Skip to main content
SpringerLink
Log in

Improving Air Interface User Privacy in Mobile Telephony

  • Conference paper
  • First Online:
Security Standardisation Research (SSR 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9497))

Included in the following conference series:

Abstract

Although the security properties of 3G and 4G mobile networks have significantly improved by comparison with 2G (GSM), significant shortcomings remain with respect to user privacy. A number of possible modifications to 2G, 3G and 4G protocols have been proposed designed to provide greater user privacy; however, they all require significant alterations to the existing deployed infrastructures, which are almost certainly impractical to achieve in practice. In this article we propose an approach which does not require any changes to the existing deployed network infrastructures, i.e. to the serving networks or the mobile devices, but offers improved user identity protection over the air interface. The proposed scheme makes use of multiple IMSIs for an individual USIM to offer a degree of pseudonymity for a user. The only changes required are to the operation of the authentication centre in the home network and to the USIM, both owned by a single entity in the mobile telephony system. The scheme could be deployed immediately since it is completely transparent to the existing mobile telephony infrastructure. We present two different approaches to the use and management of multiple IMSIs, and report on experiments to validate its deployability.

M.S.A. Khan—The author is a Commonwealth Scholar, funded by the UK government.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For cryptographic cleanliness it should be ensured that the data string input for this additional use of f1 can never be the same as the data string input to f1 for its other uses; alternatively, a slight variant of f1 could be employed here.

References

  1. Osmocom SIMtrace. http://bb.http://osmocom.org/trac/wiki/SIMtrace. Accessed 20 May 2015

  2. SysmoUSIM-SJS1 SIM + USIM. http://www.sysmocom.de/products/sysmousim-sjs1-sim-usim. Accessed 20 May 2015

  3. 3rd Generation Partnership Project: 3GPP TS 23.003 Version 3.14.0 (2003–12): 3rd Generation Partnership Project; Technical Specification Group Core Network; (Numbering, addressing and identification), December 2003

    Google Scholar 

  4. 3rd Generation Partnership Project: 3GPP TR 21.905 Version 10.3.0; 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Vocabulary for 3GPP Specifications (2011)

    Google Scholar 

  5. 3rd Generation Partnership Project: 3GPP TS 31.130 Version 10.0.0; Technical Specification Group Core Network and Terminals; (U)SIM Application Programming Interface (API); (U)SIM API for Java Card (Release 10) (2011)

    Google Scholar 

  6. Arapinis, M., Mancini, L., Ritter, E., Ryan, M., Golde, N., Redon, K., Borgaonkar, R.: New privacy issues in mobile telephony: fix and verification. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM Conference on Computer and Communications Security, CCS ’12, Raleigh, NC, USA, 16–18 October 2012, pp. 205–216. ACM (2012)

    Google Scholar 

  7. Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M.: Privacy through pseudonymity in mobile telephony systems. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2014 (2014). http://www.internetsociety.org/doc/privacy-through-pseudonymity-mobile-telephony-systems

  8. Choudhury, H., Roychoudhury, B., Saikia, D.K.: Enhancing user identity privacy in LTE. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2012, pp. 949–957. IEEE (2012)

    Google Scholar 

  9. Deng, Y., Fu, H., Xie, X., Zhou, J., Zhang, Y., Shi, J.: A novel 3GPP/SAE authentication and key agreement protocol. In: IEEE International Conference on Network Infrastructure and Digital Content, 2009 (IC-NIDC 2009), pp. 557–561. IEEE (2009)

    Google Scholar 

  10. Dupré, M.: Process to control a Subscriber Identity Module (SIM) in mobile phone system, US Patent 6,690,930 (2004)

    Google Scholar 

  11. European Telecommunications Standards Institute (ETSI): ETSI TS 121 133 Version 4.1.0 (2001–12): Universal Mobile Telecommunications System (UMTS); 3G Security; Security threats and requirements, December 2001

    Google Scholar 

  12. European Telecommunications Standards Institute (ETSI): ETSI TS 131.102 Version 4.15.0 Release 4; Universal Mobile Telecommunications System (UMTS); Characteristics of the USIM application (2005)

    Google Scholar 

  13. European Telecommunications Standards Institute (ETSI): ETSI TS 121 111 Version 8.0.1 (2008–01): Universal Mobile Telecommunications System (UMTS), USIM and IC card requirements, January 2008

    Google Scholar 

  14. European Telecommunications Standards Institute (ETSI): ETSI TS 102 221 Version 8.2.0; Smart Cards; UICC–Terminal Interface; Physical and logical characteristics (2009)

    Google Scholar 

  15. European Telecommunications Standards Institute (ETSI): ETSI TS 131 111 Version 7.15.0: Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Universal Subscriber Identity Module (USIM) Application Toolkit (USAT) (2010)

    Google Scholar 

  16. European Telecommunications Standards Institute (ETSI): ETSI TS 102 223 Version 11.1.0; Smart Cards; Card Application Toolkit (CAT) (2012)

    Google Scholar 

  17. European Telecommunications Standards Institute (ETSI): ETSI TS 133 102 Version 11.5.1 (2013–07): Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); 3G Security; Security architecture, July 2013

    Google Scholar 

  18. Forsberg, D., Horn, G., Moeller, W.D., Niemi, V.: LTE Security. Wiley, Chichester (2010)

    Book  Google Scholar 

  19. International Organization for Standardization: ISO/IEC 7816–3; Identification cards – Integrated circuit cards; Part 3: Cards with contacts – Electrical interface and transmission protocols, November 2006

    Google Scholar 

  20. Juang, W.S., Wu, J.L.: Efficient 3GPP authentication and key agreement with robust user privacy protection. In: Wireless Communications and Networking Conference, WCNC 2007, pp. 2720–2725. IEEE (2007)

    Google Scholar 

  21. Khan, M.S.A., Mitchell, C.J.: Another look at privacy threats in 3G mobile telephony. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 386–396. Springer, Heidelberg (2014)

    Google Scholar 

  22. Køien, G.M.: Privacy enhanced mutual authentication in LTE. In: 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 614–621. IEEE (2013)

    Google Scholar 

  23. Kóien, G.M., Oleshchuk, V.A.: Aspects of Personal Privacy in Communications: Problems, Technology and Solutions. River Publishers, Denmark (2013)

    Google Scholar 

  24. Marsden, I., Marshall, P.: Multi IMSI system and method, US Patent App. 13/966,350, 20 February 2014. http://www.google.com/patents/US20140051423

  25. Samfat, D., Molva, R., Asokan, N.: Untraceability in mobile networks. In: Proceedings of the 1st Annual International Conference on Mobile Computing and Networking, MobiCom ’95, pp. 26–36. ACM, New York, NY, USA (1995). http://doi.acm.org/10.1145/215530.215548

  26. Sung, K., Levine, B.N., Liberatore, M.: Location privacy without carrier cooperation. In: IEEE Workshop on Mobile Security Technologies, MOST 2014, San Jose, CA, USA, 17 May 2014

    Google Scholar 

  27. Tagg, J., Campbell, A.: Identity management for mobile devices, US Patent App. 13/151,942, 6 December 2012. http://www.google.com/patents/US20120309374

  28. Telecommunication Standardization Sector of ITU: ITU-T E.212: International operation Maritime mobile service and public land mobile service (The international identification plan for public networks and subscriptions), May 2008

    Google Scholar 

  29. Valtteri, N., Nyberg, K.: UMTS Security. Willey, Chichester (2003)

    Google Scholar 

  30. Various Contributors: Osmocom Project. http://osmocom.org. Accessed 20 May 2015

  31. Vintila, C.E., Patriciu, V.V., Bica, I.: Security analysis of LTE access network. In: The 10th International Conference on Networks ICN 2011, pp. 29–34 (2011)

    Google Scholar 

  32. Xiehua, L., Yongjun, W.: Security enhanced authentication and key agreement protocol for LTE/SAE network. In: 7th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM), pp. 1–4. IEEE (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Mohammed Shafiul Alam Khan & Chris J. Mitchell

Authors
  1. Mohammed Shafiul Alam Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chris J. Mitchell
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammed Shafiul Alam Khan .

Editor information

Editors and Affiliations

  1. Hewlett Packard Laboratories, Bristol, United Kingdom

    Liqun Chen

  2. NICT, Tokyo, Japan

    Shin'ichiro Matsuo

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Khan, M.S.A., Mitchell, C.J. (2015). Improving Air Interface User Privacy in Mobile Telephony. In: Chen, L., Matsuo, S. (eds) Security Standardisation Research. SSR 2015. Lecture Notes in Computer Science(), vol 9497. Springer, Cham. https://doi.org/10.1007/978-3-319-27152-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27152-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27151-4

  • Online ISBN: 978-3-319-27152-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation