Confidential initial identification and other improvements for UMTS security

ABSTRACT One of the most important Universal Mobile Telecommunications System security breaches that were identified was the identity catching vulnerability. Whenever the user turns his mobile device on or if the service network fails, the International Mobile Subscriber Identity will be sent in clear over the radio link. This allows the International Mobile Subscriber Identity to be intercepted by an attacker who can use it for different purposes. In this paper, we present a Confidential Initial Identification Protocol that protects user identity and also offers the support for further Universal Mobile Telecommunications System security improvement, especially in the authentication and key agreement protocol and the security algorithms negotiation protocol. We show that these new protocols solve the identity catching vulnerability, limit the secret key exposure to cryptographic attacks, and increase the level of confidence of the user and the home network put in the service network. Copyright © 2013 John Wiley & Sons, Ltd. In this paper, we present a Confidential Initial Identification Protocol that protects user identity and also offers the support for further Universal Mobile Telecommunications System security improvement, especially in the authentication and key agreement protocol and the security algorithms negotiation protocol.