Project

General

Profile

Feature #4397

Approach A: Calculate pseudo IMSI with TOTP

Added by osmith 4 days ago. Updated about 17 hours ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
02/14/2020
Due date:
% Done:

0%


Description

This was my first approach, I think the HOTP based one is better. But for completeness, I will write it out here and what the issues are.

Inspired by Time-Based One-Time Password Algorithm (TOTP, RFC 6238), which is used as 2FA in logins for gitlab and github for example, the pseudo IMSI would be generated with:

IMSI_PSEUDO = distribute(IMSI_RANGE_START, IMSI_RANGE_END, hash(SECRET + (TIMESTAMP / INTERVAL)))

Interval could be 10 minutes for example. The SIM applet would generate the pseudo IMSI before the first location update, write it to the SIM, and rewrite it when the interval is over. The HLR needs to be able to resolve IMSI_PSEUDO => IMSI. To do that, it would build a lookup table whenever INTERVAL is over, for all subscribers.

table = {}
for imsi in imsis:
    secret = get_secret_by_imsi(imsi)
    imsi_pseudo = distribute(IMSI_RANGE_START, IMSI_RANGE_END, hash(secret + (TIMESTAMP / INTERVAL))
    table[imsi_pseudo] = imsi
Problems with this approach:
  • Building the lookup table every INTERVAL costs some CPU power
  • Getting the timestamp in the SIM applet is not so trivial, javacards do not have an internal clock. We could ask the modem via AT but that might not work with all modems, and we would need to handle the resulting string etc, which makes this a messy solution.
  • Harald pointed out, that IMSI_RANGE_START and IMSI_RANGE_END would be barely bigger than the amount of real IMSIs in that range, so the chance of collisions is high!
    • I thought of a workaround, include a counter in the hash and increase it until there are no more collisions in the HLR, but the SIM doesn't know about the collisions and would have to retry several times and increase the counter each time, until it finds the proper pseudo IMSI without collision. This would probably not work at all in practice, I assume that the SIM does not retry connecting to the same network over and over after it has been rejected. (The rejection would happen, because AKA does not work if HLR and SIM assume a different real IMSI.)

Related issues

Related to IMSI Pseudonymization - Feature #4398: Approach B: Calculate pseudo IMSI with HOTPRejected02/14/2020

Related to IMSI Pseudonymization - Feature #4400: Approach C: HLR decides and sends the entire next pseudo IMSI to SIMNew02/17/2020

History

#1 Updated by osmith 4 days ago

  • Description updated (diff)

#2 Updated by osmith 4 days ago

  • Description updated (diff)

#3 Updated by osmith 4 days ago

  • Description updated (diff)

#4 Updated by osmith 4 days ago

  • Related to Feature #4398: Approach B: Calculate pseudo IMSI with HOTP added

#5 Updated by osmith 1 day ago

  • Related to Feature #4400: Approach C: HLR decides and sends the entire next pseudo IMSI to SIM added

#6 Updated by osmith about 17 hours ago

  • Status changed from Feedback to Rejected

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)