Trashing IMSI catchers in mobile networks. / Khan, Mohammed; Mitchell, Chris J.

Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, July 18-20, 2017: WiSec '17 . Association for Computing Machinery (ACM), 2017. p. 207-218 .

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Trashing IMSI catchers in mobile networks. / Khan, Mohammed; Mitchell, Chris J.

Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, July 18-20, 2017: WiSec '17 . Association for Computing Machinery (ACM), 2017. p. 207-218 .

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Khan, M & Mitchell, CJ 2017, Trashing IMSI catchers in mobile networks. in Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, July 18-20, 2017: WiSec '17 . Association for Computing Machinery (ACM), pp. 207-218 . https://doi.org/10.1145/3098243.3098248

APA

Khan, M., & Mitchell, C. J. (2017). Trashing IMSI catchers in mobile networks. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, July 18-20, 2017: WiSec '17 (pp. 207-218 ). Association for Computing Machinery (ACM). https://doi.org/10.1145/3098243.3098248

Vancouver

Khan M, Mitchell CJ. Trashing IMSI catchers in mobile networks. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, July 18-20, 2017: WiSec '17 . Association for Computing Machinery (ACM). 2017. p. 207-218 https://doi.org/10.1145/3098243.3098248

Author

Khan, Mohammed ; Mitchell, Chris J. / Trashing IMSI catchers in mobile networks. Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, July 18-20, 2017: WiSec '17 . Association for Computing Machinery (ACM), 2017. pp. 207-218

BibTeX

@inproceedings{0c0aeb8c523440a4a072002018b2487c,
title = "Trashing IMSI catchers in mobile networks",
abstract = "We address the decades-old privacy problem of disclosure of the permanent subscriber identity (IMSI) that makes IMSI catchers a real threat to all generations of mobile networks. A number of possible modifications to existing protocols have been proposed to address the problem; however, most require significant changes to existing deployed infrastructures. We propose a novel authentication approach for 3G and 4G systems that does not affect intermediate entities, notably the serving network and mobile equipment. It prevents disclosure of the subscriber's IMSI by using a dynamic pseudo-IMSI that is only identifiable by the home network for the USIM. A major challenge in using dynamic pseudo-IMSIs is possible loss of identity synchronisation between USIM and home network, an issue that has not been adequately addressed in previous work. We present an approach for identity recovery to be used in the event of pseudo-IMSI desynchronisation. The scheme requires changes to the home network and the USIM, but not to the serving network, mobile phone or other internal network protocols, enabling simple, transparent and evolutionary migration. We provide a detailed analysis of the scheme, and verify its correctness and security properties using ProVerif.",
author = "Mohammed Khan and Mitchell, {Chris J}",
year = "2017",
month = jul,
day = "18",
doi = "10.1145/3098243.3098248",
language = "English",
isbn = "978-1-4503-5084-6",
pages = "207--218 ",
booktitle = "Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, July 18-20, 2017",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

RIS

TY - GEN

T1 - Trashing IMSI catchers in mobile networks

AU - Khan, Mohammed

AU - Mitchell, Chris J

PY - 2017/7/18

Y1 - 2017/7/18

N2 - We address the decades-old privacy problem of disclosure of the permanent subscriber identity (IMSI) that makes IMSI catchers a real threat to all generations of mobile networks. A number of possible modifications to existing protocols have been proposed to address the problem; however, most require significant changes to existing deployed infrastructures. We propose a novel authentication approach for 3G and 4G systems that does not affect intermediate entities, notably the serving network and mobile equipment. It prevents disclosure of the subscriber's IMSI by using a dynamic pseudo-IMSI that is only identifiable by the home network for the USIM. A major challenge in using dynamic pseudo-IMSIs is possible loss of identity synchronisation between USIM and home network, an issue that has not been adequately addressed in previous work. We present an approach for identity recovery to be used in the event of pseudo-IMSI desynchronisation. The scheme requires changes to the home network and the USIM, but not to the serving network, mobile phone or other internal network protocols, enabling simple, transparent and evolutionary migration. We provide a detailed analysis of the scheme, and verify its correctness and security properties using ProVerif.

AB - We address the decades-old privacy problem of disclosure of the permanent subscriber identity (IMSI) that makes IMSI catchers a real threat to all generations of mobile networks. A number of possible modifications to existing protocols have been proposed to address the problem; however, most require significant changes to existing deployed infrastructures. We propose a novel authentication approach for 3G and 4G systems that does not affect intermediate entities, notably the serving network and mobile equipment. It prevents disclosure of the subscriber's IMSI by using a dynamic pseudo-IMSI that is only identifiable by the home network for the USIM. A major challenge in using dynamic pseudo-IMSIs is possible loss of identity synchronisation between USIM and home network, an issue that has not been adequately addressed in previous work. We present an approach for identity recovery to be used in the event of pseudo-IMSI desynchronisation. The scheme requires changes to the home network and the USIM, but not to the serving network, mobile phone or other internal network protocols, enabling simple, transparent and evolutionary migration. We provide a detailed analysis of the scheme, and verify its correctness and security properties using ProVerif.

UR - http://www.chrismitchell.net/papers/tcimn.pdf

U2 - 10.1145/3098243.3098248

DO - 10.1145/3098243.3098248

M3 - Conference contribution

SN - 978-1-4503-5084-6

SP - 207

EP - 218

BT - Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, USA, July 18-20, 2017

PB - Association for Computing Machinery (ACM)

ER -