Improving Air Interface User Privacy in Mobile Telephony
This addresses privacy vulnerabilities for mobile telephony users, offering a practical solution without infrastructure modifications, though it is incremental as it builds on existing protocols.
The paper tackles the problem of user privacy shortcomings in 3G and 4G mobile networks by proposing a scheme that uses multiple IMSIs per USIM to improve identity protection over the air interface, requiring no changes to existing infrastructure and being immediately deployable.
Although the security properties of 3G and 4G mobile networks have significantly improved by comparison with 2G (GSM), significant shortcomings remain with respect to user privacy. A number of possible modifications to 2G, 3G and 4G protocols have been proposed designed to provide greater user privacy; however, they all require significant modifications to existing deployed infrastructures, which are almost certainly impractical to achieve in practice. In this article we propose an approach which does not require any changes to the existing deployed network infrastructures or mobile devices, but offers improved user identity protection over the air interface. The proposed scheme makes use of multiple IMSIs for an individual USIM to offer a degree of pseudonymity for a user. The only changes required are to the operation of the authentication centre in the home network and to the USIM, and the scheme could be deployed immediately since it is completely transparent to the existing mobile telephony infrastructure. We present two different approaches to the use and management of multiple IMSIs.