Defeating the downgrade attack on identity privacy in 5G

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorKhan, Mohsinen_US
dc.contributor.authorGinzboorg, Philipen_US
dc.contributor.authorJärvinen, Kimmoen_US
dc.contributor.authorNiemi, Valtterien_US
dc.contributor.departmentDepartment of Communications and Networkingen
dc.contributor.editorCremers, Casen_US
dc.contributor.editorLehmann, Anjaen_US
dc.contributor.organizationUniversity of Helsinkien_US
dc.date.accessioned2019-01-14T09:24:37Z
dc.date.available2019-01-14T09:24:37Z
dc.date.issued2018-01-01en_US
dc.description.abstract3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.en
dc.description.versionPeer revieweden
dc.format.extent25
dc.format.extent95-119
dc.format.mimetypeapplication/pdfen_US
dc.identifier.citationKhan, M, Ginzboorg, P, Järvinen, K & Niemi, V 2018, Defeating the downgrade attack on identity privacy in 5G . in C Cremers & A Lehmann (eds), Security Standardisation Research - 4th International Conference, SSR 2018, Proceedings . Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11322 LNCS, Springer, pp. 95-119, Conference on Security Standards Research, Darmstadt, Germany, 26/11/2018 . https://doi.org/10.1007/978-3-030-04762-7_6en
dc.identifier.doi10.1007/978-3-030-04762-7_6en_US
dc.identifier.isbn9783030047610
dc.identifier.issn0302-9743
dc.identifier.issn1611-3349
dc.identifier.otherPURE UUID: d4ba02ed-2bf1-4f94-8f0f-4d4150d4df61en_US
dc.identifier.otherPURE ITEMURL: https://research.aalto.fi/en/publications/d4ba02ed-2bf1-4f94-8f0f-4d4150d4df61en_US
dc.identifier.otherPURE LINK: http://www.scopus.com/inward/record.url?scp=85057777554&partnerID=8YFLogxKen_US
dc.identifier.otherPURE FILEURL: https://research.aalto.fi/files/30809100/Defeating_the_downgrade_attack_on_identity_privacy_in_5G_SSR_2018.pdfen_US
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/36026
dc.identifier.urnURN:NBN:fi:aalto-201901141209
dc.language.isoenen
dc.relation.ispartofConference on Security Standards Researchen
dc.relation.ispartofseriesSecurity Standardisation Research - 4th International Conference, SSR 2018, Proceedingsen
dc.relation.ispartofseriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)en
dc.relation.ispartofseriesVolume 11322 LNCSen
dc.rightsopenAccessen
dc.subject.keyword3GPPen_US
dc.subject.keyword5Gen_US
dc.subject.keywordIdentity privacyen_US
dc.subject.keywordIMSI catchersen_US
dc.subject.keywordPseudonymen_US
dc.titleDefeating the downgrade attack on identity privacy in 5Gen
dc.typeA4 Artikkeli konferenssijulkaisussafi
dc.type.versionacceptedVersion

Files