Selected publications at LSV

Abstract:
This paper investigates and analyses the insufficient protections afforded to mobile identities when using today?s operator backed WiFi services. Specifically we detail a range of attacks, on a set of widely deployed authentication protocols, that enable a malicious user to obtain and track a user?s International Mobile Subscriber Identity (IMSI) over WiFi. These attacks are possible due to a lack of sufficient privacy protection measures, which are exacerbated by preconfigured device profiles. We provide a formal analysis of the protocols involved, examine their associated configuration profiles, and document our experiences with reporting the issues to the relevant stakeholders. We detail a range of potential countermeasures to tackle these issues to ensure that privacy is better protected in the future.

@inproceedings{OBH-most17,
   address = {San Jose, CA, USA},
   author = {{O'Hanlon}, Piers and Borgaonkar, Ravishankar and Hirschi, Lucca},
   booktitle = {{P}roceedings of Mobile Security Technologies (MoST'17), held as part of the {IEEE} Computer Society Security and Privacy Workshops},
   editor = {Chen, Hao and Koved, Larry},
   month = may,
   note = {To appear},
   title = {Mobile subscriber WiFi privacy},
   year = {2017},
}

About LSV

Select by Year