42 lines
1.7 KiB
Plaintext
42 lines
1.7 KiB
Plaintext
= Specification for IMSI Pseudonymization on the Radio Interface for 2G and Above
|
|
|
|
== Introduction
|
|
|
|
A long-standing issue in the 3GPP specifications is, that mobile phones and
|
|
other mobile equipment (ME) have to send the International Mobile Subscriber
|
|
Identity (IMSI) unencrypted over the air. Each IMSI is uniquely identifying the
|
|
person who bought the associated Subscriber Identity Module (SIM) used in the
|
|
ME. Therefore most people can be uniquely identified by recording the IMSI that
|
|
their ME is sending. Efforts are made in the 2G and above specifications to
|
|
send the IMSI less often, and where possible use the Temporary Mobile
|
|
Subscriber Identity (TMSI) instead.
|
|
|
|
But this is not enough. So-called IMSI catchers were invented and are used to
|
|
not only record IMSIs when they have to be sent. But also to force ME to send
|
|
their IMSI by immitating a Base Transceiver Station (BTS). IMSI catchers have
|
|
become small and affordable, even criminals actors without much budget can use
|
|
them to track anybody with a mobile phone.
|
|
|
|
The solution presented in this document is to periodically change the IMSI of
|
|
the ME to a new pseudonymous IMSI allocated by the Home Location Register (HLR)
|
|
or Home Subscriber Service (HSS). The only component that needs to be changed
|
|
in the network besides the SIM is the HLR/HSS, therefore it should be possible
|
|
for a Mobile Virtual Network Operator (MVNO) to deploy this privacy
|
|
enhancement.
|
|
|
|
== Location Update
|
|
|
|
=== Regular
|
|
|
|
=== With Pseudonymous IMSI
|
|
|
|
== Implementation Notes
|
|
|
|
=== Source Code for Reference Implementation
|
|
|
|
=== Warning the User if the IMSI Does Not Change
|
|
|
|
=== End to End Encryption of SMS
|
|
|
|
=== User-configurable Minimum Duration Between IMSI Changes
|