A Privacy Threat in 4th Generation Mobile Telephony and Its Countermeasure

Mobile telephony device is widely used these days. Protecting subscribers privacy is crucial and can be achieved by evading linkability of subscribers by malicious third parties. In this paper, we analyze the privacy-related security properties of 4th generation mobile telephony, especially LTE. We suggest an attack model which makes it possible to trace a victim's mobile device so that the attacker can know the presence of the victim's device in a specific area. Tracking subscribers' location by unauthorized third parties may violate the privacy of subscribers. To solve this problem, we propose a modified authentication protocol in LTE to preserve location privacy of the device. Considering security level and efficiency, we build our scheme to have low computational overhead and strong secrecy. Also we prove that the proposed scheme satisfies unlinkability property using the automatic verification tool ProVerif.

[1]  Xuemin Shen,et al.  SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks , 2013, Comput. Networks.

[2]  Vladimir A. Oleshchuk,et al.  Location Privacy for Cellular Systems; Analysis and Solution , 2005, Privacy Enhancing Technologies.

[3]  Ravishankar Borgaonkar,et al.  Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications , 2012, NDSS.

[4]  Moray Rumney LTE and the Evolution to 4G Wireless: Design and Measurement Challenges , 2013 .

[5]  Dan Forsberg,et al.  LTE Security , 2010 .

[6]  Mark Ryan,et al.  Analysing Unlinkability and Anonymity Using the Applied Pi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[7]  C. B. Sankaran,et al.  Network access security in next- generation 3GPP systems: A tutorial , 2009, IEEE Communications Magazine.

[8]  Yongjun Wang,et al.  Security Enhanced Authentication and Key Agreement Protocol for LTE/SAE Network , 2011, 2011 7th International Conference on Wireless Communications, Networking and Mobile Computing.

[9]  Erik Dahlman,et al.  3G Evolution: HSPA and LTE for Mobile Broadband , 2007 .

[10]  Graham Steel,et al.  Attacking and fixing PKCS#11 security tokens , 2010, CCS '10.

[11]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[12]  Upkar Varshney,et al.  Location management for mobile commerce applications in wireless Internet environment , 2003, TOIT.

[13]  Mark Ryan,et al.  Applied pi calculus , 2011, Formal Models and Techniques for Analyzing Security Protocols.

[14]  Shay Gueron,et al.  SHA-512/256 , 2011, 2011 Eighth International Conference on Information Technology: New Generations.

[15]  Mark Ryan,et al.  New privacy issues in mobile telephony: fix and verification , 2012, CCS.

[16]  Ulrike Meyer,et al.  A man-in-the-middle attack on UMTS , 2004, WiSe '04.

[17]  Vincent Cheval,et al.  Proving More Observational Equivalences with ProVerif , 2013, POST.