Sciweavers

WS
2004
ACM

A man-in-the-middle attack on UMTS

14 years 5 months ago
A man-in-the-middle attack on UMTS
In this paper we present a man-in-the-middle attack on the Universal Mobile Telecommunication Standard (UMTS), one of the newly emerging 3G mobile technologies. The attack allows an intruder to impersonate a valid GSM base station to a UMTS subscriber regardless of the fact that UMTS authentication and key agreement are used. As a result, an intruder can eavesdrop on all mobile-station-initiated traffic. Since the UMTS standard requires mutual authentication between the mobile station and the network, so far UMTS networks were considered to be secure against man-in-themiddle attacks. The network authentication defined in the UMTS standard depends on both the validity of the authentication token and the integrity protection of the subsequent security mode command. We show that both of these mechanisms are necessary in order to prevent a man-in-the-middle attack. As a consequence we show that an attacker can mount an impersonation attack since GSM base stations do not support integrity...
Ulrike Meyer, Susanne Wetzel
Added 30 Jun 2010
Updated 30 Jun 2010
Type Conference
Year 2004
Where WS
Authors Ulrike Meyer, Susanne Wetzel
Comments (0)