New Privacy Issues in Mobile Telephony

:
Fix and Verification

Myrto Arapinis, Loretta Mancini, Nico Golde, Kevin Redon,
Eike Ritter, Mark Ryan Ravishankar Borgaonkar
University of Birmingham Technische Universität Berlin and
School of Computer Science Deutsche Telekom Laboratories
Birmingham, UK Berlin, DE
m.d.arapinis, l.mancini, e.ritter, nico, kredon,
m.d.ryan@cs.bham.ac.uk ravii@sec.t-labs.tu-berlin.de

ABSTRACT cols have been designed to prevent third parties, eavesdrop-
Mobile telephony equipment is daily carried by billions of ping on the radio link, from identifying wireless messages as
subscribers everywhere they go. Avoiding linkability of sub- coming from a particular mobile phone. Therefore, mobile
scribers by third parties, and protecting the privacy of those phones identify themselves, whenever possible, by means of
subscribers is one of the goals of mobile telecommunication temporary identifiers (TMSIs) instead of using their long
protocols. We use formal methods to model and analyse the term unique identities (IMSIs). Temporary identities are
security properties of 3G protocols. We expose two novel periodically updated by the network. To avoid linkability,
threats to the user privacy in 3G telephony systems, which the assignment of a new temporary identity is encrypted us-
make it possible to trace and identify mobile telephony sub- ing a session key established through the 3G Authentication
scribers, and we demonstrate the feasibility of a low cost and Key Agreement (AKA) protocol.
implementation of these attacks. We propose fixes to these When 3G protocols were first introduced in 1999, ac-
privacy issues, which also take into account and solve other tive attack scenarios were a remote possibility because of
privacy attacks known from the literature. We successfully the high cost of the equipment required, the closedness of
prove that our privacy-friendly fixes satisfy the desired un- the hardware design and the lack of open source imple-
linkability and anonymity properties using the automatic mentations of the protocol stack. This scenario has re-
verification tool ProVerif. cently changed. Cheap base stations [19] can be produced by
programming USRP (Universal Software Radio Peripheral)
boards [21]. These lower the cost of producing radio devices
Categories and Subject Descriptors thanks to software emulation of specialized functions once
D.2.4 [Software Program Verification]: Formal Methods
executed by expensive hardware. The increasing popular-
ity of USRPs led for example to a cheap implementation of
General Terms fake base station attacks on GSM (Global System for Mo-
Verification, Security bile Communication) [31], which were considered sufficiently
costly to prevent wide-scale attacks. Shorter range base sta-
Keywords tions, available at affordable prices, have been targeted as
Unlinkability, Anonymity, ProVerif, Mobile Telephony well by open source developers (e.g. openBSC project [33]),
security researchers [23]. Certain old mobile phones based on
the Ti Calypso GSM baseband chips, can be reprogrammed
1. INTRODUCTION by flashing an open source version of the protocol stack (de-
While most mobile phone users accept that the network veloped by the osmocom-BB project [34]). These new devel-
operator can track their geographical movements, few would opments open at the same time the way for the exploration
be happy if an arbitrary third party could do so. Such a of new uses of mobile telephony technology [1, 30] and for
possibility would enable all kinds of undesirable behaviour, the exploitation of its weaknesses [20, 23, 31, 29], making
ranging from criminal stalking and harassment to more mun- active attack scenarios an increasingly likely reality.
dane monitoring of spouse or employee movements, as well Hence, we believe active attackers should now be consid-
as profiling for commercial and advertisement purposes. For ered when analysing mobile systems in order to obtain con-
this reason, 3G (Third Generation) mobile phone proto- vincing and reliable results on their security. From this per-
spective we present a formal analysis of the 3G subscribers
privacy. We expose two novel threats and we demonstrate
that these threats can lead to real implementations which
make use of cheap equipment. Furthermore, we propose pri-
vacy friendly fixes to thwart the detected privacy issues and
we formally verify that our fixes achieve the desired privacy
goals.

CCS’12, October 16–18, 2012, Raleigh, North Carolina, USA. Our Contributions. Linkability of transactions has been

with the birth of UMTS. the only at- manent user identity (IMSI) of a user to whom a service is tack that does not rely on GSM/3G interoperability has been delivered cannot be eavesdropped on the radio access link. which are the scope of our analysis. serving network.2 Related Work anonymity. the currently available automated tools are still (AKA). The use of formal methods allows us to: (i) pre. p. In order to achieve these two privacy-related properties. as well as user privacy [6]. dates of the temporary identity. 19. 24] though it has been 3G (and GSM) relies on the use of temporary identities TM- overlooked so far by most of the existing studies of mobile SIs (Temporary Mobile Subscriber Identities) for identifying telecommunication protocols which instead focus on confi. is acknowl- linkability and anonymity. that the fixed protocols (presented in Section 5) satisfy both implementing an IMSI catcher required specialised software unlinkability and anonymity (Section 6). (ii) identify new vulnerabilities with respect TMSI reallocation procedure. achieve mutual authentication and establish a pair of shared ify unlinkability and anonymity properties [11]. User identity confidentiality: the property that the per. (ii) IMSI Catcher.2). 17. session keys. these attacks cannot be carried out 2. and to lower costs of mobile data communications. to avoid the traceability of cisely and unambiguously define the desired privacy prop. increased data rates of mutual authentication and the use of weak encryption. confidentiality of data because they rely on the lack of mutual authentication in and voice communication. presented by Zhang and Fang in [36]. New temporary identi- erties in terms of third-party strong anonymity and strong ties are periodically assigned by the network through the unlinkability. 3G privacy goals include the following [6]: cation from 3G to GSM. such devices Moreover.r. The automatic verification with the ProVerif tool allows us to: (i) verify strong unlinkability and strong 2. which is the best ing an unbounded number of sessions. However. Fur. 3G aims to provide authentication.1 3G Security Requirements on pure 3G networks. by implementing them in real 3G emulation [31]. dentiality and authentication requirements (Section 2. Until fairly recently. Three categories of attacks time these definitions of privacy properties have been suc- on mobile telephony systems have been described in the past. s. namely a ciphering key and an integrity key. Moreover. tant threat for user privacy [14. dropping of the IMSI in plaintext communications would tackers and in particular w. 32] vided by more error-prone manual techniques. Indeed. Here we de. These attacks allow an active attacker to violate the user thermore.t.r.t.(iv) obtain a higher known attack to mobile telephony users’ privacy. such as the lack support for mobile data applications. To the best of our knowledge. velop ways to model the protocols and the desired properties These keys are used to ensure the secrecy and integrity of as biprocesses in order to use the ProVerif tool on our 3G the subsequent communications. For our analysis we use automated formal parties. To the best of our knowledge. to offer better authentication and key agreement protocol. kind take advantage of well-known weaknesses of the GSM troduced in 1999. the 3G standard requires periodic up- methods. 3G offers an improved security architecture with identity confidentiality. 6. and is realised using a modified femtocell. cuting the 3G Authentication and Key Agreement protocol However. ternational Mobile Subscriber Identities). GSM and on the possibility of downgrading the communi- ticular. and paging mobile phones (more precisely mobile stations. It was in. case study. In par. O2. we demonstrate how these vulnerabilities can have become more and more affordable thanks to software lead to practical attacks. The identification procedure. unlinkability and anonymity allow the identification of mobile telephony users by third of 3G subscribers. However. T-Mobile) and in France mentation of a 3G IMSI catcher is the one presented in [23] (SFR) (Section 4). The newly assigned TMSI is to subscriber privacy thanks to a rigorous specification of encrypted using a session key which is established by exe- the protocols and of the analysed properties.2]. To the best of our knowledge the only imple- networks in Germany (Vodafone. It consists level of confidence in the resulting proofs than the ones pro- in forcing a mobile phone to reveal its identity (IMSI) [22. The 3G AKA protocol allows MS and network to quite limited and cannot straightforwardly be used to ver. consisting verify that the fixes we propose do preserve the privacy of in the request of the user identity by the network followed the mobile phone users from third parties in terms of un- by a cleartext reply containing the user identity. This attack is a vari- User untraceability: the property that an intruder can. it is the first Known 3G Vulnerabilities. 3G specific. Most of the reported attacks of this Third Generation Partnership Project (3GPP). ant of the false base station attack and takes advantage of not deduce whether different services are delivered to the the fact that the mobile station does not authenticate the same user by eavesdropping on the radio access link. (iii) automatically verify privacy edged in the 3G standard as a breach of the user identity properties expressed as equivalence relations between sys- confidentiality [6. Previously proposed attacks 2. obtaining services which will be billed on the victim’s ac- count [10]. With our by triggering the identification procedure from a fake oper- method ProVerif successfully detects the privacy vulnera- ator base station (configured with the corresponding mobile bilities (described in Section 3) and also successfully proves network and country code settings). It allows the redirection of the victim’s . to eavesdrop on outbound commu- respect to previous mobile telecommunication systems such nications [28] and to masquerade as a legitimate subscriber as GSM (Global System for Mobile Communication). In MSs) instead of using their long-term identities IMSIs (In- this paper. we present the first formal analysis of 3G proto. BACKGROUND AND RELATED WORK on 3G security exploit the vulnerabilities which are propa- Third Generation telecommunications systems (3G) is a gated from GSM to 3G when providing interoperability be- mobile telephony standard specified and maintained by the tween the two systems. privacy of mobile phone users from third party at. This procedure is exploited tems consisting of an unbounded number of agents execut- by the well-known “IMSI catcher” attack. the eaves- cols w. a mobile station by third parties.identified and often reported by the media as an impor. cessfully used for verification using an automated tool. and equipment such as base stations. 3G/GSM-interoperability.

The formal framework but at the same time precisely specify the interactions on used in our paper allows us to precisely define and verify pri- the air between MS and network. KIMSI . we assume that the used for encryption and integrity check of communications. in a real setting. A mobile AKA protocol. As argued in Section 1 and as witnessed by the attacks assigned to the subscriber by the mobile operator and stored implementation presented in Section 4. However. which are the subject of vacy related properties. the authors aim to achieve MSs anonymity with respect in all the location areas most recently visited by the mo- to the serving network. service theft and data con- Pag Req. trolling the radio link communications. we abstract away from any communication communication. the link between the paged expose a subscriber’s identity and allow an attacker capable IMSI and the related TMSI would need to be confirmed by of sending and receiving messages on the air to identify the replaying the attack several times. a convincing analysis in the USIM. To achieve this purpose. 3.e. NOVEL PRIVACY THREATS and to correlate their IMSI and TMSI. erties. The secret key allows the MS and the network of 3G privacy and security should consider active attackers to compute shared ciphering and integrity session keys to be instead of passive ones. they propose The paging request message is sent on a Common Control a new mechanism for the location update and a three way Channel (CCCH) and contains the identity of one or more handshake protocol. the IMSI can be used work. unlike our the TMSI to identify a MS. However. consists mobile station and the base station. This architecture involves simply the mobile stations and the network. with no GSM support) has been formally on the radio link. architecture. the attacker does not need to know any 3. which Section 4. privacy related properties such within the network and model only communication between as unlinkability and anonymity. inject. As we will see. IMSI attack concerns impersonation. In particu. nor does it provide a formal verification of station receiving a paging request establishes a dedicated the properties of the proposed protocols. Paging request messages are sent by the network lar. or even track its movements across a set of monitored ar- eas. we can discover privacy at- our analysis. this work is not supported by a formal model of the when the TMSI is not known by the network. It relies on the study and modelling of the 3G standard Figure 1: 3G IMSI Paging Procedure and does not make assumptions about interoperability be- tween GSM and 3G. their channel to allow the delivery of the service and sends a pag- attacker model considers the network as not fully trusted.2 AKA Protocol Linkability Attack keys.1 IMSI Paging Attack Other Work on 3G Privacy Enhancement A new frame. The MS with identity logic. ing response containing the most recently assigned TMSI while we are only concerned about third party attackers con. Moreover. This kind of The Authentication and Key Agreement (AKA) proto- vulnerabilities usually look trivial once uncovered but often col achieves mutual authentication between a MS and the remain unnoticed for long time. TMSI Our work is based on the formal analysis of pure 3G proto- cols. This abstraction allows us work. TMSI KIMSI . Hence. 36]. while our work exhibits privacy issues arising in 3G. and modify messages.2. Before sending an authen- . This attacker model is the and the authentication response. 10. attacker has unlimited access to the radio link between the The 3G AKA protocol [6]. and servers connected with it and forming the 3G control such as authentication and confidentiality of data and voice network. He can sniff. the home network. ing call. The paging procedure is typically run using the currently used 3G AKA protocol. As we will detail in In this section we describe two breaches of privacy. (see Figure 1). let alone reason about them. and the complex structure of databases proved to meet some of the specified security requirements [3]. presence of a target mobile phone (MS) in a monitored area. We focus on subscriber privacy and same considered in most of the previous work on GSM/3G discover further breaches other than the ones caused by the security [28. and establishes shared session keys to be used to se- fancy cryptography but are caused by errors in the protocol cure the subsequent communications. Pag Res. for example an incom- scriber privacy with respect to the network [26]. in order to deliver a service to it. tacks on the modelled protocols and propose solutions which are formally proved to satisfy the desired privacy properties. IMSI and the network share a secret long-term key. shown in Figure 2. since they do not involve network. The possibility of triggering a paging request for a spe- cific IMSI allows an attacker to check a specific area for the presence of mobile stations of whom he knows the identity. The network models both the Previous Formal Analysis The 3G AKA protocol in its Base Station (BS) which directly communicates with the MS pure form (i. are not analysed in [3]. to be used for authentication instead of mobile stations. For this reason. and location privacy with respect to bile station in order to locate it and deliver a service to it. IMSI . identification procedure and the propagation of GSM weak- In the rest of this paper. The paging procedure is used to locate a mobile station work for authentication has been proposed to provide sub. nor perform any cryptographic operation. Hence. which are the focus of our mobile stations and the network.outgoing traffic to a different network. for example a net- work which uses a weaker encryption algorithm or one which MS Network charges higher rates than the victim’s one. in the exchange of two messages: the authentication request replay. IMSI fidentiality. 3. However. we consider a simplified network nesses to 3G. The framework applied in [3] to hide details which are uninteresting for the purposes of cannot be used to specify unlinkability and anonymity prop- our analysis and keep the models used for verification small. Zhang and Fang’s KIMSI .

When a MAC failure the authentication token AUTN . and the en. or because the received then Recover sequence number XSQN . Only careful analysis w. SQN M S KIMSI . The functions f1. However. in a breach of the subscriber’s untraceability. RAND. RES ′ XMSG||XMAC ← AUTN XSQN ← XMSG ⊕ AK MAC ← f1KIMSI (XSQN ||RAND) if RES ′ = Sync Fail if MAC 6= XMAC then M Sv Found then RES ← Mac Fail elseif XSQN < SQN M S then RES ← Sync Fail Figure 3: AKA Protocol Linkability Attack else RES ← f2KIMSI (RAND) Auth Resp. f3.3 Formal Verification the MAC was generated by the network using the shared While the paging procedure is obviously a breach of key KIMSI . retrieves the sequence number SQN N and then verifies the MAC (condi- tion MAC = XMAC in Figure 2). AUTN contains a MAC cation challenge and authentication token (RAND. attack is shown in Figure 3. SQN N KIMSI . In the former case. The MS receives the authentication request. The sequence num. The captured authentication request key generation functions. was originally sent to. the adversary can distinguish The network always initiates the protocol by sending the any mobile station from the one the authentication request authentication challenge RAND and the authentication to. IMSI . In the latter case. MS Network MS Attacker Network KIMSI . RAND. IMSI . AUTN ) sent by to produce the authentication response parameter RES . the messages exchanged through mobile station stores the greatest sequence number used this procedure contain neither the IMSI nor the TMSI of for authentication. the network computes thentication failure message indicates synchronisation fail- the authentication data: a fresh random challenge RAND. the expected authentica. AUTN AK ← f5KIMSI (RAND) Auth Resp. On reception of the replayed authenti- ken AUTN to the mobile station. the au- tication request to the mobile station. AUTN ). IMSI . f3. f2 is used quest message containing the pair (RAND.The network authenti- cates the mobile station by verifying whether the received CK ← f3KIMSI (RAND) if RES = f2KIMSI (RAND) response is equal to the expected one (RES = f2K (RAND)).t. IMSI . integrity key IK and the authentication response RES and We run the ProVerif tool on the IMSI paging procedure . The time based algorithms as defined in [6]. the integrity key IK. the integrity key IK and the to check the presence of M Sv in a particular area. Indeed. So one could think that the AKA protocol provides check the freshness of the authentication request (condition untraceability by construction. f2. The much more subtle. anonymity key AK. In fact. f4 re-synchronisation. and f5. This value is used to the MS. The authentication function f1 is used to have previously intercepted one legitimate authentication re- calculate the message authentication code MAC . implementation of few false BS would then allow an attacker ber SQN N allows the mobile station to verify the freshness to trace the movements of a victim mobile station. the the network to M Sv . precisely defined The mobile station computes the ciphering key CK . are To detect the presence of a victim mobile station M Sv . and sends a synchronisation failure message. The proposed tacks (see Figure 2). AUTN AK ← f5KIMSI (RAND) Auth Resp. IK ← f4KIMSI (RAND) then CK ← f3KIMSI (RAND) The authentication procedure can fail on the MS side either IK ← f4KIMSI (RAND) else if RES 6= f2KIMSI (RAND) because the MAC verification failed. the privacy requirements could reveal this flaw. f4 and f5 are used to gener. of the concatenation of the random number with a sequence the victim mobile station M Sv successfully verifies the MAC number SQN N generated by the network using an individ. SQN M S KIMSI . and thus that the authentication request was users’ privacy. resulting of the authentication request to defend against replay at. an active attacker just needs to key KIMSI [8]. and as a result a MAC failure message is sent. ure (Sync Fail) as the failure cause. is not in the correct range with respect to the sequence number SQN M S stored in the mo- Figure 2: 3G Authentication and Key Agreement bile station. A new sequence number MAC verification fails when executed by any other mobile is generated either by increment of the counter or through station. SQN N new RAND Auth Req. RAND. so far SQN M S . thanks to the error messages.r. used to compute the authentication parameters. not the case. But we just saw that this is XSQN < SQN M S in Figure 2). occurs the network may initiate the identification procedure. When a synchronisation failure occurs the network performs cryption key CK (see Figure 2). AUTN Auth Req. This step ensures that 3. tion response f2K (RAND). respectively. the ual counter for each subscriber. AUTN Auth Req. the traceability attack on the AKA protocol is intended for the mobile station with identity IMSI . in keyed cryptographic functions computed using the shared one of his monitored areas. the mobile station sends an authentication failure message indicating MAC failure (Mac Fail) as the failure cause. RES sends this response to the network. RES MAC ← f1KIMSI (SQN N ||RAND) AUTN ← (SQN N ⊕ AK)||MAC save RAND. can now be replayed by the adversary each time he wants ate the ciphering key CK.

just connects to the femtocell in the same way as it connects to a standard base station. longing to a designated victim is in the area covered by our ification [4. In The femtocell uses this protocol to forward communication general. one can repeat this procedure multiple times and correlate the 1 The ProVerif code is available online [2] timing and TMSI usage from the multiple replies as in [20]. it does give a hint of the real Figure 4: Experimental Attack Setup attack by highlighting the test of the MAC received from the network as the source of the problem. over the Internet with the network of the operator. physical layer (radio signalling) functions. THE ATTACKS IN PRACTICE radio signalling to TCP/IP based GAN messages and passes In order to test the attacks presented in Section 3 in them to the GANC. we can check whether a phone be- standardised by MNOs in 2004 [25] and led to the GAN spec. SFR. We redirect all the traffic 4.and on the AKA protocol 1 . USRP [21]. the TMSI and the IMSI of our B). the au- functionalities provided by a typical 3G base station (Node thentication token AUTN . In particular. cells. one of the previously stored victim tecture). This allows us. Indeed. response.g. thanks to the initial buildings with otherwise bad coverage. The femtocell maps all Layer-3 4. the anonymity property is proved to hold. 5] in 2005. we intercept. which is connected to the core network of the ing the necessary paging headers and parameters and a mo- operator (refer to [7] for more details of the femtocell archi. station to the mobile phone in both directions. mak- attacks could be mounted by appropriately programming a ing them appear as if legitimately delivered by the MNO. The same tocell forwards these messages to the mobile phone. traffic generated by the phone and the network. Details of how unlinkability and anonymity were defined using the ProVerif calculus are given in Section 6. it thus revealed design flaws. Its coverage radius rooting/hacking of the femtocell. . positioned be- able to the attacks described above. we store the random challenge RAND. O2. the HNB establishes an authenticated secure tunnel traffic that is passed through the MitM GAN proxy. GANC-to- femtocell and femtocell-to-GANC. Using this encrypted connection. it readily answers with a The GAN protocol. for example. to a Man in the Middle (MitM) GAN proxy. In the case of the AKA protocol. So by test. the particular femtocell hardware is tied to the network operator SFR. ent types of GAN messages. Although.1 Femtocell architecture between the femtocell and the GANC to our GAN proxy. We use this MitM GAN stress here that our implementation has the only purpose of proxy as entry point for message injection. we devel- ranges from 10 to 50 meters. especially inside nel for which we own the key material. The adoption of formal verification tools during protocol design could have versa. and distinguish differ- Operator) using an existing wired Internet connection pro. the proposed attacks are not. we reproduce the hacking performed in [23] ing our attacks on T-Mobile. This information is directly extracted from the dition. also called Home Node B (HNB) support most of the In particular. Thus. not the operator. the femtocell forwards all radio IMSI-Paging Procedure Attack To perform the IMSI signalling and user-generated traffic to the GANC (GAN paging attack. we tested the attacks using mobile 4. The authentication token AU T N we use a compromised femtocell like the one described in [23]. ceives the IMSI paging request. This specification has been adopted device. the trace provided by ProVerif is a false attack. while a failed attempt generates no message. The MS does not need any special GAN support. while the unlinkabil- ity property verification fails. e. we use a commer. The fem- and thus are vulnerable to the proposed attacks. is still provided by the victim’s Home network. The protocol was jecting a paging request. us- showing the feasibility of our attacks and confirm that real ing the MitM GAN proxy we can inject messages into the cellular networks follow the 3GPP standard specifications connection between the MNO and the femtocell. and Vodafone victim to gain root access of our femtocell and redirect the traffic MSs. It connects mobile phones to oped a set of applications which allow us to intercept. The crafted paging request is then sent by the GAN The communication between the femtocell and the GANC proxy to the femtocell.2 Attack Procedure phones registered to different operators. In ad. we establish that all these tested networks are vulner. victim MS. However. Thus. we want to tween the femtocell and the GANC. Although. cially available femtocell. ma- the network of the corresponding MNO (Mobile Network nipulate or insert selected messages. In this case. hence just using For the purpose of implementing our attacks (Section 3). which is a hardware device able to emit and To perform the attacks. i.e. Additionally. to vided by the femtocell user. bile station identity. 3G femto. our software crafts a paging message encod- Controller). one could obtain wider 3G Layer-3 messages into the communication from the base range attack devices in order to monitor larger areas. was originally designed to allow mobile paging response containing the victim’s TMSI. cache subscribers information used to perform the attacks. it transparently encapsulates all a deployed telecommunication network. IMSIs. More specifically. modify and inject receive radio signals. When the victim mobile phone re- is based on the Generic Access Network (GAN) protocol. it is possible that more than one phone replies to from a mobile station via the GANC to the network or vice a paging request during the same time slot. ProVerif fails to prove the unlinkability and anonymity of the IMSI paging procedure and exhibits actual attack traces. However. SFR as serving network. the phone generates the paging and extended to be used in femtocell environments [35] . by in- communication over Wi-Fi access points. A femtocell is a device that acts as a small base station The GAN traffic is cleartext travelling over an IP Sec tun- to enhance 3G coverage and connectivity. In case of success.

our experiments showed that the Hence we believe our solutions may be implemented in a execution of the AKA protocol on the UK Vodafone net. consider an employer paging and the AKA protocol. RAND. then provides a way to trace 3G subscribers without the need the MS on this dedicated channel is the victim’s phone. Movements though.e. replays a previous request. as an example of how mobile systems have al- ment capable of sniffing the radio link. In addition to the solutions proposed to fix the IMSI To illustrate the use of our attacks. tem. privacy. and thus could realistically be adopted work can be triggered by calling six times the victim mobile by the telecommunication operators. these two attacks on privacy can be implemented attacker needs to inject the same message to the other mo. The femtocell takes care of delivering the authen. or when initiating a phone call. and hanging up before it even rings. Though. Otherwise.e. He would first use the femtocell to sniff a valid au. using cheap devices which are widely available. Figure 5: Successful Linkability-Attack AKA Protocol attack To perform the AKA attack we re. active a validation of the authentication request and answers with attackers can rely on the paging procedure to break both the authentication response. after being paged devices with wider area coverage than a femtocell are used. The phone performs ability and to ensure anonymity of 3G subscribers. 5. Indeed. purposes. these attacks could be used to collect large amount data. the adversary should use triangulation to obtain finer posi- thentication request Auth Req using the previously cached tion data.g. we tested the 3G/GSM interoperability scenario public key infrastructure we propose is lightweight and easy by using the Osmocom-BB software and we observed that to deploy because we only require one public/private key in this setting the execution of the AKA protocol can be pair per mobile network operator. the analysis from the user privacy point of view of the entire set of 3G protocols cannot be tackled in a single . If the response to the replayed anonymity and unlinkability. the AKA protocol authentication is a Synchronisation Failure (Figure 5). Even the device near the entrance of the building. More generally. tim [20]). our software crafts an au. Then the employer would position protocols at all layers to satisfy the desired properties. this makes the caching of the au. the IMSI catcher attack. PRIVACY PRESERVING FIXES tication request message on the dedicated channel assigned Despite the use of temporary identities to avoid link- to the MS. we do not have In this section we propose a set of countermeasures in- the tools to test if this applies when connecting to a typical volving symmetric and public key-based cryptography. For instance. This request is encapsulated into a GAN message and sent to the femtocell. as illustrated in Figure 4. i. Moreover. and countermeasures should be promptly taken to The 3G AKA protocol is performed at each new session provide an effectively privacy friendly mobile telephony sys- in the femtocell setting. ready been exploited in this direction is available in [1] If cated channel is allocated to the MS. the section. the problem of privacy is thentication request. e. inside the building could be tracked as well by placing addi- play a given authentication message for a specific target for tional devices to cover different areas of the building. phone. the solutions we present re- given number of times (by hanging up within a short time quire only small changes to the current security architecture window this activity can be made non detectable by the vic. and to the cryptographic functions currently used in 3G. thentication parameters very easy. cost-effective way. This shows bile stations in his area in order to find out if the victim MS that the analysed procedures are a real threat for the users’ is present or not. RAND and AUTN . As described in the previous the victim is indeed in the femtocell area. The Node B. This could happen in a different area a multilayer/multiprotocol problem [13] which requires all than the monitored one. Sim- which the GAN proxy cached the legitimate authentication ilarly. in this section we give a pri- interested in tracking one of his employee’s accesses to a vacy friendly version of the identification procedure to fix building. AUTN . i. and none for the mo- triggered by calling for example the victim mobile phone a bile stations. and to identify them in any way. This data is sent unencrypted of data on users’ movements in defined areas for profiling on the radio link and could be captured with any equip. As soon as a dedi.

pbN KIM SI . Zhang and Fang in [36] concerning the lack of serving net. an error message is sent to the network. IK ← f4KIM SI (RAN D) then CK ← f3KIM SI (RAN D) IK ← f4KIM SI (RAN D) 5. SQNM S . SQNN . if needed. We do not require a public/private key pair the subscriber. x then Recover We propose the adoption of a lightweight public key in- frastructure (PKI) providing each MNO with a private/public key pair. chall AK ← f5KIM SI (RAN D) else Discard XM SG||XM AC ← AU T N XSQN ← XM SG ⊕ AK IMSI Pag Res. SQNN }U K Auth Req. RAN D. The adoption of such messages sent in case of any type of failure should look in- a lightweight PKI can also solve the problem exposed by distinguishable from an attacker’s point of view. For this reason. RES ← Auth Fail. The error messages are in the USIM. and a random number rand contained in the paging The fixed version of the AKA protocol (Figure 7) carries request. ′ {Fail. the error to be assigned to the mobile stations. RES bile telecommunication systems. The response is RES = message to include a random challenge chall and a sequence f2KIMSI (RAND). and SQN should be handled in the same way as in the AKA the current sequence number SQN M S of the MS. and deliver them to the network in a confiden- tial manner. {synch. Furthermore. In fact. as in the standard. the server stor- operations. poses only. Moreover. If either of these and checks it against the one sent by the MS in the paging checks fails.3 Fixing the AKA Protocol in order to authenticate the error message to the Network The AKA protocol is a threat for the unlinkability of as coming from the MS with permanent identity IMSI . rand. we cannot ignore the best known privacy issue of mo- Auth Resp. AU T N U K ← fKIMSI (rand) if SQNM S < SQNN then RES ← IM SI P AG RES. and contains a constant Fail. This key should be used for privacy preserving pur. the IMSI. encrypted using the network public key. SQNN KIM SI . The paging request is en. tification procedure. we include a fixed version of the identification procedure in our privacy CK ← f3KIM SI (RAN D) if RES = f2KIM SI (RAN D) friendly solutions. The current sequence number of the ferring the paging with TMSI whenever possible) to avoid mobile station enables the network to perform resynchroni- burdening the signalling communication with cryptographic sation with the Authentication Centre (AuC. The IMSI protocol. This public key makes it possible for a mo. all the parameters needed for we call unlinkability key. IM SI. failure message is now encrypted with the public key of the ness of the paging request and avoid replay attacks. SQN M S is sent encrypted with the unlinkability key (as defined in the fixed paging procedure) 5. error recovery are sent in the error message allowing the re- ing a new one-way keyed function f to the long-term key covery procedure to be carried within the network. IM SI. in case the checks of number SQN . but this is a source of additional information flow that can be used to launch our privacy attack. each MS has to decrypt and check all ing subscribers authentication data) of the operator of the the received IMSI paging to determine if it is the recipient. The 3G subscribers because the error messages sent in case of Network can deduce the cause of the failure from the IMSI authentication failure leak information about the identity of and SQNMS contained in the error message. bile station to encrypt privacy related information such as the IMSI. check the identity of the MS without triggering the iden- The use of this procedure should still be kept minimal (pre. SQNM S KIMSI . In the solution we propose 5. the 3G standard stipulates [6] different proce- work authentication in the current infrastructure. To avoid this information leakage. The aim of the SQN is to ensure fresh. The public key of a network provider can be stored Figure 7: The fixed AKA protocol. chall.1 Lightweight Public Key Infrastructure else if RES = Auth Fail. we require the encrypted request AUTN and waits for a response. A MS receiving a legitimate IMSI paging request sent encrypted in the error message allows the network to should discard it if the SQN is not in the correct range. pvN new chall. the network sends RAND. mobile station. The network pbN . rand new RAN D U K ← fKIMSI (rand) AK ← f5KIM SI (RAN D) M AC ← f1KIM SI (SQNN ||RAN D) IMSI Pag Req. which cedures on the air. Upon receipt of . KIMSI . IMSI . The response (Figure 6). The network stores the random challenge MAC and sequence number are successful. This key is generated by apply.2 Protecting the IMSI Paging Procedure we solve this problem since error recovery can be performed To protect the paging procedure. MS Network MS Network KIMSI . rand. U K ← fKIMSI (rand) crypted with the unlinkability key U K. IMSI . SQNM S }rU K }rpbN else RES ← f2KIM SI (RAN D) paper. chall M AC ← f1KIM SI (XSQN ||RAN D) if M AC 6= XM AC or XSQN < SQNM S then new rand Figure 6: Paging Procedure Fix. AU T N ← (SQNN ⊕ AK)||M AC {Page. IM SI. dures to recover from each of the two kinds of failure. on as specified by the standard. Indeed. IMSI . we propose to encrypt within the network without the need to trigger further pro- the paging request using a shared session key U K.

as it is already allows to write a set of reduction rules to model the xor the case for the IMSI and the long-term key KIM SI . instead of executing them on the USIM. the computational overhead of the public-key error recovery purposes should be the same regardless of the cryptography is not significant. SN’s public key. This would not weaken the security properties of the 3G procedure. IMSI Req Secondly. We use the ProVerif tool [15] to verify the no shared key by which they can communicate privately. At registration time with a SN. the computationally expensive public-key en- Id Resp. and verify it using its own network provider ure 8) involves two messages: the first is sent by the network public key. To mitigate the effect of such attacks. the MS to ask for the IMSI. the use of the identification pro. while the network public key is publicly The identification procedure exposes the IMSI of a MS available information. proposed fixes w. In particular. nor mo. Indeed. The public key pbHN of the HN could be cedure should be limited as much as possible. a new session key generated for privacy pur- life. 12. so to guarantee a minimum battery life- other two procedures. Moreover. 16]. failures during the execution of the AKA-protocol rarely occur according to our experi- this authentication failure message the action performed for ments. Firstly. However. instead of using the long term key KIM SI (as in the 3G AKA). We maintain the authentication Many deployed protocols have subsequently been found flow of the AKA and modify only the way error messages are to be flawed [27. (the IMSI is sent in cleartext upon request by the network). the 5. intu. Moreover. together with a certificate from a consequence. The r denotes should anyway be kept minimal according to the currently randomised encryption. poses. the cost of would declare its HN. 18. The exe- cution of the identification and the IMSI paging procedures Figure 8: Identification Procedure Fix. and the SN would provide the MS devices allowing active attacks is constantly decreasing. to avoid a stored in the USIM. there is no way to avoid that. For roaming purposes. even if the theory stored in the USIM of the mobile station. privacy. Thus. ing the public counterpart (pbN ) of the private key of the The introduction of cryptographic operations on the mo- network operator (pvN ). {IMSI }rpbN cryption and decryption are required only for the identifi- cation protocol and when the AKA-protocol fails. We introduce the un- minute would consume an additional one tenth of battery linkability key. The function.t. we take care of main- time even in case of attempted DoS attacks. of the protocols. Hence. and make use of the sequence number SQN for freshness purposes (this is needed to avoid user linkability 6. privacy-related properties as given by Arapinis et al. have a public/private key pair. as certifying authority of the Serving Network (SN) for its cording to the standard. each Home Network (HN) can act Hence.5 Discussion of the Proposed Fixes mobile phone’s software could rate limit the phone’s willing- While the fix we propose for the identification procedure ness to respond to authentication. since if a mobile sta. Ac. In this perspective and in dealt with by including error recovery information inside the order to increase the confidence one can have in the solutions error message (this avoids the triggering by the network of proposed at the previous section.4 Protecting the Identification Procedure access to the IMSI. Hence. IMSI paging and identity is intuitive and straightforward. own subscribers. Home Network can act as a certifying authority for the pub- MS Network lic key of the different Serving Networks (see below). We have calcu- taining the style of mobile telecommunication protocols and lated that responding to such requests on average once per at the same time ensuring privacy. the second. IMSI . where corporations (not users) have certified keys. discussed in Section 5. in a efficient way. Table 1 summarises these results tion’s TMSI is unknown to the serving network (hence the which apply for the protocols running both in parallel and need to perform the identification procedure) then there is in isolation. station would only need to obtain a certified version of the The fixed version of the identification procedure (Fig. ment. The identity response is encrypted with the public key of the network. the ProVerif tool cannot deal with its algebraic . VERIFICATION caused by replay attacks). it breaches both anonymity and unlinkability. the MS passive attacker overhearing the IMSI. unlinkability and anonymity properties of our fixes for the The additional costs associated with deploying and using 3G procedures exposing the IMSI (identification and paging) public-key cryptography are in fact small for the two follow. a mobile is vital to ensure privacy. Id Req. the identity response.r. KIMSI . This would provide. pvN the public key infrastructure is similar to that used on the web. We use the formalisation of ing reasons. Indeed any difference in behaviour delegate the encryption and decryption to the mobile equip- would be a source of additional information flows. The operator’s public key could be instead of using the exclusive-or. only mobile telephony operators are required to namely strong unlinkability and strong anonymity. Note that for verification purposes we use randomised bile phone equipments nor USIMs need to have their own symmetric encryption to conceal the sequence number SQN public/private key pair. enhancing the protocol to protect the IMSI the mobile station’s HN (signskHN (pbSN )). IMSI . deployed standard. and the 3G AKA protocol. since the mobile equipment in the current architecture has already 5. Neither subscribers. bile equipment side could be a source of Denial of Service (DoS) attacks aiming to consume the battery load of victim mobile phones. we formally analyse our diversified procedures in order to perform error recovery). We present the results of the Our proposed fixes use public-key cryptography. automatic verification of the privacy-friendly enhancement itively. in [11]. is the with the necessary public keys to execute our fixed versions randomised encryption of the IMSI of the mobile station us. it is possible to type of failure occurred. As with its public key pbSN . this is not the case for the request messages. pbN KIMSI .

P creates a new can be verified with ProVerif.(!R1 | · · · |!Ri−1 |!Ri′′ |!Ri+1 | · · · |!Rp) new n and aenc model. m. . the equality of two terms M and N and then behaves as P or Q accordingly.new m. f2/2. imsi)=choice[(sk1. . . . new imsi2. which implies observational equivalence. to rewrite D and matches the result with M . new imsi1. where !P replication by construction unlinkability holds.e. f/2. new sqn. we hence recommend the adoption of this modification in the standard protocol. We will omit the else branch of a let or a We have that the left side of the choice represents a sys- conditional when the process Q is 0. . p}.!(new s. pbN ). Using functions and reduction rules we can P = new n ˜ . the strong unlinkability property holds when P. he cannot the following grammar: link two executions of the role Ri . We introduce the matched with an interaction of Q (and vice versa. SN . i. .properties. c. We give here only the informal semantics of the calculus. . choice[a.e. otherwise Q is executed. Going back to our mobile phone scenario. The message input in(M. m. .new m. Informally.init ˜ i . pub/1. new imsi. The let construct tries !new sk1. then the variables in M are instantiated accordingly and P let (sk. where sk1. if this succeeds. !new sk. Ri = new id. . P | Q represents the parallel The absence of the replication before the new sqn construct execution of P and Q. a finite set of function symbols f1 . !new sk2.maini ). pbN ). P message input SU N LIN K = new pvN . f4/2. we want the new n.(sk2. with identity side represents a system where mobile stations execute the . Function symbols one would check the following biprocess using ProVerif: represent cryptographic primitives that can be applied to out(c. imsi2)] is executed. r)) = m. . here is not comprehensive (refer to [15] for a detailed pre. . . fn . an infinite set of variables x. Q. !new sk. imsi1). (SN | MS). using the ProVerif tool [15]. asymmetric encryption and model the property that the plaintext.e. we build the protocol P Ri as follows: and consider the reductions: reduc sdec(k. . let pbN = pub(pvN ) in out(M. Biprocesses Cryptographic primitives are modelled as functions and are pairs of processes which differ by some choice of terms. let pbN = pub(pvN ) in out(c. cesses P and Q are observationally equivalent denoted by ble to automatically verify protocol models written in the P ≈ Q. Formally. to precisely model the privacy en. P message output out(c. x). 6. senc(k. imsi2 are long term identities: ready to input from the channel M .2 Strong Unlinkability Strong unlinkability is defined in [11] as follows. cesses. The message output PVU N LIN K = new pvN . while the right Example 2. Let Example 1. m.init ˜ i . two pro- hancing solutions proposed in Section 5. The replication !P of a process P means that in SU N LIN K each MS executes the protocol at acts like the parallel execution of an unbounded number of most once. to be observationally equiv- if M = N then P else Q conditional alent to the system SU N LIN K defined as follows: let M = D in P else Q destructor application in(M. The null process does nothing. . The description of the calculus that we give put/output behaviour is observed. The effect of applying function symbols to terms is described by a set of reduction rules. let Σ={senc/3. P represents a process term keys and imsi1. . all ProVerif calculus aiming to give a flavour of the verifica. The name restriction new n. pbN ). this means that the adversary cannot distinguish a situation where the role Ri was executed many times from The syntax of ProVerif calculus processes is given by one in which it was executed at most once. Intuitively. . For all i ∈ {1. f3/2. N ). b]). R ::= plain processes the situation where mobile stations access services multiple 0 null process times looks the same as the ideal situation where each mo- P |Q parallel composition bile station accesses the services at most once. new imsi.1 ProVerif Calculus We use the ProVerif calculus. in terms of observational equivalence. The above mentioned observational equivalence copies of P . defining S and SU N LIN K as name n whose scope is restricted to the process P and then the following biprocess PVU N LIN K . It makes it possi. x).new s. M ′ ]. can be modelled by the process: sequence number. respectively. S = new pvN . The ProVerif tool can prove diff-equivalence of bipro- sentation). P describes a process that sends a term N on the out(c. and long-term private key sk running along with the achieve stronger properties with respect to the secrecy of the serving network. if any interaction of P with the adversary. f5/2}. channel M and then behaves like P . interactions of Q can be matched by P ) and the same in- tion process. ∀i ∈ {1. z. y. new sqn.b) are equivalent. i.maini . The conditional checks in (SN | MS). (SN | MS). Multiple mobile stations M S. which is similar to the The privacy related properties we verify are expressed applied pi-calculus [9]. can be retrieved from the cyphertext given P is said to preserve strong unlinkability of Ri if P ≈ P Ri . messages are represented by terms built over an infinite set this choice is written choice[M.(!R1 | · · · |!Rp ) be a p-party protocol where define cryptographic functions. For example. aenc(pub(k). messages. 6. tem where a mobile station (with identity imsi1 and key sk1) may execute the protocol many times. !new sqn. let pbN = pub(pvN ) in out(M. The use of randomised encryption anyway would imsi. p}. randomised symmetric and Ri′′ = new id. the knowledge of the key k. Where. i. b. P name restriction process S. senc P Ri = ˜ . f1/2. aenc/3. sk2 are long runs P . . r)) = m and reduc adec(k. N ). for example. to test of names a. a) and out(c. defined in Example 2. . can be language. and if the processes out(c.

we reduce the problem of Anonymity testing strong unlinkability to the diff-equivalence of a bipro. Let P = new n ˜ .protocol at most once (the identity imsi2 and the key sk2 Properties Identification Paging AKA √ √ √ are always different and can be used at most once for the Unlinkability √ √ √ execution of the protocol). SV = new pvN . pbN ). and are thankful to EP- we formally define privacy properties through observational SRC for supporting this work through the projects Ver- equivalence. Currently.(!R1 | · · · |!Rp | RV ) and hence. 73-74. this means Appendix. Properties Paging AKA Unlinkability × × 6. we want method is not specific for the analysed protocols. unauthorised parties (such as private organisations and in- dividuals) from tracking the physical location of users by In the system SV the mobile station MSV with publicly known monitoring the signals from their mobile phone. (SN | MSV ). closed source implementation of the 3G protocol stack and (!new sk. The modelling of unlinkability and anonymity into in which a mobile station MSV with publicly known identity diff-equivalences we showed in this Section can in general be IMSI V executes the protocol to be indistinguishable from a adopted for protocols which do not require an initialization system in which the MSV is not present at all. . !new sqn.3 Strong Anonymity Anonymity × √ Strong Anonymity is defined in [11] as follows. can be mounted in practice at low cost. however. (SN | MS)). paging procedure eration of mobile telephony standards while keeping low the and AKA protocol as described in Section 5 are proved by computational and economical cost of implementing them.init ˜ i . For all i ∈ {1. privacy friendly measures could be adopted by the next gen- Our fixes of the identification procedure. . . ProVerif adopts a stronger equiv. The solutions we propose show that bile station with public identity imsiV can run the protocol. identity imsiV can run the protocol. ent branches of a conditional statement even in the following 2 case: if a = a then P else P ≈ / diff if a = b then P else P The ProVerif code is available online [2] .e. O2. 7. let imsi=choice[imsiV . diff. Hence. pbN ). (Vodafone) for insightful comments. We tested several networks of (!new sqn. Indeed. The mentioned ob- the protocols use temporary identifiers and cryptography to servational equivalence can be translated in the following achieve this aim. new imsi. ProVerif to satisfy anonymity. SFR.(!R1 | · · · |!Rp ) be a p-party protocol where ∀ i ∈ √ NA Not Applicable Proved to hold × Attack found {1. demonstrated that these are vulnerable to our attacks. our PVAN ON = new pvN . Formally. imsims ] in We used formal methods to show that the exposed pri- !new sqn. . vacy vulnerabilities could have been detected at design time. Where the identity idV of the agent playing the role RV We are dealing with this issue in our code for the verifica- is a public name not occurring in P . p}. ProVerif biprocess PVAN ON . strong anonymity requires a system versary. we build the protocol P Ri as follows: Table 2: ProVerif Results on the current 3G Procedures P Ri = new n ˜ . let pbN = pub(pvN ) in out(c. P is said to preserve tion at lines 4-5. (EP/F033540/1) and Analysing Security and Privacy Prop- equivalence can distinguish between the execution of differ. radio signalling functions. he cannot breach the and AKA protocols (see Table 2) and finds counterexamples anonymity of the agent with role RV . new imsi. although the above processes are observation- idV RV = new m. In particular. where imsiV . erties (EP/H005501/1). new imsims . ProVerif proves that the strong unlinkability property is satisfied by our models of the fixes identification.new m.maini {idV /id }). . Ri = new id. . our obviously preserves IMSI V ’s anonymity. 81. (!new sqn. and shows the system S. imsims are per- We have shown that the protocols are vulnerable to new manent mobile station identities: privacy threats and that these threats lead to attacks that free imsiV .maini ). Informally. defined as in Example 2 to be observationally how to automatically verify unlinkability and anonymity on equivalent to the system SV defined as follows: a wide class of protocols2 . p}. (MS | SN))) major operators (T-Mobile. (SN | MS)) The widely-deployed 3GPP 3G protocols aim to prevent | new sk. i. they do not satisfy diff-equivalence. the verification with the ProVerif that the adversary cannot distinguish a situation where the tool fails to prove the anonymity of the 3G IMSI paging role RV with known identity idV was executed from one in procedure and the unlinkability of both 3G IMSI paging which it was not executed at all. . We developed and verified lightweight solutions to avoid the The left side of the choice represents a system where the mo.init ˜ i{ /id }. paging Table 1: ProVerif Results on the Fixed Procedures and AKA protocols as described in Section 5. and Vodafone) and | (new sk. Hence. privacy vulnerabilities. We took particular care in avoiding false attacks that Acknowledgement We are very grateful to Steve Babbage could be reported by the tool due to its abstractions. ifying Interoperability Requirements in Pervasive Systems alence relation called diff-equivalence. ally equivalent (P is executed regardless the result of the if statement evaluation). Such a system phase preceding the main protocol procedure. and 86-87 of the code in the strong unlinkability of Ri if P ≈ P Ri . . √ NA Not Applicable Proved to hold × Attack found cess.!(new s. CONCLUSION !new sk. Specifically. let pbN = pub(pvN ) in demonstration relies on particular hardware/software using out(c. As expected.!(new s. 36. Going back to our showing that the two systems are distinguishable by the ad- mobile phone scenario.

Ryan. Generic Access Network (GAN). John Wiley & Sons. R.de/congress/2011/wiki/GSM# [11] M. [2] http://www. [10] Z.0. on UMTS network access. 2005. IMSI Catcher. A. 3G security. 206:402–424. [25] Kineto Wireless Inc. Foundations Symposium. Jaggard. In IEEE Computer Security Hacking Conference.com. TR 33. Caldwell.27C3. Mobile values. E. Stage 2. 2001. In Conference on Wireless [30] openBSC Project.105 [28] U. Borgaonkar. In Annual [3] 3GPP. evolved Node B (HeNB). and Deployment. In ACM Workshop on Wireless Security.102 V9. [9] M. WiSe. Schmidt. K. December 2011. [17] C. Seiler.0. system aspects. Golde. system aspects. J. Datenschutz und Project. 1996.ccc. Nohl and S. FC. Wetzel. 3G security. Ltd. [27] G. and R. Steel. H. RFID Traceability: A contributors. New attacks Nohl_Munaut. [24] D. M.pathintelligence. USRP. A. February 2008. Barbaro and T.org.pdf.proverif. Ltd.0 web [33] H. Redon. 2010. The New York Times. Attacking and fixing PKCS#11 security tokens. Fournet. Blanchet.ettus. Bortolozzo. In Annual Network & Distributed 2010.0. 3rd Generation Partnership [22] D. T. Freyther. Generation Partnership Project. REFERENCES [19] D. Inf. Practical cellphone spying. [16] M. and M. Femtocells: Technologies 2005.0. Proverif: Cryptographic protocol verifier Communications. Oleshchuk. 33. browser single sign-on: breaking the SAML-based D. 2007. 2010. http://bb. http://openbsc. Centenaro. formal analysis of the 3G NDSS.ccc. Ritter. [34] H. [35] J. 2010. J.0. Koien and V. Technical Specification femtocells: The effect of rogue devices on mobile TS 44.com/. Luebbe.318 v9. Technical Report TS 33.eu/research/UMTS/. [4] 3GPP. Eversberg. CSF. In ACM Workshop on OpenBSC. and C. July 17. Ahmadian. A face is exposed for [36] M. S. Fox. Multilayer Problem. 1997. Spaar.sourceforge. T.markryan. Telecommunications Symposium. Arapinis. Weaponizing interface layer 3 specification. de la Roche. Zhang and G. Denis Foo Kune. and M. 26th January 2010. official Unlicensed Mobile Access [6] 3GPP. Lowe.302 v11. http://www. In ACM Conference on Computer and Communications Security. Paget. [14] M. OpenBTS.2.0. Breaking and fixing the Needham-Schroeder 2011. A pass on privacy? The New York Times. on UMTS. Tsay. FMSE.com/products. IEEE Transactions on Wireless [15] B.8. Technical Report TS 33. single sign-on for google apps. Salimi. 2001. 3rd tracking. and G. agreement protocol. In ACM [29] K.-K. Salahi. cellular systems. Location privacy for Generation Partnership Project. Comput. Datensicherheit (DuD). 2005. Carbone. http://events. 3rd [26] G. telecommunications. In Privacy [7] 3GPP. Generic Access Network (GAN). attachments/1783_101228. in the formal model. new names. Cu´ellar.0. 2010.902. [20] N. 3G security. Strobel. Seminar Work. CCS. Technical Report [21] Ettus. security architecture June 2010.smart-wi-fi. public-key protocol using fdr.net/. Eversberg. volume 3856.org. and A. Walstad.2. S. Technical specification group services and for the Construction and Analysis of Systems. 3rd Generation Partnership Project. Path Intelligence http://openbts. (release 9).osmocom. 2004. Tobarra. Armando. Technical specification group services and Network & Distributed System Security Symposium. Mobile GAN [23] N. John Koelndorfer and Y. Scedrov. http://www. S. R. Wideband gsm sniffing. Technical Specification TS 2006. Munaut. L. 3rd Generation Partnership Project. Oechslin. A. Munaut. In Financial Cryptography. Burgess et al. [32] D. . 4417749. System Security Symposium. IMSI-Catcher. GSM Network at 28C3. Analysing unlinkability and anonymity using the [31] C. Zhang and Y. cryptographic algorithm TACAS. Avoine and P. 2010. Welte. http://www. authentication protocol (release 4). Meyer and S. system aspects. H. (2010) FootPath. D. Welte. 2011. Location leaks over the gsm air interface. 2009. enhancements of 3GPP authentication and key August 9. Ruhr-Universitat Bochum. 21:539–539. 4(2):734–742. L. Abadi and C. and A.ens. 3rd Generation Partnership Project. [5] 3GPP. and other [13] G. The Register. 2006.0.0. Fang. Chothia. WTS’09. Willmann.GSM-Sniffing. Compagna. Formal analysis of SAML 2.de/congress/2010/Fahrplan/ Programming Languages. In Tools and Algorithms [8] 3GPP. and secure communication. Zeller Jr. D. J. analysis and solution. [12] A. SIGPLAN-SIGACT Symposium on Principles of http://events. Technical specification group services and presentation webiste. Security analysis and AOL searcher no. POPL. requirements (release 10). Breaking and fixing public-key kerberos. 2012. [18] I.318 v9. 2009. 2012.3. Formal Methods in Security Engineering. Security of Home Node B (HNB) / Home Enhancing Technologies Symposium. OsmocomBB. V4.osmocom. Goodin. [1] http://www.. Focardi. Cervesato. Kim.fr/. 2008. Def Con 18 applied pi calculus. NDSS. 2009. A man-in-the-middle attack V10. Defects in e-passports allow real-time Technical Specification TS 43. GSM_Network_at_28C3.

aenc(pbN. 85 out(c. (rand. xrand) in ( 24 out(c. new chall. ((AKA_MS) | (AKA_SN))))) 5 sdec(f(k. ck. ation of the conditional. new imsi2. imsi.z. new id. xmsg))))) 26 (! ((PAGING_MS) | (PAGING_SN))))) 86 else (let err_msg = 27 | (new k. in(c. We verify mutual authentication and integrity proper. (xrand. new osqn. x). xrand). ProVerif code We report the most relevant parts of 58 process new pvN. r_sn2. xblob) in ( 70 | (new k. xrand) in ( 34 let xsqn = sdec(ak. res). xsqn) = (mac. let pbN = pub(pvN) in ( 73 reduc geterr(err(x. pres)). xrand) in ( 23 process new pvN. ik. new imsi1. 41 in(c. osqn)) in ( KIMSI NA 47 let res = f2(k. For the same reason we introduce 13 (page. 6 if xpage = page then ( 71 let imsi = choice[id. =sqn. sk2] in ( 64 let otmsi = choice[otmsi1. msg) in ( 22 (PAGING_MS) | (PAGING_SN))))))))) 80 let mac = f1(k. 18 (! (new sk2. Authentication. Secrecy. We omit the declaration of constants. res. 15 process new pvN. xmac) = xautn in ( secrecy. 84 let ik = f4(k. r_sn. mac) in ( √ 52 let av = (rand. xrand) in ( ties as injective correspondence properties. pbN). 82 let res = f2(k. new r_sn2. new otmsi. new r_sn. s))) Fixed Procedures 57 else (out(c. in(c. xmac) = xautn in ( 20 let k = choice[sk1. 76 let (xrand. xautn) = x in ( 19 let imsi = choice[imsi1. Integrity. 66 process new pvN. APPENDIX Fixed AKA procedure in ProVerif. new otmsi1. Hence. new otmsi2. Note 62 let imsi = choice[imsi1. IMSI √ √ 46 let mac = f1(k. 43 (Fail. 16 out(c. 3 if msgtype = pagingReq then ( 68 ((! (new k. res). new s. rand) in ( √ 48 let ck = f3(k. 9 let PAGING_SN = new rand. xmac. rand) in ( information √ Authentication NA NA 51 let autn = (senc(ak. pbN). our analysis would not be complete without 33 let ak = f5(k. rand. rand) in ( NA NA 50 let ak = f5(k. 17 (! (new sk1. xsqn)) in 28 let imsi = choice[id. Original AKA procedure in ProVerif. Biprocess for unlinkability of AKA. imsi_V] in ( 7 if imsi = ximsi then ( 72 !new osqn. the verification results are shown 40 out(c. xautn) = x in ( establish session keys to be used for integrity protection and 32 let (msg. new r. imsi2] in ( that the identity of the victim mobile for the anonymity 63 let k = choice[sk1. NA Not Applicable Proved to hold × Attack found 55 if xres = res then ( Table 3: Results of the Automatic Verification of the 56 out(c.z))=synchFail. new imsi. name and hence as part of the adversary knowledge. senc(ck. new sqn. xmsg))))) in Table 3. autn)). new imsi2. xsqn)) in ( protocol still achieves the goals it was originally designed 36 if (xmac. Biprocess for anonymity of AKA. (rand. let pbN = pub(pvN) in ( 83 let ck = f3(k. pbN). in(c. imsi. r. imsi_V] in 88 out(c. rand) in ( tional statement. xrand) in ( 25 ((! (new k. xrand) in ( are preserved by our fixes.x. err_msg))))))). new otmsi. sqn.y. of the AKA protocol is to provide mutual authentication and 31 let (xrand.sqn) then ( Biprocess for anonymity of IMSI paging. r_ms. osqn). ment. (xrand. xrand) in ( ProVerif that the original properties of the AKA protocol 39 let ik = f4(k. x). The main purpose 30 let AKA_MS = new r_ms. ((AKA_MS) | (AKA_SN)))))) 8 out(c. 37 let res = f2(k. xres). 42 else (out(c. imsi2] in ( 77 let (msg. new otmsi2. xrand) in ( 21 let otmsi = choice[otmsi1. sk2] in ( 78 let ak = f5(k. reject))))))))). 75 let AKA_MS = new r_ms. let pbN = pub(pvN) in ( the ProVerif scripts used for the verification of the fixed 59 out(c.y. 1 let PAGING_MS = in(c. MAC and the sequence number (line 81) in the same condi- 11 let UK = f(k. new imsi. so to avoid false attacks due to the evalu- 12 out(c. pbN). let pbN = pub(pvN) in ( 2 let (msgtype. xchall))))))). (pagingReq. the functions err and geterr (lines 73-74) to determine the 14 in(c. xblob) = x in ( 67 out(c. otmsi2] in ( 79 let xsqn = sdec(ak. Properties Identification Paging AKA 44 let AKA_SN = Secrecy √ √ √ 45 new rand. error message (lines 86-87) and avoid the use of an if state- Biprocess for unlinkability of IMSI paging. 87 geterr(err(mac.9.otmsi2] in ( property is public. 65 (AKA_MS) | (AKA_SN))))))))) Fixed IMSI paging procedure in ProVerif. We check the 10 new r_sn1. √ 54 in(c. 4 let (xpage. (pagingResp. new imsi1. rand) in ( CK.y))=macFail.new otmsi1. chall)))). msg) in ( ensuring that our privacy preserving version of the 3G AKA 35 let mac = f1(k. protocols. osqn) then ( for. ximsi. sqn. new otmsi. any name 60 (! (new sk1. x). xrand. 74 geterr(err(x. xsqn) = (mac. xsqn)) in ( 81 if (xmac. IK NA NA confidential √ 49 let ik = f4(k. ak) in ( Integrity NA NA 53 out(c. xchall) = 69 (!new osqn. new otmsi. new id. which is not under the scope of a new statement as public 61 (! (new sk2. osqn))))))))). senc(UK. 29 (! ((PAGING_MS) | (PAGING_SN))))) . We prove using 38 let ck = f3(k.