Defeating IMSI Catchers

Broek, Fabian van den; Verdult, Roel; Ruiter, Joeri de

doi:10.1145/2810103.2813615

Cited by 57 publications

(75 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The IMSI can be intercepted by adversaries. Such attacks are commonly referred to as "IMSI catching" [13]. To protect the user identity privacy, the LTE allocates various different temporary identities such as GUTI, M-TMSI, and C-RNTI to a single UE within LTE network architecture for different networking services.…”

Section: B User Identity Privacy Issuesmentioning

confidence: 99%

“…The authors in [13] propose a solution where the IMSI is replaced with a changing pseudonym that only the home network can link to the user's identity. This hiding of the IMSI is done without changing any of the system messages.…”

Section: Related Workmentioning

confidence: 99%

“…Our solution requires the HSS to store only two additional values for each UE: C and CNEW and the UE to store only one additional value: CMSI. As the solution in [13] requires storing more additional values at the HSS and the UE, it is obvious that the memory cost in [13] is higher. (b) The solution in [13] requires that HSS and each UE must have an additional shared secret key κ to encrypt PMSI.…”

Section: Our Solution Vs Related Workmentioning

confidence: 99%

“…As the solution in [13] requires storing more additional values at the HSS and the UE, it is obvious that the memory cost in [13] is higher. (b) The solution in [13] requires that HSS and each UE must have an additional shared secret key κ to encrypt PMSI. The compromising of the key κ will lead to compromising the entire method.…”

Section: Our Solution Vs Related Workmentioning

confidence: 99%

“…Using SQN as a key has an advantages: (1) no additional key is required to conceal the key; (2) as SQN is changing key, the threats of breaching the privacy by knowing SQN value is minimized. (c) Another difference with [13] lies in the sequence number management. Their approach always increases the sequence number at HSS, which would enable an adversary to mount denial of service attack DoS against the HSS.…”

Section: Our Solution Vs Related Workmentioning

confidence: 99%

See 4 more Smart Citations

Analysis of User Identity Privacy in LTE and Proposed Solution

Muthana¹,

Saeed²

2017

IJCNIS

View full text Add to dashboard Cite

Abstract-The mechanisms adopted by cellular technologies for user identification allow an adversary to collect information about individuals and track their movements within the network; and thus exposing privacy of the users to unknown risks. Efforts have been made toward enhancing privacy preserving capabilities in cellular technologies, culminating in Long Term Evolution LTE technology. LTE security architecture is substantially enhanced comparing with its predecessors 2G and 3G; however, LTE does not eliminate the possibility of user privacy attacks. LTE is still vulnerable to user identity privacy attacks. This paper includes an evaluation of LTE security architecture and proposes a security solution for the enhancement of user identity privacy in LTE. The solution is based on introducing of pseudonyms that replace the user permanent identifier (IMSI) used for identification. The scheme provides secure and effective identity management in respect to the protection of user privacy in LTE. The scheme is formally verified using proVerif and proved to provide an adequate assurance of user identity privacy protection.

show abstract

Section: B User Identity Privacy Issuesmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Our Solution Vs Related Workmentioning

confidence: 99%

Section: Our Solution Vs Related Workmentioning

confidence: 99%

Section: Our Solution Vs Related Workmentioning

confidence: 99%

See 3 more Smart Citations

Analysis of User Identity Privacy in LTE and Proposed Solution

Muthana¹,

Saeed²

2017

IJCNIS

View full text Add to dashboard Cite

show abstract

Defeating the Downgrade Attack on Identity Privacy in 5G

Khan

Ginzboorg

Järvinen

et al. 2018

Security Standardisation Research

View full text Add to dashboard Cite

3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.

show abstract