Revision 0ee12879
Added by osmith about 4 years ago
README.md | ||
---|---|---|
27 | 27 |
|
28 | 28 |
## In Detail |
29 | 29 |
|
30 |
1. Provisioning the SIM |
|
30 |
### 1. Provisioning the SIM
|
|
31 | 31 |
|
32 | 32 |
The HLR allocates a new pseudo IMSI as random choice from the pool of available |
33 | 33 |
IMSIs. The pseudo IMSI must not be used by any other subscriber as pseudo IMSI, |
... | ... | |
41 | 41 |
The pseudo IMSI is saved to the SIM as IMSI, instead of the real IMSI. The SIM |
42 | 42 |
is also provisioned with the IMSI pseudonymization applet. |
43 | 43 |
|
44 |
2. Successful Location Update with pseudo IMSI |
|
44 |
### 2. Successful Location Update with pseudo IMSI
|
|
45 | 45 |
|
46 | 46 |
a) If this was the first Location Update after provisioning the SIM, the |
47 | 47 |
subscriber has only one pseudo IMSI allocated. The HLR waits for some time. |
... | ... | |
77 | 77 |
IMSI. The HLR deallocates the old pseudo IMSI and sends a Purge MS request to |
78 | 78 |
the VLR with the old pseudo IMSI. Then the HLR proceeds like in a). |
79 | 79 |
|
80 |
3. Arrival of the SMS |
|
80 |
### 3. Arrival of the SMS
|
|
81 | 81 |
|
82 | 82 |
The SIM applet verifies, that imsi_pseudo_i is higher than the last |
83 | 83 |
imsi_pseudo_i it has seen (initially: 0). If that is not the case, it discards |
... | ... | |
102 | 102 |
The imsi_pseudo_i counter will not be higher than the value the SIM applet |
103 | 103 |
already knows. Therefore, the applet will discard the message. |
104 | 104 |
|
105 |
## Warning the user if SMS don't arrive |
|
105 |
### Warning the user if SMS don't arrive
|
|
106 | 106 |
|
107 | 107 |
An attacker could possibly block the SMS from arriving at the SIM applet. In |
108 | 108 |
that case, the SIM would continue using the old pseudo IMSI indefinitely. |
... | ... | |
111 | 111 |
applet, and warn the user if the same pseudo IMSI has been used more than N |
112 | 112 |
(e.g. 5) times. |
113 | 113 |
|
114 |
## End2end encryption |
|
114 |
### End2end encryption
|
|
115 | 115 |
|
116 | 116 |
When deploying the IMSI pseudonymization, the operator should make sure that |
117 | 117 |
the pseudo IMSI related SMS between the HLR and the SIM cannot be read or |
Also available in: Unified diff
README.md: use headlines