Edinburgh Explorer Analysis of privacy in mobile telephony systems

We present a thorough experimental and formal analysis of users’ privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user’s privacy. We also expose some protocol’s vulnerabilities resulting in breaches of the anonymity and/or user unlinkability.We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks,we propose realistic solutions. Finally,weprovide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.

[1]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[2]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[3]  Vincent Cheval,et al.  Automating Security Analysis: Symbolic Equivalence of Constraint Systems , 2010, IJCAR.

[4]  Karthikeyan Bhargavan,et al.  Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage , 2013, POST.

[5]  Mark Ryan,et al.  Privacy through Pseudonymity in Mobile Telephony Systems , 2014, NDSS.

[6]  Alfredo Pironti,et al.  Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS , 2014, 2014 IEEE Symposium on Security and Privacy.

[7]  Vitaly Shmatikov,et al.  How To Break Anonymity of the Netflix Prize Dataset , 2006, ArXiv.

[8]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[9]  Ravishankar Borgaonkar,et al.  Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications , 2012, NDSS.

[10]  Chris J. Mitchell,et al.  Another Look at Privacy Threats in 3G Mobile Telephony , 2014, ACISP.

[11]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[12]  Alessandro Armando,et al.  From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure? , 2011, SEC.

[13]  Jie Zhang,et al.  Femtocells: Technologies and Deployment , 2010 .

[14]  Katie Shilton,et al.  Four Billion Little Brothers? Privacy, mobile phones, and ubiquitous data collection , 2009, ACM Queue.

[15]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[16]  Mark Ryan,et al.  Cloud computing privacy concerns on our doorstep , 2011, Commun. ACM.

[17]  Vladimir A. Oleshchuk,et al.  Location Privacy for Cellular Systems; Analysis and Solution , 2005, Privacy Enhancing Technologies.

[18]  Mark Ryan,et al.  Dynamic Measurement and Protected Execution: Model and Analysis , 2013, TGC.

[19]  Muxiang Zhang,et al.  Security analysis and enhancements of 3GPP authentication and key agreement protocol , 2005, IEEE Transactions on Wireless Communications.

[20]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[21]  Andreas Heinemann,et al.  Survey on Location Privacy in Pervasive Computing , 2005 .

[22]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[23]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[24]  Mark Ryan,et al.  Analysing Unlinkability and Anonymity Using the Applied Pi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[25]  Andre Scedrov,et al.  Breaking and fixing public-key Kerberos , 2006, Inf. Comput..

[26]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[27]  Graham Steel,et al.  A Formal Analysis of Authentication in the TPM , 2010, Formal Aspects in Security and Trust.

[28]  Kyungtae Kang,et al.  A Privacy Threat in 4th Generation Mobile Telephony and Its Countermeasure , 2014, WASA.

[29]  Jean-Pierre Seifert,et al.  Let Me Answer That for You: Exploiting Broadcast Information in Cellular Networks , 2013, USENIX Security Symposium.

[30]  Massimo Barbaro,et al.  A Face Is Exposed for AOL Searcher No , 2006 .

[31]  Mark Ryan,et al.  New privacy issues in mobile telephony: fix and verification , 2012, CCS.

[32]  Ulrike Meyer,et al.  A man-in-the-middle attack on UMTS , 2004, WiSe '04.

[33]  Véronique Cortier,et al.  A formal analysis of the Norwegian E-voting protocol , 2012, J. Comput. Secur..

[34]  Mark Ryan,et al.  Privacy Supporting Cloud Computing: ConfiChair, a Case Study , 2012, POST.

[35]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[36]  J. Rubenfeld The Right of Privacy , 1989 .

[37]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[38]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[39]  Ben Smyth,et al.  Attacking and Fixing Helios: An Analysis of Ballot Secrecy , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[40]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[41]  A. N.A.DurginP.D.LincolnJ.C.Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[42]  Mathieu Baudet,et al.  Deciding security of protocols against off-line guessing attacks , 2005, CCS '05.

[43]  Somayeh Salimi,et al.  New attacks on UMTS network access , 2009, 2009 Wireless Telecommunications Symposium.

[44]  Johann Cas,et al.  Privacy in pervasive computing environments - a contradiction in terms? , 2005, IEEE Technology and Society Magazine.

[45]  Graham Steel,et al.  Attacking and fixing PKCS#11 security tokens , 2010, CCS '10.

[46]  Felix C. Freiling,et al.  Location privacy in urban sensing networks: research challenges and directions [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.

[47]  Véronique Cortier,et al.  A Method for Proving Observational Equivalence , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[48]  Tom Chothia,et al.  A Traceability Attack against e-Passports , 2010, Financial Cryptography.

[49]  Jerry den Hartog,et al.  Formal Verification of Privacy for RFID Systems , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[50]  Murat Ali Bayir,et al.  Discovering spatiotemporal mobility profiles of cellphone users , 2009, 2009 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks & Workshops.

[51]  Nicholas Hopper,et al.  Location leaks over the GSM air interface , 2012, NDSS.

[52]  Lucas D. Introna Privacy and the computer: why we need privacy in the information society , 1997 .

[53]  Albert-László Barabási,et al.  Understanding individual human mobility patterns , 2008, Nature.

[54]  Hans Hüttel,et al.  Deciding Framed Bisimilarity , 2003, INFINITY.