ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Dynamic ID randomization for user privacy in mobile network

  • Arijet, Sarker (Department of Computer Science, University of Colorado Colorado Springs) ;
  • SangHyun, Byun (Department of Computer Science, University of Colorado Colorado Springs) ;
  • Manohar, Raavi (Department of Computer Science, University of Colorado Colorado Springs) ;
  • Jinoh, Kim (Department of Computer Science and Information systems, Texas A&M University-Commerce) ;
  • Jonghyun, Kim (Electronics and Telecommunications Research Institute) ;
  • Sang-Yoon, Chang (Department of Computer Science, University of Colorado Colorado Springs)
  • Received : 2022.05.08
  • Accepted : 2022.10.21
  • Published : 2022.12.10
Download PDF
⟨ Previous Next ⟩

Abstract

Mobile and telecommunication networking uses temporary and random identifiers (IDs) to protect user privacy. For greater intelligence and security o the communications between the core network and the mobile user, we design and build a dynamic randomization scheme for the temporary IDs for mobile networking, including 5G and 6G. Our work for ID randomization (ID-RZ) advances the existing state-of-the-art ID re-allocation approach in 5G in the following ways. First, ID-RZ for ID updates is based on computing, as opposed to incurring networking for the re-allocation-based updates, and is designed for lightweight and low-latency mobile systems. Second, ID-RZ changes IDs proactively (as opposed to updating based on explicit networking event triggers) and provides stronger security (by increasing the randomness and frequency of ID updates). We build on the standard cryptographic primitives for security (e.g., hash) and implement our dynamic randomization scheme in the 5G networking protocol to validate its design purposes, which include time efficiency (two to four orders of magnitude quicker than the re-allocation approach) and appropriateness for mobile applications.

Keywords

Acknowledgement

We thank the editors and anonymous reviewers for their helpful feedback. This work was supported by National Science Foundation under Grant No. 1922410 and by Institute of Information & communications Technology Planning & Evaluation (IITP) grants funded by the Korea government (MSIT) (No. 2021-0-00796, Research on Foundational Technologies for 6G Autonomous Security-by-Design to Guarantee Constant Quality of Security; No.2021-0-02107, Collaborative Research on Element Technologies for 6G Security-by-Design and Standardization-Based International Cooperation).

References

  1. G. S. M., 3.20 version 3.3.2, European Digital Cellular Telecommunication System (Phase1), 1991.
  2. 3GPP. TS 33.501, Security architecture and procedures for 5G System, 2021.
  3. A. Shaik, R. Borgaonkar, N. Asokan, V. Niemi, and J.-P. Seifert, Practical attacks against privacy and availability in 4G/LTE mobile communication systems, 2015. arXiv preprint arXiv:1510.07563.
  4. B. Hong, S. Bae, and Y. Kim, GUTIreallocation demystified: Cellular location tracking with changing temporary identifier, Network and Distributed Systems Security Symposium, SanDiego, CA, USA), 2018. https://doi.org/10.14722/ndss.2018.23349
  5. D. F. Kune, J. Koelndorfer, N. Hopper, and Y. Kim, Location leaks on the GSM air interface, (Network and Distributed Systems Security Symposium, SanDiego, CA, USA), 2012.
  6. S. R. Hussain, M. Echeverria, O. Chowdhury, N. Li, and E. Bertino, Privacy attacks to the 4G and 5G cellular paging protocols using side channel information, (Network and Distributed Systems Security, San Diego, CA, USA), 2019. https://doi.org/10.14722/ndss.2019.23442
  7. D. Rupprecht, K. Kohls, T. Holz, and C. Popper, Breaking LTE on layer two, (IEEE Symposium on Security and Privacy, San Francisco, CA, USA). IEEE, 2019, pp. 1121-1136.
  8. S. Bae, M. Son, D. Kim, C. Park, J. Lee, S. Son, and Y. Kim, Watching the watchers: Practical video identification attack in fLTEg networks, (31st Usenix Security Symposium (Usenix Security 22), Boston, MA, USA) 2022, pp. 1307-1324.
  9. H. Kim, J. Lee, E. Lee, and Y. Kim, Touching the untouchables: Dynamic security analysis of the lte control plane, (IEEE Symposium on Security and Privacy, San Francisco, CA, USA), 2019, pp. 1153-1168.
  10. 3GPP. TR 21.915, Release 15, 2021. https://www.3gpp.org/release-15
  11. 3GPP. TR 21.916, Release 16, 2021. https://www.3gpp.org/release-16
  12. U. Gorrepati, P. Zavarsky, and R. Ruhl, Privacy protection in lte and 5G networks, (2nd International Conference on Secure Cyber Computing and Communications, Jalandhar, India), 2021, pp. 382-387.
  13. T. Dittler, F. Tschorsch, S. Dietzel, and B. Scheuermann, Anotel: Cellular networks with location privacy, (IEEE 41st Conference on Local Computer Networks, Dubai, United Arab Emirates) 2016, pp. 635-638.
  14. H. Nicanfar, J. Hajipour, F. Agharebparast, P. TalebiFard, and V. ictorC. M. Leung, Privacy-preserving handover mechanism in 4G, (IEEE Conference on Communications and Network Security, National Harbor, MD, USA), 2013, pp. 373-374.
  15. Y. Wu, H.-N. Dai, H. Wang, and K.-K. R. Choo, Blockchainbased privacy preservation for 5G-enabled drone communications, IEEE Netw. 35 (2021), no. 1, 50-56.
  16. A. Haque, V. Madathil, B. Reaves, and A. Scafuro, Anonymous device authorization for cellular networks, (Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2021, pp. 25-36.
  17. 3GPP. TS 23.003, Numbering, addressing and identification, 2021.
  18. S. R. Hussain, M. Echeverria, I. Karim, O. Chowdhury, and E. Bertino, 5GReasoner: A property-directed security and privacy analysis framework for 5G cellular network protocol, (Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom), 2019, pp. 669-684.
  19. 3GPP. TS 36.321, Medium Access Control (MAC) protocol specification, 2021.
  20. A. Shaik, R. Borgaonkar, S. Park, and J.-P. Seifert, New vulnerabilities in 4G and 5G cellular access network protocols: exposing device capabilities, (Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, Miami, FL, USA), 2019, pp. 221-231.
  21. 3GPP. TS 36.331, Radio Resource Control (RRC), 2021.
  22. A. Rukhin, J. Soto, J. Nechvatal, M. Smid, and E. Barker, A statistical test suite for random and pseudorandom number generators for cryptographic applications, Booz-Allen and Hamilton inc, McLean, VA, 2001.
  23. A. W. Appel, Verification of a cryptographic primitive: Sha-256, ACM Trans. Program. Lang. Syst. (TOPLAS) 37 (2015), no. 2, 1-31. https://doi.org/10.1145/2701415
  24. L. Lamport, Password authentication with insecure communication, Commun. ACM 24 (1981), no. 11, 770-772. https://doi.org/10.1145/358790.358797
  25. S.-Y. Chang, Y. Park, and B. B. A. Babu, Fast IP hopping randomization to secure hop-by-hop access in SDN, IEEE Trans. Netw. Service Manag. 16 (2018), no. 1, 308-320.
  26. A. Perrig, R. Canetti, J. D. Tygar, and D. Song, The tesla broadcast authentication protocol, Rsa Cryptobytes 5 (2002), no. 2, 2-13.
  27. Quora, How big of an area and how many people does one cell tower usually cover, 2022. https://www.quora.com/How-big-of-an-area-and-how-many-people-does-one-cell-tower-usuallycover [last accessed March 2022].
  28. Alexa, 2022. https://www.alexa.com/topsites [last accessed March 2022].
  29. IANA, Internet Assigned Numbers Authority. https://www.iana.org/
  30. L. Wenwei, Z. Dafang, Y. Jinmin, and X. Gaogang, On evaluating the differences of TCP and ICMP in network measurement, Comput. Commun. 30 (2007), no. 2, 428-439. https://doi.org/10.1016/j.comcom.2006.09.015