Identity Confidentiality in 5G Mobile Telephony Systems

Khan, Haibat; Dowling, Benjamin; Martin, Keith M.

doi:10.1007/978-3-030-04762-7_7

Cited by 16 publications

(14 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These kinds of attacks can be used to leak location by listening to the paging channel and stress testing the network. Our work contributes to the growing body of literature on 5G security, which has used formal methods to audit the new security protocols [11,22,38] and proposed changes to improve security [39].…”

Section: Related Workmentioning

confidence: 99%

Anonymous device authorization for cellular networks

Haque

Madathil

Reaves

et al. 2021

Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

Cellular networks connect nearly every human on the planet; they consequently have visibility into location data and voice, SMS, and data contacts and communications. Such near-universal visibility represents a significant threat to the privacy of mobile subscribers. In 5G networks, end-user mobile device manufacturers assign a Permanent Equipment Identifier (PEI) to every new device. Mobile operators legitimately use the PEI to blocklist stolen devices from the network to discourage device theft, but the static PEI also provides a mechanism to uniquely identify and track subscribers. Advertisers and data brokers have also historically abused the PEI for data fusion of location and analytics data, including private data sold by cellular providers.In this paper, we present a protocol that allows mobile devices to prove that they are not in the blocklist without revealing their PEI to any entity on the network. Thus, we maintain the primary purpose of the PEI while preventing potential privacy violations. We describe a provably-secure anonymous proof of blocklist nonmembership for cellular network, based on the RSA accumulators and zero-knowledge proofs introduced by Camenisch and Lysyanskaya (Crypto'02) and expanded upon by Li, Li and Xue (ACNS'07). We show experimentally that this approach is viable for cellular networks: a phone can create a blocklist non-membership proof in only 3432 milliseconds of online computation, and the network can verify the proof in less than one second on average. In total this adds fewer than 4.5 seconds to the rare network attach process. This work shows that PEIs can be attested anonymously in 5G and future network generations, and it paves the way for additional advances toward a cellular network with guaranteed privacy. CCS Concepts• Security and privacy ! Cryptography; Mobile and wireless security; • Networks ! Mobile networks.

show abstract

Section: Related Workmentioning

confidence: 99%

Anonymous device authorization for cellular networks

Haque

Madathil

Reaves

et al. 2021

Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

show abstract

“…To identify the 5G user in the LoRaWAN infrastructure, such 5G SUPI/IMSI identifier needs to be transmitted instead of the LoRaWAN identifier. It can involve a security and privacy risk [30] since the SUPI/IMSI is recommended to be encrypted in 5G even when it is not done in 4G and it will be exchanged in LoRaWAN network inside of the LoRaWAN JoinRequest message without encryption. To cope with this issue, our proposal encrypts the 5G SUPI/IMSI identifier during the LoRaWAN packets transmissions using the 5G shared key (K i ).…”

Section: B Subscription Permanent Identifier (Supi) Protectionmentioning

confidence: 99%

Enabling Roaming Across Heterogeneous IoT Wireless Networks: LoRaWAN MEETS 5G

et al. 2020

View full text Add to dashboard Cite

Despite the latest research efforts to foster mobility and roaming in heterogeneous Low Power Wide Area Networks (LP-WANs) networks, handover roaming of Internet of Things (IoT) devices is not a success mainly due to fragmentation and difficulties to establish trust across different network domains as well as the lack of interoperability of different LP-WANs wireless protocols. To cope with this issue, this paper proposes a novel handover roaming mechanism for Low Range Wide Area Network (LoRaWAN) protocol that relies on the trusted 5G network to perform IoT device's authentication and key management, thereby extending the mobility and roaming capabilities of LoRaWAN to global scale. The proposal enables interoperability between 5G network and LoRaWAN, whereby multi Radio Access Technologies IoT (multi-RAT IoT) devices can exploit both technologies interchangeably, thereby fostering novel IoT mobility and roaming use cases for LP-WANs not experimented so far. Two integration approaches for LoRaWAN and 5G have been proposed, either assuming 5G spectrum connectivity with standard 5G authentication or performing 5G authentication over the LoRaWAN network. The solution has been deployed, implemented and validated in a real and integrated 5G-LoRaWAN testbed, showing its feasibility and security viability.

show abstract

“…Furthermore, ECIES-based authentication is vulnerable to specific subscription permanent identifier (SUPI) attacks and bidding-down attacks. The public key of the HN needs to be quickly updated when the malware attempts to recover the private key of the HN; therefore, it needs further refinement and development [41].…”

Section: A Cyber Security For Lte-m and Nb-iotmentioning

confidence: 99%