Providing Identity Privacy in 5G Networks by Using Pseudonyms

This thesis aims for presenting a solution for providing the identity privacy in mobile networks. The user is identified in mobile networks by an International Mobile Subscriber Identity (IMSI). An IMSI catcher is a device that acts like a fake base station and targets information such as identity and location. Location tracking is one of the most serious outcomes, in case attacker captures these details. Since building an IMSI catcher is now cheaper than before and detecting one is very hard, threat caused by this device has become a serious issue, especially while developing 5G. Several solutions to protect against IMSI catchers are explained in this thesis, and one solution for defeating IMSI catchers is using pseudonyms instead of real identity. We claim that pseudonym can be an effective solution for providing identity privacy in 5G networks and can be also compatible with legacy networks. We have implemented a prototype that demonstrates how pseudonym can be imposed to an existing Authentication and Key Agreement (AKA) procedure. This prototype has been presented in two public demonstration sessions. This thesis includes the history of the mobile networks including 5G. The changes between generations of networks show the requirements for better infrastructure, and also for improved security. We have also examined the development of AKA, since AKA is one of the most important procedures to provide secure service to valid users. Moreover, our prototype is about enhancing AKA for adapting pseudonym approach. This thesis also mentions about a block cipher called KASUMI, which is used for encrypting and decrypting pseudonym during AKA in the prototype. Since KASUMI is designed specifically for 3GPP and cryptanalyses show it is still safe to use KASUMI, it was chosen to be used in the prototype. Keywords: 5G, mobile networks, pseudonym, identity privacy, authentication and key agreement, KASUMI

Privacy-Preserving Access for Multi-Access Edge Computing (MEC) Applications

Multi-Access Edge Computing (MEC) is one of the emerging key technologies in Fifth Generation (5G) Mobile Networks, providing reduced end-to-end latency for applications and reduced load in the transport network. This paper is about user privacy in MEC within 5G. We consider a basic MEC usage scenario, where the user accesses an application hosted in the MEC platform via the radio access network of the Mobile Network Operator (MNO). First, we create a system model based on this scenario, then define the adversary model and privacy requirements for this system model. Second, we introduce a privacy-preserving access solution for the system model and analyze the solution against the privacy requirements.Peer reviewe

Privacy-Aware Access Protocols for MEC Applications in 5G

Multi-access edge computing (MEC) is one of the emerging key technologies in fifth generation (5G) mobile networks, providing reduced end-to-end latency for applications and reduced load in the transport network. This paper proposes mechanisms to enhance user privacy in MEC within 5G. We consider a basic MEC usage scenario, where the user accesses an application hosted in the MEC platform via the radio access network of the mobile network operator (MNO). First, we create a system model based on this scenario. Second, we define the adversary model and give the list of privacy requirements for this system model. We also analyze the impact on user privacy when some of the parties in our model share information that is not strictly needed for providing the service. Third, we introduce a privacy-aware access protocol for the system model and analyze this protocol against the privacy requirements

AKMA Support in Multi SIM User Equipment

Multi SIM User Equipment (UE) can have more than one physical slot for Universal Integrated Circuit Card (UICC). The eUICC is an embedded version of the UICC, which cannot be physically removed from the communication device. Currently, 3rd Generation Partnership Project (3GPP) is working on developing Authentication and Key Management for Applications (AKMA), with which user can bootstrap authentication towards application server from his mobile subscription. We consider the scenario that may become common in devices with Multi SIM and eUICC, in which one subscription is used for primary services such as voice and data, and another subscription is used for AKMA services. In this scenario, the purpose is to use AKMA services simultaneously and without interrupting primary services. There are existing requirements for Multi SIM and eUICC, which restrain this scenario from being successful. The solution that we propose includes arrangements and adaptations, in order to provide secure and uninterrupted services of both primary and AKMA services.Peer reviewe

Lightweight Privacy-Preserving Ride-Sharing Protocols for Autonomous Cars

Peer reviewe

Privacy-Enhanced AKMA for Multi-Access Edge Computing Mobility

Multi-access edge computing (MEC) is an emerging technology of 5G that brings cloud computing benefits closer to the user. The current specifications of MEC describe the connectivity of mobile users and the MEC host, but they have issues with application-level security and privacy. We consider how to provide secure and privacy-preserving communication channels between a mobile user and a MEC application in the non-roaming case. It includes protocols for registration of the user to the main server of the MEC application, renewal of the shared key, and usage of the MEC application in the MEC host when the user is stationary or mobile. For these protocols, we designed a privacy-enhanced version of the 5G authentication and key management for applications (AKMA) service. We formally verified the current specification of AKMA using ProVerif and found a new spoofing attack as well as other security and privacy vulnerabilities. Then we propose a fix against the spoofing attack. The privacy-enhanced AKMA is designed considering these shortcomings. We formally verified the privacy-enhanced AKMA and adapted it to our solution

Providing Identity Privacy in 5G Networks by Using Pseudonyms

This thesis aims for presenting a solution for providing the identity privacy in mobile networks. The user is identified in mobile networks by an International Mobile Subscriber Identity (IMSI). An IMSI catcher is a device that acts like a fake base station and targets information such as identity and location. Location tracking is one of the most serious outcomes, in case attacker captures these details. Since building an IMSI catcher is now cheaper than before and detecting one is very hard, threat caused by this device has become a serious issue, especially while developing 5G. Several solutions to protect against IMSI catchers are explained in this thesis, and one solution for defeating IMSI catchers is using pseudonyms instead of real identity. We claim that pseudonym can be an effective solution for providing identity privacy in 5G networks and can be also compatible with legacy networks. We have implemented a prototype that demonstrates how pseudonym can be imposed to an existing Authentication and Key Agreement (AKA) procedure. This prototype has been presented in two public demonstration sessions. This thesis includes the history of the mobile networks including 5G. The changes between generations of networks show the requirements for better infrastructure, and also for improved security. We have also examined the development of AKA, since AKA is one of the most important procedures to provide secure service to valid users. Moreover, our prototype is about enhancing AKA for adapting pseudonym approach. This thesis also mentions about a block cipher called KASUMI, which is used for encrypting and decrypting pseudonym during AKA in the prototype. Since KASUMI is designed specifically for 3GPP and cryptanalyses show it is still safe to use KASUMI, it was chosen to be used in the prototype

Privacy-Aware Access Protocols for MEC Applications in 5G

Multi-access edge computing (MEC) is one of the emerging key technologies in fifth generation (5G) mobile networks, providing reduced end-to-end latency for applications and reduced load in the transport network. This paper proposes mechanisms to enhance user privacy in MEC within 5G. We consider a basic MEC usage scenario, where the user accesses an application hosted in the MEC platform via the radio access network of the mobile network operator (MNO). First, we create a system model based on this scenario. Second, we define the adversary model and give the list of privacy requirements for this system model. We also analyze the impact on user privacy when some of the parties in our model share information that is not strictly needed for providing the service. Third, we introduce a privacy-aware access protocol for the system model and analyze this protocol against the privacy requirements.Peer reviewe

AKMA for Secure Multi-access Edge Computing Mobility in 5G

Multi-Access Edge Computing (MEC) extends the cloud computing capabilities to the edge of the 5G network. The current 3rd Generation Partnership Project (3GPP) and European Telecommunications Standard Institute (ETSI) specifications about MEC cover connectivity between a mobile user and a MEC host, including security, but they do not extend to application-level security and privacy issues. We solve the problem of creating a secure and privacy-preserving communication channel between a mobile user and a distributed MEC application. The solution is limited to the case where the mobile network remains the same during communication. The solution is based on the 3GPP AKMA for authentication and key sharing. It includes protocols for (1) registering the user to the main server of the application, (2) updating the user information and shared keys with the main server of the application, (3) using the application in the MEC host in the static case, (4) using the application in MEC host while moving.Peer reviewe