2nd International Workshop on 5G Security

Research Article

Protecting IMSI and User Privacy in 5G Networks

  • @INPROCEEDINGS{10.4108/eai.18-6-2016.2264114,
        author={Karl Norrman and Mats N\aa{}slund and Elena Dubrova},
        title={Protecting IMSI and User Privacy in 5G Networks},
        proceedings={2nd International Workshop on 5G Security},
        publisher={ACM},
        proceedings_a={IW5GS},
        year={2016},
        month={12},
        keywords={privacy user identiers imsi catching fake base station 5g},
        doi={10.4108/eai.18-6-2016.2264114}
    }
    
  • Karl Norrman
    Mats Näslund
    Elena Dubrova
    Year: 2016
    Protecting IMSI and User Privacy in 5G Networks
    IW5GS
    ACM
    DOI: 10.4108/eai.18-6-2016.2264114
Karl Norrman1,*, Mats Näslund1, Elena Dubrova2
  • 1: Ericsson Research
  • 2: Royal Institute of Technology
*Contact email: karl.norrman@ericsson.com

Abstract

In recent years, many cases of compromising users' privacy in telecom networks have been reported. Stories of "fake" base stations capable of tracking users and collecting their personal data without users' knowledge have emerged. The current way of protecting privacy does not provide any protection against an active attacker on the air-interface, claiming to be a legitimate network that has lost the temporary identity. Moreover, there is also no protection against passive eavesdroppers who are present when requests for International Mobile Subscriber Identity (IMSI) are made. This paper presents a new method for protecting the IMSI by means of establishing a pseudonym between the user equipment and the home network. The pseudonym is derived locally at the user equipment and the home network without affecting existing Universal Subscriber Identity Modules (USIMs). We analyse the solution from a technical perspective, as well as from a regulatory and operational perspective. The presented method protects the IMSI from passive and active IMSI-catchers as well as honest but curious serving networks. Moreover, it can recover from lock-out situations where one party has lost the pseudonym.