Questioning the Feasibility of UMTS-GSM Interworking Attacks
نویسندگان
چکیده
Recently, Ahmadian and Salimi [1] presented and analyzed three different attacks that can be performed in UMTS-GSM interworking networks: (i) a real-time eavesdropping attack, (ii) an offline eavesdropping attack, and (iii) an impersonation attack. In this letter we question the feasibility of these attacks. In particular, we pinpoint and analyze that these attacks are based on some erroneous and misleading assumptions that the authors have made regarding the security functionality of the UMTS-GSM interworking networks. Based on this analysis, we deduce that these three attacks cannot be performed. Overall, three different attacks, which exploit new identified security weaknesses are presented in [1] targeting UMTS-GSM interworking networks. All attacks are performed in two steps. For the better understanding of the presented notions in this letter, we briefly outline these attacks highlighting the specific erroneous and misleading assumptions. ATTACK 1: Real time eavesdropping (see Figure 1) In step 1 of this attack, the adversary performs a man in the middle attack in the GSM-AKA procedure to obtain the session key Kc of GSM-AKA. In step 2, MS executes a UMTS-AKA with a valid 3G VLR/SGSN via a BTS of GSM. STEP 1: The adversary mounts a man in the middle attack in GSM-AKA PHASE 1: IMSI catching (the adversary impersonates a BTS of GMS) 1. The victim MS connects and sends its security capabilities to a false BTS of GSM (ASSUMPTION 3). The false BTS is under the adversary's control. 2. The adversary sends a user identity request message to the victim MS. 3. MS responses with its permanent identity (IMSI) and the adversary disconnects from MS. PHASE 2: Obtaining RAND and AUTN (in this phase the adversary impersonates the victim MS)
منابع مشابه
Security Mechanisms in UMTS
This contribution presents an overview of the security of the 3 generation mobile radio system UMTS as currently standardised by the 3 Generation Partnership Project 3GPP. We discuss the underlying principles and show to which extent the security of 2 generation systems as GSM is improved and enhanced by UMTS. The UMTS Authentication and Key Agreement protocol, the security algorithms deployed ...
متن کاملTerminal and Interworking Aspects of Broadband Multimedia Mobility
Third generation mobile systems supporting UMTS radio access, will offer a wide range of telecommunication services including voice, video and data. In line with the ETSI GMM report, these services will be provided in both public and private environments via multiple access networks such as ATM, DECT, GSM and UMTS. The evolution path from second generation systems towards UMTS is investigated w...
متن کاملInter-RAT Handover Between UMTS And WiMAX
The future beyond third generation (B3G) or fourth generation (4G) systems will consist of different radio access technologies, such as GSM/GPRS, UMTS, WiFi, and WiMAX. Many intensive efforts have been made to identify the unsolved issues about the future mobile systems, and one important issue is what the future vertical handover management solution will be. A variety of mobility management so...
متن کاملSecurity in mobile phone systems
In this paper, we discuss security issues associated with mobile telephone networks and focus on the unique issues that appear due to the mobility of the user. We provide an overview of how some of these issues are addressed in the second-generation mobile network GSM and consider some of the possible shortcomings of that network. We then compare security features in GSM with those implemented ...
متن کاملAn Analysis of Prioritized Hybrid Interworking Requirements in Next-Generation Wireless Networks
The growing demands for ubiquitous high-speed data services require hybrid interworking in NextGeneration (NG) wireless networks. Handover management is important in providing seamless roaming when User Equipments (UE) are moving across boundaries of radio coverage areas provided by different networking technologies. Handover mechanisms have been well studied in homogeneous circuit-switched net...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Wireless Personal Communications
دوره 65 شماره
صفحات -
تاریخ انتشار 2012