Identity Confidentiality in 5G Mobile Telephony Systems

  • Haibat KhanEmail author
  • Benjamin Dowling
  • Keith M. Martin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11322)


The 3\(^\mathrm{rd}\) Generation Partnership Project (3GPP) recently proposed a standard for 5G telecommunications, containing an identity protection scheme meant to address the long-outstanding privacy problem of permanent subscriber-identity disclosure. The proposal is essentially two disjoint phases: an identification phase, followed by an establishment of security context between mobile subscribers and their service providers via symmetric-key based authenticated key agreement. Currently, 3GPP proposes to protect the identification phase with a public-key based solution, and while the current proposal is secure against a classical adversary, the same would not be true of a quantum adversary. 5G specifications target very long-term deployment scenarios (well beyond the year 2030), therefore it is imperative that quantum-secure alternatives be part of the current specification. In this paper, we present such an alternative scheme for the problem of private identification protection. Our solution is compatible with the current 5G specifications, depending mostly on cryptographic primitives already specified in 5G, adding minimal performance overhead and requiring minor changes in existing message structures. Finally, we provide a detailed formal security analysis of our solution in a novel security framework.


5G security Authentication Privacy Mobile networks 


  1. 1.
    Arkko, J., Lehtovirta, V., Eronen, P.: Improved extensible authentication protocol method for 3rd generation authentication and key agreement (EAP-AKA’). RFC 5448, 1–29 (2009).
  2. 2.
    van den Broek, F., Verdult, R., de Ruiter, J.: Defeating IMSI catchers. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015, pp. 340–351. ACM (2015).
  3. 3.
    Chen, L., et al.: Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology (2016)Google Scholar
  4. 4.
    ETSI-SAGE: First response on ECIES for concealing IMSI or SUPI, October 2017.
  5. 5.
    Fox, D.: Der imsi-catcher. Datenschutz und Datensicherheit 26(4), 212–215 (2002)Google Scholar
  6. 6.
    3rd Generation Partnership Project: Rationale and track of security decisions in Long Term Evolution (LTE) RAN/3GPP System Architecture Evolution (SAE) (3GPP TR 33.821 Version 9.0.0 Release 9), June 2009.
  7. 7.
    3rd Generation Partnership Project: Study on the security aspects of the next generation system (3GPP TR 33.899 Version 1.3.0 Release 14), August 2017.
  8. 8.
    3rd Generation Partnership Project: 3G Security; Security Architecture (3GPP TS 33.102 Version 15.0.0 Release 15), June 2018.
  9. 9.
    3rd Generation Partnership Project: Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) (3GPP TS 33.220 Version 15.2.0 Release 15), June 2018.
  10. 10.
    3rd Generation Partnership Project: Mobile Application Part (MAP) Specification (3GPP TS 29.002 Version 15.3.0 Release 15), March 2018.
  11. 11.
    3rd Generation Partnership Project: Security Architecture and Procedures for 5G Systems (3GPP TS 33.501 Version 15.0.0 Release 15), March 2018.
  12. 12.
    3rd Generation Partnership Project: System Architecture for the 5G System (3GPP TS 23.501 Version 15.1.0 Release 15), March 2018.
  13. 13.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22–24 May 1996, pp. 212–219. ACM (1996).
  14. 14.
    Kelly, J.: A Preview of Bristlecone, Google’s New Quantum Processor. Accessed 08 June 2018
  15. 15.
    Khan, M.S.A., Mitchell, C.J.: Improving air interface user privacy in mobile telephony. In: Chen, L., Matsuo, S. (eds.) SSR 2015. LNCS, vol. 9497, pp. 165–184. Springer, Cham (2015). Scholar
  16. 16.
    Khan, M.S.A., Mitchell, C.J.: Trashing IMSI catchers in mobile networks. In: Noubir, G., Conti, M., Kasera, S.K. (eds.) Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Boston, MA, USA, 18–20 July 2017, pp. 207–218. ACM (2017).
  17. 17.
    Lilly, A.: IMSI catchers: hacking mobile communications. Netw. Secur. 2017(2), 5–7 (2017). Scholar
  18. 18.
    Mattsson, J.: Post-quantum cryptography in mobile networks (2017).
  19. 19.
    SECG SEC 1: Recommended Elliptic Curve Cryptography, Version 2.0 (2009).
  20. 20.
    Shaik, A., Seifert, J., Borgaonkar, R., Asokan, N., Niemi, V.: Practical attacks against privacy and availability in 4G/LTE mobile communication systems. In: 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, 21–24 February 2016. The Internet Society (2016).
  21. 21.
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134. IEEE Computer Society (1994).
  22. 22.
    Shoup, V.: A proposal for an ISO standard for public key encryption. IACR Cryptology ePrint Archive 2001, 112 (2001).

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Information Security GroupRoyal Holloway, University of LondonEghamUK

Personalised recommendations