New privacy issues in mobile telephony

Arapinis, Myrto; Mancini, Loretta Ilaria; Ritter, Eike; Ryan, Mark; Golde, Nico; Redon, Kévin; Borgaonkar, Ravishankar

doi:10.1145/2382196.2382221

Cited by 127 publications

(148 citation statements)

References 10 publications

Supporting

Mentioning

148

Contrasting

Order By: Relevance

“…An active adversary can intentionally simulate one of these scenarios to force a UE to transfer its IMSI in cleartext. Moreover, several further scenarios have been identified [5,9,27] in which use of the TMSI fails to protect user identity confidentiality. In the remainder of this paper, we propose a novel approach to improving user privacy in the air interface, which requires no modifications to the existing deployed mobile telecommunications infrastructures, including the phones.…”

Section: User Privacymentioning

confidence: 99%

“…when registering with the network after switching on a phone. This user privacy issue has been discussed extensively in the literature [5,6,7,20,21,27,28], and many modifications to existing protocols have been proposed to avoid the problem [5,7,19,28]. All these proposals involve making major modifications to the air interface protocol, which would require changes to the operation of all the serving networks as well as all the deployed phones.…”

Section: Introductionmentioning

confidence: 99%

“…It seems likely that making the necessary major modifications to the operation of the air interface after deployment is essentially infeasible. Many of the proposed schemes also involve the use of public key cryptography [5,7,28], which has a high computational cost, although there do exist schemes which only use symmetric cryptography [19]. It would therefore be extremely valuable if a scheme offering greater user privacy could be devised which did not involve making significant changes to the existing mobile telecommunications infrastructures, and had minimal computational cost.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Improving Air Interface User Privacy in Mobile Telephony

Khan

Mitchell

2015

Security Standardisation Research

View full text Add to dashboard Cite

Although the security properties of 3G and 4G mobile networks have significantly improved by comparison with 2G (GSM), significant shortcomings remain with respect to user privacy. A number of possible modifications to 2G, 3G and 4G protocols have been proposed designed to provide greater user privacy; however, they all require significant modifications to existing deployed infrastructures, which are almost certainly impractical to achieve in practice. In this article we propose an approach which does not require any changes to the existing deployed network infrastructures or mobile devices, but offers improved user identity protection over the air interface. The proposed scheme makes use of multiple IMSIs for an individual USIM to offer a degree of pseudonymity for a user. The only changes required are to the operation of the authentication centre in the home network and to the USIM, and the scheme could be deployed immediately since it is completely transparent to the existing mobile telephony infrastructure. We present two different approaches to the use and management of multiple IMSIs.

show abstract

Section: User Privacymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Improving Air Interface User Privacy in Mobile Telephony

Khan

Mitchell

2015

Security Standardisation Research

View full text Add to dashboard Cite

show abstract

“…Arapinis et al [7] described two vulnerabilities related to anonymity. In the first attack, called an IMSI paging attack, the adversary attacks the paging procedure used to locate the phone.…”

Section: Introductionmentioning

confidence: 99%

“…In the second attack in [7], called a AKA protocol linkability attack, an active adversary which has previously intercepted an authentication request message can replay the message and check the presence of a specific phone in a particular area. Because the victims mobile phone will return a synchronization failure message after receipt of the replayed authentication request message, the adversary can trace the movements of the victim mobile phone.…”

Section: Introductionmentioning

confidence: 99%

Anonymity guarantees of the UMTS/LTE authentication and connection protocol

Lee

Smart

Warinschi

et al. 2014

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Abstract. The UMTS/LTE protocol for mobile phone networks has been designed to offer a limited form of anonymity for mobile phone users. In this paper we quantify precisely what this limited form of anonymity actually provides via a formal security model. The model considers an execution where the home and roaming network providers are considered as one entity. We consider two forms of anonymity, one where the mobile stations under attack are statically selected before the execution, and a second where the adversary selects these stations adaptively. We prove that the UMTS/LTE protocol meets both of these security definitions. Our analysis requires new assumptions on the underlying keyed functions for UMTS, namely that a set of pseudorandom functions are "agile". This assumption, whilst probably true, has not previously been brought to the fore.

show abstract

5G Mobile Networks Security Landscape and Major Risks

Mitra

Marina

2021

Wiley 5G Ref

View full text Add to dashboard Cite

The 5G is all set to create a paradigm shift in the telecommunication network architecture by introducing a millimeter‐wave‐based customizable radio network and a redesigned cloud‐native core network to offer high‐speed, low‐latency mobile broadband anytime anywhere. The key enabling technologies of the 5G are massive MIMO, beamforming, Software‐Defined Networking (SDN), Network Functions Virtualization (NFV), and Mobile Edge Computing (MEC). However, the network agility, connection to billions of smart things, and blind adoption of machine learning models and open‐source software in the networked systems bring in a unique set of security threats and privacy concerns to the network and its stakeholders. This article provides a comprehensive analysis of the evolving security threat landscape of 5G, recommended security measures, current state‐of‐the‐art solutions, and open research areas.

show abstract

New privacy issues in mobile telephony

Cited by 127 publications

References 10 publications

Improving Air Interface User Privacy in Mobile Telephony

Improving Air Interface User Privacy in Mobile Telephony

Anonymity guarantees of the UMTS/LTE authentication and connection protocol

5G Mobile Networks Security Landscape and Major Risks

Contact Info

Product

Resources

About