[ German | English ]

Trustworthy Mobility Management in Telecommunication Networks

English abstract of the Ph.D.

Hannes Federrath

INTRODUCTION

Mobile communication offers new opportunities. However, because of the mobility of the subscribers trustworthiness of data, reliability and security are major issues.

A well-known mobile communication standard is GSM (Global System for Mobile Communication, [ETSI_93]), a European development, which found also world-wide spreading. Unfortunately, the security level did not keep up with the spreading of the mobile communication.

We analyze the security functions of the Global System for Mobile Communication (GSM) and give an overview of the location management procedures of GSM.

New techniques for location management in cellular networks (e.g. GSM) are introduced. They avoid the recording of moving tracks of mobile subscribers.

The procedures presented in Table 1 avoid the processing of location data at the network carrier – without limiting the user in his mobility. In the following, the most important concepts and their application in mobile communication are described:

Pseudonyms are used as registration numbers of users instead of identities (call numbers).
Tamper-resistant, trustworthy devices for the storage of confidential data (in particular locations) are used instead of location databases.
Concepts for the protection of traffic data, e.g. MIXes, are used.
Special addressing mechanisms, so-called implicit addresses, are used.

The described procedures are derived

from the well known untraceable MIX network (by David Chaum) and
the distributed storage of location information according to GSM networks.

The location management strategies presented achieve anonymity of the communicating parties and therefore fulfill the requirements of privacy.

Normally, a network carrier is not primarily interested in collecting data about his users in order to use these abusively afterwards. In the opposite, the less data is needed for the service, the least costs result for their processing and particularly for the protection.

1. Broadcast method
Avoidance of storing of location data and broadcasting (paging) of call requests in the entire supplied area of the mobile network.
2. Group pseudonyms
A group of individual users is summarised under a common group pseudonym). The locations of individual users are anonymous within the group.
3. Explicit trustworthy storage of locations
Storing of location data in a trustworthy environment under the control of each mobile user (e.g. a box or a smart card in a special telephone plug socket, attached to the fixed telephone of the user) or with help of a trusted third party (trust centre).
4. Temporary pseudonyms (TP method)
Storing of location data in the network, however under a temporary changing pseudonym, and concatenation (linking) of the pseudonym with the identity over a trustworthy environment. This procedure is based on explicit trustworthy storage (see 3.), however it is more efficient.
5. Co-operating chips
Storing of location data in tamper-resistant hardware, e.g. a smart card, which is the counterpart to the smart card in the mobile phone. This method can be combined with explicit trustworthy storage (see 3.) and temporary pseudonyms (seeÊ4.).
6. Mobile Communication-MIXing
Storing of locations in the network protected with cryptography. Additionally, this procedure prevents the monitoring and observation of calls.

Table 1. Concepts for the prevention of movement profiles (selection).

BASIC CONCEPTS AND PROCEDURES

Pseudonyms in mobile communication

Pseudonyms are used as registration numbers of users instead of identities (call numbers). They work as concatenation (linking) feature between users and their actions – without uncovering the identity of the user. They are adaptable to the desired degree of the anonymity of a user. For a general overview about the usage and variants of pseudonyms see [PWP_90, PfWa_87].

Pseudonyms for the protection of locations look for all (including the network carrier) like random numbers. Only the user who wants to protect his location knows the association between his identity and his pseudonym.

The TP method [KeFo_95, KFJP_96] (temporary pseudonyms, Table 1, item 4) makes use of such pseudonyms.

Explicit trustworthy storage - secure but high costs

We assume that a user wants to protect himself using a trustworthy environment (Table 1, item 3) in the fixed network and to store his locations directly there (see Fig. 1b). If he is however located far from his home residence (exactly: home location area), e.g. on another continent, the current location identifier, in extreme cases, has to be signalled over long distances of the fixed network. This causes high costs.

Fig. 1. Connection establishment a) with GSM, b) with explicit trustworthy storage, c) with the TP method, d) with the Mobile Communication MIXing.

GSM - no protection of locations

In GSM the location data base is therefore divided (see Fig. 1a). One part of the data base is located in the home residence of the user (home location register, HLR), a further part of the location information is created and stored in the visited area (visitor location register, VLR). A VLR serves a large area, therefore only a change of the VLR area has to be signalled to the HLR. Cell changes are signalled to the VLR without signalling to the HLR.

Since all data base entries are stored under the identity (ID, concretely the call number) of the user, movement profiles can be created by the network carrier very easily – simply by permanently looking up the data bases.

TP method

In the TP method (see Fig. 1c) the locations are no longer stored under the well-known call number ID but under a changing pseudonym P(t). Each change of the location is registered under a new pseudonym, and the old automatically expires after a certain time. Since the pseudonym is not linkable to a call number, even not for the network carrier, no movement profiles can be gathered.

At an incoming call for the mobile user the call has to be routed to the current location. For this the network carrier requests the trustworthy environment for its current pseudonym, then requests the data bases for the location of pseudonym P(t) and routs the call to the visiting cell.

In the TP method cell changes need not announced to the trustworthy environment. Only from time to time (i.e. in the range from minutes to hours) the synchronisation of the pseudonyms is checked.

From the technical point of view especially the trustworthy environment makes problems. It could impair the availability, since the user cannot be achieved if his trustworthy area is "crashed" or directly attacked. It would be desirable to achieve the protection of the location without an individual trustworthy environment.

Mobile Communication-MIXing

The Mobile Communication-MIXing [FeJP_96] (Fig. 1d) offers a solution for this. Special computers, so called MIXes, are switched into the communication line.

The concept of MIXes was introduced for the first time in 1981 by David Chaum [Chau_81]. Chaum's concept was developed for E-Mail, and it is unfortunately not directly usable for connection oriented communication. Therefore, an adaptation of the basic MIX concept was introduced. In [PfPW_91] a modification for the Integrated Services Digital Network (ISDN) was introduced. Mobile Communication-MIXing is an additional adaption in order to applicate it in mobile communication networks.

MIXes hide the relation between incoming and outgoing messages. For this, MIXes store incoming messages until sufficient messages of sufficient different senders are available, change their appearance (i.e. coding) and change the order (resorting) of outgoing messages. The kernel function of a MIX is the change of message coding. It is based on public key cryptography, e.g. on the well-known RSA encryption system.

In order to prevent attacks by re-sending (replay) of messages, MIXes have to check at the first whether a certain message has been already mixed.

In order to prevent attacks by linking of incoming and outgoing messages by means of their length, all incoming messages should have the same length, likewise all outgoing messages.

MIXes must be implemented, installed and operated independently from the network carrier. Usually, several MIXes are switched in series. Thus, an attacker must either control all MIXes (i.e. crack it) or he must have fed all messages by himself in order to unmask a certain communication relation. Implicit addressing for the protection of the recipient

All suggested methods for the protection of the location do not work properly, if at the paging procedure the identity (call number or other personal identifiers) is transmitted. In GSM a temporary valid paging code, the temporary mobile subscriber identity (TMSI), is transmitted. It is used to prevent the localisation by interception of the radio signals.

Even if the user wants to protect himself from the localisation by the network carrier, a so-called implicit address must be used in place of the TMSI. Implicit addresses enable to the user and only to himself to detect a message intended for him (e.g. connection requests and incoming calls). Implicit addresses are generated with cryptographic procedures.

COSTS OF ADDITIONAL SECURITY

The question about the expenditure of such location protection arises, since the development of mobile phones and mobile computing technology is still going on. The Universal Mobile Telecommunication System (UMTS) is one development into the next (called "3rd") generation of mobile communication.

The bottleneck of a mobile radio system is the air interface. Thus, it is worth to discuss the expansion of the message length of the new procedures compared with GSM. In Fig. 2 the typical message lengths for communication establishment in GSM, the TP method and Mobile Communication-MIXing (MC-MIXing) are shown and compared.

Fig. 2. Message lengths or - intervals of the connection establishment messages

In the TP method the additional expenditure for the protection is practically not remarkable, however causes a high expenditure in advance, since each user must purchase a "trustworthy box", which is installed for example to its fixed telephone socket at home.

Additionally each call causes costs for the "re-routing" to the mobile user.

With the Mobile Communication-MIXing one acquires the saving of the box (and the additional costs for re-routing) by a higher transfer expenditure from and to the mobile phone – caused by the applied encryption procedures. The high expansion of the messages may appear as a serious problem at the first moment. However, if we consider the common use of public key encryption in 3rd generation mobile networks (where public key cryptographic systems are used according to the standard) the expansion relates to itself. Note, that in the GSM no pubic key cryptography is used.

REFERENCES

Chau_81
David Chaum: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24/2 (1981) 84-88.

ETSI_93
ETSI: GSM Recommendations: GSM 01.02 - 12.21. February 1993, Release 92.

FeJP_96
Hannes Federrath, Anja Jerichow, Andreas Pfitzmann: Mixes in mobile communication systems: Location management with privacy. in: R. Anderson (Hrsg.): Information Hiding, LNCS 1174, Springer-Verlag, Berlin 1996, 121-135.

KeFo_95
Dogan Kesdogan, Xavier Fouletier: Secure Location Information Management in Cellular Radio Systems. IEEE Wireless Communication System Symposium 95, Proceedings, Long Island (1995), 35-46.

KFJP_96
Dogan Kesdogan, Hannes Federrath, Anja Jerichow, Andreas Pfitzmann: Location managment strategies increasing privacy in mobile communication. in: Sokratis K. Katsikas, Dimitris Gritzalis (Hrsg.): Informations Systems Security, IFIP SEC '96 Conference Committees, Chapman & Hall, London, 1996, 39-48.

PfPW_91
Andreas Pfitzmann, Birgit Pfitzmann, Michael Waidner: ISDN-MIXes -- Untraceable Communication with Very Small Bandwidth Overhead. 7th IFIP International Conference on Information Security (IFIP/Sec '91), Elsevier, Amsterdam 1991, 245-258.

PfWa_87
Andreas Pfitzmann, Michael Waidner: Networks without user observability. Computers & Security 6/2 (1987) 158-166.

PWP_90
Birgit Pfitzmann, Michael Waidner, Andreas Pfitzmann: Rechtssicherheit trotz Anonymität in offenen digitalen Systemen. Datenschutz und Datensicherung DuD 14/5-6 (1990) 243-253, 305-315.

Chau_81	David Chaum: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24/2 (1981) 84-88.
ETSI_93	ETSI: GSM Recommendations: GSM 01.02 - 12.21. February 1993, Release 92.
FeJP_96	Hannes Federrath, Anja Jerichow, Andreas Pfitzmann: Mixes in mobile communication systems: Location management with privacy. in: R. Anderson (Hrsg.): Information Hiding, LNCS 1174, Springer-Verlag, Berlin 1996, 121-135.
KeFo_95	Dogan Kesdogan, Xavier Fouletier: Secure Location Information Management in Cellular Radio Systems. IEEE Wireless Communication System Symposium 95, Proceedings, Long Island (1995), 35-46.
KFJP_96	Dogan Kesdogan, Hannes Federrath, Anja Jerichow, Andreas Pfitzmann: Location managment strategies increasing privacy in mobile communication. in: Sokratis K. Katsikas, Dimitris Gritzalis (Hrsg.): Informations Systems Security, IFIP SEC '96 Conference Committees, Chapman & Hall, London, 1996, 39-48.
PfPW_91	Andreas Pfitzmann, Birgit Pfitzmann, Michael Waidner: ISDN-MIXes -- Untraceable Communication with Very Small Bandwidth Overhead. 7th IFIP International Conference on Information Security (IFIP/Sec '91), Elsevier, Amsterdam 1991, 245-258.
PfWa_87	Andreas Pfitzmann, Michael Waidner: Networks without user observability. Computers & Security 6/2 (1987) 158-166.
PWP_90	Birgit Pfitzmann, Michael Waidner, Andreas Pfitzmann: Rechtssicherheit trotz Anonymität in offenen digitalen Systemen. Datenschutz und Datensicherung DuD 14/5-6 (1990) 243-253, 305-315.