The global cell phone network is a large and multi-faceted technology that is continuously being improved with new protocols and features. In this work we analyze the security of a few designs and implementations comprising a part of this network. First, we analyze the security of an IP Multimedia Subsystem (IMS) implementation for Android by a major US cell phone carrier, finding a man-in-the-middle attack. Secondly, we look at the 3GPP Authentication and Key Agreement (AKA) protocol, describing three new attacks on AKA in the context of Internet calling and Android. We have worked with the relevant parties to address these four attacks. And finally, we discuss the security aspects of modems in phone platforms from a systems design standpoint, highlighting threats and security objectives that can be used both in evaluating existing implementations as well as in creating new implementations.
Title
Topics in Cell Phone Security
Published
2014-08-16
Full Collection Name
Electrical Engineering & Computer Sciences Technical Reports
Other Identifiers
EECS-2014-156
Type
Text
Extent
49 p
Archive
The Engineering Library
Usage Statement
Researchers may make free and open use of the UC Berkeley Library’s digitized public domain materials. However, some materials in our online collections may be protected by U.S. copyright law (Title 17, U.S.C.). Use or reproduction of materials protected by copyright beyond that allowed by fair use (Title 17, U.S.C. § 107) requires permission from the copyright owners. The use or reproduction of some materials may also be restricted by terms of University of California gift or purchase agreements, privacy and publicity rights, or trademark law. Responsibility for determining rights status and permissibility of any use or reproduction rests exclusively with the researcher. To learn more or make inquiries, please see our permissions policies (https://www.lib.berkeley.edu/about/permissions-policies).
