On De-synchronization of User Pseudonyms in Mobile Networks

Abstract

This paper is in the area of pseudonym-based enhancements of user identity privacy in mobile networks. Khan and Mitchell (2017) have found that in recently published pseudonym-based schemes an attacker can desynchronize the pseudonyms’ state in the user equipment and in its home network. In this paper, we first show that by exploiting this vulnerability a botnet of mobile devices can kick out of service a large portion of the users of a mobile network. We characterize this novel DDoS attack analytically and confirm our analysis using a simulation. Second, we explain how to modify the pseudonym-based schemes in order to mitigate the DDoS attack. The proposed solution is simpler than that in Khan and Mitchell (2017). We also discuss aspects of pseudonym usage in mobile network from charging and regulatory point of view.

Appendices

Appendix A

Let us consider \(\mathcal {M}\) bins, each labeled with a pseudonym or IMSI. Choosing m random pseudonyms with replacement and sending them in an attach request can be compared with the classic experiment of throwing m balls to \(\mathcal {M}\) bins. The number of affected users by sending m attach requests is the same as the number of bins that get two or more balls after throwing m balls to \(\mathcal {M}\) bins. The probability that a particular bin gets no balls is \(\left( 1-\frac{1}{\mathcal {M}}\right) ^m\). The probability that this bin gets exactly one ball is \(\left( {\begin{array}{c}m\\ 1\end{array}}\right) \frac{1}{\mathcal {M}}\left( 1-\frac{1}{\mathcal {M}}\right) ^{m-1}\). Consequently, the probability that the bin will get two or more balls is:

$$\begin{aligned} Pr[\text {2 or more balls in a fixed bin}] = 1 - \left( 1-\frac{1}{\mathcal {M}}\right) ^m - \left( {\begin{array}{c}m\\ 1\end{array}}\right) \frac{1}{\mathcal {M}}\left( 1-\frac{1}{\mathcal {M}}\right) ^{m-1} \end{aligned}$$

If n is the number of users in the HN, then by linearity of expectation, the expected number of affected user would be:

$$\begin{aligned} E[\# \text {bins with more than 1 balls}] = n\left( 1 - \left( 1-\frac{1}{\mathcal {M}}\right) ^m - m\frac{1}{\mathcal {M}}\left( 1-\frac{1}{\mathcal {M}}\right) ^{m-1}\right) \end{aligned}$$

Consequently, the expected portion of affected user would be:

$$\begin{aligned} E[u_a] = 1 - \left( 1-\frac{1}{\mathcal {M}}\right) ^m - m\left( \frac{1}{\mathcal {M}}\right) \left( 1-\frac{1}{\mathcal {M}}\right) ^{m-1} \end{aligned}$$

Appendix B

In the without replacement attack, the attacker sends all the pseudonyms incrementally starting from 0 across the whole MSIN space. Let us consider that the pseudonym x is the first attack on a user’s \(p'\). Once the user’s \(p'\) is attacked, HN updates \(p \leftarrow p'\) and choose a new unused \(p'\) randomly. If the attacker sends total m number of pseudonyms to the HN, then the probability that the user’s new \(p'\) will once again be attacked is: \(\frac{m-x}{\mathcal {M}}\). If n is the total number of subscribers in the HN and \(m \le \mathcal {M}\) (first round) then expected number of subscribers affected after sending m pseudonyms is:

$$\begin{aligned} \frac{n}{\mathcal {M}}\int _{0}^{m}\frac{m-x}{\mathcal {M}}dx= & {} \frac{n}{\mathcal {M}^2}\int _{0}^{m}\left( m-x\right) dx\\= & {} \frac{nm}{\mathcal {M}^2}\int _{0}^{m}dx - \frac{n}{\mathcal {M}^2}\int _{0}^{m}xdx\\= & {} \frac{nm^2}{\mathcal {M}^2} - \frac{nm^2}{2\mathcal {M}^2}\\= & {} \frac{nm^2}{2\mathcal {M}^2} \end{aligned}$$

Consequently, the expected portion of affected users would be \(\frac{m^2}{2\mathcal {M}^2}\) where \(m \le \mathcal {M}\).

Let us now consider the case where \(\mathcal {M} < m \le 2\mathcal {M}\) (second round). The attacker again sends all the pseudonyms incrementally starting from 0. Choosing a pseudonym x will affect a user (who has not yet been affected) only if x is the pseudonym of a user who was attacked only once in the first round. The probability of that event is: \(1 - \frac{x}{\mathcal {M}}\). So, after sending \(m = \mathcal {M} + m'\) number of pseudonyms, the expected number of affected user would be:

$$\begin{aligned}&\frac{n\mathcal {M}^2}{2\mathcal {M}^2} + \frac{n}{\mathcal {M}} \int _{0}^{m'}\left( 1 - \frac{x}{\mathcal {M}} \right) dx \\= & {} \frac{n}{2} + \frac{n}{\mathcal {M}^2} \int _{0}^{m'} \mathcal {M} dx - \frac{n}{\mathcal {M}^2} \int _{0}^{m'} x dx \\= & {} \frac{n}{2} + \frac{n\left( m - \mathcal {M} \right) }{\mathcal {M}} - \frac{n}{\mathcal {M}^2} \frac{\left( m - \mathcal {M} \right) ^2}{2} \text {(since } m = \mathcal {M} + m' \text {)}\\= & {} \frac{n}{\mathcal {M}} \left( 2m - \mathcal {M} - \frac{m^2}{2\mathcal {M}} \right) \\ \end{aligned}$$

Consequently, the expected portion of affected users would be \(\frac{1}{\mathcal {M}} \left( 2m - \mathcal {M} -\right. \) \(\left. \frac{m^2}{2\mathcal {M}} \right) \) where \(\mathcal {M} < m \le 2\mathcal {M}\).

Even though x in the above derivation is a discrete variable, we have used integration. So, the result we have found here is an approximation since \(\mathcal {M}\) is large. We expect it to be a good approximation.