Archivio Istituzionale della RicercaLong Term Evolution (LTE) is the most recent standard in mobile communications, introduced by 3rd Generation Partnership Project (3GPP). Most of the formal security analysis works in literature about LTE analyze authentication procedures, while interoperability is far less considered. This paper presents a formal security analysis of the interoperability procedures between LTE and the older Universal Mobile Telecommunications System (UMTS) networks, when mobile devices seamlessly switch between the two technologies. The Proverif tool has been used to conduct the verification. The analysis shows that security properties (secrecy of keys, including backward/forward secrecy, immunity from off-line guessing attacks and network components authentication) hold almost as expected, if all the protections allowed by the LTE standard are adopted. If backhauling traffic is not protected with IPSec, which is a common scenario since the use of IPSec is not mandatory, some security properties still hold while others are compromised. Consequently, user's traffic and network's nodes are exposed to attacks in this scenario.
Formal Verification of LTE-UMTS Handover Procedures / BETTASSA COPET, Piergiuseppe; Marchetto, Guido; Sisto, Riccardo; Costa, Luciana. - STAMPA. - (2015), pp. 738-744. (Intervento presentato al convegno 20th IEEE Symposium on Computers and Communications (ISCC) tenutosi a Larnaca, Cyprus nel 6-9 July 2015) [10.1109/ISCC.2015.7405602].
Formal Verification of LTE-UMTS Handover Procedures
BETTASSA COPET, PIERGIUSEPPE;MARCHETTO, GUIDO;SISTO, Riccardo;
2015
Abstract
Long Term Evolution (LTE) is the most recent standard in mobile communications, introduced by 3rd Generation Partnership Project (3GPP). Most of the formal security analysis works in literature about LTE analyze authentication procedures, while interoperability is far less considered. This paper presents a formal security analysis of the interoperability procedures between LTE and the older Universal Mobile Telecommunications System (UMTS) networks, when mobile devices seamlessly switch between the two technologies. The Proverif tool has been used to conduct the verification. The analysis shows that security properties (secrecy of keys, including backward/forward secrecy, immunity from off-line guessing attacks and network components authentication) hold almost as expected, if all the protections allowed by the LTE standard are adopted. If backhauling traffic is not protected with IPSec, which is a common scenario since the use of IPSec is not mandatory, some security properties still hold while others are compromised. Consequently, user's traffic and network's nodes are exposed to attacks in this scenario.
| File | Dimensione | Formato | |
|---|---|---|---|
|
1570084757_author_postprint.pdf
accesso aperto
Descrizione: File principale articolo. Author's version.
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
376.17 kB
Formato
Adobe PDF
|
376.17 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2621605
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo