Learn about an award-winning thesis on privacy and 5G from Ericsson Security Research

Enrique Cobo Jiménez’s work, “Encrypting IMSI to improve privacy in 5G Networks” was named the best master thesis in the field of Application and Services for Cyber-security and Cyber-intelligence by the Spanish Official Association of Electrical Engineers. Enrique tells us about his thesis and his experience at Ericsson Security Research in Stockholm.


Enrique (left) receiving the diploma

Hi Enrique! Could you quickly explain what your work is about?

Sure. My thesis aims to enhance identifier privacy in mobile networks, especially regarding 5G, when a subscriber needs to be identified to the network. Up through 4G, mobile devices send the subscriber’s long-term identifier called IMSI (International Mobile Subscriber Identifier) in clear to the network. It means that an over-the-air attacker could obtain the IMSIs and, in the worst case, identify subscribers behind them. You can find the whole report here. Let me try to briefly sum it up:

We proposed a mechanism in which encrypted IMSIs are sent to the network. The encryption is done by using ECIES (Elliptic Curve Integrated Encryption Scheme), which is a low-overhead asymmetric encryption scheme. This way the subscriber’s untraceability is significantly improved.

We also demonstrated that our proposal was practically feasible with off-the-shelf smartphones. Mobile applications were developed to measure the execution time for encrypting IMSI using different elliptic curves (NIST P-256 and Curve25519) on smartphones from different vendors and with varying computational capacities. In the best case, the total execution time was 1.6 ms, which is quite acceptable when comparing it with a typical call setup time. These results were also presented at the IEEE Conference MoWNet’17, Subscription identifier privacy in 5G Systems.

Finally, it is exciting to see how the mobile standardization body 3GPP has addressed the problem, deciding to include our proposal in the 5G security standard! I’m really proud to be a part of the team that made it happen and to realize how one’s work can actually make an impact.

How was working at Ericsson Security Research?
It was great! From the first minute, I felt fully integrated. People there were very helpful and open to discussing ideas. But at the same time they gave me sufficient space to conduct research on my own. Furthermore, I was always welcomed to ask anybody questions, not only within the Security Research team but throughout the whole company! People from other working units also helped with their insights on the topic, from comments to valuable implementation aspects.

On a personal note, the thesis challenged me in a stimulating way – sometimes I was pushed to my limits. But that’s what it means to work in Research: one must come up with innovative solutions to rather complicated problems. Nevertheless, this experience taught me one lesson I will remember for the rest of my life: never take anything for granted and reflect on every single problem you face.

How have you ended up in Sweden?
Well, the journey started 25 years ago in Jaén, a small city in southern Spain (which well deserves a visit!), where I grew up. Since I was young, I was very interested in technology… Honestly, I must confess that I couldn’t help asking and pressing all the buttons I could find! Then I went to Madrid to study Electrical Engineering at UPM Technical University of Madrid, and finally I was offered to finish my studies at KTH Royal Institute of Technology in Stockholm.

So here I am now, working as an ASIC designer at Ericsson, and so far, I can say that the experience is great. I have had to get used to many different things, some of them were easy (like fikas – the Swedish tradition of having a small sweet with a cup of coffee), while others were challenging (som att prata svenska – such as the Swedish language!). Even more personal… coming from Spain, living in Sweden has meant to value and enjoy good weather much more!

More about the topic

  1. My Thesis! Encrypting IMSI to improve privacy in 5G Networks
  2. Paper on Subscription Identifier Privacy in 5G Systems
  3. Paper on Protecting IMSI and subscriber privacy in 5G networks
  4. Blog-post on IMSI privacy: Protecting 5G against IMSI catchers
  5. 5G security white paper, 2018
The Ericsson Blog

Like what you’re reading? Please sign up for email updates on your favorite topics.

Subscribe now

At the Ericsson Blog, we provide insight to make complex ideas on technology, innovation and business simple.