Ingrid Huso,Marco Olivieri,Leonardo Galgano,Adnan Rashid,Giuseppe Piro,Gennaro Boggia

DOI: https://doi.org/10.1016/j.comnet.2024.110518

IF: 5.493

2024-05-22

Computer Networks

Abstract:Law Enforcement Agencies (LEAs) heavily rely on Lawful Interception (LI) tools to investigate criminal and terrorist activities. The growing frequency of cybercrime, terrorism-related offenses, and illegal trades in the European Union (EU) has driven LEAs to explore novel LI techniques that align with the developing 5G and Beyond 5G network architectures. Moreover, the emergence of extremely dynamic and distributed networks, the increased usage of end-to-end encryption applications, and privacy protections present limitations for traditional LI approaches. In order to provide a technological solution capable of extending the 3GPP LI standard, this paper presents a novel LI framework designed on top of the standardized 3GPP LI architecture, leveraging an inspection-friendly end-to-end cryptography mechanism (e.g., a Key Escrow algorithm) at the application layer. Moreover, the proposed Lawful Interception (LI) framework enables authorized LEAs to decrypt intercepted end-to-end encrypted data within the core network. Firstly, a security proof validates the security of the proposed LI framework under two attack scenarios. Subsequently, a proof-of-concept workstation implementation that emulates a 5G network for end-to-end data exchange and cloud-based deployment validates the suggested LI framework by affirming the LEA capabilities in decrypting intercepted data. Additionally, the system performance has been studied through experimental tests, ensuring the scalability of the conceived solution and revealing the possibility of intercepting data with mainly real-time latency without affecting the Quality of Service (QoS) experienced by the user.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Rongxing Lu,Xiaodong Lin,Zhiguo Shi,Jun Shao

DOI: https://doi.org/10.1109/infocom.2014.6848003

2014-01-01

Abstract:In this paper, we propose a privacy-preserving framework, called PLAM, for local-area mobile social networks. The proposed PLAM framework employs a privacy-preserving request aggregation protocol with k-Anonymity and l-Diversity properties while without involving a trusted anonymizer server to keep user preference privacy when querying location-based service (LBS), and integrates unlinkable pseudo-ID technique to achieve user identity privacy, location privacy. Moreover, the proposed PLAM framework also introduces the privacy-preserving and verifiable polynomial computation to keep LBS provider's functions private while preventing the provider from cheating in computation. Detailed security analysis shows that the proposed PLAM framework can not only achieve desirable privacy requirements but also resist outside attacks on source authentication, data integrity and availability. In addition, extensive simulations are also conducted, and simulation results guide us on how to set proper thresholds for k-anonymity, l-diversity to make a tradeoff between the desirable user preference privacy level and the request delay in different scenarios.

Stavros Eleftherakis,Timothy Otim,Giuseppe Santaromita,Almudena Diaz Zayas,Domenico Giustiniano,Nicolas Kourtellis

DOI: https://doi.org/10.1145/3636534.3690696

2024-09-26

Abstract:Ensuring user privacy remains critical in mobile networks, particularly with the rise of connected devices and denser 5G infrastructure. Privacy concerns have persisted across 2G, 3G, and 4G/LTE networks. Recognizing these concerns, the 3rd Generation Partnership Project (3GPP) has made privacy enhancements in 5G Release 15. However, the extent of operator adoption remains unclear, especially as most networks operate in 5G Non Stand Alone (NSA) mode, relying on 4G Core Networks. This study provides the first qualitative and experimental comparison between 5G NSA and Stand Alone (SA) in real operator networks, focusing on privacy enhancements addressing top eight pre-5G attacks based on recent academic literature. Additionally, it evaluates the privacy levels of OpenAirInterface (OAI), a leading open-source software for 5G, against real network deployments for the same attacks. The analysis reveals two new 5G privacy vulnerabilities, underscoring the need for further research and stricter standards.

Networking and Internet Architecture

Zishuai Cheng,Mihai Ordean,Flavio Garcia,Baojiang Cui,Dominik Rys

DOI: https://doi.org/10.56553/popets-2023-0053

2023-04-01

Proceedings on Privacy Enhancing Technologies

Abstract:Voice over LTE (VoLTE) and Voice over NR (VoNR), are two similar technologies that have been widely deployed by operators to provide a better calling experience in LTE and 5G networks, respectively. The VoLTE/NR protocols rely on the security features of the underlying LTE/5G network to protect users' privacy such that nobody can monitor calls and learn details about call times, duration, and direction. In this paper, we introduce a new privacy attack which enables adversaries to analyse encrypted LTE/5G traffic and recover any VoLTE/NR call details. We achieve this by implementing a novel mobile-relay adversary which is able to remain undetected by using an improved physical layer parameter guessing procedure. This adversary facilitates the recovery of encrypted configuration messages exchanged between victim devices and the mobile network. We further propose an identity mapping method which enables our mobile-relay adversary to link a victim's network identifiers to the phone number efficiently, requiring a single VoLTE protocol message. We evaluate the real-world performance of our attacks using four modern commercial off-the-shelf phones and two representative, commercial network carriers. We collect over 60 hours of traffic between the phones and the mobile networks and execute 160 VoLTE calls, which we use to successfully identify patterns in the physical layer parameter allocation and in VoLTE traffic, respectively. Our real-world experiments show that our mobile-relay works as expected in all test cases, and the VoLTE activity logs recovered describe the actual communication with 100% accuracy. Finally, we show that we can link network identifiers such as International Mobile Subscriber Identities (IMSI), Subscriber Concealed Identifiers (SUCI) and/or Globally Unique Temporary Identifiers (GUTI) to phone numbers while remaining undetected by the victim.

English Else

Anil Kumar Yerrapragada,Taylor Eisman,Brian Kelley

DOI: https://doi.org/10.1109/ojcoms.2021.3105185

2021-01-01

IEEE Open Journal of the Communications Society

Abstract:If Beyond-5G(B5G)/6G is to support critical infrastructure worldwide, there must be an effort to jointly integrate low latency and privacy into wireless protocols. This research analyzes new schemes for securing applications at low latency by extending Physical Layer Security (PLS) algorithms to B5G/6G systems. We design protocols that advance a specific form of Physical Layer Security, known as Key-based Physical Layer Security, from the theoretical realm into the practical. One form of a Key-based algorithm obscures information from eavesdroppers by mapping it to cleverly rotated reference signals. For such a scheme, prior work has found that the two-way exchange of completely private information involves six OFDM symbol times, not including synchronization. By developing a protocol that makes the most optimum use of time-frequency resources, we show that it is possible to achieve two-way private exchange and synchronization in only four symbol times - the least latency possible. A significant simulation result indicates that our improved protocol achieves sub-1 ms two-way latency, including re-transmissions. We also illustrate a protocol that shows how Key-based Physical Layer Security can privatize critical PHY layer functions such as cell search. Lastly, additional results show the performance of the PLS algorithm in terms of Key Bit Error Rates and secret key transmission rates.

Iqra Nawaz,Munam Ali Shah,Abid Khan,Seunggil Jeon

DOI: https://doi.org/10.1007/s11276-024-03651-2

IF: 2.701

2024-03-09

Wireless Networks

Abstract:In recent years, service provided based on the location has brought a tremendous change in our lives. However, one of the biggest challenges is to preserve users' privacy which upon leakage could have disastrous consequences. Privacy preservation has gained remarkable consideration as a notable number of users have started being conscious about privacy protection. Most solutions that have been developed in such a distributed scenario need a third party for data anonymization. In a system of public data sharing, one of the most popular and useful anonymization techniques is local differential privacy (LDP). Without requiring a third party to perturb the data, LDP allows users to perturb their data locally and individually, resulting in stronger privacy guarantees. Based on this principle the proposed system provides anonymity and integrity during communication and independent key generation by using secure authentication mechanism i.e., Physical Unclonable Function (PUF) with elliptical curve cryptography and remove third party dependency for data anonymization by using LDP with Hadamard count mean sketch (HCMS) protocol. For scalability, and quantum secrecy IOTA ledger is used on top of LDP anonymization technique. Our experimental results show that using PUF with ECC for authentication can reduce the computational overhead and increase the secrecy of the communication, LDP with HCMS achieves high privacy while also showing the tradeoff between utility and privacy. Furthermore, the IOTA ledger provides more scalability than the existing technique. Hence, the privacy of an individual will be preserved without compromising accuracy while sharing information to the third party for using location-based services.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ning Wang,Weiwei Li,Pu Wang,Amir Alipour-Fanid,Long Jiao,Kai Zeng

DOI: https://doi.org/10.1109/mnet.011.2000122

IF: 10.294

2020-11-01

IEEE Network

Abstract:Resorting to the exploitation of physical attributes, physical-layer authentication (PLA) is a promising technology to supplement and enhance current cryptography-based security mechanisms in wireless communications. in the fifth-generation (5G) communications, many disruptive technologies spring up, such as millimeter-wave communication (mmWave), massive multiple-input and multiple-output (MiMO) and non-orthogonal- multiple-access (NOMA). PLA schemes in 5G networks are facing challenges while exposed to opportunities at the same time. This article seeks to identify the critical technology gaps as well as the feasible enablers in terms of the unique characteristics of 5G networks. The investigation consists of four hierarchical parts. in the first section, existing PLA schemes are reviewed, and the corresponding challenges are discussed in the next section. in the third section, we investigate potential enablers based on the unique characteristics of 5G networks and provide three corresponding PLA case studies. Open problems and research directions on PLA for 5G and beyond are discussed in the last section, including waveform design, feature learning, mobile users, and terahertz communications.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Nardine Basta,Ming Ding,Muhammad Ikram,Mohamed Ali Kaafar

DOI: https://doi.org/10.48550/arXiv.2203.10673

2022-03-21

Abstract:Cooperative Intelligent Transportation Systems (C-ITS) enable communications between vehicles, road-side infrastructures, and road-users to improve users' safety and to efficiently manage traffic. Most, if not all, of the intelligent vehicles-to-everything (V2X) applications, often rely on continuous collection and sharing of sensitive information such as detailed location information which raises privacy concerns. In this light, a common approach to concealing the long-term identity of C-ITS vehicles is using multiple temporary identifiers, called pseudonyms. However, the legacy pseudonyms management approach is prone to linking attacks. The introduction of 5G network to V2X offers enhanced location accuracy, better clock synchronisation, improved modular service-based architecture, and enhanced security and privacy preservation controls. Motivated by the above enhancements, we study 5G-enabled pseudonyms for protecting vehicle identity privacy in C-ITS. We highlight the gaps in the current standards of pseudonyms management. We further provide recommendations regarding the pseudonyms management life-cycle.

Networking and Internet Architecture,Cryptography and Security

Haoyan Yang,Zhitao Li,Yong Zhang,Jianzong Wang,Ning Cheng,Ming Li,Jing Xiao

2024-06-18

Abstract:This paper introduces a novel privacy-preservation framework named PFID for LLMs that addresses critical privacy concerns by localizing user data through model sharding and singular value decomposition. When users are interacting with LLM systems, their prompts could be subject to being exposed to eavesdroppers within or outside LLM system providers who are interested in collecting users' input. In this work, we proposed a framework to camouflage user input, so as to alleviate privacy issues. Our framework proposes to place model shards on the client and the public server, we sent compressed hidden states instead of prompts to and from servers. Clients have held back information that can re-privatized the hidden states so that overall system performance is comparable to traditional LLMs services. Our framework was designed to be communication efficient, computation can be delegated to the local client so that the server's computation burden can be lightened. We conduct extensive experiments on machine translation tasks to verify our framework's performance.

Computation and Language

Jeffrey Murray,Afra Mashhadi,Brent Lagesse,Michael Stiber,Jeffrey Murray Jr

DOI: https://doi.org/10.48550/arXiv.2101.09834

2021-01-25

Cryptography and Security

Abstract:With mobile phone penetration rates reaching 90%, Consumer Proprietary Network Information (CPNI) can offer extremely valuable information to different sectors, including policymakers. Indeed, as part of CPNI, Call Detail Records have been successfully used to provide real-time traffic information, to improve our understanding of the dynamics of people's mobility and so to allow prevention and measures in fighting infectious diseases, and to offer population statistics. While there is no doubt of the usefulness of CPNI data, privacy concerns regarding sharing individuals' data have prevented it from being used to its full potential. Traditional de-anonymization measures, such as pseudonymization and standard de-identification, have been shown to be insufficient to protect privacy. This has been specifically shown on mobile phone datasets. As an example, researchers have shown that with only four data points of approximate place and time information of a user, 95% of users could be re-identified in a dataset of 1.5 million mobile phone users. In this landscape paper, we will discuss the state-of-the-art anonymization techniques and their shortcomings.

Ludovic Barman,Italo Dacosta,Mahdi Zamani,Ennan Zhai,Apostolos Pyrgelis,Bryan Ford,Joan Feigenbaum,Jean-Pierre Hubaux

DOI: https://doi.org/10.2478/popets-2020-0061

2020-08-17

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Organizational networks are vulnerable to trafficanalysis attacks that enable adversaries to infer sensitive information fromnetwork traffic—even if encryption is used. Typical anonymous communication networks are tailored to the Internet and are poorly suited for organizational networks.We present PriFi, an anonymous communication protocol for LANs, which protects users against eavesdroppers and provides high-performance traffic-analysis resistance. PriFi builds onDining Cryptographers networks (DC-nets), but reduces the high communication latency of prior designs via a new client/relay/server architecture, in which a client’s packets remain on their usual network path without additional hops, and in which a set of remote servers assist the anonymization process without adding latency. PriFi also solves the challenge of equivocation attacks, which are not addressed by related work, by encrypting traffic based on communication history. Our evaluation shows that PriFi introduces modest latency overhead (≈ 100ms for 100 clients) and is compatible with delay-sensitive applications such as Voice-over-IP.

Vipin N. Sathi,Manikantan Srinivasan,Prabhu K. Thiruvasagam,C. Siva Ram Murthy

DOI: https://doi.org/10.1109/tdsc.2020.2968885

2021-11-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In the softwarized fifth generation (5G) networks, authentication protocols are deployed by both the mobile network operators and the third-party service providers to enable secure slice formation at the network side and user validation at the service provider side, respectively. However, the usage of static key-based authentication protocols in 5G networks gives rise to two major problems: (i) network slice topology learning attack during the formation of slice and (ii) exposure of users' service access behavior to the third-party service providers and device-to-device communication peers. In this article, we propose group anonymous (i) privacy preserving mutual authentication (PPMA) and (ii) privacy preserving one-way authentication (PPOA) protocols to address the aforementioned problems, respectively. We also prove the security of the PPMA and PPOA protocols against the chosen ciphertext attack in the random oracle model. The PPMA and PPOA protocols are implemented using the JPBC library and the computation overhead is measured. For 1024 bits discrete logarithm security, the computation overhead of the PPMA and PPOA protocols is respectively 48.54 and 68.65 percent lower than an existing privacy preserving authentication protocol on an Intel processor. The PPMA and PPOA protocols are generic and can be applied in peer-to-peer authentication scenarios where group anonymity and privacy preservation are considered.

Li Siyan,Vethavikashini Chithrra Raghuram,Omar Khattab,Julia Hirschberg,Zhou Yu

2024-10-23

Abstract:Users can divulge sensitive information to proprietary LLM providers, raising significant privacy concerns. While open-source models, hosted locally on the user's machine, alleviate some concerns, models that users can host locally are often less capable than proprietary frontier models. Toward preserving user privacy while retaining the best quality, we propose Privacy-Conscious Delegation, a novel task for chaining API-based and local models. We utilize recent public collections of user-LLM interactions to construct a natural benchmark called PUPA, which contains personally identifiable information (PII). To study potential approaches, we devise PAPILLON, a multi-stage LLM pipeline that uses prompt optimization to address a simpler version of our task. Our best pipeline maintains high response quality for 85.5% of user queries while restricting privacy leakage to only 7.5%. We still leave a large margin to the generation quality of proprietary LLMs for future work. Our data and code will be available at <a class="link-external link-https" href="https://github.com/siyan-sylvia-li/PAPILLON" rel="external noopener nofollow">this https URL</a>.

Cryptography and Security,Computation and Language

Mohsin Khan,Philip Ginzboorg,Kimmo Järvinen,Valtteri Niemi

DOI: https://doi.org/10.48550/arXiv.1811.02293

2018-11-06

Cryptography and Security

Abstract:3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.

Xiangman Li,Miao He,Jianbing Ni

2023-05-28

Abstract:Network slicing in 3GPP 5G system architecture has introduced significant improvements in the flexibility and efficiency of mobile communication. However, this new functionality poses challenges in maintaining the privacy of mobile users, especially in multi-hop environments. In this paper, we propose a secure and privacy-preserving network slicing protocol (SPNS) that combines 5G network slicing and onion routing to address these challenges and provide secure and efficient communication. Our approach enables mobile users to select network slices while incorporating measures to prevent curious RAN nodes or external attackers from accessing full slice information. Additionally, we ensure that the 5G core network can authenticate all RANs, while avoiding reliance on a single RAN for service provision. Besides, SPNS implements end-to-end encryption for data transmission within the network slices, providing an extra layer of privacy and security. Finally, we conducted extensive experiments to evaluate the time cost of establishing network slice links under varying conditions. SPNS provides a promising solution for enhancing the privacy and security of communication in 5G networks.

Cryptography and Security

Chen Feng,Hui-ming Wang

DOI: https://doi.org/10.48550/arXiv.2107.05966

2021-07-13

Abstract:Short-packet communication is a key technology to support two emerging application scenarios in 5G and beyond 5G, massive machine type communication (mMTC) and ultra-reliable low latency communication (uRLLC), which are introduced to satisfy the broader communication requirements of potential applications such as the internet of vehicles and industrial internet of things (IoT). The sharp increase in privacy data in various IoT applications has made security issues more prominent. The typical upper-layer encryption mechanism could not fully address the security challenge considering the resource restriction of IoT terminals. In this article, we investigate secure short-packet communication from the perspective of physical layer security (PLS), which can be regarded as a promising security solution in 6G. Specifically, the state-of-the-art development of fundamental information theory of secure short-packet communications and corresponding performance evaluation criterion in fading channels are summarized. Then we review recent works, which investigate short-packet communication systems (CSs) in different communication scenarios or with different security strategies from the perspective of PLS. Finally, we give future research directions and challenges.

Information Theory

Prajnamaya Dass,Marcel Gräfenstein,Stefan Köpsell

2024-05-03

Abstract:Mission critical communication (MCC) involves the exchange of information and data among emergency services, including the police, fire brigade, and other first responders, particularly during emergencies, disasters, or critical incidents. The widely-adopted TETRA (Terrestrial Trunked Radio)-based communication for mission critical services faces challenges including limited data capacity, coverage limitations, spectrum congestion, and security concerns. Therefore, as an alternative, mission critical communication over cellular networks (4G and 5G) has emerged. While cellular-based MCC enables features like real-time video streaming and high-speed data transmission, the involvement of network operators and application service providers in the MCC architecture raises privacy concerns for mission critical users and services. For instance, the disclosure of a policeman's location details to the network operator raises privacy concerns. To the best of our knowledge, no existing work considers the privacy issues in mission critical system with respect to 5G and upcoming technologies. Therefore, in this paper, we analyse the 3GPP standardised MCC architecture within the context of 5G core network concepts and assess the privacy implications for MC users, network entities, and MC servers. The privacy analysis adheres to the deployment strategies in the standard for MCC. Additionally, we explore emerging 6G technologies, such as off-network communications, joint communication and sensing, and non-3GPP communications, to identify privacy challenges in MCC architecture. Finally, we propose privacy controls to establish a next-generation privacy-preserving MCC architecture.

Networking and Internet Architecture

Lichun Li,Rongxing Lu,Cheng Huang

DOI: https://doi.org/10.1109/jiot.2015.2469605

IF: 10.6

2015-01-01

IEEE Internet of Things Journal

Abstract:With the pervasiveness of smart phones, location-based services (LBS) have received considerable attention and become more popular and vital recently. However, the use of LBS also poses a potential threat to user's location privacy. In this paper, aiming at spatial range query, a popular LBS providing information about points of interest (POIs) within a given distance, we present an efficient and privacy-preserving location-based query solution, called EPLQ. Specifically, to achieve privacy-preserving spatial range query, we propose the first predicate-only encryption scheme for inner product range (IPRE), which can be used to detect whether a position is within a given circular area in a privacy-preserving way. To reduce query latency, we further design a privacy-preserving tree index structure in EPLQ. Detailed security analysis confirms the security properties of EPLQ. In addition, extensive experiments are conducted, and the results demonstrate that EPLQ is very efficient in privacy-preserving spatial range query over outsourced encrypted data. In particular, for a mobile LBS user using an Android phone, around 0.9 s is needed to generate a query, and it also only requires a commodity workstation, which plays the role of the cloud in our experiments, a few seconds to search POIs.

Annapurna Pradhan,Susmita Das,Md. Jalil Piran,Zhu Han

2024-04-12

Abstract:Ultra-reliable low latency communication (URLLC) is an innovative service offered by fifth-generation (5G) wireless systems. URLLC enables various mission-critical applications by facilitating reliable and low-latency signal transmission to support extreme Quality of Service (QoS) requirements. Apart from reliability and latency, ensuring secure data transmission for URLLC has been a prominent issue for researchers in recent years. Using finite blocklength signals to achieve the stringent reliability and latency criteria in URLLC eliminates the possibility of using conventional complex cryptographic security enhancement techniques based on encoding and decoding of secret keys. Thus, the development of lightweight security mechanisms is of paramount importance for URLLC. Recently, Physical-Layer Security (PLS) techniques have emerged as a powerful alternative to the complex cryptography-based security approaches for facilitating secure URLLC by exploiting the randomness of the wireless channel. Therefore, in this survey, we present a comprehensive and in-depth review of the state-of-the-art PLS enhancements utilized to unleash secure URLLC while analyzing the impact of various system design parameters on its performance. Moreover, the survey incorporates a detailed overview of the recent advancements in ensuring secure URLLC using PLS in various mission-critical applications, and 5G URLLC enabling technologies like non-orthogonal multiple access (NOMA), multi-antenna systems, cooperative communication using unmanned aerial vehicles (UAV), and intelligent reflective surfaces (IRS). Apart from this, we briefly discuss the role of advanced Machine Learning (ML) techniques in designing robust and intelligent PLS schemes for URLLC service.

Cryptography and Security

Chuan Zhang,Liehuang Zhu,Chang Xu,Kashif Sharif,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1016/j.future.2018.07.064

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:In recent years, cognitive Internet of Things (CIoT) has received considerable attention because it can extract valuable information from various Internet of Things (IoT) devices. In CIoT, truth discovery plays an important role in identifying truthful values from large scale data to help CIoT provide deeper insights and value from collected information. However, the privacy concerns of IoT devices pose a major challenge in designing truth discovery approaches. Although existing schemes of truth discovery can be executed with strong privacy guarantees, they are not efficient or cannot be applied in real-life CIoT applications. This article proposes a novel framework for lightweight and privacy-preserving truth discovery called LPTD-I, which is implemented by incorporating fog and cloud platforms, and adopting the homomorphic Paillier encryption and one-way hash chain techniques. This scheme not only protects devices' privacy, but also achieves high efficiency. Moreover, we introduce a fault tolerant (LPTD-II) framework which can effectively overcome malfunctioning CIoT devices. Detailed security analysis indicates the proposed schemes are secure under a comprehensively designed threat model. Experimental simulations are also carried out to demonstrate the efficiency of the proposed schemes.