Vulnerabilities in UMTS Location Update Procedure and Its Countermeasures

  • Zengshan Tian
  • Weiguang LiEmail author
  • Yujia Yao
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 463)


Mobile communication systems have been developing for decades. Universal Mobile Telecommunications System (UMTS) is a third-generation mobile cellular system for networks based on the GSM standard. As an evolved technology of GSM, UMTS has adopted a more reliable security mechanism. Integrity protection and mutual authentication were added in UMTS. However we carefully analyzed UMTS location update procedure specifications and uncover several vulnerabilities in UMTS. By sending specific types of LOCATION UPDATING REJECT messages during location update procedure, the rogue base station can deny all services to a target UMTS device. We also present several countermeasures including increasing the rate of TMSI reallocation, rebooting or re-inserting the SIM/USIM card and installing the protection application on UE to resist these vulnerabilities.


UMTS security DOS attacks Location updating procedure Counter-measures 


  1. 1.
    Cattaneo, G., De Maio, G., Faruolo, P., et al.: A review of security attacks on the GSM standard. In: Information and Communication Technology-EurAsia Conference, pp. 507–512. Springer, Heidelberg (2013)Google Scholar
  2. 2.
    Song, Y., Zhou, K., Chen, X.: Fake BTS attacks of GSM system on software radio platform. JNW 7(2), 275–281 (2012)Google Scholar
  3. 3.
    ISO/IEC 9798-4: Information Technology; Security Techniques; Entity Authentication Part 4: Mechanisms using a cryptographic check function (1999)Google Scholar
  4. 4.
    Kambourakis, G., Kolias, C., Gritzalis S., et al.: Signaling-oriented DoS attacks in UMTS networks. International Conference on Information Security and Assurance, pp. 280–289. Springer, Heidelberg (2009)Google Scholar
  5. 5.
    Ricciato, F., Coluccia, A., Dalconzo, A.: A review of DoS attack models for 3G cellular networks from a system-design perspective. Comput. Commun. 33(5), 551–558 (2010)Google Scholar
  6. 6.
    Kaaranen, H.: UMTS Networks: Architecture Mobility and Services, pp. 3–10. Wiley, Hoboken (2005)Google Scholar
  7. 7.
    Koien, G.M.: Entity Authentication and Personal Privacy in Future Cellular Systems, pp. 33–36. River Publishers, Aalborg (2009)Google Scholar
  8. 8.
    The 3rd Generation Partnership Project. 3GPP TS 25.304 v13.0.0. User Equipment (UE) procedures in idle mode and procedures for cell reselection in connected mode. USA: 3GPP Publications Offices, pp. 18–40 (2015)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Chongqing Key Lab of Mobile Communications TechnologyChongqing University of Posts and TelecommunicationsChongqingPeople’s Republic of China

Personalised recommendations