Somayeh Salimi

New attacks on UMTS network access

In this paper we propose two new attacks on UMTS network. Both attacks exploit the UMTS-GSM interworking and are possible in the GSM access area of UMTS network. The first attack allows the attacker to eavesdrop on the entire traffic of the victim UMTS subscriber in the GERAN coverage of the UMTS network. The second attack is an impersonation attack i.e. the attacker impersonates a genuine UMTS subscriber to a UMTS network and fools the network to provide services at the expense of the victim subscriber in its GERAN coverage.

Rate regions of secret key sharing in a new source model

A source model for secret key generation between terminals is considered. Two users, namely users 1 and 2, at one side communicate with another user, namely user 3, while at the other side via a public channel where three users can observe i.i.d. outputs of correlated sources. Each of users 1 and 2 intends to share a secret key with user 3 where user 1 acts as a wiretapper for user 2 and vice versa. In this model, two situations are considered: communication from users 1 and 2 to user 3 (the forward key strategy) and from user 3 to users 1 and 2 (the backward key strategy). In both situations, the goal is sharing a secret key between user 1 and user 3 while leaking no effective information about that key to user 2, and simultaneously, sharing another secret key between user 2 and user 3 while leaking no effective information about the latter key to user 1. This model is motivated by wireless communications when considering user 3 as a base station and users 1 and 2 as network users. For both the forward and backward key strategies, inner and outer bounds of secret key capacity regions are derived. In special situations where one of users 1 and 2 is only interested in wiretapping and not key sharing, the results agree with that of Ahlswede and Csiszar. Also, the authors investigate some special cases in which the inner bound coincides with the outer bound and secret key capacity region is deduced.

Cognitive interference channel with two confidential messages

In this paper we consider a cognitive interference channel with two confidential messages. In our scenario, although the cognitive transmitter cooperates with the primary sender, the primary and cognitive messages must be secure at unintended receivers. The level of secrecy is measured by the equivocation rate. Also an expression is obtained for the rate-equivocation region of the discrete memoryless cognitive interference channel with confidential primary and secondary messages.

Key Agreement Over Multiple Access Channel

In this paper, a generalized multiple access channel (MAC) model for secret key sharing between three terminals is considered. In this model, there are two transmitters and a receiver where all three terminals receive noisy channel outputs. In addition, there is a one-way public channel from the transmitters to the receiver. Each of the transmitters intends to share a secret key with the receiver by using the MAC and the public channel, where the transmitters are eavesdroppers with respect to each other. Two strategies for secret key sharing are considered, namely, the pregenerated key strategy and the two-stage key strategy. For both of them, inner and outer bounds of the secret key capacity region are derived. Furthermore, the effect of the public channel is discussed and the two strategies are compared. In both strategies, it is assumed that the channel outputs at the transmitters are only used for eavesdropping and not as inputs to the encoders. The effect of this assumption in the presence of the public channel is analyzed for some Gaussian MACs.

An Extended Authentication and Key Agreement Protocol of UMTS

Identification, authentication and key agreement protocol of UMTS networks have some weaknesses to provide DoS-attack resistance, mutual freshness, and efficient bandwidth consumption. In this article we consider UMTS AKA and some other proposed schemes. Then we explain the known weaknesses in the previous frameworks suggested for UMTS AKA protocol. After that we propose a new UMTS AKA protocol (called EAKAP) for UMTS mobile network that combines identification stage and AKA stage of UMTS AKA protocol as well as eliminating disadvantages of related works and bringing some new features to improve the UMTS AKA mechanism such as reducing the interactive rounds of the UMTS AKA protocol.

Anonymous roaming in universal mobile telecommunication system mobile networks

A secure roaming protocol for mobile networks is proposed. Roaming has been analysed in some schemes from the security point of view; however, there are vulnerabilities in most of them and so the claimed security level is not achieved. The scheme offered by Wan et al. recently is based on hierarchical identity-based encryption, in which the roaming user and the foreign network mutually authenticate each other without the help of the home network. Although the idea behind this proposal is interesting, it contradicts technical considerations such as routing and billing. The proposed protocol makes use of similar functions used in Wan et al.s scheme but contributes a distinguished structure that overcomes the previous shortcomings and achieves a higher possible level of security in mobile roaming as well as enhancing the security of the key issuing procedure.

Security enhancements against UMTS-GSM interworking attacks

In this paper we first present three new attacks on Universal Mobile Telecommunication System (UMTS) in access domain. We exploit the interoperation of UMTS network with its predecessor, Global System for Mobile communications (GSMs). Two attacks result in the interception of the entire traffic of the victim UMTS subscriber in the GSM access area of UMTS network. These attacks are applicable, regardless of the strength of the selected GSM encryption algorithm. The third attack is an impersonation attack and allows the attacker to impersonate a genuine UMTS subscriber to a UMTS network and fool the network to provide services at the expense of the victim subscriber. Then, we propose some countermeasures to strengthen the UMTS network against the mentioned attacks with emphasis on the practicality in present networks. The proposed solutions require limited change of the network elements or protocols, insignificant additional computational load on the network elements and negligible additional bandwidth consumption on the network links.

Key Agreement over a Generalized Multiple Access Channel Using Noiseless and Noisy Feedback

A secret key agreement framework involving three users is considered in which each of the users 1 and 2 intends to share a secret key with user 3 and users 1 and 2 are eavesdroppers with respect to each other. There is a generalized discrete memoryless multiple access channel (GDMMAC) from users 1 and 2 to user 3 where the three users receive outputs from the channel. Furthermore, there is a feedback channel from user 3 to users 1 and 2 through which user 3 sends information extracted from the received output from the GDMMAC to increase the key rates. We consider both noiseless and noisy feedback. In the case of noiseless feedback, a public channel of unlimited capacity from user 3 to users 1 and 2 is used only once. In the case of noisy feedback, a noisy broadcast channel (BC) from user 3 to users 1 and 2 can be repeatedly used, like GDMMAC. In both setups, inner bounds of the secret key capacity region are derived. The secret key capacity region is derived in some special cases where the channel inputs and outputs form Markov chains in certain orders. For illustration, the corresponding results are also derived and discussed for Gaussian channels. The cases with noiseless feedback, noisy feedback, and no feedback at all are compared with each other.

Key agreement over multiple access channel using feedback channel

In this paper, the effect of using an insecure and noiseless feedback channel in increasing secret key rates is investigated. There is a generalized discrete memoryless multiple access channel (GDMMAC) between two transmitters and a receiver where, in addition to the receiver, both of the transmitters receive noisy channel outputs. Furthermore, an insecure and noiseless feedback channel exists from the receiver to the transmitters. Each of the transmitters intends to share a secret key with the receiver while keeping it concealed from the other transmitter. For this setup, an inner bound of the secret key capacity region is derived. For some special cases, the secret key capacity region is obtained, and the effect of the feedback channel usage is discussed through a binary-erasure example as well as in the Gaussian case.

The CEO problem with secrecy constraints

A lossy source coding problem with secrecy constraints is considered where a remote information source should be transmitted to a single destination via multiple agents in the presence of an eavesdropper. The agents observe noisy versions of the source and independently encode and transmit their observations to the destination via noiseless rate-limited links. Unbeknownst to the agents, an eavesdropper intercepts one of the links from the agents to the destination to learn as much as possible about the source. The destination should estimate the remote source subject to a mean distortion threshold. This problem can be viewed as the CEO problem with addition of secrecy constraints. We establish inner and outer bounds on the rate-distortion-equivocation region. In addition, we provide the optimal rate-distortion-equivocation region for the quadratic Gaussian case when the eavesdropper has no side information.