Hacker News new | past | comments | ask | show | jobs | submit login

Out of curiosity are there any providers or products out there offering deterministic, pseudo-randomly generated IMSI's that rollover every e.g. few hours? So the provider would know who you are but anybody else trying to track you in the fashion done in this attack would be hindered.

Think of it like VPN for your cell signal.

Could it be a viable product? (...combined with other features to resist alternative tracking techniques lingering from the privacy-reckless design of the protocols underpinning our mobile infrastructure)




That's what the TMSI is supposed to be - (iirc) older cell protocols would send the IMSI over the air all the time, but since at least LTE, possibly earlier, the IMSI is only involved during initial connection to (some region of) the network. During the initial connection, you're assigned a TMSI, which then changes periodically, and you use this for identification on subsequent transmissions.

This is why this paper also talks about determination of IMSI from TMSI.

https://en.wikipedia.org/wiki/Mobility_management#TMSI

But your idea is plausible as an added layer of security - the SIM card could generate a temporary IMSI somehow. I think you'd actually want the next IMSI (or next N IMSIs) to be assigned by the network and communicated to the phone/SIM, rather than deterministically generated. If you deterministically generated the numbers, you'd have to pre-assign each subscriber a pool of numbers that are guaranteed to never overlap with any other subscriber, and this scheme would have to:

  1. assign a large enough pool of IMSIs to each subscriber to handle all future communications with the network
  2. make it so it isn't trivial to determine whether two fake IMSIs are the same subscriber (so you can't do something like a fixed prefix + HOTP or something).


Something like what the Find My network does (ie. 256 bit public ECDSA keys that are derived from a master key) would probably work.



Some operators do this by the SIM, Sierra Wireless as a virtual operator for example has a smart SIM that doles out IMSIs to the modem to use depending on the roaming and signal parameters. This way they can provide global access without operator roaming - if you go to another country the SIM will give you an IMSI associated with a local subscription.

So I guess you can just use this tech to continuously rotate IMSIs among a large pool every few hours if you'd want.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: