Pub Date : 2023-03-20DOI: 10.48550/arXiv.2303.10955
Zhiwei Cui, Baojiang Cui, Li Su, Haitao Du, Hongxin Wang, Junsong Fu
The security context used in 5G authentication is generated during the Authentication and Key Agreement (AKA) procedure and stored in both the user equipment (UE) and the network sides for the subsequent fast registration procedure. Given its importance, it is imperative to formally analyze the security mechanism of the security context. The security context in the UE can be stored in the Universal Subscriber Identity Module (USIM) card or in the baseband chip. In this work, we present a comprehensive and formal verification of the fast registration procedure based on the security context under the two scenarios in ProVerif. Our analysis identifies two vulnerabilities, including one that has not been reported before. Specifically, the security context stored in the USIM card can be read illegally, and the validity checking mechanism of the security context in the baseband chip can be bypassed. Moreover, these vulnerabilities also apply to 4G networks. As a consequence, an attacker can exploit these vulnerabilities to register to the network with the victim's identity and then launch other attacks, including one-tap authentication bypass leading to privacy disclosure, location spoofing, etc. To ensure that these attacks are indeed realizable in practice, we have responsibly confirmed them through experimentation in three operators. Our analysis reveals that these vulnerabilities stem from design flaws of the standard and unsafe practices by operators. We finally propose several potential countermeasures to prevent these attacks. We have reported our findings to the GSMA and received a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.
{"title":"Attacks Against Security Context in 5G Network","authors":"Zhiwei Cui, Baojiang Cui, Li Su, Haitao Du, Hongxin Wang, Junsong Fu","doi":"10.48550/arXiv.2303.10955","DOIUrl":"https://doi.org/10.48550/arXiv.2303.10955","url":null,"abstract":"The security context used in 5G authentication is generated during the Authentication and Key Agreement (AKA) procedure and stored in both the user equipment (UE) and the network sides for the subsequent fast registration procedure. Given its importance, it is imperative to formally analyze the security mechanism of the security context. The security context in the UE can be stored in the Universal Subscriber Identity Module (USIM) card or in the baseband chip. In this work, we present a comprehensive and formal verification of the fast registration procedure based on the security context under the two scenarios in ProVerif. Our analysis identifies two vulnerabilities, including one that has not been reported before. Specifically, the security context stored in the USIM card can be read illegally, and the validity checking mechanism of the security context in the baseband chip can be bypassed. Moreover, these vulnerabilities also apply to 4G networks. As a consequence, an attacker can exploit these vulnerabilities to register to the network with the victim's identity and then launch other attacks, including one-tap authentication bypass leading to privacy disclosure, location spoofing, etc. To ensure that these attacks are indeed realizable in practice, we have responsibly confirmed them through experimentation in three operators. Our analysis reveals that these vulnerabilities stem from design flaws of the standard and unsafe practices by operators. We finally propose several potential countermeasures to prevent these attacks. We have reported our findings to the GSMA and received a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117178565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-19DOI: 10.1007/978-981-13-3732-1_1
A. Branitskiy, Igor Kotenko
{"title":"Attack Detection in Mobile Internet and Networks Using the Graph-Based Schemes for Combining the Support Vector Machines","authors":"A. Branitskiy, Igor Kotenko","doi":"10.1007/978-981-13-3732-1_1","DOIUrl":"https://doi.org/10.1007/978-981-13-3732-1_1","url":null,"abstract":"","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121121387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-19DOI: 10.1007/978-981-13-3732-1_12
Tsung-Ju Lee, S. Tseng, Hsing-Chung Chen, Sung-Chiang Lin, Chiun-How Kao
{"title":"A Frame-Based Approach to Generating Insider Threat Test Suite on Cloud File-Sharing","authors":"Tsung-Ju Lee, S. Tseng, Hsing-Chung Chen, Sung-Chiang Lin, Chiun-How Kao","doi":"10.1007/978-981-13-3732-1_12","DOIUrl":"https://doi.org/10.1007/978-981-13-3732-1_12","url":null,"abstract":"","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126840645","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-19DOI: 10.1007/978-981-13-3732-1_3
Tianhan Gao, Xinyang Deng, Fanghua Geng
{"title":"SAAS: A Secure Anonymous Authentication Scheme for PMIPv6","authors":"Tianhan Gao, Xinyang Deng, Fanghua Geng","doi":"10.1007/978-981-13-3732-1_3","DOIUrl":"https://doi.org/10.1007/978-981-13-3732-1_3","url":null,"abstract":"","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131208589","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An Efficient Facebook Place Information Extraction Strategy","authors":"Jong-Shin Chen, Chuan-Bi Lin, Cheng-Ying Yang, Yung-Fa Huang","doi":"10.1007/978-981-13-3732-1_10","DOIUrl":"https://doi.org/10.1007/978-981-13-3732-1_10","url":null,"abstract":"","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121338253","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Generating Dynamic Box by Using an Input String","authors":"Jia-Jia Liu, Yi-Li Huang, Fang-Yie Leu, Xing-You Pan, Li-Ren Chen","doi":"10.1007/978-981-13-3732-1_2","DOIUrl":"https://doi.org/10.1007/978-981-13-3732-1_2","url":null,"abstract":"","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129331003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-19DOI: 10.1007/978-981-13-3732-1_11
J. Wen, Fang-Yu Chang, Yung-Fa Huang, Hsing-Chung Chen, Zonyin Shae
{"title":"Performance of Sub-optimal Searching Algorithms on PTS Phase Selections for PAPR Reduction","authors":"J. Wen, Fang-Yu Chang, Yung-Fa Huang, Hsing-Chung Chen, Zonyin Shae","doi":"10.1007/978-981-13-3732-1_11","DOIUrl":"https://doi.org/10.1007/978-981-13-3732-1_11","url":null,"abstract":"","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127618288","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-19DOI: 10.1007/978-981-13-3732-1_9
Chia-Hsin Cheng, Chia-Yao Hu
{"title":"Using iBeacon Technology with Nearest Neighbor Algorithm to Area Positioning Systems","authors":"Chia-Hsin Cheng, Chia-Yao Hu","doi":"10.1007/978-981-13-3732-1_9","DOIUrl":"https://doi.org/10.1007/978-981-13-3732-1_9","url":null,"abstract":"","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131679259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-19DOI: 10.1007/978-981-13-3732-1_5
Daniil A. Bashmakov, A. G. Korobeynikov, A. Sivachev, D. E. Baz, D. Levshun
{"title":"Method for Predicting Pixel Values in Background Areas in the Problem of Weighted Steganalysis in the Spatial Domain of Natural Images Under Small Payloads","authors":"Daniil A. Bashmakov, A. G. Korobeynikov, A. Sivachev, D. E. Baz, D. Levshun","doi":"10.1007/978-981-13-3732-1_5","DOIUrl":"https://doi.org/10.1007/978-981-13-3732-1_5","url":null,"abstract":"","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128366995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-19DOI: 10.1007/978-981-13-3732-1_13
Mengxin Liu, Jianfeng Guan
{"title":"User Keystroke Authentication Based on Convolutional Neural Network","authors":"Mengxin Liu, Jianfeng Guan","doi":"10.1007/978-981-13-3732-1_13","DOIUrl":"https://doi.org/10.1007/978-981-13-3732-1_13","url":null,"abstract":"","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124162480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: