2014
DOI: 10.1007/978-3-319-08344-5_25
|View full text |Cite
|
Sign up to set email alerts
|

Another Look at Privacy Threats in 3G Mobile Telephony

Abstract: Abstract. Arapinis et al. [1] have recently proposed modifications to the operation of 3G mobile phone security in order to address newly identified threats to user privacy. In this paper we critically examine these modifications. This analysis reveals that the proposed modifications are impractical in a variety of ways; not only are there security and implementation issues, but the necessary changes to the operation of the system are very significant and much greater than is envisaged. In fact, some of the pr… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
6
0

Year Published

2015
2015
2020
2020

Publication Types

Select...
4
1
1

Relationship

2
4

Authors

Journals

citations
Cited by 10 publications
(6 citation statements)
references
References 7 publications
0
6
0
Order By: Relevance
“…In this paper we focus on the (provable) privacy of AKA, but also consider its security. Three attacks in the literature, namely IMSI catcher attacks [8], IMSI paging attacks [13,27], and impersonation by servercorruption [20], already prove that AKA does not offer the desired degree of client privacy. IMSI catchers allow passive and active adversaries to track clients by exploiting the fact that during the protocol run, the server will require clients to send their permanent identifier IMSI if the TMSI value cannot be traced back to an IMSI.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…In this paper we focus on the (provable) privacy of AKA, but also consider its security. Three attacks in the literature, namely IMSI catcher attacks [8], IMSI paging attacks [13,27], and impersonation by servercorruption [20], already prove that AKA does not offer the desired degree of client privacy. IMSI catchers allow passive and active adversaries to track clients by exploiting the fact that during the protocol run, the server will require clients to send their permanent identifier IMSI if the TMSI value cannot be traced back to an IMSI.…”
Section: Introductionmentioning
confidence: 99%
“…As we show in this work, their variant does not in fact guarantee user untraceability. The attack we present breaks client-indistinguishability by exploiting the fact that an adversary can forge the encrypted IMSI message proposed by Arapinis et al In work orthogonal to ours, Khan et al [13] also critically examined the variant of [22], pointing out impracticalities and security/privacy failures. An important criticism addresses the PKI for clients and servers; as we explain below, in our own variant, we minimize the modifications both in terms of computation and administration costs.…”
Section: Introductionmentioning
confidence: 99%
“…The feasibility of implementing the solutions we propose to fix the identification procedure, IMSI paging procedure and AKA protocol in the current 2G/3G infrastructure is discussed in [60].…”
Section: Lte Privacymentioning
confidence: 99%
“…Indeed any difference in behaviour would be a source of additional information flows. Note that, as suggested in [60], simpler solutions such as not sending any error message or sending a constant error message are also possible. However, these solutions do not allow the network to perform neither resynchronization nor any other sort of error recovery procedure since no information on the cause of the failure is given to it.…”
Section: Fixes Of the Analysed Proceduresmentioning
confidence: 99%
“…when registering with the network after switching on a phone. This user privacy issue has been discussed extensively in the literature [5,6,7,20,21,27,28], and many modifications to existing protocols have been proposed to avoid the problem [5,7,19,28]. All these proposals involve making major modifications to the air interface protocol, which would require changes to the operation of all the serving networks as well as all the deployed phones.…”
Section: Introductionmentioning
confidence: 99%