Le séminaire du LSV

Le séminaire du LSV a lieu le mardi à 11h00. Le lieu habituel est la salle de conférences au Pavillon des Jardins (plan d'accès). Pour être informé par email des prochains séminaires, contacter Stéphane Le Roux and Matthias Fuegger.

Le séminaire du LSV est public et ne nécessite aucune inscription préalable.

Séminaires passés

Keeping track of your friends and enemies: privacy threats of new mobile technologies

Visiter le site web pour cet événement | Exporter cet événement au format iCalendar

 Myrto Arapinis
Date
Le mardi 20 septembre 2011 à 11:00
Lieu
Salle de Conférence (Pavillon des Jardins)
Orateur
Myrto Arapinis (University of Birmingham)

Joint work with Loretta Mancini, Eike Ritter, and Mark Ryan.

The proliferation of portable computing devices, such as mobile phones, Bluetooth devices, and RFID tags, has lead to a range of new computer security problems. In order to fulfil their goals, these devices need to report our movements to service providers such as mobile phone network operators, banks, and governments. While most of users accept that the service providers can track their physical movements, few would be happy if an arbitrary third party could do so. Such a possibility would enable all kinds of undesirable behaviours, ranging from criminal stalking to more mundane monitoring of spouse or employee movements. For this reason, protocols have been designed to prevent third parties from identifying wireless messages as coming from a particular user. These protocols usually include cryptography and make use of temporary identifiers, in an effort to achieve the aim of untraceability by third parties.

At CSF'10, we presented a formal framework for analysing untraceability/unlinkability in the applied pi calculus. We used our framework to show that French e-Passports are traceable, while British ones aren't. In this talk, I will present you our work on the analysis of Universal Mobile Telecommunication System (UMTS) protocols. I will show you a problem we have identified with the UMTS authentication and key establishment protocol: although mobile phones use temporary identities to identify themselves to the Network, a replayed message can be used to identify a particular mobile phone. Our attack exploits the fact that the victim's phone will reply with subtly different error messages, depending on whether the replayed request is associated with it or with a different phone. To thwart this attack, we propose a modification of the protocol, and verify the proposed fix using our framework and the ProVerif tool.


À propos du LSV

Agenda des séminaires

Exporter l'agenda au format iCalendar | Les séminaires précédents

mar. 19 février

Les séminaires précédents