Abstract
Both GSM (2G) and UMTS (3G) wireless standards are deployed worldwide. Like the 4G standard now appearing, these standards provide for mobile devices with differing capabilities to roam between providers or technologies. This poses serious challenges in ensuring authentication and other security properties. Automated analysis of security properties is needed to cope with the large number of possible scenarios. While some attacks exploit weaknesses in cryptographic functions, many attacks exploit flaws or other features of the protocol design. The latter attacks can be found using symbolic (Dolev-Yao) models. This paper demonstrates the use of a fully automatic tool to exhaustively analyze symbolic models of GSM, UMTS, and the respective roaming protocols. The results include the demonstration of known attacks as well as the confirmation of expected properties.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Blanchet, B., Fournet, C.: Just Fast Keying in the Pi Calculus. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 340–354. Springer, Heidelberg (2004)
Blanchet, B., Chaudhuri, A.: Automated formal analysis of a protocol for secure file sharing on untrusted storage. In: IEEE Symp. on Sec. and Priv. (2008)
Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Automatic validation of protocol narration. In: IEEE CSFW, pp. 126–140 (2003)
Bouassida, M.S., Chridi, N., Chrisment, I., Festor, O., Vigneron, L.: Automated verification of a key management architecture for hierarchical group protocols. Annals of Telecommunications (2007)
Chang, R., Shmatikov, V.: Formal analysis of authentication in Bluetooth device pairing. In: FCS-ARSPA (2007)
Dunkelman, O., Keller, N., Shamir, A.: A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 393–410. Springer, Heidelberg (2010)
Escobar, S., Meadows, C., Meseguer, J.: State Space Reduction in the Maude-NRL Protocol Analyzer. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 548–562. Springer, Heidelberg (2008)
Fox, D.: Der IMSI catcher. In: DuD Datenschutz und Datensicherheit (2002)
Golić, J.D.: Cryptanalysis of Alleged A5 Stream Cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)
Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)
Mitchell, C.J., Knudsen, L.R.: An analysis of the 3GPP-MAC scheme. In: WCC (2001)
Lim, S.-H., Bang, K.-S., Yi, O., Lim, J.: A Secure Handover Protocol Design in Wireless Networks with Formal Verification. In: Boavida, F., Monteiro, E., Mascolo, S., Koucheryavy, Y. (eds.) WWIC 2007. LNCS, vol. 4517, pp. 67–78. Springer, Heidelberg (2007)
Meyer, U.: Secure Roaming and Handover Procedures in Wireless Access Networks. PhD thesis, Darmstadt University of Technology, Germany (2005)
Meyer, U., Wetzel, S.: A man-in-the-middle attack on UMTS. In: ACM WiSec, pp. 90–97 (2004)
Meyer, U., Wetzel, S.: On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks. In: IEEE Symposium on Personal, Indoor and Mobile Radio Communications (2004)
Niemi, V., Nynberg, K.: UMTS Security. Wiley (2003)
Taha, A., Abdel-Hamid, A., Tahar, S.: Formal analysis of the handover schemes in mobile WiMAX networks. In: Conf. on Wireless and Optical Comm. Net. (2009)
Taha, A., Abdel-Hamid, A., Tahar, S.: Formal verification of IEEE 802.16 security sublayer using Scyther tool. In: IFIP N2S 2009, pp. 1–6 (2009)
3GPP The mobile broadband standard, http://www.3gpp.org/specifications
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Tang, C., Naumann, D.A., Wetzel, S. (2012). Symbolic Analysis for Security of Roaming Protocols in Mobile Networks. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds) Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 96. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31909-9_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-31909-9_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31908-2
Online ISBN: 978-3-642-31909-9
eBook Packages: Computer ScienceComputer Science (R0)