Secure Mobile Identities

TL;DR

This paper introduces Secure Mobile Identities (SMI), a protocol that enhances mobile user identity security by leveraging weak SIM authentication and trusted location signatures, demonstrated through implementation and analysis.

Contribution

The paper presents a novel key-exchange protocol that improves mobile identity security using existing weak authentication and external trusted location sources.

Findings

SMI provides stronger identity authenticity for mobile users.

Implementation shows practical feasibility of the protocol.

Analysis confirms security benefits under mobility models.

Abstract

The unique identities of every mobile user (phone number,IMSI) and device (IMEI) are far from secure and are increasingly vulnerable to a variety of network-level threats. The exceedingly high reliance on the weak SIM authentication layer does not present any notion of end-to-end security for mobile users. We propose the design and implementation of Secure Mobile Identities (SMI), a repetitive key-exchange protocol that uses this weak SIM authentication as a foundation to enable mobile users to establish stronger identity authenticity. The security guarantees of SMI are directly reliant on the mobility of users and are further enhanced by external trusted entities providing trusted location signatures (e.g. trusted GPS, NFC synchronization points). In this paper, we demonstrate the efficacy of our protocol using an implementation and analysis across standard mobility models.