Jethro Beekman

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2014-156

August 16, 2014

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2014/EECS-2014-156.pdf

The global cell phone network is a large and multi-faceted technology that is continuously being improved with new protocols and features. In this work we analyze the security of a few designs and implementations comprising a part of this network. First, we analyze the security of an IP Multimedia Subsystem (IMS) implementation for Android by a major US cell phone carrier, finding a man-in-the-middle attack. Secondly, we look at the 3GPP Authentication and Key Agreement (AKA) protocol, describing three new attacks on AKA in the context of Internet calling and Android. We have worked with the relevant parties to address these four attacks. And finally, we discuss the security aspects of modems in phone platforms from a systems design standpoint, highlighting threats and security objectives that can be used both in evaluating existing implementations as well as in creating new implementations.

Advisors: David Wagner and John Louis Manferdelli


BibTeX citation:

@mastersthesis{Beekman:EECS-2014-156,
    Author= {Beekman, Jethro},
    Title= {Topics in Cell Phone Security},
    School= {EECS Department, University of California, Berkeley},
    Year= {2014},
    Month= {Aug},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2014/EECS-2014-156.html},
    Number= {UCB/EECS-2014-156},
    Abstract= {The global cell phone network is a large and multi-faceted technology that is continuously being improved with new protocols and features.
In this work we analyze the security of a few designs and implementations comprising a part of this network.
First, we analyze the security of an IP Multimedia Subsystem (IMS) implementation for Android by a major US cell phone carrier, finding a man-in-the-middle attack.
Secondly, we look at the 3GPP Authentication and Key Agreement (AKA) protocol, describing three new attacks on AKA in the context of Internet calling and Android.
We have worked with the relevant parties to address these four attacks.
And finally, we discuss the security aspects of modems in phone platforms from a systems design standpoint, highlighting threats and security objectives that can be used both in evaluating existing implementations as well as in creating new implementations.},
}

EndNote citation:

%0 Thesis
%A Beekman, Jethro 
%T Topics in Cell Phone Security
%I EECS Department, University of California, Berkeley
%D 2014
%8 August 16
%@ UCB/EECS-2014-156
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2014/EECS-2014-156.html
%F Beekman:EECS-2014-156