Analysis of privacy in mobile telephony systems

We present a thorough experimental and formal analysis of users' privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed poli...

[1]  Véronique Cortier,et al.  A formal analysis of the Norwegian E-voting protocol , 2012, J. Comput. Secur..

[2]  Alfredo Pironti,et al.  Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS , 2014, 2014 IEEE Symposium on Security and Privacy.

[3]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[4]  Andre Scedrov,et al.  Breaking and fixing public-key Kerberos , 2006, Inf. Comput..

[5]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[6]  Philip Robinson,et al.  Privacy, Security and Trust within the Context of Pervasive Computing (The Kluwer International Series in Engineering and Computer Science) , 2004 .

[7]  Jerry den Hartog,et al.  Formal Verification of Privacy for RFID Systems , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[8]  Albert-László Barabási,et al.  Understanding individual human mobility patterns , 2008, Nature.

[9]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[10]  A. N.A.DurginP.D.LincolnJ.C.Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[11]  Alessandro Armando,et al.  From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure? , 2011, SEC.

[12]  Graham Steel,et al.  A Formal Analysis of Authentication in the TPM , 2010, Formal Aspects in Security and Trust.

[13]  王家志 Technical Specification Group Services and System Aspects ; 3 G Security ; Specification of the MILENAGE Algorithm Set : An example algorithm set for the 3 GPP authentication and key generation functions , 2001 .

[14]  Lucas D. Introna Privacy and the computer: why we need privacy in the information society , 1997 .

[15]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[16]  Vitaly Shmatikov,et al.  How To Break Anonymity of the Netflix Prize Dataset , 2006, ArXiv.

[17]  Mark Ryan,et al.  Privacy through Pseudonymity in Mobile Telephony Systems , 2014, NDSS.

[18]  Mark Ryan,et al.  New privacy issues in mobile telephony: fix and verification , 2012, CCS.

[19]  Ulrike Meyer,et al.  A man-in-the-middle attack on UMTS , 2004, WiSe '04.

[20]  Felix C. Freiling,et al.  Location privacy in urban sensing networks: research challenges and directions [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.

[21]  Massimo Barbaro,et al.  A Face Is Exposed for AOL Searcher No , 2006 .

[22]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[23]  Mark Ryan,et al.  Cloud computing privacy concerns on our doorstep , 2011, Commun. ACM.

[24]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[25]  Johann Cas,et al.  Privacy in pervasive computing environments - a contradiction in terms? , 2005, IEEE Technology and Society Magazine.

[26]  Vincent Cheval,et al.  Automating Security Analysis: Symbolic Equivalence of Constraint Systems , 2010, IJCAR.

[27]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[28]  Mark Ryan,et al.  Analysing Unlinkability and Anonymity Using the Applied Pi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[29]  Jie Zhang,et al.  Femtocells: Technologies and Deployment , 2010 .

[30]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[31]  Muxiang Zhang,et al.  Security analysis and enhancements of 3GPP authentication and key agreement protocol , 2005, IEEE Transactions on Wireless Communications.

[32]  Katie Shilton,et al.  Four billion little brothers? , 2009, Commun. ACM.

[33]  Mathieu Baudet,et al.  Deciding security of protocols against off-line guessing attacks , 2005, CCS '05.

[34]  Karthikeyan Bhargavan,et al.  Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage , 2013, POST.

[35]  Chris J. Mitchell,et al.  Another Look at Privacy Threats in 3G Mobile Telephony , 2014, ACISP.

[36]  Somayeh Salimi,et al.  New attacks on UMTS network access , 2009, 2009 Wireless Telecommunications Symposium.

[37]  J. Rubenfeld The Right of Privacy , 1989 .

[38]  Jean-Pierre Seifert,et al.  Let Me Answer That for You: Exploiting Broadcast Information in Cellular Networks , 2013, USENIX Security Symposium.

[39]  Kyungtae Kang,et al.  A Privacy Threat in 4th Generation Mobile Telephony and Its Countermeasure , 2014, WASA.

[40]  Peter Y. A. Ryan,et al.  Caveat Coercitor: Coercion-Evidence in Electronic Voting , 2013, 2013 IEEE Symposium on Security and Privacy.

[41]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[42]  Nicholas Hopper,et al.  Location leaks over the GSM air interface , 2012, NDSS.

[43]  Mark Ryan,et al.  Privacy Supporting Cloud Computing: ConfiChair, a Case Study , 2012, POST.

[44]  Mark Ryan,et al.  Dynamic Measurement and Protected Execution: Model and Analysis , 2013, TGC.

[45]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[46]  Véronique Cortier,et al.  A Method for Proving Observational Equivalence , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[47]  Vladimir A. Oleshchuk,et al.  Location Privacy for Cellular Systems; Analysis and Solution , 2005, Privacy Enhancing Technologies.

[48]  Ben Smyth,et al.  Attacking and Fixing Helios: An Analysis of Ballot Secrecy , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[49]  Andreas Heinemann,et al.  Survey on Location Privacy in Pervasive Computing , 2005 .

[50]  Tom Chothia,et al.  A Traceability Attack against e-Passports , 2010, Financial Cryptography.

[51]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[52]  Murat Ali Bayir,et al.  Discovering spatiotemporal mobility profiles of cellphone users , 2009, 2009 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks & Workshops.

[53]  Graham Steel,et al.  Attacking and fixing PKCS#11 security tokens , 2010, CCS '10.

[54]  Margo McCall,et al.  IEEE Computer Society , 2019, Encyclopedia of Software Engineering.

[55]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[56]  Ravishankar Borgaonkar,et al.  Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications , 2012, NDSS.

[57]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[58]  Hans Hüttel,et al.  Deciding Framed Bisimilarity , 2003, INFINITY.