Enhancing User Identity Privacy in LTE

Choudhury, Hiten; Roychoudhury, Basav; Saikia, Dilip Kr.

doi:10.1109/trustcom.2012.148

Cited by 33 publications

(19 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While other authors observe that significant changes to widely deployed infrastructure are unlikely to be feasible [6,21], realistic and practical proposals have not been made. Choudhury et al [6] have proposed a scheme to improve user identity confidentiality in the LTE network. Their scheme involves significant changes to the air interface protocol.…”

Section: Related Workmentioning

confidence: 99%

“…when registering with the network after switching on a phone. This user privacy issue has been discussed extensively in the literature [5,6,7,20,21,27,28], and many modifications to existing protocols have been proposed to avoid the problem [5,7,19,28]. All these proposals involve making major modifications to the air interface protocol, which would require changes to the operation of all the serving networks as well as all the deployed phones.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Improving Air Interface User Privacy in Mobile Telephony

Khan

Mitchell

2015

Security Standardisation Research

View full text Add to dashboard Cite

Although the security properties of 3G and 4G mobile networks have significantly improved by comparison with 2G (GSM), significant shortcomings remain with respect to user privacy. A number of possible modifications to 2G, 3G and 4G protocols have been proposed designed to provide greater user privacy; however, they all require significant modifications to existing deployed infrastructures, which are almost certainly impractical to achieve in practice. In this article we propose an approach which does not require any changes to the existing deployed network infrastructures or mobile devices, but offers improved user identity protection over the air interface. The proposed scheme makes use of multiple IMSIs for an individual USIM to offer a degree of pseudonymity for a user. The only changes required are to the operation of the authentication centre in the home network and to the USIM, and the scheme could be deployed immediately since it is completely transparent to the existing mobile telephony infrastructure. We present two different approaches to the use and management of multiple IMSIs.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Improving Air Interface User Privacy in Mobile Telephony

Khan

Mitchell

2015

Security Standardisation Research

View full text Add to dashboard Cite

show abstract

“…The role of the DM SI is to randomise and mask the IM SI so that an adversary having access to a particular DM SI cannot link it with any subscriber or any previous communication. This extension is based on our work that was presented in [7]. For successful functioning of the security extension the following operator specific random number and functions are used:…”

Section: Security Extension For Eps-akamentioning

confidence: 99%

A New Trust Model for Improved Identity Privacy in Cellular Networks

Choudhury¹,

Roychoudhury²,

Saikia³

2012

IJCA

Self Cite

View full text Add to dashboard Cite

Cellular networks have evolved through various generations, starting with 1G, followed by 2G and then by 3G, cellular networks have come a long way. A recent technology that has marked the beginning of 4G is Long Term Evolution (LTE). While transmission technologies, authentication mechanisms, confidentiality protection, etc., improved significantly through the generations, not much has improved with regards to the subscriber's identity privacy, and LTE is no exception. Much of this could be due to the trust model adopted in these networks. Introduction of sensitive services like mobile-banking, mobile-commerce, etc., has increased the importance of identity privacy by many folds. Identification of threats like location tracking and comprehensive profiling -where data about movement, usage, etc., of a subscriber is amassed and linked to his/her identity to explore various attacks -is quite alarming. In this paper, we propose a new trust model for strengthening identity privacy in cellular networks; it has an additional capacity to enhance interoperability among different cellular operators. We also propose a security extension that adopts this trust model to improve identity privacy and interoperability in LTE. A formal analysis of the extension proves that it meets its security goals. General Terms:Wireless networks, Security and privacy

show abstract

“…Despite this security strategy the LTE still has a number of security flaws [2][3][4][5][6]. The user identity is still vulnerable to privacy attacks.…”

Section: Introductionmentioning

confidence: 99%

“…There are some occasions when the UE is requested to identify itself with its permanent identifier IMSI. Such situations occur when the network fails to retrieve the temporary identifiers of the UE and asks the UE to transmit the UE's IMSI, which in turn transmits it (in clear text) [2]. The IMSI can be intercepted by an attacker, who then could track the movements of the user, and thus violating the user's privacy.…”

Section: Introductionmentioning

confidence: 99%

Analysis of User Identity Privacy in LTE and Proposed Solution

Muthana¹,

Saeed²

2017

IJCNIS

View full text Add to dashboard Cite

Abstract-The mechanisms adopted by cellular technologies for user identification allow an adversary to collect information about individuals and track their movements within the network; and thus exposing privacy of the users to unknown risks. Efforts have been made toward enhancing privacy preserving capabilities in cellular technologies, culminating in Long Term Evolution LTE technology. LTE security architecture is substantially enhanced comparing with its predecessors 2G and 3G; however, LTE does not eliminate the possibility of user privacy attacks. LTE is still vulnerable to user identity privacy attacks. This paper includes an evaluation of LTE security architecture and proposes a security solution for the enhancement of user identity privacy in LTE. The solution is based on introducing of pseudonyms that replace the user permanent identifier (IMSI) used for identification. The scheme provides secure and effective identity management in respect to the protection of user privacy in LTE. The scheme is formally verified using proVerif and proved to provide an adequate assurance of user identity privacy protection.

show abstract

Enhancing User Identity Privacy in LTE

Cited by 33 publications

References 5 publications

Improving Air Interface User Privacy in Mobile Telephony

Improving Air Interface User Privacy in Mobile Telephony

A New Trust Model for Improved Identity Privacy in Cellular Networks

Analysis of User Identity Privacy in LTE and Proposed Solution

Contact Info

Product

Resources

About