spec: end to end enc
This commit is contained in:
parent
18bf9bb185
commit
cbe90581ed
|
@ -359,7 +359,9 @@ and related branches for IMSI pseudonymization can be found at the above URL as
|
|||
well.
|
||||
|
||||
== Recommendations for Real-World Implementations
|
||||
|
||||
=== BCCH SI3: ATT = 0
|
||||
|
||||
When changing from one pseudonymous IMSI to the next, it is important that the
|
||||
ME does not detach from the network. Otherwise it would be trivial for an
|
||||
attacker to correlate the detach with the attach of the same ME with the next
|
||||
|
@ -372,6 +374,17 @@ message on the Broadcast Control Channel (BCCH), see 3GPP TS 44.018 Section
|
|||
// FIXME: verify how it set with operators in germany (OS#4404)
|
||||
|
||||
=== End to End Encryption of SMS
|
||||
|
||||
When deploying the IMSI pseudonymization, the operator should make sure that
|
||||
the next pseudonymous IMSI SMS (<<sms-structure>>) cannot be read or modified
|
||||
by third parties. Otherwise, the next pseudonymous IMSI is leaked, and if the
|
||||
pseudonymous IMSI in the SMS was changed, the SIM would be locked out of the
|
||||
network.
|
||||
|
||||
The safest way to protect the next pseudonymous IMSI SMS is a layer of end to
|
||||
end encryption from the HLR to the SIM. It was considered for this
|
||||
specification, but found to be out of scope.
|
||||
|
||||
[[warn-no-imsi-change]]
|
||||
=== Warning the User if the IMSI Does Not Change
|
||||
=== User-configurable Minimum Duration Between IMSI Changes
|
||||
|
|
Loading…
Reference in New Issue