A man-in-the-middle attack on UMTS

Ulrike Meyer, Susanne Wetzel

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

160 Scopus citations

Abstract

In this paper we present a man-in-the-middle attack on the Universal Mobile Telecommunication Standard (UMTS), one of the newly emerging 3G mobile technologies. The attack allows an intruder to impersonate a valid GSM base station to a UMTS subscriber regardless of the fact that UMTS authentication and key agreement are used. As a result, an intruder can eavesdrop on all mobile-station-initiated traffic. Since the UMTS standard requires mutual authentication between the mobile station and the network, so far UMTS networks were considered to be secure against man-in-the-middle attacks. The network authentication defined in the UMTS standard depends on both the validity of the authentication token and the integrity protection of the subsequent security mode command. We show that both of these mechanisms are necessary in order to prevent a man-in-the-middle attack. As a consequence we show that an attacker can mount an impersonation attack since GSM base stations do not support integrity protection. Possible victims to our attack are all mobile stations that support the UTRAN and the GSM air interface simultaneously. In particular, this is the case for most of the equipment used during the transition phase from 2G (GSM) to 3G (UMTS) technology.

Original languageEnglish
Title of host publicationProceedings of the 2004 ACM Workshop on Wireless Security, WiSe
Pages90-97
Number of pages8
DOIs
StatePublished - 2004
EventProceedings of the 2004 ACM Workshop on Wireless Security, WiSe - Philadelphia, PA, United States
Duration: 1 Oct 20041 Oct 2004

Publication series

NameProceedings of the 2004 ACM Workshop on Wireless Security, WiSe

Conference

ConferenceProceedings of the 2004 ACM Workshop on Wireless Security, WiSe
Country/TerritoryUnited States
CityPhiladelphia, PA
Period1/10/041/10/04

Keywords

  • Authentication
  • GSM
  • Man-in-the-middle attack
  • Mobile communication
  • UMTS

Fingerprint

Dive into the research topics of 'A man-in-the-middle attack on UMTS'. Together they form a unique fingerprint.

Cite this