Mobile subscriber WiFi privacy
This paper investigates and analyses the insufficient protections afforded to mobile identities when using today’s operator backed WiFi services. Specifically we detail a range of attacks, on a set of widely deployed authentication protocols, that enable a malicious user to obtain and track a user’s...
| Main Authors: | , , |
|---|---|
| Format: | Conference item |
| Published: |
Institute of Electrical and Electronics Engineers
2017
|
| _version_ | 1797102391609262080 |
|---|---|
| author | O'Hanlon, P Borgaonkar, R Hirschi, L |
| author_facet | O'Hanlon, P Borgaonkar, R Hirschi, L |
| author_sort | O'Hanlon, P |
| collection | OXFORD |
| description | This paper investigates and analyses the insufficient protections afforded to mobile identities when using today’s operator backed WiFi services. Specifically we detail a range of attacks, on a set of widely deployed authentication protocols, that enable a malicious user to obtain and track a user’s International Mobile Subscriber Identity (IMSI) over WiFi. These attacks are possible due to a lack of sufficient privacy protection measures, which are exacerbated by preconfigured device profiles. We provide a formal analysis of the protocols involved, examine their associated configuration profiles, and document our experiences with reporting the issues to the relevant stakeholders. We detail a range of potential countermeasures to tackle these issues to ensure that privacy is better protected in the future. |
| first_indexed | 2024-03-07T06:05:21Z |
| format | Conference item |
| id | oxford-uuid:eda4ec11-2ee6-4bb0-82cc-0727c1119ea2 |
| institution | University of Oxford |
| last_indexed | 2024-03-07T06:05:21Z |
| publishDate | 2017 |
| publisher | Institute of Electrical and Electronics Engineers |
| record_format | dspace |
| spelling | oxford-uuid:eda4ec11-2ee6-4bb0-82cc-0727c1119ea22022-03-27T11:26:38ZMobile subscriber WiFi privacyConference itemhttp://purl.org/coar/resource_type/c_5794uuid:eda4ec11-2ee6-4bb0-82cc-0727c1119ea2Symplectic Elements at OxfordInstitute of Electrical and Electronics Engineers2017O'Hanlon, PBorgaonkar, RHirschi, LThis paper investigates and analyses the insufficient protections afforded to mobile identities when using today’s operator backed WiFi services. Specifically we detail a range of attacks, on a set of widely deployed authentication protocols, that enable a malicious user to obtain and track a user’s International Mobile Subscriber Identity (IMSI) over WiFi. These attacks are possible due to a lack of sufficient privacy protection measures, which are exacerbated by preconfigured device profiles. We provide a formal analysis of the protocols involved, examine their associated configuration profiles, and document our experiences with reporting the issues to the relevant stakeholders. We detail a range of potential countermeasures to tackle these issues to ensure that privacy is better protected in the future. |
| spellingShingle | O'Hanlon, P Borgaonkar, R Hirschi, L Mobile subscriber WiFi privacy |
| title | Mobile subscriber WiFi privacy |
| title_full | Mobile subscriber WiFi privacy |
| title_fullStr | Mobile subscriber WiFi privacy |
| title_full_unstemmed | Mobile subscriber WiFi privacy |
| title_short | Mobile subscriber WiFi privacy |
| title_sort | mobile subscriber wifi privacy |
| work_keys_str_mv | AT ohanlonp mobilesubscriberwifiprivacy AT borgaonkarr mobilesubscriberwifiprivacy AT hirschil mobilesubscriberwifiprivacy |