Debilities of the UMTS Security Mode Set-Up Procedure and Attacks against UMTS/HSPA Device

Debilities of the UMTS Security Mode Set-Up Procedure and Attacks against UMTS/HSPA Device

Diego Fernández Alonso, Ana Vázquez Alejos, Manuel García Sánchez
Copyright: © 2015 |Pages: 45
DOI: 10.4018/978-1-4666-8687-8.ch001
(Individual Chapters)
No Current Special Offers


A study and identification of vulnerabilities during the set-up procedure of the Universal Mobile Telecommunication System (UMTS) and how some of them can be exploited. For accomplishment a good understanding of the security messages exchange, a part of UMTS architecture is developed firstly. After the explanation of the security mode set-up procedure debilities, the chapter identify attacks that take advantage of the fact that some messages during their exchange in the process are not protected. The attacks indicated in the chapter are mostly of Denial of Service (DoS) kind, and mainly are performed with a rogue BTS.
Chapter Preview

Umts Architecture

The architecture of Universal Mobile Telecommunications System (UMTS) includes three different domains, UMTS Terrestrial Radio Access Network (UTRAN), Core Network (CN) and User Equipment (UE).

The UTRAN provides the air interface access method for the User Equipment through the Base Station (BS) or Node-B. Core Network provides switching, routing and transit for the user traffic, and it contains the databases and network management functions. And finally User Equipment is the terminal that allows the mobile communication of the user through the air interface.

The UMTS Terminal

In 3rd Generation the device used by the user for the communication is called 3G User Equipment (UE), and it is compound for the UMTS device or Mobile Equipment (ME), and the Universal Subscriber Identity Module (USIM). The UE also is called Mobile Station (MS), terminology used primarily in GSM.

The USIM is a smart card with user’s configurations and data. The module that stores, among other information, the International Mobile Subscriber Identity (IMSI). The IMSI is a 15-digit number that uniquely identifies a particular mobile station, and it is sensitive to receive attacks. The terminal is also characterized by the International Mobile Equipment Identity (IMEI), 15-digit number assigned by the manufacturer. In GSM the equivalent card for the USIM is the Subscriber Identity Module (SIM).

Complete Chapter List

Search this Book: