1 |
b9fc075b
|
Oliver Smith
|
# [WIP] Make IMSI Pseudonymization an optional extension of 3GPP TS
|
2 |
|
|
|
3 |
|
|
Optional additions we need to make, and where to make them:
|
4 |
|
|
|
5 |
|
|
* Initial provisioning of the SIM: can optionally have a pseudo IMSI
|
6 |
|
|
* During location update, the HLR uses the pseudo IMSI for all communication
|
7 |
|
|
with the VLR / MSC
|
8 |
|
|
* After successful location update:
|
9 |
|
|
* HLR deallocates a subscriber's previous pseudo IMSI, if it exists, and the
|
10 |
|
|
subscriber has done the location update with the newer pseudo IMSI entry.
|
11 |
|
|
This is the case, if the SIM applet acknowledged the new pseudo IMSI, but
|
12 |
|
|
its ACK SMS did not arrive at the HLR. There are at most two pseudo IMSIs
|
13 |
|
|
allocated for one subscriber.
|
14 |
|
|
* If there is just one pseudo IMSI for the subscriber (no new pseudo IMSI to
|
15 |
|
|
switch to), the HLR allocates a new pseudo IMSI, and increases the
|
16 |
|
|
session_id by one for that new pseudo IMSI, compared to the last pseudo
|
17 |
|
|
IMSI.
|
18 |
|
|
* The HLR sends the new pseudo IMSI, and the associated session_id, to the
|
19 |
|
|
SIM via SMS. No matter, if the new pseudo IMSI was just created, or if it
|
20 |
|
|
existed already.
|
21 |
|
|
* The SIM applet checks, if the session_id is greater than the one that it
|
22 |
|
|
has stored, and rejects the SMS otherwise. If the session_id is fine, it
|
23 |
|
|
overwrites the SIM's IMSI and session_id with the new data. Then the SIM
|
24 |
|
|
sends an ACK packet back to the HLR, containing both the new session_id and
|
25 |
|
|
the new pseudo IMSI.
|
26 |
|
|
* The HLR verifies the session_id and pseudo IMSI in the ACK packet, discards
|
27 |
|
|
the packet if it doesn't know both. If it was not discarded, the HLR
|
28 |
|
|
deallocates the old pseudo IMSI.
|
29 |
|
|
* When allocating and deallocating pseudo IMSIs, the HLR flushes information in
|
30 |
|
|
the VLR related to them, so an old TMSI does not point to the wrong pseudo
|
31 |
|
|
IMSI.
|
32 |
d79601db
|
Oliver Smith
|
* The SIM applet registers EVENT_DOWNLOAD_LOCATION_STATUS, uses it to count the
|
33 |
|
|
location updates that were done with the same pseudo IMSI, and warns the user
|
34 |
|
|
if the pseudo IMSI did not change over several location updates. This means,
|
35 |
|
|
that for some reason, the SMS from the HLR are not arriving (e.g. because an
|
36 |
|
|
attacker is blocking them).
|
37 |
b9fc075b
|
Oliver Smith
|
|
38 |
|
|
TODO:
|
39 |
|
|
* extend the list above with the exact sections of the spec, where the new
|
40 |
|
|
information should be placed
|
41 |
|
|
* Is there a spec for SIM applets, or do we put the SIM applet behaviour in the
|
42 |
|
|
regular spec for SIM cards, or mention its behavior in the location update
|
43 |
|
|
related change?
|
44 |
d79601db
|
Oliver Smith
|
* describe everything in detail, fill in the full contents for the SMS etc.
|