论文信息 - Another Look at Privacy Threats in 3G Mobile Telephony

Another Look at Privacy Threats in 3G Mobile Telephony

Arapinis et al. [1] have recently proposed modifications to the operation of 3G mobile phone security in order to address newly identified threats to user privacy. In this paper we critically examine these modifications. This analysis reveals that the proposed modifications are impractical in a variety of ways; not only are there security and implementation issues, but the necessary changes to the operation of the system are very significant and much greater than is envisaged. In fact, some of the privacy issues appear almost impossible to address without a complete redesign of the security system. The shortcomings of the proposed ‘fixes’ exist despite the fact that the modifications have been verified using a logic-based modeling tool, suggesting that such tools need to be used with great care.

Chris J. Mitchell | Mohammed Shafiul Alam Khan

[1] Valtteri Niemi,et al. UMTS security , 2003 .

[2] Kenneth G. Paterson,et al. On the Joint Security of Encryption and Signature in EMV , 2012, CT-RSA.

[3] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[4] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[5] Paul C. Kocher. On Certificate Revocation and Validation , 1998, Financial Cryptography.

[6] Leon G. Higley,et al. Forensic Entomology: An Introduction , 2009 .

[7] Rafael Hirschfeld. Financial Cryptography: First International Conference, FC '97, Anguilla, British West Indies, February 24-28, 1997. Proceedings , 1997 .

[8] Michael Myers. Revocation: Options and Challenges , 1998, Financial Cryptography.

[9] Gaven J. Watson,et al. Anonymity guarantees of the UMTS/LTE authentication and connection protocol , 2014, International Journal of Information Security.

[10] Mark Ryan,et al. New privacy issues in mobile telephony: fix and verification , 2012, CCS.