《A_Man-in-the-Middle_Attack_on_UMTS》.pdf

A Man-in-the-Middle Attack on UMTS Ulrike Meyer Susanne Wetzel Darmstadt University of Technology Stevens Institute of Technology Department of Computer Science Department of Computer Science Hochschulstrasse 10 Castle Point on Hudson D-64283 Darmstadt Hoboken, NJ 07030 Germany USA umeyer@rmatik.tu-darmstadt.de swetzel@ ABSTRACT 1. INTRODUCTION In this paper we present a man-in-the-middle attack on the The Universal Mobile Telecommunications System Universal Mobile Telecommunication Standard (UMTS), (UMTS) is one of the third generation mobile technologies one of the newly emerging 3G mobile technologies. The at- which is currently being launched in many countries, partic- tack allows an intruder to impersonate a valid GSM base sta- ularly in Europe. tion to a UMTS subscriber regardless of the fact that UMTS Unlike its European predecessor, the Global System for authentication and key agreement are used. As a result, an Mobile Communication (GSM), UMTS provides high data intruder can eavesdrop on all mobile-station-initiated traffic. rates and has a relatively low cost for data transmission. Since the UMTS standard requires mutual authentication Because of these improved technology features, UMTS is ex- between the mobile s