KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Enhancing Identity Privacy Using Identity-Based Encryption in Access Networks of 3GPP

3GPP 접속 망에서 ID 기반 암호를 이용한 신원 프라이버시 개선 연구

  • 정용현 (고려대학교 정보보호학과) ;
  • 이동훈 (고려대학교 정보보호대학원)
  • Received : 2016.05.24
  • Accepted : 2016.08.23
  • Published : 2016.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Identity Privacy issues such as exposures of IMSIs(International Mobile Subscriber Identities) in access network have been consistently raised throughout GSM, UMTS, LTE in 3GPP. The 3GPP specification uses temporary identities instead of IMSI to ensure anonymity of the user. Even if temporary identities are disclosed, Identity Privacy may be maintained at a safe level by security policies such as no linkability and periodic update. But in case of IMSI, it cannot be changed even though it is exposed. There still exist some situations that IMSI is used in clear text for the authentication. Therefore, a protective mechanism for the identity confidentiality is needed. In this paper we propose a protocol based on IBE(Identity-based Encryption) to protect permanent identities in access network. By simplifying the scheme, this protocol has minimized the system impact on current 3GPP environment. And this scheme can be applied to all kind of permanent identities and 3GPP AKA(Authentication and Key Agreement) protocols in access network.

무선 접속 망(Access Network)에서의 IMSI(International Mobile Subscriber Identity) 노출과 같은 신원 프라이버시(Identity Privacy) 문제는 3GPP(3rd Generation Partnership Project)에서 GSM, UMTS, LTE로 발전해 오는 동안 꾸준히 제기되어 왔으나 아직까지 제대로 해결되지 않고 있다. 3GPP에서는 영구적인 아이디를 대신하여 임시 아이디를 발급하여 사용하고, 사용되는 아이디 간의 연계성(Linkability)을 없애고 주기적인 임시 아이디 갱신을 수행하는 것과 같은 보안 정책을 통해 신원 노출에 어느 정도 감내할 수준으로 유지하고 있다. 그러나 영구적인 아이디가 평문으로 전송되는 경우는 계속 발생하고 있고, 영구 아이디의 경우에는 한번 노출되면 아이디 변경이 불가능하기 때문에 이를 보호하기 위한 수단이 반드시 필요하다. 본 논문에서는 ID 기반 암호(Identity-based Encryption)를 사용하여 접속 망에서 IMSI 같은 영구적인 아이디를 보호하는 기법을 제안하였다. 프로토콜 구조를 단순하게 함으로써 다른 영구적인 아이디 보호에도 적용할 수 있게 하였고, 다른 3GPP AKA(Authentication and Key Agreement) 프로토콜들과 호환되도록 설계하여 현재 운영 중인 3GPP 환경에서도 적용 가능하도록 하였다.

Keywords

References

  1. 3rd Generation Partnership Project, 3GPP TS 33.102 V13.0.0 (2016-01), 3G security; Security architecture (Release 13), 2016.
  2. 3rd Generation Partnership Project, 3GPP TS 24.301 V13.5.0 (2016-04), Non-Access-Stratum (NAS) protocol for Evolved Packet System(EPS); Stage 3 (Release 13), 2016.
  3. Geir M. Koien and Vladimir A. Oleshchuk, "Location privacy for cellular systems; analysis and solution," Privacy Enhancing Technologies, Springer Berlin Heidelberg, 2005.
  4. Keith Mayes and Konstantinos Markantonakis, "Mobile Communication Security Controllers," Secure Smart Embedded Devices, Platforms and Applications, New York: Springer, pp.227-266, 2014.
  5. Muzammil Khan, Attiq Ahmed, and Ahmad Raza Cheema. "Vulnerabilities of UMTS access domain security architecture," Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2008. SNPD'08. Ninth ACIS International Conference on. IEEE, 2008.
  6. Christos Xenakis and Christoforos Ntantogian, "An advanced persistent threat in 3G networks: Attacking the home network from roaming networks," Computers & Security, Vol.40, pp.84-94, 2014. https://doi.org/10.1016/j.cose.2013.11.006
  7. 3rd Generation Partnership Project, 3GPP TS.22.016 V13.0.0 (2016-02), International Mobile station Equipment Identities (IMEI) (Release 13), 2016.
  8. 3rd Generation Partnership Project, 3GPP TS.33.203 V13.1.0 (2016-01), 3G security; Access security for IP-based services (Release 13), 2016.
  9. B. Vinck, G. Horn, and K. Muller, "A viable security architecture for UMTS," In ACTS Mobile Summit, 1999.
  10. T. Newe, and Coffey Tom, "Security protocols for 2G and 3G wireless communications," Proceedings of the 1st international symposium on Information and communication technologies, Trinity College Dublin, 2003.
  11. Yaping Deng et al., "A novel 3GPP SAE authentication and key agreement protocol," 2009 IEEE International Conference on Network Infrastructure and Digital Content. IEEE, 2009.
  12. Dake He, Jianbo Wang, and Yu Zheng, "User authentication scheme based on self-certified public-key for next generation wireless network," Biometrics and Security Technologies, 2008. ISBAST 2008. International Symposium on. IEEE, 2008.
  13. Xiehua Li and Yongjun Wang, "Security enhanced authentication and key agreement protocol for LTE/SAE network," Wireless Communications, Networking and Mobile Computing (WiCOM), 2011 7th International Conference on. IEEE, 2011.
  14. Jacques Bou Bou Abdo, H. Chaouchi, and M. Aoude, "Ensured confidentiality authentication and key agreement protocol for EPS," 2012 Symposium on Broadband Networks and Fast Internet (RELABIRA), IEEE, 2012.
  15. Geir M. Koien, "Privacy Enhanced Mobile Authentication," Wireless Personal Communications, Vol.40, No.3, pp.443-455, 2007. https://doi.org/10.1007/s11277-006-9202-y
  16. Geir M. Koien, "Privacy enhanced mutual authentication in LTE," WiMob, 2013.
  17. Sattarzadeh, Behnam, Mahdi Asadpour, and Rasool Jalili, "Improved user identity confidentiality for UMTS mobile networks," Universal Multiservice Networks, 2007. ECUMN'07. Fourth European Conference on, IEEE, 2007.
  18. Choudhury, Hiten, Basav Roychoudhury, and Dilip K. Saikia, "End-to-end user identity confidentiality for umts networks," Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on. Vol. 2. IEEE, 2010.
  19. Choudhury, Hiten, Basav Roychoudhury, and Dilip Kr Saikia, "Enhancing user identity privacy in lte," 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, 2012.
  20. 3rd Generation Partnership Project, 3GPP TS 23.003 V13.5.0 (2016-04), Numbering, addressing and identification (Release 13), 2016.
  21. Adi. Shamir, "Identity-based cryptosystems and signature schemes," Workshop on the Theory and Application of Cryptographic Techniques, Springer Berlin Heidelberg, 1984.
  22. Boneh, Dan and Matt Franklin, "Identity-based encryption from the Weil pairing," Annual International Cryptology Conference, Springer Berlin Heidelberg, 2001.
  23. 3rd Generation Partnership Project, 3GPP TS.25.331 V13.2.0 (2016-04), Radio Resource Control(RRC); Protocol specification (Release 13), 2016.
  24. 3rd Generation Partnership Project, 3GPP TS.36.331 V13.1.0 (2016-04), Radio Resource Control(RRC); Protocol specification (Release 13), 2016.
  25. 3rd Generation Partnership Project, 3GPP TS.31.102 V13.3.0 (2016-04), Characteristics of the Universal Subscriber Identity Modul(USIM) application (Release 13), 2016.
  26. Tatebayashi, Makoto, Natsume Matsuzaki, and David B. Newman Jr., "Key distribution protocol for digital mobile communication systems," Conference on the Theory and Application of Cryptology, Springer New York, 1989.
  27. 3rd Generation Partnership Project, 3GPP TS.24.007 V13.0.0 (2016-03), Mobile radio interface signalling layer 3; General Aspects (Release 13), 2016.
  28. Rogaway, Phillip and Thomas Shrimpton, "Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance," International Workshop on Fast Software Encryption, Berlin Heidelberg: Springer, 2004.
  29. Shaik, Altaf et al., "Practical attacks against privacy and availability in 4G/LTE mobile communication systems," arXiv preprint arXiv:1510.07563 (2015).
  30. Lynn, Ben. "PBC library" [Internet], https://crypto.stanford.edu/pbc.
  31. OpenSSL, Cryptography, "SSL/TLS Toolkit" (2011) The document is available in http://www.openssl.org.
  32. Givtech [Internet], http://www.givtech.co.kr.
  33. 3rd Generation Partnership Project, 3GPP TS 33.303 V13.3.0 (2016-04), Proximity-based Services (ProSe); Security aspects (Release 13), 2016.