Privacy enhanced mutual authentication in LTE

In this paper we propose a way to enhance the identity privacy in LTE/LTE-Advanced systems. This is achieved while minimizing the impact on the existing E-UTRAN system. This is important since proposals to modify a widely deployed infrastructure must be cost effective, both in terms of design changes and in terms of deployment cost. In our proposal, the user equipment (UE) identifies itself with a dummy identity, consisting only of the mobile nation code and the mobile network code. We use the existing signalling mechanisms in a novel way to request a special encrypted identity information element. This element is protected using identity-based encryption (IBE), with the home network (HPLMN) as the private key generator (PKG) and the visited network (VPLMN) and the private key owner. This allows the UE to protect the identity (IMSI) from external parties. To avoid tracking the “encrypted IMSI” also include a random element. We use this as an opportunity to let the UE include as subscriber-side random challenge to the network. The challenge will be bounded to the EPS authentication vector (EPS AV) and will allow use to construct an online 3-way security context. To complete our proposal we also strengthen the requirements on the use of the temporary identifier (M-TMSI).