FlagThis

Abstract

SIM cards have been the key building block of user authentication and security in cellular networks. While they are meant to serve as privacy protecting elements in cellular communications, they can be the root cause of privacy loss. Current eSIMs come with a fixed device profilecomprising a secret key, a certificate, and a unique eUICC identifierthat permanently binds every subscriber profile provisioned on the device to that device profile. This binding enables an attacker with the vantage point of a cellular operator to correlate subscriber identities back to a single device, piecing together a complete pattern of lifeonline activities, movement patterns, and real-world identityeven when users rotate subscriber identities or employ traffic obfuscation techniques. To mitigate this concern, we introduce _Di5Guise_ , a privacyenhancing architecture that breaks this correlation at its root by decoupling the device identity from the subscriber identity. Central to _Di5Guise_ is vSIM, a virtualized SIM card that enables dynamic device profile provisioning, allowing each subscriber profile to be associated with a distinct, unlinkable device profile. _Di5Guise_ establishes trust with the operator by ensuring that vSIM is running on secure hardware in a trustworthy state. We prototype _Di5Guise_ on a Field Programmable Gate Array (FPGA) board and integrate it with srsRAN to demonstrate full compatibility with existing 5G infrastructure. Using a complex user correlation model, we show that _Di5Guise_ reduces user re-identification accuracy from 93% to 49% when combined with obfuscation.