Mobile telephony equipment is daily carried by billions of subscribers everywhere they go. Avoiding linkability of subscribers by third parties, and protecting the privacy of those subscribers is one of the goals of mobile telecommunication protocols. We use formal methods to model and analyse the security properties of 3G protocols. We expose two novel threats to the user privacy in 3G telephony systems, which make it possible to trace and identify mobile telephony subscribers, and we demonstrate the feasibility of a low cost implementation of these attacks. We propose fixes to these privacy issues, which also take into account and solve other privacy attacks known from the literature. We successfully prove that our privacy-friendly fixes satisfy the desired unlinkability and anonymity properties using the automatic verification tool ProVerif.
%0 Conference Paper
%1 Arapinis12
%A Arapinis, Myrto
%A Mancini, Loretta
%A Ritter, Eike
%A Ryan, Mark
%A Golde, Nico
%A Redon, Kevin
%A Borgaonkar, Ravishankar
%B Proceedings of the 2012 ACM conference on Computer and communications security
%C New York, NY, USA
%D 2012
%I ACM
%K mobile security telephony toread
%P 205--216
%R 10.1145/2382196.2382221
%T New privacy issues in mobile telephony: fix and verification
%U http://doi.acm.org/10.1145/2382196.2382221
%X Mobile telephony equipment is daily carried by billions of subscribers everywhere they go. Avoiding linkability of subscribers by third parties, and protecting the privacy of those subscribers is one of the goals of mobile telecommunication protocols. We use formal methods to model and analyse the security properties of 3G protocols. We expose two novel threats to the user privacy in 3G telephony systems, which make it possible to trace and identify mobile telephony subscribers, and we demonstrate the feasibility of a low cost implementation of these attacks. We propose fixes to these privacy issues, which also take into account and solve other privacy attacks known from the literature. We successfully prove that our privacy-friendly fixes satisfy the desired unlinkability and anonymity properties using the automatic verification tool ProVerif.
%@ 978-1-4503-1651-4
@inproceedings{Arapinis12,
abstract = {Mobile telephony equipment is daily carried by billions of subscribers everywhere they go. Avoiding linkability of subscribers by third parties, and protecting the privacy of those subscribers is one of the goals of mobile telecommunication protocols. We use formal methods to model and analyse the security properties of 3G protocols. We expose two novel threats to the user privacy in 3G telephony systems, which make it possible to trace and identify mobile telephony subscribers, and we demonstrate the feasibility of a low cost implementation of these attacks. We propose fixes to these privacy issues, which also take into account and solve other privacy attacks known from the literature. We successfully prove that our privacy-friendly fixes satisfy the desired unlinkability and anonymity properties using the automatic verification tool ProVerif.},
acmid = {2382221},
added-at = {2013-10-17T12:23:32.000+0200},
address = {New York, NY, USA},
author = {Arapinis, Myrto and Mancini, Loretta and Ritter, Eike and Ryan, Mark and Golde, Nico and Redon, Kevin and Borgaonkar, Ravishankar},
biburl = {https://www.bibsonomy.org/bibtex/23512748267a0e8e98e7bb8ddf4f9c4e0/affitz},
booktitle = {Proceedings of the 2012 ACM conference on Computer and communications security},
description = {New privacy issues in mobile telephony},
doi = {10.1145/2382196.2382221},
interhash = {67bb88c1b8285df1851135a282a2671d},
intrahash = {3512748267a0e8e98e7bb8ddf4f9c4e0},
isbn = {978-1-4503-1651-4},
keywords = {mobile security telephony toread},
location = {Raleigh, North Carolina, USA},
numpages = {12},
pages = {205--216},
publisher = {ACM},
series = {CCS '12},
timestamp = {2013-10-17T12:23:32.000+0200},
title = {New privacy issues in mobile telephony: fix and verification},
url = {http://doi.acm.org/10.1145/2382196.2382221},
year = 2012
}