New privacy issues in mobile telephony: fix and verification

Authors:
Myrto Arapinis;Loretta Mancini;Eike Ritter;Mark Ryan;Nico Golde;Kevin Redon;Ravishankar Borgaonkar
Affiliations:
University of Birmingham, Birmingham, United Kingdom;University of Birmingham, Birmingham, United Kingdom;University of Birmingham, Birmingham, United Kingdom;University of Birmingham, Birmingham, United Kingdom;Technische Universität Berlin, Berlin, Germany;Technische Universität Berlin, Berlin, Germany;Technische Universität Berlin, Berlin, Germany
Venue:
Proceedings of the 2012 ACM conference on Computer and communications security
Year:
2012

Citing 12
Cited 2

Mobile values, new names, and secure communication

POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
A man-in-the-middle attack on UMTS

Proceedings of the 3rd ACM workshop on Wireless security
Breaking and fixing public-key Kerberos

Information and Computation
Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps

Proceedings of the 6th ACM workshop on Formal methods in security engineering
New attacks on UMTS network access

WTS'09 Proceedings of the 2009 conference on Wireless Telecommunications Symposium
Femtocells: Technologies and Deployment

Femtocells: Technologies and Deployment
Analysing Unlinkability and Anonymity Using the Applied Pi Calculus

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Attacking and fixing PKCS#11 security tokens

Proceedings of the 17th ACM conference on Computer and communications security
RFID traceability: a multilayer problem

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Location privacy for cellular systems; analysis and solution

PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
Security analysis and enhancements of 3GPP authentication and key agreement protocol

IEEE Transactions on Wireless Communications

Let me answer that for you: exploiting broadcast information in cellular networks

SEC'13 Proceedings of the 22nd USENIX conference on Security
SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Mobile telephony equipment is daily carried by billions of subscribers everywhere they go. Avoiding linkability of subscribers by third parties, and protecting the privacy of those subscribers is one of the goals of mobile telecommunication protocols. We use formal methods to model and analyse the security properties of 3G protocols. We expose two novel threats to the user privacy in 3G telephony systems, which make it possible to trace and identify mobile telephony subscribers, and we demonstrate the feasibility of a low cost implementation of these attacks. We propose fixes to these privacy issues, which also take into account and solve other privacy attacks known from the literature. We successfully prove that our privacy-friendly fixes satisfy the desired unlinkability and anonymity properties using the automatic verification tool ProVerif.