Mobile Privacy and IMSI Catchers

The worldwide mobile network systems of over 800 operators represent a tremendous communication technology success, where now over half of the world's population are subscribers (7.3 billion in 2014). Currently the fourth generation 4G LTE system is in operation in many countries, and the next 5G network deployments are expected around 2020. This presentation will first describe the evolution of the security requirements for the mobile networks, and how the security mechanisms work in the international multi-operator interconnected systems of access control and authentication cryptoprotocols. Then I will focus on the privacy and unlinkability properties for users, devices and calls, and explain how the protocols, including the current 4G systems, protect against passive privacy attacks, but fail to protect the confidentiality of the user and device identities (IMSI and IMEI) against active attackers that are able to interfere with the radio communications. In effect, this lack of privacy protection mechanisms have been turned into a mobile identification feature used by an extensive business, which manufactures devices known as IMSI-catchers. The demand for IMSI-catchers is created by both law-enforcement authorities, intelligence agencies, and private enterprises. Inevitably, the use of IMSI-catchers creates a demand for countermeasures. How can IMSI-catchers be detected? These questions became a well documented problem in 2014-2015 by Aftenposten journalists who first observed and then pursued technical measurements that indicated that IMSI-catchers were deployed at strategic locations in the city. I will show some of the analysis results of the Aftenposten data that my students and I have done. Finally, I will describe our experimental work with USRP-based IMSI-catchers and detectors.