Vulnerabilities of UMTS-LTE Authentication Process – Theoretical and Practical Aspects during RF Measurements

This paper exposes the main vulnerabilities of UMTS access domain security architecture and the ones during field tests made according to the LTE standard provided by the network operators in the UMTS 2100 MHz bandwidth. The system approves successfully the user data privacy and the signalling data integrity. However, in this paper we identified a few weaknesses. It has been exposed that modification of vulnerable initial messages prior to the security mode command may result in DoS and Man-in-the-Middle attacks. The transmission of IMSI/IMEI in clear on the air, on some occasions is a vulnerability of user identity/location privacy and user traceability. The IMSI unprotected in such way could be exploited by the attackers.