Access the full text.
Sign up today, get DeepDyve free for 14 days.
AT command set for User Equipment (UE)
J. Arkko, H. Haverinen (2006)
Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)RFC, 4187
D. Basin, C. Cremers, K. Miyazaki, S. Radomirovic, Dai Watanabe (2015)
Improving the Security of Cryptographic Protocol StandardsIEEE Security & Privacy, 13
PC/SC Workgroup Specifications
Mohammed Khan, C. Mitchell (2014)
Another Look at Privacy Threats in 3G Mobile Telephony
B. Blanchet (2001)
An efficient cryptographic protocol verifier based on prolog rulesProceedings. 14th IEEE Computer Security Foundations Workshop, 2001.
Study on subscriber privacy impact in 3GPP
AKA usage in 3GPP
B. Lüderitz (1999)
HistoryJournal of Interventional Cardiac Electrophysiology, 3
Jannik Dreier, L. Hirschi, S. Radomirovic, R. Sasse (2018)
Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR2018 IEEE 31st Computer Security Foundations Symposium (CSF)
Open5GCore -The Next Mobile Core Network Testbed Platform
“Tamarin tool code.”
“3GPP System Architecture Evolution (SAE); Security architecture,”
TeliaSonera launches world's first commercial LTE networks in Sweden and Norway
Xiehua Li, Yongjun Wang (2011)
Security Enhanced Authentication and Key Agreement Protocol for LTE/SAE Network2011 7th International Conference on Wireless Communications, Networking and Mobile Computing
the latter could be inferred we let Γ ′ [ p + 1 ] and Γ ′ [ p ] be the bits positions of Γ plus the (possible) remainder
“ACR38 Smart Card Reader.”
Locating Mobile Phones using Signalling System 7
“pySIM: A python tool to program magic SIMs,”
“Study on the security aspects of the next generation system,”
Simon Meier, Benedikt Schmidt, C. Cremers, D. Basin (2013)
The TAMARIN Prover for the Symbolic Analysis of Security Protocols
F. Broek, Roel Verdult, Joeri Ruiter (2015)
Defeating IMSI CatchersProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
A. Prasad, S. Arumugam, B. Sheeba, A. Zugenmaier (2018)
3GPP 5G SecurityJ. ICT Stand., 6
Anastasios Bikos, N. Sklavos (2013)
LTE/SAE Security Issues on 4G Wireless NetworksIEEE Security & Privacy, 11
Muzammil Khan, Attiq Ahmed, A. Cheema (2008)
Vulnerabilities of UMTS Access Domain Security Architecture2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing
Advanced Card Systems Holdings Limited
D. Forsberg, G. Horn, W. Moeller, Valtteri Niemi (2010)
LTE Security
Specification of the TUAK algorithm set: A second example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: Algorithm specification
(2013)
Attention Shoppers: Store is Tracking Your Cell
Understanding IMSI Privacy
L. Hirschi, David Baelde, S. Delaune (2016)
A Method for Verifying Privacy-Type Properties: The Unbounded Case2016 IEEE Symposium on Security and Privacy (SP)
“Security architecture and procedures for 5G System,”
“USRP B210.”
“Definitive data and analysis for the mobile industry,”
I. Gomez-Miguelez, Andres Garcia-Saavedra, P. Sutton, P. Serrano, C. Cano, D. Leith (2016)
srsLTE: an open-source platform for LTE evolution and experimentationProceedings of the Tenth ACM International Workshop on Wireless Network Testbeds, Experimental Evaluation, and Characterization
sysmoUSIM-SJS1
A. Musa, Jakob Eriksson (2012)
Tracking unmodified smartphones using wi-fi monitors
“SCAT: Signaling Collection and Analysis Tool.”
OpenLTE
Vincent Cheval, B. Blanchet (2013)
Proving More Observational Equivalences with ProVerif
“Service requirements for the Evolved Packet System (EPS),”
Muxiang Zhang, Yuguang Fang (2005)
Security analysis and enhancements of 3GPP authentication and key agreement protocolIEEE Trans. Wirel. Commun., 4
be able to infer the bit of SQN 0 UE at position p
Myrto Arapinis, L. Mancini, Eike Ritter, M. Ryan, N. Golde, Kevin Redon, Ravishankar Borgaonkar (2012)
New privacy issues in mobile telephony: fix and verificationProceedings of the 2012 ACM conference on Computer and communications security
S. Delaune, L. Hirschi (2016)
A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocolsArXiv, abs/1610.08279
DEMO: Range Networks rings in cell-phone service for USD 2 a month
“Faraday Cage: What Is It? How Does It Work?”
Changhee Hahn, Hyunsoo Kwon, Daeyoung Kim, Kyungtae Kang, Junbeom Hur (2014)
A Privacy Threat in 4th Generation Mobile Telephony and Its Countermeasure
P. O'Hanlon, Ravishankar Borgaonkar, L. Hirschi (2017)
Mobile Subscriber WiFi Privacy2017 IEEE Security and Privacy Workshops (SPW)
Myrto Arapinis, Tom Chothia, Eike Ritter, M. Ryan (2010)
Analysing Unlinkability and Anonymity Using the Applied Pi Calculus2010 23rd IEEE Computer Security Foundations Symposium
D. Basin, Jannik Dreier, L. Hirschi, S. Radomirovic, R. Sasse, Vincent Stettler (2018)
A Formal Analysis of 5G AuthenticationProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Fang-Yie Leu, I. You, Yi-Li Huang, Kangbin Yim, Cheng-Ru Dai (2012)
Improving security level of LTE authentication and key agreement procedure2012 IEEE Globecom Workshops
Ravishankar Borgaonkar (2015)
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication SystemsArXiv, abs/1510.07563
AbstractMobile communications are used by more than two-thirds of the world population who expect security and privacy guarantees. The 3rd Generation Partnership Project (3GPP) responsible for the worldwide standardization of mobile communication has designed and mandated the use of the AKA protocol to protect the subscribers’ mobile services. Even though privacy was a requirement, numerous subscriber location attacks have been demonstrated against AKA, some of which have been fixed or mitigated in the enhanced AKA protocol designed for 5G.In this paper, we reveal a new privacy attack against all variants of the AKA protocol, including 5G AKA, that breaches subscriber privacy more severely than known location privacy attacks do. Our attack exploits a new logical vulnerability we uncovered that would require dedicated fixes. We demonstrate the practical feasibility of our attack using low cost and widely available setups. Finally we conduct a security analysis of the vulnerability and discuss countermeasures to remedy our attack.
Proceedings on Privacy Enhancing Technologies – de Gruyter
Published: Jul 1, 2019
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.