE ATTACKS IN PRACTICE radio signalling to TCP/IP based GAN messages and passes In order to test the attacks presented in Section 3 in them to the GANC. Thus, it transparently encapsulates all a deployed telecommunication network, we use a commer- traffic generated by the phone and the network. cially available femtocell. Although, the particular femtocell hardware is tied to the network operator SFR, the proposed attacks are not. Indeed, we tested the attacks using mobile 4.2 Attack Procedure phones registered to different operators, hence just using For the purpose of implementing our attacks (Section 3), SFR as serving network. The authentication token AU T N we use a compromised femtocell like the one described in [23]. is still provided by the victim’s Home network. So by test- More specifically, we reproduce the hacking performed in [23] ing our attacks on T-Mobile, O2, SFR, and Vodafone victim to gain root access of our femtocell and redirect the traffic MSs, we establish that all these tested networks are vulner- to a Man in the Middle (MitM) GAN proxy, positioned be- able to the attacks described above. However, we want to tween the femtocell and the GANC. We use this MitM GAN stress here that our implementation has the only purpose of proxy as entry point for message injection. In particular, us- showing the feasibility of our attacks and confirm that real ing the MitM GAN proxy we can inject messages into the cellular networks follow the 3GPP standard specifications connection between the MNO and the femtocell. The fem- and thus are vulnerable to the proposed attacks. The same tocell forwards these messages to the mobile phone, mak- attacks could be mounted by appropriately programming a ing them appear as if legitimately delivered by the MNO. USRP [21], which is a hardware device able to emit and To perform the attacks, we intercept, modify and inject receive radio signals. In this case, one could obtain wider 3G Layer-3 messages into the communication from the base range attack devices in order to monitor larger areas. station to the mobile phone in both directions, GANC-to- femtocell and femtocell-to-GANC. We redirect all the traffic 4.1 Femtocell architecture between the femtocell and the GANC to our GAN proxy. A femtocell is a device that acts as a small base station The GAN traffic is cleartext travelling over an IP Sec tun- to enhance 3G coverage and connectivity, especially inside nel for which we own the key material, thanks to the initial buildings with otherwise bad coverage. Its coverage radius rooting/hacking of the femtocell. Additionally, we devel- ranges from 10 to 50 meters. It connects mobile phones to oped a set of applications which allow us to intercept, ma- the network of the corresponding MNO (Mobile Network nipulate or insert selected messages, and distinguish differ- Operator) using an existing wired Internet connection pro- ent types of GAN messages. This allows us, for example, to vided by the femtocell user, not the operator. 3G femto- cache subscribers information used to perform the attacks. cells, also called Home Node B (HNB) support most of the In particular, we store the random challenge RAND, the au- functionalities provided by a typical 3G base station (Node thentication token AUTN , the TMSI and the IMSI of our B), e.g. physical layer (radio signalling) functions. In ad- victim MS. This information is directly extracted from the dition, the HNB establishes an authenticated secure tunnel traffic that is passed through the MitM GAN proxy. over the Internet with the network of the operator. Using this encrypted connection, the femtocell forwards all radio IMSI-Paging Procedure Attack To perform the IMSI signalling and user-generated traffic to the GANC (GAN paging attack, our software crafts a paging message encod- Controller), which is connected to the core network of the ing the necessary paging headers and parameters and a mo- operator (refer to [7] for more details of the femtocell archi- bile station identity, i.e. one of the previously stored victim tecture). IMSIs. The crafted paging request is then sent by the GAN The communication between the femtocell and the GANC proxy to the femtocell. When the victim mobile phone re- is based on the Generic Access Network (GAN) protocol. ceives the IMSI paging request, it readily answers with a The GAN protocol, was originally designed to allow mobile paging response containing the victim’s TMSI. Thus, by in- communication over Wi-Fi access points. The protocol was jecting a paging request, we can check whether a phone be- standardised by MNOs in 2004 [25] and led to the GAN spec- longing to a designated victim is in the area covered by our ification [4, 5] in 2005. This specification has been adopted device. In case of success, the phone generates the paging and extended to be used in femtocell environments [35] . response, while a failed attempt generates no message. In The femtocell uses this protocol to forward communication general, it is possible that more than one phone replies to from a mobile station via the GANC to the network or vice a paging request during the same time slot. However, one can repeat this procedure multiple times and correlate the 1 The ProVerif code is available online [2] timing and TMSI usage from the multiple replies as in [20].
Figure 5: Successful Linkability-Attack AKA Protocol attack To perform the AKA attack we re- inside the building could be tracked as well by placing addi- play a given authentication message for a specific target for tional devices to cover different areas of the building. Sim- which the GAN proxy cached the legitimate authentication ilarly, these attacks could be used to collect large amount data, i.e. RAND, AUTN . This data is sent unencrypted of data on users’ movements in defined areas for profiling on the radio link and could be captured with any equip- purposes, as an example of how mobile systems have al- ment capable of sniffing the radio link. As soon as a dedi- ready been exploited in this direction is available in [1] If cated channel is allocated to the MS, e.g. after being paged devices with wider area coverage than a femtocell are used, or when initiating a phone call, our software crafts an au- the adversary should use triangulation to obtain finer posi- thentication request Auth Req using the previously cached tion data. RAND and AUTN , i.e. replays a previous request. This request is encapsulated into a GAN message and sent to the femtocell. The femtocell takes care of delivering the authen- 5. PRIVACY PRESERVING FIXES tication request message on the dedicated channel assigned Despite the use of temporary identities to avoid link- to the MS, as illustrated in Figure 4. The phone performs ability and to ensure anonymity of 3G subscribers, active a validation of the authentication request and answers with attackers can rely on the paging procedure to break both the authentication response. If the response to the replayed anonymity and unlinkability. Moreover, the AKA protocol authentication is a Synchronisation Failure (Figure 5), then provides a way to trace 3G subscribers without the need the MS on this dedicated channel is the victim’s phone, and to identify them in any way. As described in the previous the victim is indeed in the femtocell area. Otherwise, the section, these two attacks on privacy can be implemented attacker needs to inject the same message to the other mo- using cheap devices which are widely available. This shows bile stations in his area in order to find out if the victim MS that the analysed procedures are a real threat for the users’ is present or not. privacy, and countermeasures should be promptly taken to The 3G AKA protocol is performed at each new session provide an effectively privacy friendly mobile telephony sys- in the femtocell setting, this makes the caching of the au- tem. thentication parameters very easy. Though, we do not have In this section we propose a set of countermeasures in- the tools to test if this applies when connecting to a typical volving symmetric and public key-based cryptography. The Node B, we tested the 3G/GSM interoperability scenario public key infrastructure we propose is lightweight and easy by using the Osmocom-BB software and we observed that to deploy because we only require one public/private key in this setting the execution of the AKA protocol can be pair per mobile network operator, and none for the mo- triggered by calling for example the victim mobile phone a bile stations. More generally, the solutions we present re- given number of times (by hanging up within a short time quire only small changes to the current security architecture window this activity can be made non detectable by the vic- and to the cryptographic functions currently used in 3G. tim [20]). For instance, our experiments showed that the Hence we believe our solutions may be implemented in a execution of the AKA protocol on the UK Vodafone net- cost-effective way, and thus could realistically be adopted work can be triggered by calling six times the victim mobile by the telecommunication operators. phone, and hanging up before it even rings. In addition to the solutions proposed to fix the IMSI To illustrate the use of our attacks, consider an employer paging and the AKA protocol, in this section we give a pri- interested in tracking one of his employee’s accesses to a vacy friendly version of the identification procedure to fix building. He would first use the femtocell to sniff a valid au- the IMSI catcher attack. Indeed, the problem of privacy is thentication request. This could happen in a different area a multilayer/multiprotocol problem [13] which requires all than the monitored one. Then the employer would position protocols at all layers to satisfy the desired properties. Even the device near the entrance of the building. Movements though, the analysis from the user privacy point of view of the entire set of 3G protocols cannot be tackled in a single
MS Network MS Network KIMSI , IMSI , SQNM S KIMSI , IMSI , SQNN KIM SI , IM SI, SQNM S , pbN KIM SI , IM SI, SQNN , pvN new chall, rand new RAN D U K ← fKIMSI (rand) AK ← f5KIM SI (RAN D) M AC ← f1KIM SI (SQNN ||RAN D) IMSI Pag Req, rand, AU T N ← (SQNN ⊕ AK)||M AC {Page, IMSI , chall, SQNN }U K Auth Req, RAN D, AU T N U K ← fKIMSI (rand) if SQNM S < SQNN then RES ← IM SI P AG RES, chall AK ← f5KIM SI (RAN D) else Discard XM SG||XM AC ← AU T N XSQN ← XM SG ⊕ AK IMSI Pag Res, chall M AC ← f1KIM SI (XSQN ||RAN D) if M AC 6= XM AC or XSQN < SQNM S then new rand Figure 6: Paging Procedure Fix. The paging request is en- U K ← fKIMSI (rand) crypted with the unlinkability key U K. RES ← Auth Fail, ′ {Fail, IM SI, rand, {synch, SQNM S }rU K }rpbN else RES ← f2KIM SI (RAN D) paper, we cannot ignore the best known privacy issue of mo- Auth Resp, RES bile telecommunication systems. For this reason, we include a fixed version of the identification procedure in our privacy CK ← f3KIM SI (RAN D) if RES = f2KIM SI (RAN D) friendly solutions. IK ← f4KIM SI (RAN D) then CK ← f3KIM SI (RAN D) IK ← f4KIM SI (RAN D) 5.1 Lightweight Public Key Infrastructure else if RES = Auth Fail, x then Recover We propose the adoption of a lightweight public key in- frastructure (PKI) providing each MNO with a private/public key pair. The public key of a network provider can be stored Figure 7: The fixed AKA protocol. The error messages are in the USIM. This public key makes it possible for a mo- encrypted using the network public key. bile station to encrypt privacy related information such as the IMSI, and deliver them to the network in a confiden- tial manner. We do not require a public/private key pair the subscriber. To avoid this information leakage, the error to be assigned to the mobile stations. The adoption of such messages sent in case of any type of failure should look in- a lightweight PKI can also solve the problem exposed by distinguishable from an attacker’s point of view. Zhang and Fang in [36] concerning the lack of serving net- Moreover, the 3G standard stipulates [6] different proce- work authentication in the current infrastructure. dures to recover from each of the two kinds of failure, but this is a source of additional information flow that can be used to launch our privacy attack. In the solution we propose 5.2 Protecting the IMSI Paging Procedure we solve this problem since error recovery can be performed To protect the paging procedure, we propose to encrypt within the network without the need to trigger further pro- the paging request using a shared session key U K, which cedures on the air. Indeed, all the parameters needed for we call unlinkability key. This key is generated by apply- error recovery are sent in the error message allowing the re- ing a new one-way keyed function f to the long-term key covery procedure to be carried within the network. KIMSI , and a random number rand contained in the paging The fixed version of the AKA protocol (Figure 7) carries request. This key should be used for privacy preserving pur- on as specified by the standard, the network sends RAND, poses only. Furthermore, we require the encrypted request AUTN and waits for a response. The response is RES = message to include a random challenge chall and a sequence f2KIMSI (RAND), as in the standard, in case the checks of number SQN . The network stores the random challenge MAC and sequence number are successful. If either of these and checks it against the one sent by the MS in the paging checks fails, an error message is sent to the network. The response (Figure 6). The aim of the SQN is to ensure fresh- failure message is now encrypted with the public key of the ness of the paging request and avoid replay attacks. The network pbN , and contains a constant Fail, the IMSI, and SQN should be handled in the same way as in the AKA the current sequence number SQN M S of the MS. The IMSI protocol. A MS receiving a legitimate IMSI paging request sent encrypted in the error message allows the network to should discard it if the SQN is not in the correct range. check the identity of the MS without triggering the iden- The use of this procedure should still be kept minimal (pre- tification procedure. The current sequence number of the ferring the paging with TMSI whenever possible) to avoid mobile station enables the network to perform resynchroni- burdening the signalling communication with cryptographic sation with the Authentication Centre (AuC, the server stor- operations. In fact, each MS has to decrypt and check all ing subscribers authentication data) of the operator of the the received IMSI paging to determine if it is the recipient. mobile station, if needed. SQN M S is sent encrypted with the unlinkability key (as defined in the fixed paging procedure) 5.3 Fixing the AKA Protocol in order to authenticate the error message to the Network The AKA protocol is a threat for the unlinkability of as coming from the MS with permanent identity IMSI . The 3G subscribers because the error messages sent in case of Network can deduce the cause of the failure from the IMSI authentication failure leak information about the identity of and SQNMS contained in the error message. Upon receipt of
Home Network can act as a certifying authority for the pub- MS Network lic key of the different Serving Networks (see below). Thus, KIMSI , IMSI , pbN KIMSI , IMSI , pvN the public key infrastructure is similar to that used on the web, where corporations (not users) have certified keys. Id Req, IMSI Req Secondly, the computationally expensive public-key en- Id Resp, {IMSI }rpbN cryption and decryption are required only for the identifi- cation protocol and when the AKA-protocol fails. The exe- cution of the identification and the IMSI paging procedures Figure 8: Identification Procedure Fix. The identity response is encrypted with the public key of the network. The r denotes should anyway be kept minimal according to the currently randomised encryption. deployed standard. Moreover, failures during the execution of the AKA-protocol rarely occur according to our experi- this authentication failure message the action performed for ments. Hence, the computational overhead of the public-key error recovery purposes should be the same regardless of the cryptography is not significant. Moreover, it is possible to type of failure occurred. Indeed any difference in behaviour delegate the encryption and decryption to the mobile equip- would be a source of additional information flows. ment, instead of executing them on the USIM. This would not weaken the security properties of the 3G procedure, since the mobile equipment in the current architecture has already 5.4 Protecting the Identification Procedure access to the IMSI, while the network public key is publicly The identification procedure exposes the IMSI of a MS available information. (the IMSI is sent in cleartext upon request by the network). For roaming purposes, each Home Network (HN) can act Hence, it breaches both anonymity and unlinkability. Ac- as certifying authority of the Serving Network (SN) for its cording to the standard, the use of the identification pro- own subscribers. The public key pbHN of the HN could be cedure should be limited as much as possible, to avoid a stored in the USIM. At registration time with a SN, the MS passive attacker overhearing the IMSI. However, the cost of would declare its HN, and the SN would provide the MS devices allowing active attacks is constantly decreasing. As with its public key pbSN , together with a certificate from a consequence, enhancing the protocol to protect the IMSI the mobile station’s HN (signskHN (pbSN )). Hence, a mobile is vital to ensure privacy. station would only need to obtain a certified version of the The fixed version of the identification procedure (Fig- SN’s public key, and verify it using its own network provider ure 8) involves two messages: the first is sent by the network public key. This would provide, in a efficient way, the MS to ask for the IMSI, the second, the identity response, is the with the necessary public keys to execute our fixed versions randomised encryption of the IMSI of the mobile station us- of the protocols. ing the public counterpart (pbN ) of the private key of the The introduction of cryptographic operations on the mo- network operator (pvN ). bile equipment side could be a source of Denial of Service (DoS) attacks aiming to consume the battery load of victim mobile phones. To mitigate the effect of such attacks, the 5.5 Discussion of the Proposed Fixes mobile phone’s software could rate limit the phone’s willing- While the fix we propose for the identification procedure ness to respond to authentication, IMSI paging and identity is intuitive and straightforward, this is not the case for the request messages, so to guarantee a minimum battery life- other two procedures. In particular, we take care of main- time even in case of attempted DoS attacks. We have calcu- taining the style of mobile telecommunication protocols and lated that responding to such requests on average once per at the same time ensuring privacy. We introduce the un- minute would consume an additional one tenth of battery linkability key, a new session key generated for privacy pur- life. poses, instead of using the long term key KIM SI (as in the 3G AKA), and make use of the sequence number SQN for freshness purposes (this is needed to avoid user linkability 6. VERIFICATION caused by replay attacks); We maintain the authentication Many deployed protocols have subsequently been found flow of the AKA and modify only the way error messages are to be flawed [27, 18, 12, 16]. In this perspective and in dealt with by including error recovery information inside the order to increase the confidence one can have in the solutions error message (this avoids the triggering by the network of proposed at the previous section, we formally analyse our diversified procedures in order to perform error recovery). proposed fixes w.r.t. privacy. We present the results of the Our proposed fixes use public-key cryptography; intu- automatic verification of the privacy-friendly enhancement itively, there is no way to avoid that, since if a mobile sta- discussed in Section 5. Table 1 summarises these results tion’s TMSI is unknown to the serving network (hence the which apply for the protocols running both in parallel and need to perform the identification procedure) then there is in isolation. We use the ProVerif tool [15] to verify the no shared key by which they can communicate privately. unlinkability and anonymity properties of our fixes for the The additional costs associated with deploying and using 3G procedures exposing the IMSI (identification and paging) public-key cryptography are in fact small for the two follow- and the 3G AKA protocol. We use the formalisation of ing reasons. privacy-related properties as given by Arapinis et al. in [11], Firstly, only mobile telephony operators are required to namely strong unlinkability and strong anonymity. have a public/private key pair. Neither subscribers, nor mo- Note that for verification purposes we use randomised bile phone equipments nor USIMs need to have their own symmetric encryption to conceal the sequence number SQN public/private key pair. The operator’s public key could be instead of using the exclusive-or. Indeed, even if the theory stored in the USIM of the mobile station, as it is already allows to write a set of reduction rules to model the xor the case for the IMSI and the long-term key KIM SI . The function, the ProVerif tool cannot deal with its algebraic
properties. The use of randomised encryption anyway would imsi, and long-term private key sk running along with the achieve stronger properties with respect to the secrecy of the serving network, SN , can be modelled by the process: sequence number, we hence recommend the adoption of this modification in the standard protocol. S = new pvN ; let pbN = pub(pvN ) in out(c, pbN ); !new sk; new imsi; !new sqn; (SN | MS). 6.1 ProVerif Calculus We use the ProVerif calculus, which is similar to the The privacy related properties we verify are expressed applied pi-calculus [9], to precisely model the privacy en- in terms of observational equivalence. Intuitively, two pro- hancing solutions proposed in Section 5. It makes it possi- cesses P and Q are observationally equivalent denoted by ble to automatically verify protocol models written in the P ≈ Q, if any interaction of P with the adversary, can be language, using the ProVerif tool [15]. We introduce the matched with an interaction of Q (and vice versa, i.e. all ProVerif calculus aiming to give a flavour of the verifica- interactions of Q can be matched by P ) and the same in- tion process. The description of the calculus that we give put/output behaviour is observed. here is not comprehensive (refer to [15] for a detailed pre- The ProVerif tool can prove diff-equivalence of bipro- sentation). cesses, which implies observational equivalence. Biprocesses Cryptographic primitives are modelled as functions and are pairs of processes which differ by some choice of terms, messages are represented by terms built over an infinite set this choice is written choice[M, M ′ ]. For example, to test of names a, b, c, . . . , an infinite set of variables x, y, z, . . . and if the processes out(c, a) and out(c,b) are equivalent, a finite set of function symbols f1 . . . , fn . Function symbols one would check the following biprocess using ProVerif: represent cryptographic primitives that can be applied to out(c, choice[a, b]). messages. The effect of applying function symbols to terms is described by a set of reduction rules. 6.2 Strong Unlinkability Strong unlinkability is defined in [11] as follows. Let Example 1. Using functions and reduction rules we can P = new ñ.(!R1 | · · · |!Rp ) be a p-party protocol where define cryptographic functions, for example, let Σ={senc/3, ∀i ∈ {1, . . . , p}, Ri = new id.new m̃.initi .!(new s.maini ). pub/1, aenc/3, f/2, f1/2, f2/2, f3/2, f4/2, f5/2}, For all i ∈ {1, . . . , p}, we build the protocol P Ri as follows: and consider the reductions: reduc sdec(k, senc(k, m, r)) = m and reduc adec(k, aenc(pub(k), m, r)) = m. Where, senc P Ri = new ñ.(!R1 | · · · |!Ri−1 |!Ri′′ |!Ri+1 | · · · |!Rp) and aenc model, respectively, randomised symmetric and Ri′′ = new id.new m̃.initi .new s.maini . asymmetric encryption and model the property that the plaintext, m, can be retrieved from the cyphertext given P is said to preserve strong unlinkability of Ri if P ≈ P Ri . the knowledge of the key k. Informally, this means that the adversary cannot distinguish a situation where the role Ri was executed many times from The syntax of ProVerif calculus processes is given by one in which it was executed at most once, i.e. he cannot the following grammar: link two executions of the role Ri . Going back to our mobile phone scenario, the strong unlinkability property holds when P, Q, R ::= plain processes the situation where mobile stations access services multiple 0 null process times looks the same as the ideal situation where each mo- P |Q parallel composition bile station accesses the services at most once, i.e. where !P replication by construction unlinkability holds. Formally, we want the new n; P name restriction process S, defined in Example 2, to be observationally equiv- if M = N then P else Q conditional alent to the system SU N LIN K defined as follows: let M = D in P else Q destructor application in(M, x); P message input SU N LIN K = new pvN ; let pbN = pub(pvN ) in out(M, N ); P message output out(c, pbN ); !new sk; new imsi; new sqn; (SN | MS). We give here only the informal semantics of the calculus. The null process does nothing. P | Q represents the parallel The absence of the replication before the new sqn construct execution of P and Q. The replication !P of a process P means that in SU N LIN K each MS executes the protocol at acts like the parallel execution of an unbounded number of most once. The above mentioned observational equivalence copies of P . The name restriction new n; P creates a new can be verified with ProVerif, defining S and SU N LIN K as name n whose scope is restricted to the process P and then the following biprocess PVU N LIN K , where sk1, sk2 are long runs P . The message input in(M, x); P represents a process term keys and imsi1, imsi2 are long term identities: ready to input from the channel M . The message output PVU N LIN K = new pvN ; let pbN = pub(pvN ) in out(M, N ); P describes a process that sends a term N on the out(c, pbN ); channel M and then behaves like P . The let construct tries !new sk1; new imsi1; to rewrite D and matches the result with M ; if this succeeds, !new sk2; new imsi2; new sqn; then the variables in M are instantiated accordingly and P let (sk, imsi)=choice[(sk1, imsi1),(sk2, imsi2)] is executed; otherwise Q is executed. The conditional checks in (SN | MS). the equality of two terms M and N and then behaves as P or Q accordingly. We will omit the else branch of a let or a We have that the left side of the choice represents a sys- conditional when the process Q is 0. tem where a mobile station (with identity imsi1 and key sk1) may execute the protocol many times, while the right Example 2. Multiple mobile stations M S, with identity side represents a system where mobile stations execute the
protocol at most once (the identity imsi2 and the key sk2 Properties Identification Paging AKA √ √ √ are always different and can be used at most once for the Unlinkability √ √ √ execution of the protocol). Hence, we reduce the problem of Anonymity testing strong unlinkability to the diff-equivalence of a bipro- √ NA Not Applicable Proved to hold × Attack found cess. ProVerif proves that the strong unlinkability property is satisfied by our models of the fixes identification, paging Table 1: ProVerif Results on the Fixed Procedures and AKA protocols as described in Section 5. Properties Paging AKA Unlinkability × × 6.3 Strong Anonymity Anonymity × √ Strong Anonymity is defined in [11] as follows. Let P = new ñ.(!R1 | · · · |!Rp ) be a p-party protocol where ∀ i ∈ √ NA Not Applicable Proved to hold × Attack found {1, . . . , p}, Ri = new id.new m̃.initi .!(new s.maini ). For all i ∈ {1, . . . , p}, we build the protocol P Ri as follows: Table 2: ProVerif Results on the current 3G Procedures P Ri = new ñ.(!R1 | · · · |!Rp | RV ) and hence, although the above processes are observation- RV = new m̃.initi {idV /id }.!(new s.maini {idV /id }). ally equivalent (P is executed regardless the result of the if statement evaluation), they do not satisfy diff-equivalence. Where the identity idV of the agent playing the role RV We are dealing with this issue in our code for the verifica- is a public name not occurring in P . P is said to preserve tion at lines 4-5, 36, 73-74, 81, and 86-87 of the code in the strong unlinkability of Ri if P ≈ P Ri . Informally, this means Appendix. As expected, the verification with the ProVerif that the adversary cannot distinguish a situation where the tool fails to prove the anonymity of the 3G IMSI paging role RV with known identity idV was executed from one in procedure and the unlinkability of both 3G IMSI paging which it was not executed at all, i.e. he cannot breach the and AKA protocols (see Table 2) and finds counterexamples anonymity of the agent with role RV . Going back to our showing that the two systems are distinguishable by the ad- mobile phone scenario, strong anonymity requires a system versary. The modelling of unlinkability and anonymity into in which a mobile station MSV with publicly known identity diff-equivalences we showed in this Section can in general be IMSI V executes the protocol to be indistinguishable from a adopted for protocols which do not require an initialization system in which the MSV is not present at all. Such a system phase preceding the main protocol procedure. Hence, our obviously preserves IMSI V ’s anonymity. Formally, we want method is not specific for the analysed protocols, and shows the system S, defined as in Example 2 to be observationally how to automatically verify unlinkability and anonymity on equivalent to the system SV defined as follows: a wide class of protocols2 . SV = new pvN ; let pbN = pub(pvN ) in out(c, pbN ); 7. CONCLUSION !new sk; new imsi; (!new sqn; (SN | MS)) The widely-deployed 3GPP 3G protocols aim to prevent | new sk; !new sqn; (SN | MSV ). unauthorised parties (such as private organisations and in- dividuals) from tracking the physical location of users by In the system SV the mobile station MSV with publicly known monitoring the signals from their mobile phone. Specifically, identity imsiV can run the protocol. The mentioned ob- the protocols use temporary identifiers and cryptography to servational equivalence can be translated in the following achieve this aim. ProVerif biprocess PVAN ON , where imsiV , imsims are per- We have shown that the protocols are vulnerable to new manent mobile station identities: privacy threats and that these threats lead to attacks that free imsiV . can be mounted in practice at low cost. Currently, our PVAN ON = new pvN ; let pbN = pub(pvN ) in demonstration relies on particular hardware/software using out(c, pbN ); closed source implementation of the 3G protocol stack and (!new sk; new imsi; radio signalling functions. We tested several networks of (!new sqn; (MS | SN))) major operators (T-Mobile, O2, SFR, and Vodafone) and | (new sk; new imsims ; demonstrated that these are vulnerable to our attacks. let imsi=choice[imsiV , imsims ] in We used formal methods to show that the exposed pri- !new sqn; (SN | MS)). vacy vulnerabilities could have been detected at design time, We developed and verified lightweight solutions to avoid the The left side of the choice represents a system where the mo- privacy vulnerabilities. The solutions we propose show that bile station with public identity imsiV can run the protocol. privacy friendly measures could be adopted by the next gen- Our fixes of the identification procedure, paging procedure eration of mobile telephony standards while keeping low the and AKA protocol as described in Section 5 are proved by computational and economical cost of implementing them. ProVerif to satisfy anonymity. We took particular care in avoiding false attacks that Acknowledgement We are very grateful to Steve Babbage could be reported by the tool due to its abstractions. Indeed, (Vodafone) for insightful comments, and are thankful to EP- we formally define privacy properties through observational SRC for supporting this work through the projects Ver- equivalence, however, ProVerif adopts a stronger equiv- ifying Interoperability Requirements in Pervasive Systems alence relation called diff-equivalence. In particular, diff- (EP/F033540/1) and Analysing Security and Privacy Prop- equivalence can distinguish between the execution of differ- erties (EP/H005501/1). ent branches of a conditional statement even in the following 2 case: if a = a then P else P ≈ / diff if a = b then P else P The ProVerif code is available online [2]
8. REFERENCES [19] D. Burgess et al. OpenBTS. [1] http://www.pathintelligence.com. Path Intelligence http://openbts.sourceforge.net/. Ltd. (2010) FootPath. [20] N. H. Denis Foo Kune, John Koelndorfer and Y. Kim. [2] http://www.markryan.eu/research/UMTS/. Location leaks over the gsm air interface. In Annual [3] 3GPP. Technical specification group services and Network & Distributed System Security Symposium, system aspects; 3G security; formal analysis of the 3G NDSS, 2012. authentication protocol (release 4). Technical Report [21] Ettus. USRP. http://www.ettus.com/products, 2009. TR 33.902, V4.0.0, 3rd Generation Partnership [22] D. Fox. IMSI-Catcher. Datenschutz und Project, 2001. Datensicherheit (DuD), 21:539–539, 1997. [4] 3GPP. Generic Access Network (GAN); Mobile GAN [23] N. Golde, K. Redon, and R. Borgaonkar. Weaponizing interface layer 3 specification. Technical Specification femtocells: The effect of rogue devices on mobile TS 44.318 v9.2.0, 3rd Generation Partnership Project, telecommunications. In Annual Network & Distributed 2010. System Security Symposium, NDSS, 2012. [5] 3GPP. Generic Access Network (GAN); Stage 2. [24] D. Goodin. Defects in e-passports allow real-time Technical Specification TS 43.318 v9.0.0, 3rd tracking. The Register, 26th January 2010. Generation Partnership Project, 2010. [25] Kineto Wireless Inc. official Unlicensed Mobile Access [6] 3GPP. Technical specification group services and presentation webiste. http://www.smart-wi-fi.com/, system aspects; 3G security; security architecture June 2010. (release 9). Technical Report TS 33.102 V9.3.0, 3rd [26] G. Koien and V. Oleshchuk. Location privacy for Generation Partnership Project, 2010. cellular systems; analysis and solution. In Privacy [7] 3GPP. Security of Home Node B (HNB) / Home Enhancing Technologies Symposium, volume 3856, evolved Node B (HeNB). Technical Specification TS 2006. 33.302 v11.2.0, 3rd Generation Partnership Project, [27] G. Lowe. Breaking and fixing the Needham-Schroeder 2011. public-key protocol using fdr. In Tools and Algorithms [8] 3GPP. Technical specification group services and for the Construction and Analysis of Systems, system aspects; 3G security; cryptographic algorithm TACAS, 1996. requirements (release 10). Technical Report TS 33.105 [28] U. Meyer and S. Wetzel. A man-in-the-middle attack V10.0.0, 3rd Generation Partnership Project, 2011. on UMTS. In ACM Workshop on Wireless Security, [9] M. Abadi and C. Fournet. Mobile values, new names, WiSe, 2004. and secure communication. In ACM [29] K. Nohl and S. Munaut. Wideband gsm sniffing. SIGPLAN-SIGACT Symposium on Principles of http://events.ccc.de/congress/2010/Fahrplan/ Programming Languages, POPL, 2001. attachments/1783_101228.27C3.GSM-Sniffing. [10] Z. Ahmadian, S. Salimi, and A. Salahi. New attacks Nohl_Munaut.pdf. on UMTS network access. In Conference on Wireless [30] openBSC Project. GSM Network at 28C3. Telecommunications Symposium, WTS’09, 2009. http://events.ccc.de/congress/2011/wiki/GSM# [11] M. Arapinis, T. Chothia, E. Ritter, and M. Ryan. GSM_Network_at_28C3, December 2011. Analysing unlinkability and anonymity using the [31] C. Paget. Practical cellphone spying. Def Con 18 applied pi calculus. In IEEE Computer Security Hacking Conference, 2010. Foundations Symposium, CSF, 2010. [32] D. Strobel. IMSI Catcher, 2007. Seminar Work, [12] A. Armando, R. Carbone, L. Compagna, J. Cuéllar, Ruhr-Universitat Bochum. and M. L. Tobarra. Formal analysis of SAML 2.0 web [33] H. Welte, H. Freyther, D. Spaar, S. Schmidt, browser single sign-on: breaking the SAML-based D. Willmann, J. Luebbe, T. Seiler, and A. Eversberg. single sign-on for google apps. In ACM Workshop on OpenBSC. http://openbsc.osmocom.org. Formal Methods in Security Engineering, FMSE, 2008. [34] H. Welte, S. Munaut, A. Eversberg, and other [13] G. Avoine and P. Oechslin. RFID Traceability: A contributors. OsmocomBB. http://bb.osmocom.org. Multilayer Problem. In Financial Cryptography, FC, [35] J. Zhang and G. de la Roche. Femtocells: Technologies 2005. and Deployment. John Wiley & Sons, Ltd, 2009. [14] M. Barbaro and T. Zeller Jr. A face is exposed for [36] M. Zhang and Y. Fang. Security analysis and AOL searcher no. 4417749. The New York Times, enhancements of 3GPP authentication and key August 9, 2006. agreement protocol. IEEE Transactions on Wireless [15] B. Blanchet. Proverif: Cryptographic protocol verifier Communications, 4(2):734–742, 2005. in the formal model. http://www.proverif.ens.fr/. [16] M. Bortolozzo, M. Centenaro, R. Focardi, and G. Steel. Attacking and fixing PKCS#11 security tokens. In ACM Conference on Computer and Communications Security, CCS, 2010. [17] C. Caldwell. A pass on privacy? The New York Times, July 17, 2005. [18] I. Cervesato, A. D. Jaggard, A. Scedrov, J.-K. Tsay, and C. Walstad. Breaking and fixing public-key kerberos. Inf. Comput., 206:402–424, February 2008.
You can also read