Trashing IMSI catchers in mobile networks

We address the decades-old privacy problem of disclosure of the permanent subscriber identity (IMSI) that makes IMSI catchers a real threat to all generations of mobile networks. A number of possible modifications to existing protocols have been proposed to address the problem; however, most require significant changes to existing deployed infrastructures. We propose a novel authentication approach for 3G and 4G systems that does not affect intermediate entities, notably the serving network and mobile equipment. It prevents disclosure of the subscriber's IMSI by using a dynamic pseudo-IMSI that is only identifiable by the home network for the USIM. A major challenge in using dynamic pseudo-IMSIs is possible loss of identity synchronisation between USIM and home network, an issue that has not been adequately addressed in previous work. We present an approach for identity recovery to be used in the event of pseudo-IMSI desynchronisation. The scheme requires changes to the home network and the USIM, but not to the serving network, mobile phone or other internal network protocols, enabling simple, transparent and evolutionary migration. We provide a detailed analysis of the scheme, and verify its correctness and security properties using ProVerif.

[1]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[2]  Basav Roychoudhury,et al.  Enhancing User Identity Privacy in LTE , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[3]  Chris J. Mitchell,et al.  Improving Air Interface User Privacy in Mobile Telephony , 2015, SSR.

[4]  Jean-Pierre Hubaux,et al.  Security Issues in Next Generation Mobile Networks: LTE and Femtocells , 2010 .

[5]  Tuomas Aura,et al.  Unblocking Stolen Mobile Devices Using SS7-MAP Vulnerabilities: Exploiting the Relationship between IMEI and IMSI for EIR Access , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[6]  Gaven J. Watson,et al.  Anonymity guarantees of the UMTS/LTE authentication and connection protocol , 2014, International Journal of Information Security.

[7]  Stig Fr. Mjølsnes,et al.  A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols , 2012, MMM-ACNS.

[8]  Joeri de Ruiter,et al.  Defeating IMSI Catchers , 2015, CCS.

[9]  Paulo S. Pagliusi A Contemporary Foreword on GSM Security , 2002, InfraSec.

[10]  Dan Forsberg,et al.  LTE Security: Horn/LTE Security , 2010 .

[11]  Benjamin Richard,et al.  Achieving Better Privacy for the 3GPP AKA Protocol , 2016, Proc. Priv. Enhancing Technol..

[12]  Dan Forsberg,et al.  LTE Security , 2010 .

[13]  Refik Molva,et al.  A Method Providing Identity Privacy to Mobile Users During Authentication , 1994, 1994 First Workshop on Mobile Computing Systems and Applications.

[14]  Hugo Krawczyk,et al.  On Travelling Incognito , 1994, 1994 First Workshop on Mobile Computing Systems and Applications.

[15]  Christian Rossow,et al.  RUHR-UNIVERSITÄT BOCHUM , 2009 .

[16]  Susanne Wetzel,et al.  Symbolic Analysis for Security of Roaming Protocols in Mobile Networks - [Extended Abstract] , 2011, SecureComm.

[17]  Mark Ryan,et al.  Privacy through Pseudonymity in Mobile Telephony Systems , 2014, NDSS.

[18]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[19]  Chris J. Mitchell,et al.  Retrofitting Mutual Authentication to GSM Using RAND Hijacking , 2016, STM.

[20]  Hugo Krawczyk,et al.  Untraceable mobility or how to travel incognito , 1999, Comput. Networks.

[21]  Mark Ryan,et al.  New privacy issues in mobile telephony: fix and verification , 2012, CCS.

[22]  Ravishankar Borgaonkar,et al.  Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications , 2012, NDSS.

[23]  N. Asokan,et al.  Untraceability in mobile networks , 1995, MobiCom '95.

[24]  Tuomas Aura,et al.  We know where you are! , 2016, 2016 8th International Conference on Cyber Conflict (CyCon).

[25]  Geir M. Køien Privacy enhanced mutual authentication in LTE , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[26]  Hyoung-Kee Choi,et al.  Security Analysis of Handover Key Management in 4G LTE/SAE Networks , 2014, IEEE Transactions on Mobile Computing.

[27]  Christos K. Dimitriadis,et al.  Improving Mobile Core Network Security with Honeynets , 2007, IEEE Security & Privacy.