On De-synchronization of User Pseudonyms in Mobile Networks

Mohsin Khan, Kimmo Järvinen, Philip Ginzboorg, Valtteri Niemi

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    3 Citations (Scopus)

    Abstract

    This paper is in the area of pseudonym-based enhancements of user identity privacy in mobile networks. Khan and Mitchell (2017) have found that in recently published pseudonym-based schemes an attacker can desynchronize the pseudonyms’ state in the user equipment and in its home network. In this paper, we first show that by exploiting this vulnerability a botnet of mobile devices can kick out of service a large portion of the users of a mobile network. We characterize this novel DDoS attack analytically and confirm our analysis using a simulation. Second, we explain how to modify the pseudonym-based schemes in order to mitigate the DDoS attack. The proposed solution is simpler than that in Khan and Mitchell (2017). We also discuss aspects of pseudonym usage in mobile network from charging and regulatory point of view.
    Original languageEnglish
    Title of host publicationInformation Systems Security. ICISS 2017
    Subtitle of host publication13th International Conference, ICISS 2017, Mumbai, India, December 16-20, 2017, Proceedings
    EditorsR. Shyamasundar, V. Singh, J. Vaidya
    PublisherSpringer
    Pages347-366
    ISBN (Electronic)978-3-319-72598-7
    ISBN (Print)978-3-319-72597-0
    DOIs
    Publication statusPublished - 2017
    MoE publication typeA4 Conference publication
    EventInternational Conference on Information Systems Security - Mumbai, India
    Duration: 16 Dec 201720 Dec 2017
    Conference number: 13

    Publication series

    NameLecture Notes in Computer Science
    Volume10717

    Conference

    ConferenceInternational Conference on Information Systems Security
    Abbreviated titleICISS
    Country/TerritoryIndia
    CityMumbai
    Period16/12/201720/12/2017

    Keywords

    • 3GPP
    • IMSI catchers
    • Pseudonym
    • Identity
    • Privacy

    Fingerprint

    Dive into the research topics of 'On De-synchronization of User Pseudonyms in Mobile Networks'. Together they form a unique fingerprint.

    Cite this