Privacy through Pseudonymity in Mobile Telephony Systems

Myrto Arapinis, Loretta Ilaria Mancini, Eike Ritter, Mark Ryan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

To protect mobile phone from tracking by third parties, mobile telephony systems rely on periodically changing pseudonyms. We experimentally and formally analyse the mechanism adopted to update these pseudonyms and point out design and implementation weaknesses that defeat its purpose by allowing the identification and/or tracking of mobile telephony users. In particular, the experiments show that the pseudonym changing mechanism as implemented by real networks does not achieve the intended privacy goals. Moreover, we found out that the standard is flawed and that it is possible to exploit the procedure used to assign a new pseudonym, the TMSI reallocation procedure, in order to track users. We propose countermeasures to tackle the exposed vulnerabilities and formally prove that the 3GPP standard should require the establishment of a fresh ciphering key before each execution of the TMSI reallocation procedure to provide unlinkability.
Original languageEnglish
Title of host publication21st Annual Network and Distributed System Security Symposium (NDSS'14)
PublisherThe Internet Society
Pages1-14
Number of pages14
ISBN (Print)1-891562-35-5
DOIs
Publication statusPublished - 22 Feb 2014
Event2014 Network and Distributed System Security Symposium - San Diego, United States
Duration: 23 Feb 201426 Feb 2014
https://www.ndss-symposium.org/ndss2014/

Symposium

Symposium2014 Network and Distributed System Security Symposium
Abbreviated titleNDSS 2014
CountryUnited States
CitySan Diego
Period23/02/1426/02/14
Internet address

Fingerprint Dive into the research topics of 'Privacy through Pseudonymity in Mobile Telephony Systems'. Together they form a unique fingerprint.

Cite this