Mobile Subscriber WiFi Privacy

O'Hanlon, Piers; Borgaonkar, Ravishankar; Hirschi, Lucca

doi:10.1109/spw.2017.14

Cited by 16 publications

(12 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As future work, we would like to study mobile telecommunication protocols that use XOR such as the AKA protocol [3] [1]. Previous analyses of this protocol [5], [49] were not able to model parts of the protocol making use of XOR, therefore providing guarantees that are too weak in our opinion. We would like to investigate the new perspectives opened by our extension in TAMARIN and faithfully analyze the AKA protocol as used in existing mobile networks (i.e., 3G [3] and 4G [1]) as well as in 5G that is being standardized [2].…”

Section: Discussionmentioning

confidence: 99%

Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR

Dreier

Hirschi

Radomirović

et al. 2018

2018 IEEE 31st Computer Security Foundations Symposium (CSF)

Self Cite

View full text Add to dashboard Cite

Exclusive-or (XOR) operations are common in cryptographic protocols, in particular in RFID protocols and electronic payment protocols. Although there are numerous applications, due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR. The TAMARIN prover is a state-of-the-art verification tool for cryptographic protocols in the symbolic model. In this paper, we improve the underlying theory and the tool to deal with an equational theory modeling XOR operations. The XOR theory can be freely combined with all equational theories previously supported, including user-defined equational theories. This makes TAMARIN the first tool to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs.

show abstract

Section: Discussionmentioning

confidence: 99%

Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR

Dreier

Hirschi

Radomirović

et al. 2018

2018 IEEE 31st Computer Security Foundations Symposium (CSF)

Self Cite

View full text Add to dashboard Cite

show abstract

“…While designing the AKA protocol in the year 2000, fake base stations were considered expensive in terms of required financial resources and the attacker's capabilities. However, such fake base stations can now be easily built using e.g., widely available hardware [27] or even WiFi technology [40]. Therefore, in our security analysis, we consider both passive and active attacker models for 3G, 4G, and 5G networks.…”

Section: Threat Modelmentioning

confidence: 99%

“…Related Work. Such techniques have already been leveraged in the past (notably by 3GPP) to formally verify the AKA protocol to some extent (e.g., formal analysis in enhanced BAN Logic and TLA [2], in the tool ProVerif [16,40]). More recently, an in-depth formal analysis of 5G AKA [19] has been conducted using the tool Tamarin [38].…”

Section: Formal Verificationmentioning

confidence: 99%

New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols

Borgaonkar

Hirschi

Park

et al. 2019

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

Mobile communications are used by more than two-thirds of the world population who expect security and privacy guarantees. The 3rd Generation Partnership Project (3GPP) responsible for the worldwide standardization of mobile communication has designed and mandated the use of the AKA protocol to protect the subscribers’ mobile services. Even though privacy was a requirement, numerous subscriber location attacks have been demonstrated against AKA, some of which have been fixed or mitigated in the enhanced AKA protocol designed for 5G. In this paper, we reveal a new privacy attack against all variants of the AKA protocol, including 5G AKA, that breaches subscriber privacy more severely than known location privacy attacks do. Our attack exploits a new logical vulnerability we uncovered that would require dedicated fixes. We demonstrate the practical feasibility of our attack using low cost and widely available setups. Finally we conduct a security analysis of the vulnerability and discuss countermeasures to remedy our attack.

show abstract

“…This modelling and analysis uses ProVerif, formally verifying the proposed solutions achieving unlinkability and anonymity. O'Hanlon et al [23] consider the interaction between 4G's authentication protocols and operator-backed WiFi services; they detail how the interaction between these can enable serious privacy violations, as well as their experiences reporting the discovered issues to the relevant stakeholders. Hussain et al [18] combine symbolic model checking with cryptographic protocol verification for 4G's attach, detach, and paging procedures, discovering 10 new attacks, including an authentication relay attack, allowing an adversary to spoof the location of a legitimate user.…”

Section: Introductionmentioning

confidence: 99%

Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session Confusion

Cremers

Dehnel-Wild

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

The 5G mobile telephony standards are nearing completion; upon adoption these will be used by billions across the globe. Ensuring the security of 5G communication is of the utmost importance, building trust in a critical component of everyday life and national infrastructure. We perform fine-grained formal analysis of 5G's main authentication and key agreement protocol (AKA), and provide the first models to explicitly consider all parties defined by the protocol specification. Our analysis reveals that the security of 5G-AKA critically relies on unstated assumptions on the inner workings of the underlying channels. In practice this means that following the 5G-AKA specification, a provider can easily and 'correctly' implement the standard insecurely, leaving the protocol vulnerable to a security-critical race condition. We provide the first models and analysis considering component and channel compromise in 5G, whose results further demonstrate the fragility and subtle trust assumptions of the 5G-AKA protocol. We propose formally verified fixes to the encountered issues, and have worked with 3GPP to ensure these fixes are adopted. Køien [19] proposes improvements to 4G's AKA, achieving full mutual online authentication. Previous AKA protocols delegate authority from the home network to a serving network by forwarding up to 5 irrevocable authentication vectors, allowing the home network to be offline during the challengeresponse phase of the protocol: this requires too high a level of trust between network operators, hence they propose a modified protocol which is fully online for all parties. 5G-AKA now only forwards one authentication vector at a time. Arapinis et al. [9] analyse 3G's authentication protocols, discovering attacks against the privacy and linkability of subscriber

show abstract

Mobile Subscriber WiFi Privacy

Cited by 16 publications

References 23 publications

Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR

Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR

New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols

Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session Confusion

Contact Info

Product

Resources

About