Yang Xiao, an assistant professor in the Department of Computer Science, has received $300,000 from the National Science Foundation's Secure and Trustworthy Cyberspace (SaTC) program for a four-year project building an anti-tracking and robocall-free architecture for mobile networks.
The SaTC program is a collaborative research program that supports research addressing cybersecurity and privacy, drawing on expertise in one or more of these areas: computing, communication and information sciences; engineering; economics; education; mathematics; statistics; and social and behavioral sciences.
Xiao's project, "Collaborative Research: SaTC: CORE: Medium: An Anti-tracking and Robocall-free Architecture for Next-G Mobile Networks," marks the first UK faculty member to receive an award from the SaTC program.
Mobile tracking and robocalls are well-known privacy problems facing mobile users in current modern mobile cellular networks. With the deployment of 5G mobile communications technology and beyond, the tracking capability of a mobile network operator (MNO) allows it to constantly harvest users’ location and service data with unprecedently precision. In the meantime, automatic voice calls–- commonly known as robocalls, have been widely exploited by scammers to perform telecom frauds. In this project, we aim to develop a privacy-preserving mobile access architecture that can protect mobile users from mobile tracking/profiling and robocall scams. We make the critical observation that the root cause of mobile tracking and robocalls, along with most other privacy threats to mobile users, lies in the fact that mobile users must reveal their long-term identities, represented by Subscription Permanent Identifier (SUPI) and phone number, to the mobile network during their access to service. In response, the proposed anti-tracking and robocall-free architecture allows a legitimate mobile user to access the cellular service anonymously; different connections made by the same user at different times shall not be linkable. To achieve practicality for real-world deployment, our architecture is also designed to be backward compatible with the crucial mobile network functions in existing mobile networks, particularly user accountability (when requested by law enforcement) and mobile calling functions. To realize the above objectives, we plan to make novel combined use of anonymous credential (AC) and trusted platform module (TPM) technologies that involve the design and verification of a suite of cryptographic protocols as well as the construction of a testbed. The proposed architecture, protocols, and testbed, once implemented and evaluated successfully, will not only solve the long-standing mobile tracking and robocall problems but also contribute to the theoretical and practical knowhows toward building secure and trustworthy next-G mobile systems.