Revision 0ee12879
Added by osmith about 4 years ago
| README.md | ||
|---|---|---|
| 27 | 27 |
|
| 28 | 28 |
## In Detail |
| 29 | 29 |
|
| 30 |
1. Provisioning the SIM |
|
| 30 |
### 1. Provisioning the SIM
|
|
| 31 | 31 |
|
| 32 | 32 |
The HLR allocates a new pseudo IMSI as random choice from the pool of available |
| 33 | 33 |
IMSIs. The pseudo IMSI must not be used by any other subscriber as pseudo IMSI, |
| ... | ... | |
| 41 | 41 |
The pseudo IMSI is saved to the SIM as IMSI, instead of the real IMSI. The SIM |
| 42 | 42 |
is also provisioned with the IMSI pseudonymization applet. |
| 43 | 43 |
|
| 44 |
2. Successful Location Update with pseudo IMSI |
|
| 44 |
### 2. Successful Location Update with pseudo IMSI
|
|
| 45 | 45 |
|
| 46 | 46 |
a) If this was the first Location Update after provisioning the SIM, the |
| 47 | 47 |
subscriber has only one pseudo IMSI allocated. The HLR waits for some time. |
| ... | ... | |
| 77 | 77 |
IMSI. The HLR deallocates the old pseudo IMSI and sends a Purge MS request to |
| 78 | 78 |
the VLR with the old pseudo IMSI. Then the HLR proceeds like in a). |
| 79 | 79 |
|
| 80 |
3. Arrival of the SMS |
|
| 80 |
### 3. Arrival of the SMS
|
|
| 81 | 81 |
|
| 82 | 82 |
The SIM applet verifies, that imsi_pseudo_i is higher than the last |
| 83 | 83 |
imsi_pseudo_i it has seen (initially: 0). If that is not the case, it discards |
| ... | ... | |
| 102 | 102 |
The imsi_pseudo_i counter will not be higher than the value the SIM applet |
| 103 | 103 |
already knows. Therefore, the applet will discard the message. |
| 104 | 104 |
|
| 105 |
## Warning the user if SMS don't arrive |
|
| 105 |
### Warning the user if SMS don't arrive
|
|
| 106 | 106 |
|
| 107 | 107 |
An attacker could possibly block the SMS from arriving at the SIM applet. In |
| 108 | 108 |
that case, the SIM would continue using the old pseudo IMSI indefinitely. |
| ... | ... | |
| 111 | 111 |
applet, and warn the user if the same pseudo IMSI has been used more than N |
| 112 | 112 |
(e.g. 5) times. |
| 113 | 113 |
|
| 114 |
## End2end encryption |
|
| 114 |
### End2end encryption
|
|
| 115 | 115 |
|
| 116 | 116 |
When deploying the IMSI pseudonymization, the operator should make sure that |
| 117 | 117 |
the pseudo IMSI related SMS between the HLR and the SIM cannot be read or |
Also available in: Unified diff
README.md: use headlines