Research Article
Protecting IMSI and User Privacy in 5G Networks
@INPROCEEDINGS{10.4108/eai.18-6-2016.2264114, author={Karl Norrman and Mats N\aa{}slund and Elena Dubrova}, title={Protecting IMSI and User Privacy in 5G Networks}, proceedings={2nd International Workshop on 5G Security}, publisher={ACM}, proceedings_a={IW5GS}, year={2016}, month={12}, keywords={privacy user identiers imsi catching fake base station 5g}, doi={10.4108/eai.18-6-2016.2264114} }
- Karl Norrman
Mats Näslund
Elena Dubrova
Year: 2016
Protecting IMSI and User Privacy in 5G Networks
IW5GS
ACM
DOI: 10.4108/eai.18-6-2016.2264114
Abstract
In recent years, many cases of compromising users' privacy in telecom networks have been reported. Stories of "fake" base stations capable of tracking users and collecting their personal data without users' knowledge have emerged. The current way of protecting privacy does not provide any protection against an active attacker on the air-interface, claiming to be a legitimate network that has lost the temporary identity. Moreover, there is also no protection against passive eavesdroppers who are present when requests for International Mobile Subscriber Identity (IMSI) are made. This paper presents a new method for protecting the IMSI by means of establishing a pseudonym between the user equipment and the home network. The pseudonym is derived locally at the user equipment and the home network without affecting existing Universal Subscriber Identity Modules (USIMs). We analyse the solution from a technical perspective, as well as from a regulatory and operational perspective. The presented method protects the IMSI from passive and active IMSI-catchers as well as honest but curious serving networks. Moreover, it can recover from lock-out situations where one party has lost the pseudonym.