Protocol Interactions and the Chosen Protocol Attack
Proceedings of the 5th International Workshop on Security Protocols
A man-in-the-middle attack on UMTS
Proceedings of the 3rd ACM workshop on Wireless security
Implications of Unlicensed Mobile Access (UMA) for GSM security
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Using the domain name system for system break-ins
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Solutions to the GSM Security Weaknesses
NGMAST '08 Proceedings of the 2008 The Second International Conference on Next Generation Mobile Applications, Services, and Technologies
A Survey of Voice over IP Security Research
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
An Introduction to Standards-Based VoIP: SIP, RTP, and Friends
IEEE Internet Computing
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Security analysis and enhancements of 3GPP authentication and key agreement protocol
IEEE Transactions on Wireless Communications
The most dangerous code in the world: validating SSL certificates in non-browser software
Proceedings of the 2012 ACM conference on Computer and communications security
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
Next generation IP telephony such as the IP Multimedia Subsystem (IMS) framework has been used to create Internet calling services which let cellular users make and receive calls even when without cellular reception. In this paper, we look at the security aspects of Internet calling services and other systems that use the 3GPP Authentication and Key Agreement (AKA) protocol for authentication, particularly focusing on the context of cellular authentication in Android. We describe a new man-in-the-middle attack on T-Mobile's Wi-Fi Calling service, which is installed on millions of T-Mobile Android smartphones. We also describe three new attacks on AKA in the context of Internet calling and Android. We have worked with T-Mobile to fix the man-in-the-middle vulnerability, and we present clear and actionable solutions to fix the remaining vulnerabilities.