3G UMTS man in the middle attacks and policy reform considerations
Date
Authors
Major Professor
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Altmetrics
Authors
Research Projects
Organizational Units
Journal Issue
Is Version Of
Versions
Series
Department
Abstract
Man in the middle attacks on 3G UMTS have been a known vulnerability since at least 2004. Many experts have presented solutions to resolve this issue. The first attempt to mitigate the issue in the form of mutual authentication fell short. It is now public knowledge that law enforcement and the FBI have used this man in the middle style attack to collect intelligence within the United States. It is imperative we openly acknowledge that while the man in the middle attack has immediate benefits, there are also inherent risks to maintaining a lower standard of security.
There has been no official documentation from these agencies on the protocol used to conduct these collections. This paper will outline the deficiency in GSM and UMTS, show how a man in the middle style attack would work and what is keeping the attack still possible after so many years.
Finally, there will be four points to consider for preliminary policy reform; constitutionality, oversight, vulnerability, and protection.