On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks

GSM suffers from various security weaknesses: Just recently, Barkan, Biham and Keller presented a ciphertext-only attack on the GSM encryption algorithm A5/2 which recovers the encryption key from a few dozen milliseconds of encrypted traffic within less than a second. Furthermore, it is well-known that it is possible to mount a man-in-the-middle attack in GSM during authentication which allows an attacker to make a victim mobile station authenticate itself to a fake base station which in turn forwards the authentication traffic to the real network, thus impersonating the victim mobile station to a real network and vice versa. We discuss the impact of GSM encryption attacks, that recover the encryption key, and the man-in-the-middle attack on the security of networks, which employ UMTS and GSM base stations simultaneously. We suggest to protect UMTS connections from GSM attacks by integrating an additional authentication and key agreement on intersystem handovers between GSM and UMTS.

[1]  Eli Biham,et al.  Cryptanalysis of the A5/1 GSM Stream Cipher , 2000, INDOCRYPT.

[2]  Dirk Fox Der IMSI-Catcher , 2002, Datenschutz und Datensicherheit.

[3]  Ulrike Meyer,et al.  A man-in-the-middle attack on UMTS , 2004, WiSe '04.

[4]  Amparo Fúster-Sabater,et al.  Cryptanalysis of the A5/2 Algorithm , 2000, IACR Cryptol. ePrint Arch..

[5]  Thomas Johansson,et al.  Another attack on A5/1 , 2003, IEEE Trans. Inf. Theory.

[6]  Eli Biham,et al.  Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, CRYPTO.

[7]  Jovan Dj. Golic,et al.  Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[8]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[9]  Ulrike Meyer,et al.  Secure Handover Procedures , 2003 .