Defeating the downgrade attack on identity privacy in 5G
Loading...
Access rights
openAccess
URL
Journal Title
Journal ISSN
Volume Title
A4 Artikkeli konferenssijulkaisussa
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
Date
2018-01-01
Major/Subject
Mcode
Degree programme
Language
en
Pages
25
95-119
95-119
Series
Security Standardisation Research - 4th International Conference, SSR 2018, Proceedings, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Volume 11322 LNCS
Abstract
3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.Description
Keywords
3GPP, 5G, Identity privacy, IMSI catchers, Pseudonym
Other note
Citation
Khan, M, Ginzboorg, P, Järvinen, K & Niemi, V 2018, Defeating the downgrade attack on identity privacy in 5G . in C Cremers & A Lehmann (eds), Security Standardisation Research - 4th International Conference, SSR 2018, Proceedings . Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11322 LNCS, Springer, pp. 95-119, Conference on Security Standards Research, Darmstadt, Germany, 26/11/2018 . https://doi.org/10.1007/978-3-030-04762-7_6