1
|
= Specification for IMSI Pseudonymization on the Radio Interface for 2G and Above
|
2
|
|
3
|
== Introduction
|
4
|
|
5
|
A long-standing issue in the 3GPP specifications is, that mobile phones and
|
6
|
other mobile equipment (ME) have to send the International Mobile Subscriber
|
7
|
Identity (IMSI) unencrypted over the air. Each IMSI is uniquely identifying the
|
8
|
person who bought the associated Subscriber Identity Module (SIM) used in the
|
9
|
ME. Therefore most people can be uniquely identified by recording the IMSI that
|
10
|
their ME is sending. Efforts are made in the 2G and above specifications to
|
11
|
send the IMSI less often, and where possible use the Temporary Mobile
|
12
|
Subscriber Identity (TMSI) instead.
|
13
|
|
14
|
But this is not enough. So-called IMSI catchers were invented and are used to
|
15
|
not only record IMSIs when they have to be sent. But also to force ME to send
|
16
|
their IMSI by immitating a Base Transceiver Station (BTS). IMSI catchers have
|
17
|
become small and affordable, even criminals actors without much budget can use
|
18
|
them to track anybody with a mobile phone.
|
19
|
|
20
|
The solution presented in this document is to periodically change the IMSI of
|
21
|
the ME to a new pseudonymous IMSI allocated by the Home Location Register (HLR)
|
22
|
or Home Subscriber Service (HSS). The only component that needs to be changed
|
23
|
in the network besides the SIM is the HLR/HSS, therefore it should be possible
|
24
|
for a Mobile Virtual Network Operator (MVNO) to deploy this privacy
|
25
|
enhancement.
|
26
|
|
27
|
== Location Update
|
28
|
|
29
|
=== Regular
|
30
|
|
31
|
=== With Pseudonymous IMSI
|
32
|
|
33
|
== Implementation Notes
|
34
|
|
35
|
=== Source Code for Reference Implementation
|
36
|
|
37
|
=== Warning the User if the IMSI Does Not Change
|
38
|
|
39
|
=== End to End Encryption of SMS
|
40
|
|
41
|
=== User-configurable Minimum Duration Between IMSI Changes
|