1. Field of the Invention
The invention relates to identifiers that are used in a communication system, and more particularly to identifiers that are at least partially encrypted.
2. Description of the Related Art
An identifier may associate with a communication device to identify either the device, the user thereof (the “subscriber”) or both. A communication device is a device that is typically used for communication via a communication system. The communication device enables the users of the device to receive and transmit communication such as speech and data. A communication system can be seen as a facility that enables communication sessions between two or more entities such as the communication devices and/or other nodes associated with the communication system. Subscribers to a communication system may be offered and provided numerous services via their communication devices. Non-limiting examples of these services include two-way or multi-way calls, data communication or multimedia services or simply an access to a data communications network system, such as the Internet. The services may be offered by an operator of a network of the communication system or by an external service provider.
Examples of communication systems include fixed line communication systems, such as a public switched telephone network (PSTN), wireless or mobile communication systems, such as a public land mobile network (PLMN), and local area networks, fixed or wireless (e.g. LAN, WLAN and WiFi). In the mobile system, the users are allowed an access to the communication system via a radio access network. For example, in cellular and wireless local systems, a base station (BS) or similar access entity services a communication device via a wireless or air interface. The communication on the wireless interface between the communication device and elements of the access system is based on an appropriate communication protocol. The operation of the base station apparatus and other apparatus required for the communication can be controlled by one or several control entities. The various control entities may be interconnected.
A feature of the wireless communication systems is that they provide mobility for the users thereof. That is, the user may roam within the service area of his home network from an access network to the other. The users are also typically allowed to roam into other networks, thus enabling use of the communication device even when the user is not located within the service are of his/hers home network but is visiting another network.
Each network is typically provided with an entity for managing the mobility of the mobile users. The location of this entity depends on the standard and system. For example, in a General Packet Radio Service (GPRS) based communication network this can be provided in association with a signalling GPRS support node (SGSN). For clarity, and regardless of the used terminology of a particular standard and system, these entities will be referred to in the following by the term mobile management entity (MME). A mobile management entity of the home network is called in the following a home mobile management entity. A mobile management entity of the visited network is called in the following a visited mobile management entity.
One or more gateway nodes may be provided for connecting the network the user is using to other networks, for example to another mobile network, to a public switched telephone network (PSTN) and/or other communication networks such as an IP (Internet Protocol) and/or other data networks.
A communication device such as a mobile user equipment or a mobile station is typically provided with at least one permanent identifier. Non-limiting examples of the permanent identifiers include the international mobile subscriber identity (IMSI) and the international mobile equipment identity (IMEI). The IMSI is for identifying the user. The the international mobile equipment identity is for identifying the particular device.
An identifier is typically formed of a number of subsections or parts. For example, the international mobile subscriber identity (IMSI) currently consists of a mobile country code (MCC), a mobile network code (MNC) and a mobile subscriber identification number (MSIN). The total maximum length of an IMSI is currently 15 digits. Of the total, the MCC is 3 digits and MNC 2 or 3 digits depending on the area.
The mobile subscriber identification number (MSIN) part is for identifying the individual subscriber. Thus, from the subscriber's privacy point of view, at least this part of the IMSI should be protected all the time to prevent possibility of misuse of the possibly sensitive information.
An air interface in a radio access network is vulnerable to attacks, and therefore the parts containing sensitive information should not be communicated unprotected in the over-the-air signalling. For example, subscribers should be protected against tracking of plain text i.e. unprotected IMSIs or other identifiers.
On the other hand, the credentials of a subscriber cannot typically be fetched before the subscriber has been reliably identified by the network. For this reason there is typically provided a secure data storage facility at the home network of the subscriber for maintaining information about the subscriber, for example information that may used to interpret the contents of a MSIN part of an IMSI.
Certain radio access networks or other network elements are allowed to enquire from a user equipment for the permanent identity associated with the user equipment. This may be allowed, for example, for authentication purposes in case the network does not have any identity, for example a temporary identity for the user equipment. This leaves open a possibility that an attacker uses a tracker the to obtain the permanent identity. For example, an IMSI catcher are known to have been developed for this purpose. These are typically based on the realisation that it is possible for an attacker to create a false base station to which a user equipment then attaches to. The false base station may then inform the user equipment that it does not have any temporary identities of any sort for the user equipment, thus requesting a plain text IMSI from the user equipment (UE).
A network element can thus claim not to have the permanent identity of a user equipment (UE). An attacker may try to fool the user equipment by pretending to be an element of the network and ask the IMSI directly from the user equipment. The user equipment may have no option to deny the request, but will send the identity back in a non-protected format.
To illustrate this threat further, lets consider a case where a short range IMSI catcher is used together with some kind of user identification system, for example based on a credit card or similar. This enables an attacker to collect pairs of user identities and IMSIs. Attacker could also add IMSI catchers to certain locations to collect history of pass by IMSIs.
U.S. Pat. No. 6,373,949 discloses a way to protect the IMSI by encrypting the a mobile subscriber identification number (MSIN) part of the IMSI with a home operator public key. However, this still leaves a problem of protecting an IMSI that is send in clear text format over an air interface from a user equipment to the network. This type of transmission may be needed in occasions where the network does not know how to decrypt the encrypted MSIN part. In other words, an entity managing the mobility of a mobile user may not know where the secret key of the corresponding public key is located.