Improving Air Interface User Privacy in Mobile Telephony

Khan, Muhammad Suleman; Mitchell, Chris J.

doi:10.1007/978-3-319-27152-1_9

Cited by 17 publications

(22 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Publications proposing cellular network pseudonyms in the same format as IMSI, but with randomized, frequently changing MSIN, include [7][8][9][10]. In Broek et al [7] and Khan and Mitchell [8] the pseudonym's update is embedded in a random challenge, RAND, of AKA. Khan and Mitchell [11] identified a weakness in solutions proposing cellular network pseudonyms in the same format as IMSI, which could be exploited to desynchronize pseudonyms in the UE and the HN.…”

Section: Related Workmentioning

confidence: 99%

“…(Indeed, if the UE uses pseudonym in IMSI format when it communicates with SN, and the SN does not get the long-term identifier of that UE -for instance, because it was not patched for LI, then the SN has no other choice but to put the UE's pseudonym into the CDR.) For this reason the home network has to consult a log of pseudonym allocations when it maps from UE identifiers in received CDRs to the actual subscribers' data [8,12]. That log includes the following information: (i) the pseudonym, (ii) the IMSI of the subscriber whom the pseudonym is given to, (iii) the time when HN allocated the pseudonym to the subscriber, (iv) the time when the subscriber started using the pseudonym (i.e., the time of the first successful AKA run of that subscriber with the pseudonym), (v) the time when the UE notified that it is no longer using the pseudonym, and (vi) list of SNs that the user has attached with using this pseudonym.…”

Section: Charging and Billingmentioning

confidence: 99%

“…Hence, even in the unlikely event, where the UE and HN lose synchronization of pseudonyms, the synchronization can be restored because the UE obtains a new LTE pseudonym from the HN simply by connecting to a 5G SN. This paper advances protocol design, beyond what is described in papers [7][8][9][10][11][12], as follows:…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Defeating the Downgrade Attack on Identity Privacy in 5G

Khan

Ginzboorg

Järvinen

et al. 2018

Security Standardisation Research

View full text Add to dashboard Cite

3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Charging and Billingmentioning

confidence: 99%

See 1 more Smart Citation

Defeating the Downgrade Attack on Identity Privacy in 5G

Khan

Ginzboorg

Järvinen

et al. 2018

Security Standardisation Research

View full text Add to dashboard Cite

show abstract

“…As for Dupré, the purpose of the 'special RAND' was completely different to that proposed here. The other published references to the notion appear in papers [4,17,22] that independently propose the use of RAND hijacking for improving the privacy properties of GSM, 3G and 4G networks. As far as the authors are aware, no previous authors have proposed the use of this technique for providing mutual authentication in GSM networks.…”

Section: Rand Hijackingmentioning

confidence: 99%

Retrofitting Mutual Authentication to GSM Using RAND Hijacking

Khan

Mitchell

2016

Security and Trust Management

Self Cite

View full text Add to dashboard Cite

As has been widely discussed, the GSM mobile telephony system only offers unilateral authentication of the mobile phone to the network; this limitation permits a range of attacks. While adding support for mutual authentication would be highly beneficial, changing the way GSM serving networks operate is not practical. This paper proposes a novel modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs. This enhancement, which could be deployed piecemeal in a completely transparent way, not only addresses a number of serious vulnerabilities in GSM but is also the first proposal for enhancing GSM authentication that possesses such transparency properties.

show abstract

“…However, these protocols do not consider SMS as a communication medium and require additional cost and storage for a group setup. Recently, a solution for user privacy in mobile telephony was proposed using the predefined multiple International Mobile Subscriber Identities (IMSI) for each Universal Subscriber Identity Module (USIM) [40]. However, this solution requires a large storage space, generates a huge overhead for pseudo-identities, and utilizes significant bandwidth for sending IMSIs to each MS.…”

Section: Existing Solutionsmentioning

confidence: 99%

BVPSMS: A Batch Verification Protocol for End-to-End Secure SMS for Mobile Users

Saxena

Shen

Komninos

et al. 2018

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Abstract-Short Message Service (SMS) is a widely used communication medium for mobile applications, such as banking, social networking, and e-commerce. Applications of SMS services also include real-time broadcasting messages, such as notification of natural disasters (e.g., bushfires and hurricane) and terrorist attacks, and sharing the current whereabouts to other users, such as notifying urgent business meeting information, transmitting quick information in the battlefield to multiple users, notifying current location to our friends and sharing market information. However, traditional SMS is not designed with security in mind (e.g., messages are not securely sent). It is also possible to extract international mobile subscriber identity of the mobile user. In the literature, there is no known protocol that could enable secure transmission of SMS from one user to multiple users simultaneously. In this paper, we introduce a batch verification authentication and key agreement protocol, BVPSMS, which provides end-to-end message security over an insecure communication channel between different mobile subscribers. Specifically, the proposed protocol securely transmits SMS from one mobile user to multiple users simultaneously. The reliability of the protocol is discussed along with an algorithm to detect malicious user request in a batch. We then evaluate the performance of the proposed protocol in terms of communication and computation overheads, protocol execution time, and batch and re-batch verification times. The impacts of the user mobility, and the time, space and cost complexity analysis are also discussed. We then present a formal security proof of the proposed protocol. To the best of our knowledge, this is the first provably-secure batch verification protocol that delivers end-to-end SMS security using symmetric keys.

show abstract

Improving Air Interface User Privacy in Mobile Telephony

Cited by 17 publications

References 7 publications

Defeating the Downgrade Attack on Identity Privacy in 5G

Defeating the Downgrade Attack on Identity Privacy in 5G

Retrofitting Mutual Authentication to GSM Using RAND Hijacking

BVPSMS: A Batch Verification Protocol for End-to-End Secure SMS for Mobile Users

Contact Info

Product

Resources

About