The growing dependence of societies on mobile phones in social interactions and communications makes individuals potential targets to security attacks. Moreover, the number of sources and targets of these attacks are growing fast day after day. Not only has the advancement of compromising tools designated for intercepting, interpreting, and injecting messages exchanged in cellular networks complicated the task of protection mechanisms against security attacks but also made performing such attacks much easier than ever. One of the security attacks that target users of cellular networks today is the privacy attack, in which the malicious third party illegally attempts to track and amass profiles about individuals in cellular networks. Thus it is obvious that a reliable scheme to protect users’ privacy in cellular networks is necessary.
This thesis focuses on privacy aspects of users in the 4th generation networks, Long Term Evolution (LTE). In particular, this thesis consider in user privacy at identity and location levels. The goal of the research is to identify possible security threats to privacy of users and to propose a scheme to protect user privacy in the context of LTE networking. The main focus of the research is on the Authentication and Key Agreement (AKA) procedure, the paging procedure, and the allocation procedures of the pseudonyms TMSI and C-RNTI in LTE.
The thesis includes an evaluation of the AKA procedure, the paging procedure, the allocation procedures of the pseudonyms TMSIs and C-RNTIs and a proposal for the enhancement of privacy-preserving capabilities of the LTE architecture. The resulting scheme is based on introducing of pseudonyms that replaces the user permanent identifier (IMSI) and on enhancing the characteristics of user privacy and the allocation procedures, the pseudonyms (TMSIs and C-RNTIs).
The proposed scheme provides secure and effective identity management in respect to the protection of user privacy in LTE networks with an adequate assurance of anonymity, unlinkability, and traceability of users.
عنوان الرسالة
الملخص