Revision a281464e
Added by osmith about 4 years ago
docs/imsi-pseudo-spec.adoc | ||
---|---|---|
7 | 7 |
A long-standing issue in the 3GPP specifications is, that mobile phones and |
8 | 8 |
other mobile equipment (ME) have to send the International Mobile Subscriber |
9 | 9 |
Identity (IMSI) unencrypted over the air. Each IMSI is a unique identifier for |
10 |
the subscriber Therefore most people can be uniquely identified by recording the
|
|
11 |
IMSI that their ME is sending. The 3GPP specifications provide means for |
|
10 |
the subscriber. Therefore most people can be uniquely identified by recording
|
|
11 |
the IMSI that their ME is sending. The 3GPP specifications provide means for
|
|
12 | 12 |
implementations to send the IMSI less often by using the Temporary Mobile |
13 | 13 |
Subscriber Identity (TMSI) where possible. |
14 | 14 |
|
... | ... | |
365 | 365 |
the HLR has both the old and the new pseudonymous IMSI allocated at this point, |
366 | 366 |
the subscriber is not locked out of the network. |
367 | 367 |
|
368 |
=== Next Pseudonymous IMSI SMS arrives out of order
|
|
368 |
=== Next Pseudonymous IMSI SMS Arrives Out of Order
|
|
369 | 369 |
|
370 | 370 |
The next pseudonymous IMSI SMS may arrive out of order. Either, because the |
371 | 371 |
network is not able to deliver them in order, or even because an attacker would |
... | ... | |
402 | 402 |
network. |
403 | 403 |
|
404 | 404 |
The safest way to protect the next pseudonymous IMSI SMS is a layer of end to |
405 |
end encryption from the HLR to the SIM. The existing means for OTA SMS security
|
|
406 |
(3GPP TS 23.048) provide mechanisms for integrity protection, confidentiality
|
|
407 |
as well as replay protection and must be implemented when using IMSI
|
|
408 |
pseudonymization. |
|
405 |
end encryption from the HLR to the SIM. The existing means for OTA SMS |
|
406 |
security (3GPP TS 23.048) provide mechanisms for integrity protection,
|
|
407 |
confidentiality as well as replay protection and must be implemented when using
|
|
408 |
IMSI pseudonymization.
|
|
409 | 409 |
|
410 | 410 |
=== User-configurable Minimum Duration Between IMSI Changes |
411 | 411 |
|
Also available in: Unified diff
spec: minor fixes, wrap text