Abstract
3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The notation used in this paper is summarized in Appendix A.
- 2.
The first five to six digits of the IMSI identify the country and the home network of the mobile user. Even though these digits allow linkability in certain cases, (e.g., if in a visited network there is only one roaming UE from a specific country), these digits are not randomized, because they are needed to route initial requests for authentication data for roaming UE to the correct home network.
- 3.
The standard [6] does not require the HN to provision \( pk \) into every UE. If HN has not provisioned its \( pk \) into a UE, then that UE will not conceal its long-term identity with this mechanism.
References
Soltani, A., Timberg, C.: Tech firm tries to pull back curtain on surveillance efforts in Washington, September 2014. https://www.washingtonpost.com/world/national-security/researchers-try-to-pull-back-curtain-on-surveillance-efforts-in-washington/2014/09/17/f8c1f590-3e81-11e4-b03f-de718edeb92f_story.html?utm_term=.96e31aa4440b. Accessed 14 July 2017
PKI Electronic Intelligence: 3G UMTS IMSI Catcher. http://www.pki-electronic.com/products/interception-and-monitoring-systems/3g-umts-imsi-catcher/. Accessed 6 July 2018
Dabrowski, A., Pianta, N., Klepp, T., Mulazzani, M., Weippl, E.: IMSI-catch me if you can: IMSI-catcher-catchers. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 246–255. ACM, New York (2014)
Ney, P., Smith, J., Gabriel, C., Tadayoshi, K.: SeaGlass: enabling city-wide IMSI-catcher detection. In: Proceedings on Privacy Enhancing Technologies. PoPETs (2017)
3GPP: TS 22.261 Service requirements for next generation new services and markets (2018). https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3107
3GPP: TS 33.501 Security architecture and procedures for 5G System, March 2018. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3169
Van den Broek, F., Verdult, R., de Ruiter, J.: Defeating IMSI catchers. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015. ACM (2015)
Khan, M.S.A., Mitchell, C.J.: Improving air interface user privacy in mobile telephony. In: Chen, L., Matsuo, S. (eds.) SSR 2015. LNCS, vol. 9497, pp. 165–184. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27152-1_9
Norrman, K., Näslund, M., Dubrova, E.: Protecting IMSI and user privacy in 5G networks. In: Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications, MobiMedia 2016. ICST (2016)
Ginzboorg, P., Niemi, V.: Privacy of the long-term identities in cellular networks. In: Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications, MobiMedia 2016. ICST (2016)
Khan, M., Mitchell, C.: Trashing IMSI catchers in mobile networks. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, 18–20 July 2017. Association for Computing Machinery (ACM), United States, May 2017
Khan, M., Järvinen, K., Ginzboorg, P., Niemi, V.: On de-synchronization of user pseudonyms in mobile networks. In: Shyamasundar, R.K., Singh, V., Vaidya, J. (eds.) ICISS 2017. LNCS, vol. 10717, pp. 347–366. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72598-7_22
3GPP: TS 23.003, 15.4.0 Numbering, addressing and identification, June 2018. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=729
3GPP: TS 23.501 System Architecture for the 5G System (2018). https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3144
Khan, M., Ginzboorg, P., Niemi, V.: IMSI-based routing and identity privacy in 5G. In: Proceedings of the 22nd Conference of Open Innovations Association FRUCT, Jyvaskyla, Finland, May 2018
3GPP: TS 33.401 V15.0.0 Security architecture (Release 15), June 2017. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2296
3GPP: TS 23.012 V14.0.0 Location management procedures (Release 14), March 2017. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=735
Herzberg, A., Krawczyk, H., Tsudik, G.: On travelling incognito. In: 1994 First Workshop on Mobile Computing Systems and Applications. IEEE Xplore (1994)
Asokan, N.: Anonymity in a mobile computing environment. In: First Workshop on Mobile Computing Systems and Applications. IEEE, Santa Cruz (1994)
Køien, G.M.: Privacy enhanced mutual authentication in LTE. In: 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 614–621, October 2013
Khan, M., Niemi, V.: Concealing IMSI in 5G network using identity based encryption. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds.) NSS 2017. LNCS, vol. 10394, pp. 544–554. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64701-2_41
Certicom Research: SEC 1: Elliptic Curve Cryptography. Standards for Efficient Cryptography, Ver. 2.0, May 2009. http://www.secg.org/sec1-v2.pdf
Certicom Research: SEC 2: Recommended Elliptic Curve Domain Parameters. Standards for Efficient Cryptography, Ver. 2.0, January 2010. http://www.secg.org/sec2-v2.pdf
NIST: Advanced Encryption Standard (AES). FIPS PUB 197 (2001)
NIST: Recommendation for Block Cipher Modes of Operation: Methods and Techniques. SP 800–38A (2001)
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104, February 1997
NIST: Secure hash standard (SHS). FIPS PUB 180-4 (2012)
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14
Langley, A., Hamburg, M., Turner, S.: Elliptic Curves for Security. RFC 7748, January 2016
Interactive digital media GmbH: Mobile Country Codes (MCC) and Mobile Network Codes (MNC). http://www.mcc-mnc.com/
Wikipedia: List of mobile network operators. https://en.wikipedia.org/wiki/List_of_mobile_network_operators
3GPP: TS 33.106: 3G security; Lawful interception requirements (2018). https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2265
3GPP: TS 33.126 V15.0.0 Lawful Interception requirements, June 2018. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3181
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix A Summary of Notation
Appendix B Algorithms
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Khan, M., Ginzboorg, P., Järvinen, K., Niemi, V. (2018). Defeating the Downgrade Attack on Identity Privacy in 5G. In: Cremers, C., Lehmann, A. (eds) Security Standardisation Research. SSR 2018. Lecture Notes in Computer Science(), vol 11322. Springer, Cham. https://doi.org/10.1007/978-3-030-04762-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-04762-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04761-0
Online ISBN: 978-3-030-04762-7
eBook Packages: Computer ScienceComputer Science (R0)