Security enhancements against UMTS-GSM interworking attacks

In this paper we first present three new attacks on Universal Mobile Telecommunication System (UMTS) in access domain. We exploit the interoperation of UMTS network with its predecessor, Global System for Mobile communications (GSMs). Two attacks result in the interception of the entire traffic of the victim UMTS subscriber in the GSM access area of UMTS network. These attacks are applicable, regardless of the strength of the selected GSM encryption algorithm. The third attack is an impersonation attack and allows the attacker to impersonate a genuine UMTS subscriber to a UMTS network and fool the network to provide services at the expense of the victim subscriber. Then, we propose some countermeasures to strengthen the UMTS network against the mentioned attacks with emphasis on the practicality in present networks. The proposed solutions require limited change of the network elements or protocols, insignificant additional computational load on the network elements and negligible additional bandwidth consumption on the network links.

[1]  Eli Biham,et al.  Conditional Estimators: An Effective Attack on A5/1 , 2005, Selected Areas in Cryptography.

[2]  Henri Gilbert The Security of "One-Block-to-Many" Modes of Operation , 2003, FSE.

[3]  Thomas Johansson,et al.  Another attack on A5/1 , 2003, IEEE Trans. Inf. Theory.

[4]  Andrey Bogdanov,et al.  A Hardware-Assisted Realtime Attack on A5/2 Without Precomputations , 2007, CHES.

[5]  Yuguang Fang,et al.  Security analysis and enhancements of 3GPP authentication and key agreement protocol , 2005, IEEE Trans. Wirel. Commun..

[6]  Ulrike Meyer,et al.  A man-in-the-middle attack on UMTS , 2004, WiSe '04.

[7]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[8]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[9]  Ulrike Meyer,et al.  On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks , 2004, 2004 IEEE 15th International Symposium on Personal, Indoor and Mobile Radio Communications (IEEE Cat. No.04TH8754).

[10]  Sufian Yousef,et al.  A New Authentication Protocol for UMTS Mobile Networks , 2006, EURASIP J. Wirel. Commun. Netw..

[11]  Chung-Ming Huang,et al.  Authentication and key agreement protocol for UMTS with low bandwidth consumption , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[12]  Eli Biham,et al.  Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, Journal of Cryptology.

[13]  A. Masood,et al.  Improved Results on Algebraic Cryptanalysis of A5/2 , 2008 .

[14]  Eli Biham,et al.  Cryptanalysis of the A5/1 GSM Stream Cipher , 2000, INDOCRYPT.