spec: end to end enc

This commit is contained in:
Oliver Smith 2020-04-08 15:38:29 +02:00
parent 18bf9bb185
commit cbe90581ed
1 changed files with 13 additions and 0 deletions

View File

@ -359,7 +359,9 @@ and related branches for IMSI pseudonymization can be found at the above URL as
well.
== Recommendations for Real-World Implementations
=== BCCH SI3: ATT = 0
When changing from one pseudonymous IMSI to the next, it is important that the
ME does not detach from the network. Otherwise it would be trivial for an
attacker to correlate the detach with the attach of the same ME with the next
@ -372,6 +374,17 @@ message on the Broadcast Control Channel (BCCH), see 3GPP TS 44.018 Section
// FIXME: verify how it set with operators in germany (OS#4404)
=== End to End Encryption of SMS
When deploying the IMSI pseudonymization, the operator should make sure that
the next pseudonymous IMSI SMS (<<sms-structure>>) cannot be read or modified
by third parties. Otherwise, the next pseudonymous IMSI is leaked, and if the
pseudonymous IMSI in the SMS was changed, the SIM would be locked out of the
network.
The safest way to protect the next pseudonymous IMSI SMS is a layer of end to
end encryption from the HLR to the SIM. It was considered for this
specification, but found to be out of scope.
[[warn-no-imsi-change]]
=== Warning the User if the IMSI Does Not Change
=== User-configurable Minimum Duration Between IMSI Changes