TY - GEN
T1 - Strong Privacy-Preserving Universally Composable AKA Protocol with Seamless Handover Support for Mobile Virtual Network Operator
AU - Alnashwan, Rabiah
AU - Yang, Yang
AU - Dong, Yilu
AU - Gope, Prosanta
AU - Abdolmaleki, Behzad
AU - Hussain, Syed Rafiul
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/12/9
Y1 - 2024/12/9
N2 - Consumers seeking a new mobile plan have many choices in the present mobile landscape. The Mobile Virtual Network Operator (MVNO) has recently gained considerable attention among these options. MVNOs offer various benefits, making them an appealing choice for a majority of consumers. These advantages encompass flexibility, access to cutting-edge technologies, enhanced coverage, superior customer service, and substantial cost savings. Even though MVNO offers several advantages, it simultaneously creates critical security and privacy concerns for the customer. For instance, in the existing solution, MVNO needs to hand over all the sensitive details, including the users’ identities and master secret keys of their customers, to a mobile operator (MNO) to validate the customers while offering any services. This allows MNOs to have unrestricted access to the MVNO subscribers’ location and mobile data, including voice calls, SMS, and Internet, which the MNOs frequently sell to third parties (e.g., advertisement companies and surveillance agencies) for more profit. Although critical for mass users, such privacy loss has been historically ignored due to the lack of practical and privacy-preserving solutions for registration and handover procedures in cellular networks. In this paper, we propose a universally composable authentication and handover scheme with strong user privacy support, where each MVNO user can validate a mobile operator (MNO) and vice-versa without compromising user anonymity and unlinkability support. Here, we anticipate that our proposed solution will most likely be deployed by the MVNO(s) to ensure enhanced privacy support to their customer(s).
AB - Consumers seeking a new mobile plan have many choices in the present mobile landscape. The Mobile Virtual Network Operator (MVNO) has recently gained considerable attention among these options. MVNOs offer various benefits, making them an appealing choice for a majority of consumers. These advantages encompass flexibility, access to cutting-edge technologies, enhanced coverage, superior customer service, and substantial cost savings. Even though MVNO offers several advantages, it simultaneously creates critical security and privacy concerns for the customer. For instance, in the existing solution, MVNO needs to hand over all the sensitive details, including the users’ identities and master secret keys of their customers, to a mobile operator (MNO) to validate the customers while offering any services. This allows MNOs to have unrestricted access to the MVNO subscribers’ location and mobile data, including voice calls, SMS, and Internet, which the MNOs frequently sell to third parties (e.g., advertisement companies and surveillance agencies) for more profit. Although critical for mass users, such privacy loss has been historically ignored due to the lack of practical and privacy-preserving solutions for registration and handover procedures in cellular networks. In this paper, we propose a universally composable authentication and handover scheme with strong user privacy support, where each MVNO user can validate a mobile operator (MNO) and vice-versa without compromising user anonymity and unlinkability support. Here, we anticipate that our proposed solution will most likely be deployed by the MVNO(s) to ensure enhanced privacy support to their customer(s).
UR - http://www.scopus.com/inward/record.url?scp=85215525310&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85215525310&partnerID=8YFLogxK
U2 - 10.1145/3658644.3690331
DO - 10.1145/3658644.3690331
M3 - Conference contribution
AN - SCOPUS:85215525310
T3 - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
SP - 2057
EP - 2071
BT - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
T2 - 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024
Y2 - 14 October 2024 through 18 October 2024
ER -