Abstract
Privacy is a main concern for mobile network users, and there are many proposed enhancements for the protection of the long-term subscription identifier. Some enhancements require asymmetric key operations, which increase both processing requirements and protocol message sizes. To the best of our knowledge, there has been no practical implementation feasibility study of these enhancements using commodity mobile devices. Neither is it clear whether the enhancements are sufficient. This paper highlights privacy weaknesses, when the long-term subscription identifier is used in Paging procedures, and proposes new ways to resolve these. Further, the paper evaluates an Android implementation of one of the enhancements, which includes the asymmetric scheme Elliptic Curve Integrated Encryption Scheme (ECIES). We conclude that it is feasible to implement asymmetric encryption methods for the long-term subscription identifier and that the highlighted privacy weaknesses can be efficiently countered. This removes another set of obstacles for realizing the protection in mobile network standards.