Skip to main content
SpringerLink
Log in

Anonymity guarantees of the UMTS/LTE authentication and connection protocol

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The UMTS/LTE protocol for mobile phone networks has been designed to offer a limited form of anonymity for mobile phone users. In this paper, we quantify precisely what this limited form of anonymity actually provides via a formal security model. The model considers an execution where the home and roaming network providers are considered as one entity. We consider two forms of anonymity, one where the mobile stations under attack are statically selected before the execution, and a second where the adversary selects these stations adaptively. We prove that the UMTS/LTE protocol meets both of these security definitions. Our analysis requires new assumptions on the underlying keyed functions for UMTS, namely that a set of pseudorandom functions are “agile”. This assumption, while probably true, has not previously been brought to the fore.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. 3GPP: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 and UIA2. Document 1: UEA2 and UIA2 Specification. ETSI TS 135 215 V11.0.0 (2012–11) (2012)

  2. 3GPP: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 and UIA2; Document 2: SNOW 3G Specification. ETSI TS 135 216 V11.0.0 (2012–11) (2012)

  3. 3GPP: Specification of the 3GPP Confidentiality and Integrity Algorithms. Document 1: f8 and f9 Specifications. ETSI TS 135 201 V11.0.0 (2012–11) (2012)

  4. 3GPP: Specification of the 3GPP Confidentiality and Integrity Algorithms. Document 2: Kasumi Algorithm Specification. ETSI TS 135 202 V11.0.0 (2012–11) (2012)

  5. 3GPP: Universal Mobile Telecommunications System (UMTS); 3G Security; Security Architecture. ETSI TS 133 102 V11.5.1 (2013–07) (2013)

  6. Acar, T., Belenkiy, M., Bellare, M., Cash, D.: Cryptographic agility and its relation to circular encryption. In: Gilbert, H. (ed.) EUROCRYPT, volume 6110 of Lecture Notes in Computer Science, pp. 403–422. Springer, Berlin (2010)

  7. Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M., Golde, N., Redon, K., Borgaonkar, R.: New privacy issues in mobile telephony: fix and verification. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM Conference on Computer and Communications Security, pp. 205–216. ACM, New york (2012)

  8. Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. J. Cryptol. 21(3), 392–429 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  9. Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: Vitter, J.S. (ed.) STOC, pp. 419–428. ACM, New York (1998)

  10. Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT, volume 2656 of Lecture Notes in Computer Science, pp. 614–629. Springer, Berlin (2003)

  11. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO, volume 773 of Lecture Notes in Computer Science, pp. 232–249. Springer, Berlin (1993)

  12. Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA, volume 3376 of Lecture Notes in Computer Science, pp. 136–153. Springer, Berlin (2005)

  13. Bender, A., Katz, J., Morselli, R.: Ring signatures: stronger definitions, and constructions without random oracles. J. Cryptol. 22(1), 114–138 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  14. Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.) ACM Conference on Computer and Communications Security, pp. 132–145. ACM, New York (2004)

  15. Brickell, E., Chen, L., Li, J.: Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. Int. J. Inf. Secur. 8(5), 315–330 (2009)

    Article  Google Scholar 

  16. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B., (ed.) EUROCRYPT, volume 2045 of Lecture Notes in Computer Science, pp. 453–474. Springer, Berlin (2001)

  17. Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad hoc groups. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT, volume 3027 of Lecture Notes in Computer Science, pp. 609–626. Springer, Berlin (2004)

  18. Dunkelman, O., Keller, N., Shamir, A.: A practical-time related-key attack on the KASUMI cryptosystem used in gsm and 3g telephony. In: Rabin, T. (ed.) CRYPTO, volume 6223 of Lecture Notes in Computer Science, pp. 393–410. Springer, Berlin (2010)

  19. Fox, D.: Der IMSI-catcher. Datenschutz und Datensicherheit, 26(4), 212–215 (2002)

  20. Kircanski, A., Youssef, A.M.: On the sliding property of SNOW3G and SNOW 2.0. IET Inf. Secur. 5(4), 199–206 (2011)

    Article  Google Scholar 

  21. Meyer, U., Wetzel, S.: A man-in-the-middle attack on UMTS. In: Jakobsson, M., Perrig, A. (eds.) Workshop on Wireless Security, pp. 90–97. ACM, New York (2004)

  22. Mitchell, C.J.: The security of the GSM air interface protocol. Technical Report RHUL-MA-2001-3, Royal Holloway University of London (2001)

  23. Pagliusi, P.S.: A contemporary foreword on GSM security. In: Proceedings of the International Conference on Infrastructure Security, InfraSec ’02, pp. 129–144, Springer, London (2002)

  24. Zhang, M., Fang, Y.: Security analysis and enhancements of 3GPP authentication and key agreement protocol. IEEE Trans. Wirel. Commun. 4(2), 734–742 (2005)

    Article  Google Scholar 

Download references

Acknowledgments

This work has been supported in part by ERC Advanced Grant ERC-2010-AdG-267188-CRIPTO, the second author was also supported in part by a Royal Society Wolfson Merit Award. We thank Steve Babbage for comments on an earlier version of this manuscript.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Bristol, Woodland Road, Bristol , BS8 1UB, UK

    Ming-Feng Lee, Nigel P. Smart, Bogdan Warinschi & Gaven J. Watson

Authors
  1. Ming-Feng Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nigel P. Smart
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bogdan Warinschi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gaven J. Watson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nigel P. Smart.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lee, MF., Smart, N.P., Warinschi, B. et al. Anonymity guarantees of the UMTS/LTE authentication and connection protocol. Int. J. Inf. Secur. 13, 513–527 (2014). https://doi.org/10.1007/s10207-014-0231-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-014-0231-3

Keywords

Search

Navigation