Defeating the downgrade attack on identity privacy in 5G

Mohsin Khan*, Philip Ginzboorg, Kimmo Järvinen, Valtteri Niemi

*Corresponding author for this work

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    18 Citations (Scopus)
    289 Downloads (Pure)

    Abstract

    3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.

    Original languageEnglish
    Title of host publicationSecurity Standardisation Research - 4th International Conference, SSR 2018, Proceedings
    EditorsCas Cremers, Anja Lehmann
    PublisherSpringer
    Pages95-119
    Number of pages25
    ISBN (Print)9783030047610
    DOIs
    Publication statusPublished - 1 Jan 2018
    MoE publication typeA4 Conference publication
    EventConference on Security Standards Research - Darmstadt, Germany
    Duration: 26 Nov 201827 Nov 2018
    Conference number: 4

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume11322 LNCS
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    ConferenceConference on Security Standards Research
    Abbreviated titleSSR
    Country/TerritoryGermany
    CityDarmstadt
    Period26/11/201827/11/2018

    Keywords

    • 3GPP
    • 5G
    • Identity privacy
    • IMSI catchers
    • Pseudonym

    Fingerprint

    Dive into the research topics of 'Defeating the downgrade attack on identity privacy in 5G'. Together they form a unique fingerprint.

    Cite this