Vulnerabilities in UMTS Location Update Procedure and Its Countermeasures
Mobile communication systems have been developing for decades. Universal Mobile Telecommunications System (UMTS) is a third-generation mobile cellular system for networks based on the GSM standard. As an evolved technology of GSM, UMTS has adopted a more reliable security mechanism. Integrity protection and mutual authentication were added in UMTS. However we carefully analyzed UMTS location update procedure specifications and uncover several vulnerabilities in UMTS. By sending specific types of LOCATION UPDATING REJECT messages during location update procedure, the rogue base station can deny all services to a target UMTS device. We also present several countermeasures including increasing the rate of TMSI reallocation, rebooting or re-inserting the SIM/USIM card and installing the protection application on UE to resist these vulnerabilities.
KeywordsUMTS security DOS attacks Location updating procedure Counter-measures
- 1.Cattaneo, G., De Maio, G., Faruolo, P., et al.: A review of security attacks on the GSM standard. In: Information and Communication Technology-EurAsia Conference, pp. 507–512. Springer, Heidelberg (2013)Google Scholar
- 3.ISO/IEC 9798-4: Information Technology; Security Techniques; Entity Authentication Part 4: Mechanisms using a cryptographic check function (1999)Google Scholar
- 7.Koien, G.M.: Entity Authentication and Personal Privacy in Future Cellular Systems, pp. 33–36. River Publishers, Aalborg (2009)Google Scholar
- 8.The 3rd Generation Partnership Project. 3GPP TS 25.304 v13.0.0. User Equipment (UE) procedures in idle mode and procedures for cell reselection in connected mode. USA: 3GPP Publications Offices, pp. 18–40 (2015)Google Scholar