Analysis of privacy in mobile telephony systems

Myrto Arapinis; Loretta Ilaria Mancini; Eike Ritter; Mark Dermot Ryan

doi:10.1007/s10207-016-0338-9

Analysis of privacy in mobile telephony systems

Myrto Arapinis, Loretta Ilaria Mancini, Eike Ritter, Mark Dermot Ryan

Research output: Contribution to journal › Article › peer-review

5 Citations (Scopus)

247 Downloads (Pure)

Abstract

We present a thorough experimental and formal analysis of users’ privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user’s privacy. We also expose some protocol’s vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.

Original language	English
Pages (from-to)	491–523
Number of pages	33
Journal	International Journal of Information Security
Volume	16
Issue number	5
Early online date	5 Jul 2016
DOIs	https://doi.org/10.1007/s10207-016-0338-9
Publication status	Published - Oct 2017

Keywords

Privacy
Automatic verification
ProVerif
Mobile telephony
Pseudonym

Access to Document

10.1007/s10207-016-0338-9Licence: Creative Commons: Attribution (CC BY)

Arapinis_et_al_Analysis_Privacy_Mobile_Telephony_Systems_Journal_Information_SecurityFinal published version, 3.98 MBLicence: Creative Commons: Attribution (CC BY)

Leadership Fellowships 2009 : Analysing Security and Privacy Properties
Ryan, M. (Principal Investigator)
Engineering & Physical Science Research Council
1/04/10 → 30/09/15
Project: Research Councils
Verifying Interoperability requirements in Pervasive Systems
Ryan, M. (Principal Investigator) & Ritter, E. (Co-Investigator)
Engineering & Physical Science Research Council
8/10/08 → 7/03/13
Project: Research Councils

Cite this

@article{20527e92f6fd416d999c2b65fd70051c,

title = "Analysis of privacy in mobile telephony systems",

abstract = "We present a thorough experimental and formal analysis of users{\textquoteright} privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user{\textquoteright}s privacy. We also expose some protocol{\textquoteright}s vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.",

keywords = "Privacy, Automatic verification, ProVerif, Mobile telephony, Pseudonym",

author = "Myrto Arapinis and Mancini, {Loretta Ilaria} and Eike Ritter and Ryan, {Mark Dermot}",

year = "2017",

month = oct,

doi = "10.1007/s10207-016-0338-9",

language = "English",

volume = "16",

pages = "491–523",

journal = "International Journal of Information Security",

issn = "1615-5262",

publisher = "Springer",

number = "5",

}

TY - JOUR

T1 - Analysis of privacy in mobile telephony systems

AU - Arapinis, Myrto

AU - Mancini, Loretta Ilaria

AU - Ritter, Eike

AU - Ryan, Mark Dermot

PY - 2017/10

Y1 - 2017/10

N2 - We present a thorough experimental and formal analysis of users’ privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user’s privacy. We also expose some protocol’s vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.

AB - We present a thorough experimental and formal analysis of users’ privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user’s privacy. We also expose some protocol’s vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.

KW - Privacy

KW - Automatic verification

KW - ProVerif

KW - Mobile telephony

KW - Pseudonym

U2 - 10.1007/s10207-016-0338-9

DO - 10.1007/s10207-016-0338-9

M3 - Article

SN - 1615-5262

VL - 16

SP - 491

EP - 523

JO - International Journal of Information Security

JF - International Journal of Information Security

IS - 5

ER -

Analysis of privacy in mobile telephony systems

Abstract

Keywords

Access to Document

Fingerprint

Projects

Leadership Fellowships 2009 : Analysing Security and Privacy Properties

Verifying Interoperability requirements in Pervasive Systems

Cite this