Revision 4d3277f0
Added by osmith about 4 years ago
docs/imsi-pseudo-spec.adoc | ||
---|---|---|
303 | 303 |
Because the SIM applet cannot decide the next pseudonymous IMSI, it would have |
304 | 304 |
the same pseudonymous IMSI for a long time. Then it could become feasible for |
305 | 305 |
an attacker to track the subscriber by their pseudonymous IMSI. Therefore the |
306 |
SIM applet should warn the subscriber if the pseudonymous IMSI does not change.
|
|
306 |
SIM applet must warn the subscriber if the pseudonymous IMSI does not change.
|
|
307 | 307 |
|
308 | 308 |
The SIM applet registers to EVENT_EVENT_DOWNLOAD_LOCATION_STATUS (3GPP TS |
309 | 309 |
03.19, Section 6.2) and increases `imsi_pseudo_lu` by 1 when the event is |
... | ... | |
428 | 428 |
See <<hlr-imsi-pseudo-i>>. |
429 | 429 |
|
430 | 430 |
MIN_SLEEP_TIME: 32 bits:: |
431 |
Amount of seconds, which the SIM applet should wait before changing to the new
|
|
431 |
Amount of seconds, which the SIM applet must wait before changing to the new
|
|
432 | 432 |
pseudonymous IMSI. Since it is unclear when the SMS will arrive (ME might be |
433 | 433 |
turned off), this is a minimum amount. |
434 | 434 |
|
... | ... | |
437 | 437 |
pseudonymous IMSI. |
438 | 438 |
|
439 | 439 |
PAD: 8 bits:: |
440 |
Padding at the end, should be filled with 1111 as in the TBCD specification.
|
|
440 |
Padding at the end, must be filled with 1111 as in the TBCD specification.
|
|
441 | 441 |
|
442 | 442 |
<<< |
443 | 443 |
== Error Scenarios |
... | ... | |
482 | 482 |
|
483 | 483 |
=== End to End Encryption of SMS |
484 | 484 |
|
485 |
When deploying the IMSI pseudonymization, the operator should make sure that
|
|
485 |
When deploying the IMSI pseudonymization, the operator must make sure that
|
|
486 | 486 |
the next pseudonymous IMSI SMS (<<sms-structure>>) cannot be read or modified |
487 | 487 |
by third parties. Otherwise, the next pseudonymous IMSI is leaked, and if the |
488 | 488 |
pseudonymous IMSI in the SMS was changed, the SIM/USIM would be locked out of the |
Also available in: Unified diff
spec: replace should with must
Make it clear that statements like 'the operator should make sure that the
next pseudonymous IMSI SMS cannot be read or modified by third parties'
are not recommendations, but requirements for this specification to
work.