[ad_1]
“When you connect to the network, you provide the IMSI number to show the backend database that you are a paid customer, and here are the services you have subscribed to,” says Schmitt. “The system then notifies the rest of the core so that you can access the network. But what we do with PGPP changes the calculation. The subscriber database can verify that you are a paid user without knowing who you are. We’ve disconnected and changed billing and authentication. “
Reworking some billing systems and distributing an app to users would be much easier for carriers to manage than deep network innovations. Raghavan and Schmitt are in the process of turning their research into a startup to facilitate the promotion of the project among U.S. telecommunications. They accept, even if taken lightly, that the entire industry would soon switch to PGPP. However, getting a few carriers can make a big difference. This is because high-location data becomes much more reliable if a significant portion of the entire set is infected. Bada 9 million Boost Mobile subscribers, for example, would send the same or random IMSI numbers, which would impair the accuracy and usability of the entire data set.
It is significant that small virtual providers that do not even use their cell towers — known as MVNOs — can implement this scheme independently, says cryptographer Bruce Schneier, who originally learned of PGPP in January and recently became a project advisor.
“A carrier can do it on its own without anyone’s permission and without anyone else changing anything,” Schneier says. “I can imagine one of these smaller companies saying they will offer this as an added value because they want to differentiate themselves. Privacy is a very low cost, that’s neat.”
Being apart of privacy in a competitive and monolithic wireless market can be attractive as a marketing tactic. The three major carriers may try to block MVNOs from taking something like PGPP through a contract moratorium. Researchers say some MVNOs have shown interest in the proposal.
Between the pressure that law enforcement can have and the loss of data access — plus the need to deploy an application or involve mobile operating systems — carriers may have little incentive to take PGPP. To the extent that law enforcement can oppose such a scheme, Schmitt warned that carriers would be able to conduct accurate location history searches for specific phone numbers. The researchers say they believe the approach would be legal in the U.S., according to the Law Enforcement Communications Support Act. That is, a PGPP warning only adds privacy protections for cell tower interactions related to data networks such as 4G or 5G. It does not attempt to interact with historical telephony protocols that facilitate regular phone calls and SMS text messages. Users should rely on VoIP calls and data-based messaging for maximum privacy.
The approach is also based on IMSI numbers, along with 5G aspects known as Permanent Subscription Identifiers or SUPIs, and does not protect or exclude static hardware identifiers such as International Mobile Equipment Identity (IMEI) numbers or multimedia access control (MAC) addresses. These are not used in cell tower interactions that researchers are trying to anonymize, but may provide other avenues for follow-up.
Having a simple and straightforward way to deal with the exposure of key location data is still significant, however, after years of misuse of data and greater privacy issues.
“To be completely frank, is it a feeling for me now how we didn’t see that?” Raghavan says. “It’s not, ‘wow, it was so hard to guess that.’ It’s obvious looking back.”
“This has made us feel better as researchers in the system,” Schmitt added. “In the end, the easier the system, the better the system.”
More great KABEKO stories
[ad_2]
Source link
