Security and Privacy in Mobile Information and Communication Systems最新文献

Attacks Against Security Context in 5G Network 5G网络安全背景下的攻击

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2023-03-20 DOI: 10.48550/arXiv.2303.10955

Zhiwei Cui, Baojiang Cui, Li Su, Haitao Du, Hongxin Wang, Junsong Fu

{"title":"Attacks Against Security Context in 5G Network","authors":"Zhiwei Cui, Baojiang Cui, Li Su, Haitao Du, Hongxin Wang, Junsong Fu","doi":"10.48550/arXiv.2303.10955","DOIUrl":"https://doi.org/10.48550/arXiv.2303.10955","url":null,"abstract":"The security context used in 5G authentication is generated during the Authentication and Key Agreement (AKA) procedure and stored in both the user equipment (UE) and the network sides for the subsequent fast registration procedure. Given its importance, it is imperative to formally analyze the security mechanism of the security context. The security context in the UE can be stored in the Universal Subscriber Identity Module (USIM) card or in the baseband chip. In this work, we present a comprehensive and formal verification of the fast registration procedure based on the security context under the two scenarios in ProVerif. Our analysis identifies two vulnerabilities, including one that has not been reported before. Specifically, the security context stored in the USIM card can be read illegally, and the validity checking mechanism of the security context in the baseband chip can be bypassed. Moreover, these vulnerabilities also apply to 4G networks. As a consequence, an attacker can exploit these vulnerabilities to register to the network with the victim's identity and then launch other attacks, including one-tap authentication bypass leading to privacy disclosure, location spoofing, etc. To ensure that these attacks are indeed realizable in practice, we have responsibly confirmed them through experimentation in three operators. Our analysis reveals that these vulnerabilities stem from design flaws of the standard and unsafe practices by operators. We finally propose several potential countermeasures to prevent these attacks. We have reported our findings to the GSMA and received a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.","PeriodicalId":270570,"journal":{"name":"Security and Privacy in Mobile Information and Communication Systems","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117178565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Attack Detection in Mobile Internet and Networks Using the Graph-Based Schemes for Combining the Support Vector Machines 基于图和支持向量机的移动互联网和网络攻击检测

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2017-10-19 DOI: 10.1007/978-981-13-3732-1_1

A. Branitskiy, Igor Kotenko

引用次数: 1

A Frame-Based Approach to Generating Insider Threat Test Suite on Cloud File-Sharing 基于框架的云文件共享内部威胁测试套件生成方法

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2017-10-19 DOI: 10.1007/978-981-13-3732-1_12

Tsung-Ju Lee, S. Tseng, Hsing-Chung Chen, Sung-Chiang Lin, Chiun-How Kao

引用次数: 0

SAAS: A Secure Anonymous Authentication Scheme for PMIPv6 SAAS: PMIPv6安全匿名认证方案

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2017-10-19 DOI: 10.1007/978-981-13-3732-1_3

Tianhan Gao, Xinyang Deng, Fanghua Geng

引用次数: 1

An Efficient Facebook Place Information Extraction Strategy 一个有效的Facebook地点信息提取策略

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2017-10-19 DOI: 10.1007/978-981-13-3732-1_10

Jong-Shin Chen, Chuan-Bi Lin, Cheng-Ying Yang, Yung-Fa Huang

引用次数: 1

Generating Dynamic Box by Using an Input String 使用输入字符串生成动态框

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2017-10-19 DOI: 10.1007/978-981-13-3732-1_2

Jia-Jia Liu, Yi-Li Huang, Fang-Yie Leu, Xing-You Pan, Li-Ren Chen

引用次数: 3

Performance of Sub-optimal Searching Algorithms on PTS Phase Selections for PAPR Reduction 次优搜索算法在PTS相位选择中的性能

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2017-10-19 DOI: 10.1007/978-981-13-3732-1_11

J. Wen, Fang-Yu Chang, Yung-Fa Huang, Hsing-Chung Chen, Zonyin Shae

引用次数: 0

Using iBeacon Technology with Nearest Neighbor Algorithm to Area Positioning Systems 基于iBeacon技术和最近邻算法的区域定位系统

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2017-10-19 DOI: 10.1007/978-981-13-3732-1_9

Chia-Hsin Cheng, Chia-Yao Hu

引用次数: 0

Method for Predicting Pixel Values in Background Areas in the Problem of Weighted Steganalysis in the Spatial Domain of Natural Images Under Small Payloads 小载荷下自然图像空间域加权隐写问题中背景区域像素值预测方法

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2017-10-19 DOI: 10.1007/978-981-13-3732-1_5

Daniil A. Bashmakov, A. G. Korobeynikov, A. Sivachev, D. E. Baz, D. Levshun

引用次数: 0

User Keystroke Authentication Based on Convolutional Neural Network 基于卷积神经网络的用户击键认证

Security and Privacy in Mobile Information and Communication Systems Pub Date : 2017-10-19 DOI: 10.1007/978-981-13-3732-1_13

Mengxin Liu, Jianfeng Guan

引用次数: 8