scieee Science in your language
[en] (orig)

A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTS

Author: CHOUDHURY, HITEN
Publisher: Zenodo
DOI: 10.5281/zenodo.17291638
Source: https://zenodo.org/records/17291638/files/11219ijnsa03.pdf
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
DOI: 10.5121/ijnsa.2019.11203 33
A REVIEW OF SELECTED PROPOSALS FOR
IMPROVING IDENTITY PRIVACY IN UMTS
Hi en Choudhu y
Depa men o Compu e Science & In o ma ion Technology
Co on Uni e si y, Guwaha i, Assam, India
A
BSTRACT
Uni e sal Mobile Telecommunica ion Sys em (UMTS) is a popula 3G s anda d o mobile
elecommunica ion ne wo ks. ‘Vulne abili y o he subsc ibe ’s iden i y p i acy and he need o elimina e
his ulne abili y’, is an es ablished secu i y issue in UMTS. This ulne abili y con inues o exis up o
a ious ex en s in he descenden ne wo ks o UMTS, like LTE. Se e al solu ions sugges ing imp o emen s
o he iden i y p i acy in UMTS is p esen in he li e a u e. In his pape , we look in o selec ew o hese
solu ions, wi h he expec a ion ha esea che en isioning o wo k in his a ea will ge a di ec ion in
de ising an e icien mechanism in imp o ing iden i y p i acy in UMTS, i s descendan s and u u e mobile
ne wo ks.
K
EYWORDS
Iden i y; P i acy; Au hen ica ion; Anonymi y; IMSI; UMTS; LTE; In e wo king
1. I
NTRODUCTION
3 d Gene a ion Pa ne ship P ojec (3GPP) has s anda dised one o he mos popula hi d
gene a ion mobile elecommunica ion ne wo k called he Uni e sal Mobile Telecommunica ion
Sys em (UMTS). The secu i y a chi ec u e o UMTS (Fig. 1) in ol es h ee p ima y pa icipan s
namely: he Home Ne wo k (HN), he Se ing Ne wo k (SN) and he Mobile S a ion (MS) ha
ep esen s he subsc ibe . E e y MS has o be egis e ed wi h a HN (wi h hei secu i y
c eden ials s o ed a he HN's da a base). The HN con ains key secu i y elemen s like he Home
Loca ion Regis e (HLR) and he Au hen ica ion Cen e (AuC). The HLR s o es pe manen
sensi i e in o ma ion o he subsc ibe s such as iden i y, se ice p o ile, ac i i y s a us, e c.,
whe e as he AuC a e a p o ec ed da abase ha s o es associa ion be ween subsc ibe iden i ies
and long- e m keys. The HN ex ends i s se ices o i s oaming subsc ibe s h ough he SNs. The
SN con ains elemen s like he Visi o Loca ion Regis e (VLR) and he Mobile Swi ching Cen e
(MSC). The VLR s o es empo a y in o ma ion abou subsc ibe s isi ing a gi en loca ion a ea o
he SN and main ains empo a y o pe manen iden i y associa ions, whe e as he MSC o e
ci cui -swi ching domain se ices. A MS di ec ly communica es wi h a Base T anscei e S a ion
o NodeB which co e s he a ea he MS is loca ed in. One o mo e NodeBs a e connec ed wi h a
Radio Ne wo k Con olle (RNC). The RNC manages he adio esou ces and is he in e ace
be ween he MS and he co e ne wo k. Communica ion be ween he MS and he SN happens o e
adio link, whe eas communica ion be ween he SN and he HN happens h ough wi ed link.
While he adio link is conside ed o be ulne able, i is assumed ha he wi ed links a e
adequa ely secu e.
The Au hen ica ion and Key Ag eemen (AKA) p o ocol adop ed by UMTS is called he UMTS-
AKA. This mu ual au hen ica ion is done in wo s ages [1][2]:
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
34
In he i s s age, he MS p esen s i s iden i y o he SN. The SN, wi h he help o his iden i y,
ob ains he secu i y c eden ials o he MS in he o m o a se o Au hen ica ion Vec o s (AVs)
om he HN.
 In he second s age, he SN u ilises one o hese AVs o pe o m mu ual au hen ica ion o he
MS h ough a challenge esponse mechanism. In his phase, a Ciphe Key (CK) and an
In eg i y Key (IK) a e es ablished be ween he MS and he SN, so ha communica ion o e
he o he wise ulne able adio link can happen in a secu ed and eliable way.
Figu e 1. Simpli ied oaming a chi ec u e o UMTS.
Each MS is assigned a unique and a pe manen iden i y called he In e na ional Mobile Subsc ibe
Iden i y (IMSI). This iden i y is assigned by he HN so ha an MS may be uniquely iden i ied.
The IMSI is a p ecious piece o in o ma ion ha needs o be p o ec ed. Knowledge o he IMSI o
a subsc ibe may allow an ad e sa y o ack and amass comp ehensi e p o iles abou indi iduals.
Such p o iling may expose an indi idual o a ious kinds o unan icipa ed isks, and abo e all
may dep i e an indi idual o his p i acy. Thus, ansmission o he IMSI is a oided o iden i y
p esen a ion du ing an AKA. To es ic he ansmission o IMSI o e he wi eless link, an MS is
assigned a sho li ed Tempo a y Mobile Subsc ibe Iden i y (TMSI). In spi e o he abo e
secu i y a angemen , he e a e si ua ions in UMTS-AKA whe e he iden i y p i acy o a use
may ge comp omised [3].
To add ess he ulne abili ies desc ibed abo e, esea che s ha e sugges ed se e al new schemes,
algo i hms and p o ocols. In his pape , we discuss and analyse a selec ion o hese solu ions.
The es o he pape is o ganised as ollows: sec ion 2 p esen s a b ie desc ip ion o he UMTS-
AKA. The p oblem o use iden i y p i acy ulne abili y in UMTS-AKA is discussed in sec ion
3. In sec ion 4, we p esen he desi able ea u es o an e icien iden i y p i acy ensu ing solu ion.
In sec ion 5, we discuss some o he h ea s o which a cellula ne wo k may be ulne able.
Sec ion 6 e iews he solu ions p oposed by a ious esea che s. In sec ion 7, we p esen a couple
o classi ica ions based on which he iden i y p i acy ensu ing p oposals may be ca ego ised.
Sec ion 8 p esen s a compa a i e analysis o he p oposed solu ions. We conclude he pape in
sec ion 9.
2. U
MTS
-A
KA
UMTS-AKA achie es mu ual au hen ica ion be ween he MS and he SN. In o de o acili a e he
au hen ica ion mechanism, each MS sha es wi h i s HN a long e m sec e key Ki and a se o one
way hash unc ions iz., 0, 1 o 5, 8 and 9. In o de o assu e eshness o au hen ica ion da a,
wo coun e s, iz., SQN
MS
and SQN
HN
a e main ained a he MS and he HN espec i ely. UMTS-
AKA consis s o he ollowing wo s ages:
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
35
A. Dis ibu ion o Au hen ica ion Da a
1. The MS p esen s i s iden i y o he SN by ansmi ing i h ough he adio channel.
2. I he p esen ed iden i y is a empo a y iden i y, SN loca es he co esponding IMSI using he
TMSI-IMSI mapping main ained in i s local da abase. The SN hen sends an au hen ica ion
da a eques o he HN along wi h he IMSI.
3. Upon eceip o he message, HN gene a es an au hen ica ion ec o deno ed by AV.
Each AV consis ing o i e elemen s, iz.: a Random Numbe (RAND), an Expec ed
Response (XRES), a Ciphe Key (CK), an In eg i y Key (IK), and an Au hen ica ion Token
(AUTH). An AV is gene a ed acco ding o he ollowing s eps (Figu e 2):
Figu e 2. Gene a ion o AV.
 HN gene a es a Random Numbe RAND using he unc ion 0, and a Sequence Numbe
SQN om he coun e SQN
HN
.
 HN hen calcula es he ollowing alues:
XRES = 2
Ki
(RAND)
CK = 3
Ki
(RAND)
IK = 4
Ki
(RAND)
AK = 5
Ki
(RAND)
MAC = 1
Ki
(SQN || RAND || AMF)
Whe e AK: Anonymi y Key, MAC: Message Au hen ica ion Code, AMF: Au hen ica ion
and Key Managemen Field, and '||' deno e conca ena ion. AK is used o conceal he
sequence numbe , as he la e may expose he loca ion o he use . I no concealmen is
needed, AK is se o ze o.
4. HN assembles he Au hen ica ion Token AUTH = SQN
⊕
AK || AMF || MAC and he
Au hen ica ion Vec o AV = (RAND, XRES, CK, IK, AUTH), whe e, '
⊕
' is bi wise
Exclusi e OR ope a ion.
5. HN inc emen s SQN
HN
by 1.
6. Finally, HN sends AV back o he SN.
B. Au hen ica ion and Key Ag eemen
1. SN selec s ex ac s RAND and AUTH om AV and sends i o he MS as a challenge.
2. MS calcula es AK = 5
Ki
(RAND). Using he calcula ed AK, he sequence numbe SQN =
AUTH
⊕
AK is calcula ed. SQN is hen compa ed wi h SQN
MS
in o de o e i y
eshness o he challenge. MS hen compu es MAC = 1
Ki
(SQN || RAND || AMF) and
compa es his alue wi h he MAC included in AUTH. I hey a e di e en , MS ejec s
he connec ion p ocedu e, o he wise i accep s i .
3. Finally MS compu es RES = 2
Ki
(RAND) and sends i back o SN.
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
36
4. Upon eceip o he RES, SN compa es i wi h XRES. I hese alues ma ch, he
au hen ica ion p ocess is conside ed success ul. CK and IK, calcula ed a ei he end a e
used o secu e u he communica ions be ween he SN and MS.
The mu ual au hen ica ion and key ag eemen p ocess is schema ically exp essed in Fig. 3.
Figu e 3. Au hen ica ion and Key Ag eemen .
3. I
DENTITY
P
RIVACY IN
UMTS-AKA
To achie e iden i y p i acy du ing UMTS-AKA, a subsc ibe is iden i ied wi hin he SN by a
TMSI. A TMSI has a local signi icance and he e o e in o de o a oid ambigui ies, ou side he
SN, a TMSI should be appended wi h he Loca ion A ea Iden i ica ion (LAI) o he SN. To a oid
comp omise o iden i y p i acy, a subsc ibe should no be iden i ied by means o he same
empo a y iden i y o a long pe iod. The alloca ion o a new empo a y iden i y is ini ia ed by he
SN. The SN gene a es a empo a y iden i y (TMSIn) and s o es he associa ion o TMSIn and he
IMSI in i s local da abase. The SN hen sends his new TMSIn and (i necessa y) he new loca ion
a ea iden i y LAIn o he use h ough a ciphe ed channel. This channel is secu ed using he CK
and he IK es ablished a ei he end. In spi e o he abo e secu i y mechanism, he e a e si ua ions
when he iden i y p i acy o a subsc ibe may ge comp omised due o he ansmission o i s
IMSI in clea - ex . Some o he si ua ions when he IMSI o an MS becomes ulne able a e as
ollows (Figu e 4):
 MS a aches o he i s ime wi h he SN and has no ye ecei ed a TMSI: In such a
si ua ion, he MS has o p esen i s iden i y o he SN by ansmi ing i s IMSI in clea - ex
h ough he wi eless link.
 A da abase ailu e a he SN p e en s e ie al o IMSI om he TMSI: In such a si ua ion he
SN will be o ced o eques he MS o i s IMSI. The la e will hen ha e o be ansmi ed in
clea - ex h ough he wi eless link.
 A e oaming in o a new SN's egion, he old SN canno be con ac ed o he TMSI-IMSI
mapping: When an MS mo es in o he egion o a new SN (SNn), i will p esen i s iden i y o
SNn h ough he TMSI alloca ed o i by he p e ious SN (SNo). In o de o eques o a new
se o au hen ica ion ec o s om HN, SNn will need o ha e he knowledge o he IMSI.
No mally his will be ob ained by p esen ing he TMSI o SNo. Howe e , in case SNo canno
be con ac ed, SNn will be o ced o ask he MS o i s IMSI. The la e will hen ha e o be
ansmi ed in clea - ex o e he adio link by he MS. This ulne abili y can in ac be
exploi ed by an a acke who can masque ade as a new SN.
 UMTS-AKA assumes ull us ela ionship wi hin he wi ed in e media y se ice ne wo k
componen s, and hence he IMSI is ansmi ed eely amongs hem. The possibili y o an
in e media y agen (like a hi d pa y SN) u ning hos ile and misusing o comp omising he
IMSI is uled ou .
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
37
Thus, ensu ing comple e iden i y p i acy s ill emains elusi e in UMTS. Se e al wo ks has been
ca ied ou o de ice enhanced iden i y p i acy in UMTS. Each o hese ollows di e en
app oach and has di e en cha ac e is ics.
Figu e 4. Iden i y p i acy in UMTS-AKA.
4. D
ESIRABLE
F
EATURES OF AN
I
DENTITY
P
RIVACY
E
NSURING
S
OLUTION
In his sec ion, we discuss some o he cha ac e is ics ha we belie e a e desi able in an e icien
iden i y p i acy ensu ing solu ion o UMTS:
 Less compu a ional o e head a he MS: Compu a ionally in ensi e algo i hms mus be
a oided a he MS, as hey a e limi ed by low ba e y powe and compu a ional capabili y.
Symme ic key based compu a ions ha a e less p ocesso in ensi e a e mo e sui able
compa ed o public key based compu a ions o he MS.
 Less compu a ional o e head a he HN: Since he HN needs o ca e o a la ge numbe o
subsc ibe s; i should a oid compu a ionally in ensi e algo i hms, because such algo i hms
may inc ease he o e all p ocessing ime o he subsc ibe 's eques s. Thus, symme ic key
based compu a ions a e mo e desi able compa ed o public key based compu a ions, a he SN.
 No impac a he SN: A mig a ion o a new solu ion should be anspa en o he SN. This
would make adop ion o he p o ocol easy o se ice p o ide s who ha e o ely on hi d pa y
SNs o p o iding se ices o i s own subsc ibe s.
 End o end iden i y p i acy: An ideal iden i y p i acy ensu ing solu ion should p o ide end o
end iden i y p i acy o he subsc ibe s by es ic ing he ansmission o IMSI in clea ex
h oughou he en i e pa h (wi ed and wi eless) be ween he MS and he HN. E en key
in e media y elemen like he SN should no ha e any knowledge abou he IMSI o he MS.
This would elax he us equi emen which o he wise is a p e equisi e o oaming
ag eemen s be ween he HN and he SN. Such a elaxa ion would speci ically be help ul in
cases whe e he same se ice p o ide does no own bo h he HN and he SN.
 Communica ion e iciency: Any kind o secu i y mechanism in oduces ex a a ic as well as
delay in o a egula communica ion. An e icien iden i y p i acy ensu ing solu ion should
achie e i s objec i es wi h as ew signaling message exchanges as possible. This would ensu e
be e pe o mance in e ms o a ic o e head and o e all la ency in oduced in he
communica ion. We conside a solu ion o ha e communica ion e iciency i he numbe o
message exchanges in ol ed in i is no mo e han he numbe o message exchanges in ol ed
in UMTS-AKA.

In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
38
5. T
HREATS
An iden i y p i acy ensu ing solu ion should be obus agains pe cei ed h ea s like:
ea esd opping, denial o se ice a ack, co up se ing ne wo k, and ake se ing ne wo k. Each
o hese h ea s is b ie ly discussed below:
1. Ea esd opping: Ea esd opping is he ac o sec e ly lis ening o he p i a e con e sa ion o
o he s wi hou hei consen o knowledge. The IMSI is a conca ena ion o he Mobile
Coun y Code (MCC), he Mobile Ne wo k Code (MNC), and he Mobile Subsc ibe
Iden i ica ion Numbe (MSIN). The MCC and he MNC combined cons i u es he IMSI
p e ix ha iden i ies he MS’s HN, whe eas he MSIN uniquely iden i ies an MS wi hin he
HN’s subsc ibe base. I he MSIN ge s disclosed o an ea esd oppe in he adio link, he
use ’s iden i y ge s comp omised. And, i he MCC and he MNC ge s disclosed o an
ea esd oppe in he adio link, he MS’s HN iden i y ge s comp omised [4].
2. Co up Se ing Ne wo k: A co up se ing ne wo k is a genuine SN ha ing legi ima e
se ice ag eemen wi h he HN, bu wi h malicious in en ion. Such a se ing ne wo k may
clandes inely sha e p ecious iden i y p i acy ela ed in o ma ion en us ed o i by he MS and
he HN [5].
3. Fake Se ing Ne wo k (Impe sona ion): A ake se ing ne wo k is an impe sona ed SN ha
d owns he signals o a legi ima e SN wi h i s own signals and p esen s i sel o he MS as a
genuine SN [6].
4. Denial o Se ice: A Denial-o -Se ice a ack (DoS a ack) is an a emp o make a compu e
esou ce o a se ice una ailable o i s in ended use s. One common me hod o he a ack
in ol es inunda ing he a ge machine wi h ex e nal communica ions eques s, such ha i
canno espond o legi ima e a ic, o esponds so slowly as o be conside ed e ec i ely
una ailable [7][8].
6.
S
OLUTIONS
In his sec ion, we p esen b ie and simpli ied in e p e a ion o a selec ew solu ions ha a e
p oposed by a ious esea che s o achie e enhanced use iden i y p i acy in UMTS. While,
di e en au ho s ha e used di e en naming con en ions, o cla i y and uni o mi y, we ollow a
common naming con en ion o he a ious componen s in ol ed in he AKA p ocedu e.
A. Coupon Based Solu ion (CBS)
This scheme p oposes one ime coupons o be ansmi ed ins ead o he IMSI [9]. Since, a coupon
is used only once, no co ela ion be ween he coupon and he co esponding IMSI can be ound by
an ad e sa y. These one ime coupons a e gene a ed a he HN and p o ided o he MS. Du ing an
au hen ica ion p ocess, hese one ime coupons a e ansmi ed by he MS p e ixed wi h he MCC
and he MNC. The associa ion be ween he coupons and he IMSI is main ained a he home
ne wo k's local da abase. Fo e e y new connec ion, he MS uses a new one ime coupon o
communica e wi h he SN. This coupon is hen o wa ded o he app op ia e HN along wi h he
eques o au hen ica ion da a. HN in u n, sends o he MS a new se o one ime coupons C1...Cn
o u u e connec ions along wi h he au hen ica ion da a.
B. PKI Based Solu ion (PBS)
A Public Key In as uc u e (PKI) based solu ion is also p oposed in [9]. In his solu ion, he MS
gene a es a andom alue and builds he ollowing bi sequence:
Seq=00001< andom alue>00<IMSI>
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
39
This bi sequence is hen enc yp ed wi h he HN's public key and is sen o he HN h ough he SN.
The enc yp ed bi sequence is used as an alias and is p e ixed wi h he MCC and he MNC. Each
ime he alias needs o be enewed, a new andom alue is gene a ed by he MS, and he
a o emen ioned p ocedu e is epea ed. A he HN's end, he IMSI is eco e ed om he alias.
C. Anonymous Numbe Based Solu ion (ANBS)
Ano he echnique ha is p oposed in [9] is an ex ension o UMTS-AKA, whe e bo h he HN and
he MS independen ly de i e one ime aliases called he In e na ional Mobile Anonymous Numbe
(IMAN). An IMAN is de i ed om he AK ha is gene a ed as a pa o UMTS-AKA, as ollows:
IMAN = MD5 (AK || SQN || RAND)
whe e MD5 is a hash unc ion and '||' deno es conca ena ion. The conca ena ion o he SQN and
RAND ensu es he eshness o he esul . Du ing he p o ocol low an IMAN is used o iden i y a
gi en MS, ins ead o he IMSI. A mapping be ween he mos ecen IMAN and he IMSI is
main ained a he MS. A he end o a success ul mu ual au hen ica ion p ocess, he MS upda es i s
IMAN. Like he o he p o ocols p oposed in [8], his p o ocol also needs MCC and MNC o be
p e ixed o an IMAN.
Figu e 5. S a es o he sys em: (a) ini ial (b) inal
D.
I
UIC
A mechanism called he Imp o ed Use Iden i y Con iden iali y (IUIC) is p oposed in [10]. In his
mechanism, anonymous icke s a e employed as aliases o he IMSI. The IMSI is ne e exposed
o e any in e ace including he wi ed pa h. The TMSI plays he same ole as in UMTS-AKA.
IUIC uses UMTS symme ic c yp og aphy algo i hms o ensu e anonymi y o icke s.
 A sepa a e module called Anonymous Ticke Manage Module (ATMM) is in oduced a he
HN o handle icke ela ed unc ions. The ATMM manages some o he key icke managemen
ope a ions such as:
 Mapping icke s and hei co esponding IMSI.
 Gene a ing new icke s o he MS and eleasing al eady used icke s.
 The assigned icke s should be unique, and hence a single icke should no be alloca ed o mo e
han one MS a a pa icula ins ance o ime. Also, he e should no be any logical ela ionship
be ween he anonymous icke s and he IMSI o an MS.
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
40
Two icke s, iz., TKa wi h in-use s a us and TKb wi h u u e-use s a us a e s o ed a bo h he MS
and he HN along wi h he IMSI (Figu e 5.a). The SN knows only he icke wi h in-use s a us
(TKa), and keeps he ela ion be ween TMSI and TKa in i s da abase. A TMSI iden i ies he MS
o he SN, whe eas a TKa iden i ies he MS o he HN. While sending a eques o
au hen ica ion da a, SN sends TKa o he HN ins ead o he IMSI. On eceip o such a eques ,
HN i s e ie es IMSI om TKa and hen con inues wi h i s no mal ope a ions.
Whene e a TMSI canno iden i y i s owne MS, o he ela ion be ween he TMSI and an
associa ed icke is los , a p ocess called Anonymous Ticke Exchange p ocedu e (ATEP) is
in oked. Du ing ATEP, he MS sends TKb o he SN. The SN empo a ily s o es TKb and
o wa ds a copy o i o he HN. Taking TKb as he pa ame e , he HN ob ains he nex ee icke
TKc and he co esponding IMSI om he Anonymous Ticke Manage Module (ATMM). The
ATMM hen ees TKa and se s TKb o in-use s a us and TKc o u u e-use s a us (Figu e. b). HN
hen gene a es he nex AV in he same way as in UMTS-AKA, excep ha TKc is XORed wi h
he AK ins ead o he SQN. The HN hen o wa ds he AV o he SN. The SN in u n sends he
challenge ex ac ed om he AV o he MS; in he p ocess TKc eaches he MS. MS hen se s
TKb o in-use and TKc o u u e-use s a us. Nex ime, when TMSI ails o iden i y an MS, TKc
can be used in place o he IMSI as explained abo e.
E.
P
P
3
WAKA
A p i acy p ese ing 3-way au hen ica ion and key ag eemen (PP3WAKA) p o ocol is p oposed
in [11] ha p o ec s use iden i y and loca ion da a om ea esd opping. I also p o ides loca ion
p i acy wi h espec o he HN. This p o ocol is de ised o deal wi h he ollowing p i acy ela ed
secu i y issues:
 Long Te m Secu i y Con ex : These secu i y con ex s a e based on oaming ag eemen s (SN-
HN) and se ice subsc ip ions (MS-HN).
 Medium Te m Secu i y Con ex : This con ex is es ablished dynamically on he basis o long
e m con ex s, and i includes he MS, SN and HN. The alidi y is es ic ed acco ding o a ea,
ime and usage pa e ns.
 Sho Te m Secu i y Con ex : This con ex is de i ed om he medium e m con ex . I
encompasses session key ma e ial. These con ex s a e sho li ed and will only ha e local
alidi y (MS-SN).
 Spa ial home con ol: HN may need o know i he MS is loca ed wi hin some Validi y A ea
(VA), bu no o he in o ma ion should be disclosed o he HN. To ge spa ial home con ol, he
HN mus de ine a VA o he oaming MS.
In his scheme, he long e m sha ed sec e key be ween he MS and he HN o ms a pa o he
long e m secu i y con ex . The PP3WAKA is an MS ini ia ed scheme. The MS ini ia es by
choosing a pseudo andom alue called he Con ex Re e ence Iden i y (CRID). CRID is chosen
such ha i has no co ela ion wi h he use ’s pe manen iden i y IMSI. The CRID ac s as common
(au hen ica ed) e e ence o he h ee pa y medium e m secu i y con ex and is alid o exac ly
one medium- e m 3-way secu i y con ex . Since he HN should be able o o wa d da a o he MS,
he HN is allowed o lea n he IMSI-CRID associa ion. The CRID-IMSI associa ion is o wa ded
o he HN wi hou disclosing he same o he SN. SN shall no lea n pe manen iden i y (IMSI), bu
will know ha HN acknowledges CRID.
Fo sho e m secu i y con ex , a local Tempo a y Alias Iden i y (TAID) is assigned by a SN
du ing a con iden iali y p o ec ed session. The TAID is used o paging and access eques
pu poses. The TAID should ideally be assigned o one ime use. The e should be no co ela ion
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
41
be ween CRID and TAID and amongs TAIDs. SN and MS know TAID-CRID associa ion. The
ollowing c yp og aphic algo i hms a e used o implemen a ion o he PP3WAKA p o ocol:
 Secu e Mul i-pa y Compu a ion (SMC): Wi h he help o his algo i hm, he SN is enabled o
ans e he MS's loca ion (x, y) in p o ec ed o m o he HN. The HN will no be able o lea n
he (x, y) loca ion, bu will be able o de e mine whe he he MS is wi hin he alidi y a ea by
unning a poin inclusion algo i hm.
 Iden i y Based Enc yp ion (IBE): This is an uncon en ional asymme ical c yp og aphic
me hod in which he e is no need o a p io dis ibu ion o digi al ce i ica es, he MS can en e
a new a ea and immedia ely cons uc and use he public id key. This allows o as se -up and
o imp o ed lexibili y in he con ex binding.
 De ie-Hellman Exchange: De ie-Hellman Exchange is used be ween he SN and he HN o
de i e he medium e m-secu i y con ex sha ed sec e . I may be no ed ha he DH-sec e is
ac ually used be ween he SN and he MS.
F.
G
SZV
A
LGORITHM
The GSZV algo i hm p oposed in [12][13] uses public key in as uc u e, public key ce i ica es
and sequence numbe s o i s p o ocol low. Public keys a e used o secu ed communica ion o
he messages, ce i ica es a e used o mu ual au hen ica ion, and sequence numbe s a e used o
a oid eplay a acks. The algo i hm p oceeds as ollows:
 MS sends he ollowing message o he SN:
msg1=E
SN
(CERT, E
HN
(SQN
MS
))
whe e CERT is he ce i ica e issued o he MS by he HN:
CERT = E
HN
((IMSI, Kp) C
HN
)
E
SN
(M) and E
HN
(M) indica es enc yp ion o a alue M wi h he public key o SN and HN
espec i ely; (M)C
SN
and (M)C
HN
indica es enc yp ion o M wi h he p i a e ce i ica ion
key o SN and HN espec i ely; SQN
MS
is he mos ecen sequence numbe a he MS; Kp
is he public key o he MS.
 SN dec yp s msg1 and disco e s he home add ess o he MS om he CERT. I hen
gene a es he ollowing message, which is ce i ied by i s p i a e ce i ica ion key and
enc yp ed wi h he HN's public key.
msg2=E
HN
{CERT, E
HN
(SQN
MS
), TMSI, SQN
SN
, C
SN
}
He e TMSI is he empo a y mobile subsc ibe iden i y gene a ed by he SN and SQN
SN
is
he sequence numbe main ained a he SN. msg2 is hen o wa ded o he HN.
 HN ex ac s he IMSI om he message and hence au hen ica es he MS. I hen composes
he ollowing eply:
msg3=E
SN
{SQN
MS
, TMSI} C
HN
, {SQN
HN
, KP} C
HN
The public key o he MS (KP) is eco e ed om he CERT.
 SN checks o he au hen ici y o he HN's signa u e. The SN hen sends he ollowing
message o he MS.
msg4=E
KP
{SQN
MS
, TMSI} C
HN
)
 MS dec yp s he message and alida es he digi al ce i ica e o he HN. MS hen o wa ds
he ollowing message back o he SN o mu ual au hen ica ion pu pose.
msg5=E
SN
(SQN
MS
)
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
48
 The unc ioning o he SN will be signi ican ly in luenced, as o ma o message used o
iden i y p esen a ion is di e en om UMTS-AKA.
 Since a bi sequence is p esen ed o he SN in lieu o he IMSI, end o end iden i y p i acy is
ensu ed in his scheme.
 Since he numbe o messages exchanged be ween he agen s in his p o ocol is same as 3GPP-
AKA, i ensu es communica ion e iciency.
PKI based echnique is-a- is h ea s:
 In his p o ocol, e e y bi sequence is p e ixed wi h he MCC and he MNC. This will enable an
ea esd oppe o de e mine he home ne wo k iden i y o a subsc ibe .
 A co up SN does no ha e a chance, as he IMSI is no sha ed wi h i .
 A Fake SN may equen ly eques he MS i s pe manen iden i y. This will make he MS
gene a e a andom alue e e y ime, which is hen enc yp ed wi h he HN's public key. Since
public key c yp og aphy is esou ce in ensi e, he MS will be kep engaged wi h his
c yp og aphic compu a ion a he han he ac ual se ice, esul ing in Denial o Se ice.
O.
A
NONYMOUS
N
UMBER
B
ASED
T
ECHNIQUE
Anonymous numbe based echnique is-a- is desi able ea u es.
 Calcula ion o a new IMAN alue a he MS is no compu a ionally in ensi e, since MD5
algo i hm ha ing low compu a ional equi emen is used in his p ocess [22][23].
 The abo e is no ue o he HN whe e ex a compu a ional cycles a e in oduced o check o
IMAN collisions.
 Since an IMAN is ansmi ed ins ead o he IMSI, he SN has o make adjus men s o
accommoda e he same.
 This scheme ensu es end o end iden i y p i acy, since he MSIN is ne e ansmi ed a any
s age o he communica ion be ween he MS and he HN.
 No ex a message is in oduced in his scheme compa ed o UMTS-AKA, he eby ensu ing
communica ion e iciency.
Anonymous numbe based echnique is-a- is h ea s.
 An IMAN is p e ixed wi h he MCC and he MNC, his may enable an ea esd oppe o
disco e he home ne wo k iden i y o a subsc ibe .
 Since he IMSI is no sha ed wi h he SN, a co up and a ake se ing ne wo k canno
comp omise he pe manen iden i y.
P.
I
UIC
IUIC is-a- is desi able ea u es:
 In his scheme, he MS's addi ional esponsibili y is o s o e he oken ha is ecei ed om he
p e ious icke exchange p ocedu e and o ansmi i in place o he IMSI when equi ed. Thus,
e y li le compu a ional o e head is imposed on he MS.
 Al hough conside able compu a ional o e head is imposed a he HN due o in oduc ion o he
ATMM, he same may be conside ed o be insigni ican conside ing he compu a ional
capabili y o he HN.
 The p o ocol in oduces adjus men s on all he agen s including he SN
 End o end iden i y p i acy is ensu ed in his p o ocol, as he pe manen iden i y is ne e
ansmi ed a any s age o he p o ocol low.
 The numbe o message exchange in ol ed in his solu ion is same as ha o UMTS-AKA.
Thus, we in e ha his solu ion achie es communica ion e iciency.

In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
49
IUIC is-a- is h ea s.
 In his p o ocol, e e y oken should be p e ixed wi h he MCC and he MNC. This p o ides
scope o an ea esd oppe o comp omise he home ne wo k iden i y o a subsc ibe .
 Since okens a e ansmi ed ins ead o he IMSI, a co up and a ake se ing ne wo k canno
comp omise he pe manen iden i y.
Q.
P
P
3
WAKA
PP3WAKA is-a- is desi able ea u es.
 Due o he use o p ocesso in ensi e c yp og aphic algo i hms, he compu a ional o e head
in oduced a he MS and he HN is e y high.
 The solu ion is o ally di e en om he s a e o he a secu i y a chi ec u e. Thus, he SN will
ha e ull impac i he solu ion has o be adop ed in place o he cu en secu i y p o ocol.
 End o end iden i y p i acy is achie ed in his solu ion, as he IMSI is no sha ed wi h any
in e media y elemen s including he SN.
 The numbe s o messages exchanged in his solu ion is mo e han ha o UMTS-AKA. Thus,
we in e ha his solu ion is no as e icien as UMTS-AKA in e ms o communica ion.
PP3WAKA is-a- is h ea s.
 In he i s message o he au hen ica ion p ocedu e, he MS sends he home ne wo ks iden i y
o he SN h ough he adio link in clea ex . This lea es scope o ad e sa ies o ea esd op and
comp omise he home ne wo k iden i y o he MS.
 A co up and a ake se ing ne wo k do no ha e any chance, as he pe manen iden i y is
ne e ansmi ed by he MS.
 A Fake SN may eques he MS o ini ia e an au hen ica ion p ocess. The MS in eply gene a es
a message ha is secu ed wi h he public key, and o wa ds i o he SN. Th ough his exe cise
he Fake SN canno achie e much in e ms o comp omised in o ma ion, bu can easily
gene a e many such eques s o he MS ha will be enough o keep he MS busy wi h
compu a ionally in ensi e c yp og aphic calcula ions. This may esul in denial o egula
cellula se ices ha he MS has subsc ibed o.
R.
G
SZV
GSZV is-a- is desi able ea u es:
 Being a public key in as uc u e based algo i hm, he MS and he HN a e imposed wi h ex a
o e head.
 The SN is also expec ed o pa icipa e in he p o ocol implemen a ion.
 End o end iden i y p i acy is achie ed by his p o ocol as IMSI is no ansmi ed h oughou
he en i e pa h be ween he MS and he HN.
 The numbe o message exchange in his solu ion is same as ha o UMTS-AKA. Thus, we
conclude ha i achie es communica ion e iciency.
GSZV is-a- is h ea s:
 This p o ocol p o ec s he home ne wo k iden i y o m ea esd oppe s in he adio pa h by
p o ec ing he IMSI h ough he use o public key c yp og aphy.
 As he IMSI is no sha ed wi h he SN, a co up SN does no ha e any chance.
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
50
 A Fake SN may eques he MS o ini ia e an au hen ica ion p ocess. The MS in eply gene a es
a message ha is secu ed wi h he public key, and o wa ds i o he SN. Th ough his exe cise
he Fake SN canno achie e much in e ms o comp omised in o ma ion, bu can easily
gene a e many such eques s o he MS ha will be enough o keep he MS busy wi h
compu a ionally in ensi e c yp og aphic calcula ions. This may esul in denial o egula
cellula se ices ha he MS has subsc ibed o.
Table III. Iden i y p i acy ensu ing solu ions in e ms o obus ness agains h ea s
.
Solu ion Ea esd opping DoS Co up SN Fake SN
CBS × × √ ×
PBS × × √ ×
ANBS × √ √ √
IUIC × √ √ √
PP3WAKA × × √ ×
GSZV √ × × ×
AIRAM √ × × ×
HAAP × √ √ √
E2EUIC × √ √ √
3GPP-AKA wi h
IP × √ × √
S.
A
IRAM
Since his algo i hm is p oposed as an imp o emen o e GSZV, mos o i s ea u es a e same as
GSZV. The only di e ence being he ac ha he SN is con ided wi h he long e m sha ed sec e
key be ween he MS and he HN by he HN. Such a le el o us shown on he SN is no p ac ical
and may be conside ed as a se ious secu i y loophole.
T.
H
AAP
HAAP is-a- is desi able ea u es:
 In his scheme, public key c yp og aphy is used o communica ion be ween he MS and he
SN. Thus ex a compu a ional o e head will be imposed a he MS.
 Communica ion be ween he MS and he HN elies on symme ic key. Thus he c yp og aphic
calcula ions imposed a he HN may be conside ed negligible.
 The p o ocol low is di e en om UMTS-AKA and hus needs conside able change a he SN.
 The IMSI is no ansmi ed in clea ex in he en i e pa h be ween he MS and he HN. Thus
end o end iden i y p i acy is ensu ed.
 This p o ocol achie es i s objec i es wi h less numbe o messages compa ed o UMTS-AKA
and hus, we conside i o be an e icien solu ion in e ms o communica ion.
HAAP is-a- is h ea s:
 Du ing au hen ica ion, he MS sends he home ne wo k iden i y (IDH) in plain ex o he SN.
This lea es scope o ad e sa ies o ea esd op and comp omise he home ne wo k iden i y o
he MS (Type II ulne abili y).
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
51
 As he ansmission o he pe manen iden i y is eplaced by empo a y iden i ies, his p o ocol
is obus agains co up and ake SNs.
U.
E2
EUIC
E2EUIC is-a- is desi able ea u es:
 Minimal o e head o s o age and ansmission o he RIC a a la e ime is imposed a he MS.
 The bu den o gene a ion and main enance o RIC is in oduced a he HN. Conside ing he
sound p ocessing capabili y o he HN, his may be conside ed insigni ican .
 Since he o ma o he messages does no change compa ed o UMTS-AKA, he e is no impac
on he unc ionali y o he SN.
 End o end iden i y p i acy is achie ed, as he knowledge o he IMSI is no sha ed wi h anyone
excep he MS and he HN.
 Since he numbe o messages exchanged in his p o ocol is same as UMTS-AKA we may in e
ha he p o ocol ensu es communica ion e iciency.
E2EUIC is-a- is h ea s:
 The Dynamic Mobile Subsc ibe Iden i y ha is ansmi ed in place o he In e na ional Mobile
Subsc ibe Iden i y is p e ixed wi h he MCC and he MNC o he HN. This p o ides scope o
ad e sa ies o ea esd op and comp omise he home ne wo k iden i y o he MS.
 A co up / ake SN does no ha e a chance as he IMSI is no ansmi ed in any si ua ion.
V.
3GPP-AKA
W
ITH
I
DENTITY
P
ROTECTION
3GPP-AKA wi h Iden i y P o ec ion is-a- is desi able ea u es:
 As simple one way hash unc ions a e used o enc yp ion/dec yp ion o he IMSI, minimal
o e head is imposed a he MS and he HN.
 The e ec o mig a ion o his p o ocol will impac he SN, since new message o ma s and
p o ocol low is in oduced.
 Since IMSI is ansmi ed eely be ween he SN and he HN and as such we may conclude ha
end o end iden i y p i acy ea u e is no sa is ied.
 The numbe o messages exchanged in his p o ocol is mo e compa ed o UMTS-AKA.
3GPP-AKA wi h Iden i y P o ec ion is-a- is h ea s:
 Since he home ne wo k iden i y o he MS is ansmi ed o e he adio link in clea ex , an
ea esd oppe may easily comp omise he home ne wo k iden i y o he MS.
 In his p o ocol he IMSI o a MS is sha ed wi h he SN. This makes he pe manen iden i y o a
MS ulne able o Co up Se ing Ne wo ks.
9.
C
ONCLUSION AND
F
UTURE
W
ORK
Iden i y p i acy is a c ucial secu i y issue in cellula ne wo ks. The cu en au hen ica ion and key
ag eemen p o ocol adop ed by UMTS does no assu e pe ec iden i y p i acy. A selec ion o
p oposed solu ions owa ds s eng hening iden i y p i acy in UMTS we e analysed in his pape .
The same could be use ul in p o iding a backg ound in o mula ing a s ong iden i y p i acy
ensu ing solu ion. Though many schemes and p o ocols ha e been p oposed o s eng hen iden i y
p i acy, each o hem is inep in ul illing all he iden i y p i acy ela ed equi emen s a he same
ime. Thus, none o he p oposed s a egies could be adop ed con incingly o s eng hen he
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
52
condi ion o iden i y p i acy in cellula ne wo ks. As a esul , he s a us o iden i y p i acy emains
as i ea lie used o be in UMTS. E en nex gene a ion cellula ne wo k echnologies like 3GPP-
WLAN in e wo king, LTE and non 3GPP o EPS in e wo king a e unable o achie e any majo
b eak h ough. The e o e, an open issue is o de elop a single scheme ha ul ils majo i y o he
iden i y p i acy ela ed equi emen s. While designing such a solu ion adhe ence o some o he
impo an ea u es like less o e head on he ne wo k componen s, end o end use iden i y p i acy,
lea ing ou he se ing ne wo k om mig a ion, e c., will be i al o i s success. I is also
impe a i e ha while ying o add ess he issue o iden i y p i acy, he solu ions should s ee clea
o in oducing any addi ional ulne abili y. A ailu e o do so would p o ide oppo uni ies o
ad e sa ies, which in he i s place such solu ions a e ying o nulli y.
R
EFERENCES
[1] G. Koien, “An in oduc ion o access secu i y in um s”, IEEE Wi eless Communica ions, Vol. 11,
Issue. 1, pp. 8–18, 2014.
[2] C. Xenakis, L. Me akos, “Secu i y in hi d gene a ion mobile ne wo ks”, Compu e communica ions,
Vol. 27, Issue. 7, pp. 638–650, 2014
[3] M. Khan, A Ahmed, A Cheema, “Vulne abili ies o um s access domain secu i y a chi ec u e” In he
p oceedings o Nin h IEEE ACIS In e na ional Con e ence on So wa e Enginee ing, A i icial
In elligence, Ne wo king, and Pa allel/Dis ibu ed Compu ing, pp. 350–355, 2008
[4] Y. Zhang, J. Zheng, M. Ma, “Handbook o esea ch on wi eless secu i y”, In o ma ion Science
Re e ence-Imp in o : IGI Publishing, 2008.
[5] M. Zhang, “Adap i e p o ocol o en i y au hen ica ion and key ag eemen in mobile ne wo ks”. In
he p oceedings o In o ma ion Secu i y and C yp ology, pp. 166–183, 2004
[6] M. Zhang, Y. Fang, “Secu i y analysis and enhancemen s o 3gpp au hen ica ion and key ag eemen
p o ocol”, IEEE T ansac ions Wi eless Communica ions, Vol. 4, Issue. 2, pp. 734-742, 2005
[7] G. Ca l, G Kesidis, R B ooks, S Rai, “Denial-o -se ice a ack-de ec ion echniques”, IEEE In e ne
Compu ing, Vol. 10, Issue. 1, pp. 82–89, 2006
[8] S.A.A unmozhi, Y.Venka a amani, “DDoS A ack and De ense Scheme in Wi eless Ad hoc
Ne wo ks”, In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA), Vol.3, Issue.3, pp.
182-187, 2011
[9] M. Ba beau, J. Robe , “Pe ec iden i y concealmen in um s o e adio access links”, In he
p oceedings o IEEE Wi eless And Mobile Compu ing, Ne wo king And Communica ions, ol. 2, pp.
72-77, 2005
[10] B. Sa a zadeh, M. Asadpou , R. Jalili, “Imp o ed use iden i y con iden iali y o um s mobile
ne wo ks”, In he p oceedings o IEEE ou h Eu opean Con e ence on Uni e sal Mul ise ice
Ne wo ks, pp. 401-409, 2007
[11] G. Køien, V. Oleshchuk, “Loca ion p i acy o cellula sys ems; analysis and solu ion”, P i acy
Enhancing Technologies, Sp inge , pp. 40-58, 2006
[12] G. Godo , B Va adi, S. Im e, “No el au hen ica ion algo i hm o u u e ne wo ks”. In p oceedings o
IEEE In e na ional Con e ence on Mobile Communica ions and Lea ning Technologies, pp. 80-80,
2006
[13] G. Godo , S. Im e, “No el au hen ica ion algo i hm – public key based c yp og aphy in mobile phone
sys ems”, IJCSNS, Vol. 6, Issue. 2B, pp. 126, 2006
In e na ional Jou nal o Ne wo k Secu i y & I s Applica ions (IJNSA) Vol. 11, No.2, Ma ch 2019
53
[14] M. Na eed, A. Minhas, J. Ahmad, “Imp o ed au hen ica ion algo i hm o um s”, In he p oceedings
o he In e na ional Con e ence on Hyb id In o ma ion Technology, ACM, pp. 327-332, 2009
[15] M. Al-Fayoumi, S Nashwan, S. Youse , A. Alzoubaidi, “A new hyb id app oach o
symme ic/asymme ic au hen ica ion p o ocol o u u e mobile ne wo ks”, In he p oceedings o
hi d IEEE In e na ional Con e ence on Wi eless and Mobile Compu ing, Ne wo king and
Communica ions, 2007, pp. 29-29, 2007
[16] H. Choudhu y, B. Roychoudhu y, D. Saikia, “End- oend use iden i y con iden iali y o um s
ne wo ks” In he p oceedings o 3 d IEEE In e na ional Con e ence on Compu e Science and
In o ma ion Technology, Vol. 2, pp. 46-50, 2010
[17] H. Choudhu y, B. Roychoudhu y, D. Saikia, “Um s use iden i y con iden iali y: An end- o-end
solu ion”, In he p oceedings o eigh h IEEE In e na ional Con e ence on Wi eless and Op ical
Communica ions Ne wo ks, pp. 1-6, 2011
[18] W. Juang, J. Wu, “E icien 3gpp au hen ica ion and key ag eemen wi h obus use p i acy
p o ec ion” In he p oceedings o IEEE Wi eless Communica ions and Ne wo king Con e ence, pp.
2720-2725, 2007
[19] B. Schneie , P. Su he land, “Applied c yp og aphy: p o ocols, algo i hms, and sou ce code in C”,
John Wiley & Sons, Inc., 1995.
[20] J. Edney, W. A baugh,. “Real 802.11 secu i y: Wi-Fi p o ec ed access and 802.11 i”, Addison-Wesley
P o essional, 2004
[21] T. Ha djono, L. Donde i, “Secu i y in wi eless lans & mans”, A ech House Compu e Secu i y, 2005
[22] P. Ganesan, R. Venugopalan, P. Peddabachaga i, A. Dean, F. Muelle , M. Sichi iu, “Analyzing and
modelling enc yp ion o e head o senso ne wo k nodes”, In p oceedings o he 2nd ACM
in e na ional con e ence on Wi eless senso ne wo ks and applica ions, ACM, pp. 151-159, 2003
[23] W. F eeman, E. Mille . “An expe imen al analysis o c yp og aphic o e head in pe o mance-c i ical
Sys ems”, In he p oceedings o 7 h IEEE In e na ional Symposium on Modelling, Analysis and
Simula ion o Compu e and Telecommunica ion Sys ems, pp. 348-357, 1999