Analysis of User Identity Privacy in LTE and Proposed Solution

Full Text (PDF, 305KB), PP.54-63

Views: 0 Downloads: 0

Author(s)

Abdulrahman A. Muthana 1,* Mamoon M. Saeed 2

1. Thamar University/Faculty of Computer Science and Information Systems, Thamar, 9676, Yemen

2. Yemen Academy for Graduate Studies, Sanaa, 9671, Yemen

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2017.01.07

Received: 23 Jun. 2016 / Revised: 10 Sep. 2016 / Accepted: 12 Nov. 2016 / Published: 8 Jan. 2017

Index Terms

LTE (Long Term Evolution), IMSI (International Mobile Subscriber Identifier), Anonymity, AKA (Authentication and Key Agreement), User Privacy

Abstract

The mechanisms adopted by cellular technologies for user identification allow an adversary to collect information about individuals and track their movements within the network; and thus exposing privacy of the users to unknown risks. Efforts have been made toward enhancing privacy preserving capabilities in cellular technologies, culminating in Long Term Evolution LTE technology. LTE security architecture is substantially enhanced comparing with its predecessors 2G and 3G; however, LTE does not eliminate the possibility of user privacy attacks. LTE is still vulnerable to user identity privacy attacks. This paper includes an evaluation of LTE security architecture and proposes a security solution for the enhancement of user identity privacy in LTE. The solution is based on introducing of pseudonyms that replace the user permanent identifier (IMSI) used for identification. The scheme provides secure and effective identity management in respect to the protection of user privacy in LTE. The scheme is formally verified using proVerif and proved to provide an adequate assurance of user identity privacy protection.

Cite This Paper

Abdulrahman A. Muthana, Mamoon M. Saeed, "Analysis of User Identity Privacy in LTE and Proposed Solution", International Journal of Computer Network and Information Security(IJCNIS), Vol.9, No.1, pp.54-63, 2017. DOI:10.5815/ijcnis.2017.01.07

Reference

[1]3GPP, 3GPP System Architecture Evolution (SAE); Security architecture. 3GPP, TS 33.401, 2013.
[2]Choudhury H., Roychoudhury B. and Saikia D. K., Enhancing user identity privacy in LTE. In IEEE 11th International Conference on Security and Privacy in Computing and Communications (TrustCom), 2012. p. 949–957.
[3]Hamidreza Ghafghazi, Amr El-Mougy, Hussein T. Mouftah, Enhancing the Privacy of LTE-based Public Safety Networks. In 13th Annual IEEE Workshop on Wireless Local Networks, Edmonton, Canada 2014.
[4]Bikos A. and Sklavos N., LTE/SAE security issues on 4g wireless networks. IEEE Security and Privacy, 2013. 11(2):p. 55–62.
[5]Seddigh N., Nandy B., Makkar R. and J. F. Beaumont H. F., Security advances and challenges in 4g wireless networks. In Eighth Annual International Conference on Privacy Security and Trust (PST), 2010. p. 62-71.
[6]Bilogrevic I., Jadliwala M. and Hubaux J. P., Security and privacy in next generation mobile networks: LTE and femtocells. In 2nd International Femtocell Workshop, Luton, UK. Citeseer, 2010.
[7]Bou A. J., Chaouchi H. and Aoude M., Ensured Confidentiality Authentication and Key Agreement Protocol for EPS. In 3rd Symposium on Broadband Networks and Fast Internet, 28-29 May 2012.
[8]Xiehua, Li, and Wang Yongjun, Security Enhanced Authentication and Key Agreement Protocol for LTE/SAE Network. In 7th International Conference on Wireless Communications, Networking and Mobile Computing, IEEE, 2011.
[9]Arapinis M., et al., New privacy issues in mobile telephony: fix and verification. In ACM Conference on Computer and Communications Security, 2012.p. 205–216.
[10]Muxing Z., Yuguang F., Security Analysis and Enhancements of 3GPP Authentication and Key Agreement Protocol,” IEEE Trans, vol. 4, 2005.p. 734-742.
[11]K?ien G. M., Mutual entity authentication for LTE. In 7th International Wireless Communications and Mobile Computing Conference, IEEE, 2011.
[12]K?ien G. M., Privacy enhanced mutual authentication in LTE. In IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), IEEE, 2013. p 614–621.
[13]Fabian van den Broek, Roel Verdult and Joeri de Ruiter, Defeating IMSI Catchers. In CCS '15 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, ACM New York, NY, USA 2015.
[14]B. Blanchet. Proverif: Cryptographic protocol verifier in the formal model. http://www.proverif.ens.fr/.
[15]Kadhim Shubber for Wired magazine. Tracking devices hidden in London’s recycling bins are stalking your smartphone. http://www.wired.co.uk/news/ archive/2013-08/09/recycling-bins-are-watching-you. Last accessed May 2015.
[16]Myrto Arapinis, Loretta Ilaria Mancini, Eike Ritter, and Mark Ryan. Privacy through pseudonymity in mobile telephony systems. In NDSS, 2014.
[17]Siraj Datoo for The Guardian. How tracking customers in-store will soon be the norm. http://gu. com/p/3ym4v/sbl. Last accessed May 2015.
[18]Balasaheb N. Jagdale,Nileema S. Gawande,"Hybrid Model for Location Privacy in Wireless Ad-Hoc Networks", IJCNIS, vol.5, no.1, pp.14-23,2013.DOI: 10.5815/ijcnis.2013.01.02
[19]Stuart Owen Goldman, Richard E Krock, Karl F Rauscher, and James Philip Runyon. Mobile forced premature detonation of improvised explosive devices via wireless phone signaling. US Patent 7552670, June 30 2009.
[20]Michael B¨ock. Simulation chamber and method for setting off explosive charges contained in freight in a controlled manner. US Patent 14345697, September 19 2012.