The LSV seminar takes place on Tuesday at 11:00 AM. The usual location is the conference room at Pavillon des Jardins (venue). If you wish to be informed by e-mail about upcoming seminars, please contact Stéphane Le Roux and Matthias Fuegger.
The seminar is open to public and does not require any form of registration.
Joint work with Loretta Mancini, Eike Ritter, and Mark Ryan.
The proliferation of portable computing devices, such as mobile phones, Bluetooth devices, and RFID tags, has lead to a range of new computer security problems. In order to fulfil their goals, these devices need to report our movements to service providers such as mobile phone network operators, banks, and governments. While most of users accept that the service providers can track their physical movements, few would be happy if an arbitrary third party could do so. Such a possibility would enable all kinds of undesirable behaviours, ranging from criminal stalking to more mundane monitoring of spouse or employee movements. For this reason, protocols have been designed to prevent third parties from identifying wireless messages as coming from a particular user. These protocols usually include cryptography and make use of temporary identifiers, in an effort to achieve the aim of untraceability by third parties.
At CSF'10, we presented a formal framework for analysing untraceability/unlinkability in the applied pi calculus. We used our framework to show that French e-Passports are traceable, while British ones aren't. In this talk, I will present you our work on the analysis of Universal Mobile Telecommunication System (UMTS) protocols. I will show you a problem we have identified with the UMTS authentication and key establishment protocol: although mobile phones use temporary identities to identify themselves to the Network, a replayed message can be used to identify a particular mobile phone. Our attack exploits the fact that the victim's phone will reply with subtly different error messages, depending on whether the replayed request is associated with it or with a different phone. To thwart this attack, we propose a modification of the protocol, and verify the proposed fix using our framework and the ProVerif tool.