I mean you can do authentication without doing it per base station... the real reason we don’t have anything like this is because it’s a lot of work to make this work well worldwide and because a lot of governments are not interested in making spoofing base stations harder on themselves.
Shouldn't we just fix this one layer above? Just like the internet treat the network as hostile and use strong encryption to connect to your network provider. If someone uses a stingray you use their bandwidth but they see nothing because you're running encrypted VoLTE.
It's astart but from my understanding implementing strong encryption on the layer above does little to mitigate physical location tracking issues that arise from spoofed towers.
Nothing short of removing all devices identifiers (IMSI, IMEI, etc) and using an untraceable payment system for network access (eg blinded tokens) will mitigate the location tracking ability of the carriers.
The perfect is the enemy of the good and cops do use stingrays for a reason. But targeted government surveillance is only one privacy threat, and carriers have no compunctions about bulk selling your location to the mass surveillance industry.
Yes, and I did recognize I was talking about a different vulnerability by saying that the perfect is the enemy of the good. But if we're talking about protocol vulnerabilities, why skip over the deep flaw of having fixed identifiers in the first place?
Heck, simply removing the IMEI so that users don't have to buy a new burner phone (/mifi) along with every burner SIM would be a vast improvement!
Really I'm just pointing out the larger context, as it's important to keep in mind. Shoring this up will make the keystone cops have to go get a warrant, but won't help versus the NSA, parallel construction, or GoogleNexis. It probably won't even make private investigators have to eat lunch in their cars again.
Much of the data you'd want to protect is meta data (location and access times).
If you can't trust your network entry point on mobile, you're really just screwed in many un-patchable ways. Mobile-to-mobile mesh networking could help, but I can't imagine that being widespread unless it's done in a layer outside user control or visibility, taking you back to square one.
