Abstract
Although the Evolved Packet System Authentication and Key Agreement (EPS-AKA) provides security and privacy enhancements in 3rd Generation Partnership Project (3GPP), the International Mobile Subscriber Identity (IMSI) is sent in clear text in order to obtain service. Various efforts to provide security mechanisms to protect this unique private identity have not resulted in methods implemented to protect the disclosure of the IMSI. The exposure of the IMSI brings risk to user privacy, and knowledge of it can lead to several passive and active attacks targeted at specific IMSI's and their respective users. Further, the Temporary Mobile Subscribers Identity (TMSI) generated by the Authentication Center (AuC) have been found to be prone to rainbow and brute force attacks, hence an attacker who gets hold of the TMSI can be able to perform social engineering in tracing the TMSI to the corresponding IMSI of a User Equipment (UE). This paper proposes a change to the EPS-AKA authentication process in 4G Long Term Evolution (LTE) Network by including the use of Public Key Infrastructure (PKI). The change would result in the IMSI never being released in the clear in an untrusted network.