“When you connect to the Internet, you provide the IMSI number to show to the back-end database that you are a paying customer, and here is the service you subscribe to,” Schmidt said. “Then the system will notify the rest of the core and let you enter the network. But the changes we made to PGPP have changed calculus. The subscriber database can verify that you are a paying user without knowing who you are. We have decoupled and merged Billing and authentication are transferred.”

For operators, it is much easier to transform some billing systems and distribute applications to users than a more in-depth network overhaul. Raghavan and Schmitt are turning their research into a start-up company to make it easier to promote the project among American telecommunications companies. They acknowledged that even if it is easy to adopt, it is still a long process for the entire industry to switch to PGPP soon. But they say that only getting a few operators can still make a big difference. This is because if any important part of the entire collection is contaminated, the bulk location data will become less reliable.if 9 million For example, Boost Mobile users will broadcast the same or random IMSI number, which will destroy the accuracy and usefulness of the entire data set.

Cryptographer Bruce Schneier (Bruce Schneier) first learned about PGPP in January and recently became a project consultant. He said that even small virtual providers (called MVNOs) that do not operate their own cell towers can independently implement this The fact of planning is significant.

“An operator can do it on its own without anyone’s permission, and it doesn’t need anyone else to change anything,” Schneier said. “I can imagine one of the smaller companies saying that they will provide this as a value-added service because they want to be different. This is privacy and the cost is very low. This is the neat thing.”

In the highly competitive monolithic wireless market, standing out in terms of privacy may be an attractive marketing strategy. The three major operators may try to stop MVNOs from adopting things like PGPP through contract suspension. But the researchers said that some MVNOs have expressed interest in the proposal.

Between the potential pressure of law enforcement and the loss of data access — coupled with the need to distribute applications or involve mobile operating systems — operators have little incentive to adopt PGPP. Schmitt pointed out that in cases where law enforcement agencies may object to such a plan, it is still possible for operators to perform targeted location history queries on specific phone numbers. The researchers said they believe that this method is legal in the United States under the Law Enforcement Communications Assistance Act. This is because a warning from PGPP is that it only adds privacy protection for cellular tower interactions involving data networks such as 4G or 5G. It will not attempt to interoperate with the long-established telephone protocol that facilitates traditional telephone calls and SMS text messaging. Users will need to rely on VoIP calls and data-based messaging to maximize privacy.

The method also focuses on the IMSI number, and the 5G counterpart called the subscription permanent identifier or SUPI, and it does not protect or obscure static hardware identifiers such as International Mobile Equipment Identity (IMEI) numbers or media access control (MAC) addresses These are not used in the cell tower interactions that the researchers are trying to anonymize, but they can provide other avenues for tracking.

However, after years of data abuse and growing privacy issues, it is still important to have a simple and straightforward option to solve a major location data leakage problem.

“Frankly, my feeling now is, why didn’t I see it before?” Ragwan said. “It’s not,’Wow, this is too difficult to figure out.’ It’s obvious in retrospect.”

“This actually makes us feel better as system researchers,” Schmidt added. “In the end, the simpler the system, the better the system.”


More exciting connection stories



Source link