Abstract
Although the security properties of 3G and 4G mobile networks have significantly improved by comparison with 2G (GSM), significant shortcomings remain with respect to user privacy. A number of possible modifications to 2G, 3G and 4G protocols have been proposed designed to provide greater user privacy; however, they all require significant alterations to the existing deployed infrastructures, which are almost certainly impractical to achieve in practice. In this article we propose an approach which does not require any changes to the existing deployed network infrastructures, i.e. to the serving networks or the mobile devices, but offers improved user identity protection over the air interface. The proposed scheme makes use of multiple IMSIs for an individual USIM to offer a degree of pseudonymity for a user. The only changes required are to the operation of the authentication centre in the home network and to the USIM, both owned by a single entity in the mobile telephony system. The scheme could be deployed immediately since it is completely transparent to the existing mobile telephony infrastructure. We present two different approaches to the use and management of multiple IMSIs, and report on experiments to validate its deployability.
M.S.A. Khan—The author is a Commonwealth Scholar, funded by the UK government.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For cryptographic cleanliness it should be ensured that the data string input for this additional use of f1 can never be the same as the data string input to f1 for its other uses; alternatively, a slight variant of f1 could be employed here.
References
Osmocom SIMtrace. http://bb.http://osmocom.org/trac/wiki/SIMtrace. Accessed 20 May 2015
SysmoUSIM-SJS1 SIM + USIM. http://www.sysmocom.de/products/sysmousim-sjs1-sim-usim. Accessed 20 May 2015
3rd Generation Partnership Project: 3GPP TS 23.003 Version 3.14.0 (2003–12): 3rd Generation Partnership Project; Technical Specification Group Core Network; (Numbering, addressing and identification), December 2003
3rd Generation Partnership Project: 3GPP TR 21.905 Version 10.3.0; 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Vocabulary for 3GPP Specifications (2011)
3rd Generation Partnership Project: 3GPP TS 31.130 Version 10.0.0; Technical Specification Group Core Network and Terminals; (U)SIM Application Programming Interface (API); (U)SIM API for Java Card (Release 10) (2011)
Arapinis, M., Mancini, L., Ritter, E., Ryan, M., Golde, N., Redon, K., Borgaonkar, R.: New privacy issues in mobile telephony: fix and verification. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM Conference on Computer and Communications Security, CCS ’12, Raleigh, NC, USA, 16–18 October 2012, pp. 205–216. ACM (2012)
Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M.: Privacy through pseudonymity in mobile telephony systems. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2014 (2014). http://www.internetsociety.org/doc/privacy-through-pseudonymity-mobile-telephony-systems
Choudhury, H., Roychoudhury, B., Saikia, D.K.: Enhancing user identity privacy in LTE. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2012, pp. 949–957. IEEE (2012)
Deng, Y., Fu, H., Xie, X., Zhou, J., Zhang, Y., Shi, J.: A novel 3GPP/SAE authentication and key agreement protocol. In: IEEE International Conference on Network Infrastructure and Digital Content, 2009 (IC-NIDC 2009), pp. 557–561. IEEE (2009)
Dupré, M.: Process to control a Subscriber Identity Module (SIM) in mobile phone system, US Patent 6,690,930 (2004)
European Telecommunications Standards Institute (ETSI): ETSI TS 121 133 Version 4.1.0 (2001–12): Universal Mobile Telecommunications System (UMTS); 3G Security; Security threats and requirements, December 2001
European Telecommunications Standards Institute (ETSI): ETSI TS 131.102 Version 4.15.0 Release 4; Universal Mobile Telecommunications System (UMTS); Characteristics of the USIM application (2005)
European Telecommunications Standards Institute (ETSI): ETSI TS 121 111 Version 8.0.1 (2008–01): Universal Mobile Telecommunications System (UMTS), USIM and IC card requirements, January 2008
European Telecommunications Standards Institute (ETSI): ETSI TS 102 221 Version 8.2.0; Smart Cards; UICC–Terminal Interface; Physical and logical characteristics (2009)
European Telecommunications Standards Institute (ETSI): ETSI TS 131 111 Version 7.15.0: Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Universal Subscriber Identity Module (USIM) Application Toolkit (USAT) (2010)
European Telecommunications Standards Institute (ETSI): ETSI TS 102 223 Version 11.1.0; Smart Cards; Card Application Toolkit (CAT) (2012)
European Telecommunications Standards Institute (ETSI): ETSI TS 133 102 Version 11.5.1 (2013–07): Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); 3G Security; Security architecture, July 2013
Forsberg, D., Horn, G., Moeller, W.D., Niemi, V.: LTE Security. Wiley, Chichester (2010)
International Organization for Standardization: ISO/IEC 7816–3; Identification cards – Integrated circuit cards; Part 3: Cards with contacts – Electrical interface and transmission protocols, November 2006
Juang, W.S., Wu, J.L.: Efficient 3GPP authentication and key agreement with robust user privacy protection. In: Wireless Communications and Networking Conference, WCNC 2007, pp. 2720–2725. IEEE (2007)
Khan, M.S.A., Mitchell, C.J.: Another look at privacy threats in 3G mobile telephony. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 386–396. Springer, Heidelberg (2014)
Køien, G.M.: Privacy enhanced mutual authentication in LTE. In: 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 614–621. IEEE (2013)
Kóien, G.M., Oleshchuk, V.A.: Aspects of Personal Privacy in Communications: Problems, Technology and Solutions. River Publishers, Denmark (2013)
Marsden, I., Marshall, P.: Multi IMSI system and method, US Patent App. 13/966,350, 20 February 2014. http://www.google.com/patents/US20140051423
Samfat, D., Molva, R., Asokan, N.: Untraceability in mobile networks. In: Proceedings of the 1st Annual International Conference on Mobile Computing and Networking, MobiCom ’95, pp. 26–36. ACM, New York, NY, USA (1995). http://doi.acm.org/10.1145/215530.215548
Sung, K., Levine, B.N., Liberatore, M.: Location privacy without carrier cooperation. In: IEEE Workshop on Mobile Security Technologies, MOST 2014, San Jose, CA, USA, 17 May 2014
Tagg, J., Campbell, A.: Identity management for mobile devices, US Patent App. 13/151,942, 6 December 2012. http://www.google.com/patents/US20120309374
Telecommunication Standardization Sector of ITU: ITU-T E.212: International operation Maritime mobile service and public land mobile service (The international identification plan for public networks and subscriptions), May 2008
Valtteri, N., Nyberg, K.: UMTS Security. Willey, Chichester (2003)
Various Contributors: Osmocom Project. http://osmocom.org. Accessed 20 May 2015
Vintila, C.E., Patriciu, V.V., Bica, I.: Security analysis of LTE access network. In: The 10th International Conference on Networks ICN 2011, pp. 29–34 (2011)
Xiehua, L., Yongjun, W.: Security enhanced authentication and key agreement protocol for LTE/SAE network. In: 7th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM), pp. 1–4. IEEE (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Khan, M.S.A., Mitchell, C.J. (2015). Improving Air Interface User Privacy in Mobile Telephony. In: Chen, L., Matsuo, S. (eds) Security Standardisation Research. SSR 2015. Lecture Notes in Computer Science(), vol 9497. Springer, Cham. https://doi.org/10.1007/978-3-319-27152-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-27152-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27151-4
Online ISBN: 978-3-319-27152-1
eBook Packages: Computer ScienceComputer Science (R0)