Browse > Article
http://dx.doi.org/10.4218/etrij.2022-0181

Dynamic ID randomization for user privacy in mobile network  

Arijet Sarker (Department of Computer Science, University of Colorado Colorado Springs)
SangHyun Byun (Department of Computer Science, University of Colorado Colorado Springs)
Manohar Raavi (Department of Computer Science, University of Colorado Colorado Springs)
Jinoh Kim (Department of Computer Science and Information systems, Texas A&M University-Commerce)
Jonghyun Kim (Electronics and Telecommunications Research Institute)
Sang-Yoon Chang (Department of Computer Science, University of Colorado Colorado Springs)
Publication Information
ETRI Journal / v.44, no.6, 2022 , pp. 903-914 More about this Journal
Abstract
Mobile and telecommunication networking uses temporary and random identifiers (IDs) to protect user privacy. For greater intelligence and security o the communications between the core network and the mobile user, we design and build a dynamic randomization scheme for the temporary IDs for mobile networking, including 5G and 6G. Our work for ID randomization (ID-RZ) advances the existing state-of-the-art ID re-allocation approach in 5G in the following ways. First, ID-RZ for ID updates is based on computing, as opposed to incurring networking for the re-allocation-based updates, and is designed for lightweight and low-latency mobile systems. Second, ID-RZ changes IDs proactively (as opposed to updating based on explicit networking event triggers) and provides stronger security (by increasing the randomness and frequency of ID updates). We build on the standard cryptographic primitives for security (e.g., hash) and implement our dynamic randomization scheme in the 5G networking protocol to validate its design purposes, which include time efficiency (two to four orders of magnitude quicker than the re-allocation approach) and appropriateness for mobile applications.
Keywords
cellular networking; low latency; mobile computing; 5G; 6G; temporary ID; user privacy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 G. S. M., 3.20 version 3.3.2, European Digital Cellular Telecommunication System (Phase1), 1991.
2 3GPP. TS 33.501, Security architecture and procedures for 5G System, 2021.
3 A. Shaik, R. Borgaonkar, N. Asokan, V. Niemi, and J.-P. Seifert, Practical attacks against privacy and availability in 4G/LTE mobile communication systems, 2015. arXiv preprint arXiv:1510.07563.
4 B. Hong, S. Bae, and Y. Kim, GUTIreallocation demystified: Cellular location tracking with changing temporary identifier, Network and Distributed Systems Security Symposium, SanDiego, CA, USA), 2018. https://doi.org/10.14722/ndss.2018.23349   DOI
5 D. F. Kune, J. Koelndorfer, N. Hopper, and Y. Kim, Location leaks on the GSM air interface, (Network and Distributed Systems Security Symposium, SanDiego, CA, USA), 2012.
6 S. R. Hussain, M. Echeverria, O. Chowdhury, N. Li, and E. Bertino, Privacy attacks to the 4G and 5G cellular paging protocols using side channel information, (Network and Distributed Systems Security, San Diego, CA, USA), 2019. https://doi.org/10.14722/ndss.2019.23442   DOI
7 D. Rupprecht, K. Kohls, T. Holz, and C. Popper, Breaking LTE on layer two, (IEEE Symposium on Security and Privacy, San Francisco, CA, USA). IEEE, 2019, pp. 1121-1136.
8 S. Bae, M. Son, D. Kim, C. Park, J. Lee, S. Son, and Y. Kim, Watching the watchers: Practical video identification attack in fLTEg networks, (31st Usenix Security Symposium (Usenix Security 22), Boston, MA, USA) 2022, pp. 1307-1324.
9 H. Kim, J. Lee, E. Lee, and Y. Kim, Touching the untouchables: Dynamic security analysis of the lte control plane, (IEEE Symposium on Security and Privacy, San Francisco, CA, USA), 2019, pp. 1153-1168.
10 3GPP. TR 21.915, Release 15, 2021. https://www.3gpp.org/release-15
11 3GPP. TR 21.916, Release 16, 2021. https://www.3gpp.org/release-16
12 U. Gorrepati, P. Zavarsky, and R. Ruhl, Privacy protection in lte and 5G networks, (2nd International Conference on Secure Cyber Computing and Communications, Jalandhar, India), 2021, pp. 382-387.
13 T. Dittler, F. Tschorsch, S. Dietzel, and B. Scheuermann, Anotel: Cellular networks with location privacy, (IEEE 41st Conference on Local Computer Networks, Dubai, United Arab Emirates) 2016, pp. 635-638.
14 H. Nicanfar, J. Hajipour, F. Agharebparast, P. TalebiFard, and V. ictorC. M. Leung, Privacy-preserving handover mechanism in 4G, (IEEE Conference on Communications and Network Security, National Harbor, MD, USA), 2013, pp. 373-374.
15 Y. Wu, H.-N. Dai, H. Wang, and K.-K. R. Choo, Blockchainbased privacy preservation for 5G-enabled drone communications, IEEE Netw. 35 (2021), no. 1, 50-56.
16 A. Haque, V. Madathil, B. Reaves, and A. Scafuro, Anonymous device authorization for cellular networks, (Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2021, pp. 25-36.
17 A. Shaik, R. Borgaonkar, S. Park, and J.-P. Seifert, New vulnerabilities in 4G and 5G cellular access network protocols: exposing device capabilities, (Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, Miami, FL, USA), 2019, pp. 221-231.
18 3GPP. TS 23.003, Numbering, addressing and identification, 2021.
19 S. R. Hussain, M. Echeverria, I. Karim, O. Chowdhury, and E. Bertino, 5GReasoner: A property-directed security and privacy analysis framework for 5G cellular network protocol, (Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom), 2019, pp. 669-684.
20 3GPP. TS 36.321, Medium Access Control (MAC) protocol specification, 2021.
21 3GPP. TS 36.331, Radio Resource Control (RRC), 2021.
22 A. Rukhin, J. Soto, J. Nechvatal, M. Smid, and E. Barker, A statistical test suite for random and pseudorandom number generators for cryptographic applications, Booz-Allen and Hamilton inc, McLean, VA, 2001.
23 A. W. Appel, Verification of a cryptographic primitive: Sha-256, ACM Trans. Program. Lang. Syst. (TOPLAS) 37 (2015), no. 2, 1-31.   DOI
24 L. Lamport, Password authentication with insecure communication, Commun. ACM 24 (1981), no. 11, 770-772.   DOI
25 S.-Y. Chang, Y. Park, and B. B. A. Babu, Fast IP hopping randomization to secure hop-by-hop access in SDN, IEEE Trans. Netw. Service Manag. 16 (2018), no. 1, 308-320.
26 A. Perrig, R. Canetti, J. D. Tygar, and D. Song, The tesla broadcast authentication protocol, Rsa Cryptobytes 5 (2002), no. 2, 2-13.
27 L. Wenwei, Z. Dafang, Y. Jinmin, and X. Gaogang, On evaluating the differences of TCP and ICMP in network measurement, Comput. Commun. 30 (2007), no. 2, 428-439.   DOI
28 Quora, How big of an area and how many people does one cell tower usually cover, 2022. https://www.quora.com/How-big-of-an-area-and-how-many-people-does-one-cell-tower-usuallycover [last accessed March 2022].
29 Alexa, 2022. https://www.alexa.com/topsites [last accessed March 2022].
30 IANA, Internet Assigned Numbers Authority. https://www.iana.org/