Top

Published in:

2018 | OriginalPaper | Chapter

Defeating the Downgrade Attack on Identity Privacy in 5G

Authors : Mohsin Khan, Philip Ginzboorg, Kimmo Järvinen, Valtteri Niemi

Published in: Security Standardisation Research

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Building Blocks in Standards: Improving Consistency in Standardization with Ontology and Reasoning

next chapter Identity Confidentiality in 5G Mobile Telephony Systems

Available only for authorised users

The notation used in this paper is summarized in Appendix A.

The first five to six digits of the IMSI identify the country and the home network of the mobile user. Even though these digits allow linkability in certain cases, (e.g., if in a visited network there is only one roaming UE from a specific country), these digits are not randomized, because they are needed to route initial requests for authentication data for roaming UE to the correct home network.

The standard [6] does not require the HN to provision \( pk \) into every UE. If HN has not provisioned its \( pk \) into a UE, then that UE will not conceal its long-term identity with this mechanism.

Soltani, A., Timberg, C.: Tech firm tries to pull back curtain on surveillance efforts in Washington, September 2014. https://www.washingtonpost.com/world/national-security/researchers-try-to-pull-back-curtain-on-surveillance-efforts-in-washington/2014/09/17/f8c1f590-3e81-11e4-b03f-de718edeb92f_story.html?utm_term=.96e31aa4440b. Accessed 14 July 2017

PKI Electronic Intelligence: 3G UMTS IMSI Catcher. http://www.pki-electronic.com/products/interception-and-monitoring-systems/3g-umts-imsi-catcher/. Accessed 6 July 2018

Dabrowski, A., Pianta, N., Klepp, T., Mulazzani, M., Weippl, E.: IMSI-catch me if you can: IMSI-catcher-catchers. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 246–255. ACM, New York (2014)

Ney, P., Smith, J., Gabriel, C., Tadayoshi, K.: SeaGlass: enabling city-wide IMSI-catcher detection. In: Proceedings on Privacy Enhancing Technologies. PoPETs (2017)

3GPP: TS 22.261 Service requirements for next generation new services and markets (2018). https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3107

3GPP: TS 33.501 Security architecture and procedures for 5G System, March 2018. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3169

Van den Broek, F., Verdult, R., de Ruiter, J.: Defeating IMSI catchers. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015. ACM (2015)

Khan, M.S.A., Mitchell, C.J.: Improving air interface user privacy in mobile telephony. In: Chen, L., Matsuo, S. (eds.) SSR 2015. LNCS, vol. 9497, pp. 165–184. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27152-1_9CrossRef

Norrman, K., Näslund, M., Dubrova, E.: Protecting IMSI and user privacy in 5G networks. In: Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications, MobiMedia 2016. ICST (2016)

10.

Ginzboorg, P., Niemi, V.: Privacy of the long-term identities in cellular networks. In: Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications, MobiMedia 2016. ICST (2016)

11.

Khan, M., Mitchell, C.: Trashing IMSI catchers in mobile networks. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, 18–20 July 2017. Association for Computing Machinery (ACM), United States, May 2017

12.

Khan, M., Järvinen, K., Ginzboorg, P., Niemi, V.: On de-synchronization of user pseudonyms in mobile networks. In: Shyamasundar, R.K., Singh, V., Vaidya, J. (eds.) ICISS 2017. LNCS, vol. 10717, pp. 347–366. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72598-7_22CrossRef

13.

3GPP: TS 23.003, 15.4.0 Numbering, addressing and identification, June 2018. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=729

14.

3GPP: TS 23.501 System Architecture for the 5G System (2018). https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3144

15.

Khan, M., Ginzboorg, P., Niemi, V.: IMSI-based routing and identity privacy in 5G. In: Proceedings of the 22nd Conference of Open Innovations Association FRUCT, Jyvaskyla, Finland, May 2018

16.

3GPP: TS 33.401 V15.0.0 Security architecture (Release 15), June 2017. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2296

17.

3GPP: TS 23.012 V14.0.0 Location management procedures (Release 14), March 2017. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=735

18.

Herzberg, A., Krawczyk, H., Tsudik, G.: On travelling incognito. In: 1994 First Workshop on Mobile Computing Systems and Applications. IEEE Xplore (1994)

19.

Asokan, N.: Anonymity in a mobile computing environment. In: First Workshop on Mobile Computing Systems and Applications. IEEE, Santa Cruz (1994)

20.

Køien, G.M.: Privacy enhanced mutual authentication in LTE. In: 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 614–621, October 2013

21.

Khan, M., Niemi, V.: Concealing IMSI in 5G network using identity based encryption. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds.) NSS 2017. LNCS, vol. 10394, pp. 544–554. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64701-2_41CrossRef

22.

Certicom Research: SEC 1: Elliptic Curve Cryptography. Standards for Efficient Cryptography, Ver. 2.0, May 2009. http://www.secg.org/sec1-v2.pdf

23.

Certicom Research: SEC 2: Recommended Elliptic Curve Domain Parameters. Standards for Efficient Cryptography, Ver. 2.0, January 2010. http://www.secg.org/sec2-v2.pdf

24.

NIST: Advanced Encryption Standard (AES). FIPS PUB 197 (2001)

25.

NIST: Recommendation for Block Cipher Modes of Operation: Methods and Techniques. SP 800–38A (2001)

26.

Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104, February 1997

27.

NIST: Secure hash standard (SHS). FIPS PUB 180-4 (2012)

28.

Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14CrossRef

29.

Langley, A., Hamburg, M., Turner, S.: Elliptic Curves for Security. RFC 7748, January 2016

30.

Interactive digital media GmbH: Mobile Country Codes (MCC) and Mobile Network Codes (MNC). http://www.mcc-mnc.com/

31.

Wikipedia: List of mobile network operators. https://en.wikipedia.org/wiki/List_of_mobile_network_operators

32.

3GPP: TS 33.106: 3G security; Lawful interception requirements (2018). https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2265

33.

3GPP: TS 33.126 V15.0.0 Lawful Interception requirements, June 2018. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3181

Title: Defeating the Downgrade Attack on Identity Privacy in 5G
Authors: Mohsin Khan
Philip Ginzboorg
Kimmo Järvinen
Valtteri Niemi
Publisher: Springer International Publishing
Book: Security Standardisation Research
Print ISBN: 978-3-030-04761-0

Electronic ISBN: 978-3-030-04762-7

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-030-04762-7_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner