TY - GEN
T1 - Pseudonymisation of SS7 Identifiers by Random Tables
AU - Beumier, Charles
AU - Debatty, Thibault
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.
PY - 2025
Y1 - 2025
N2 - This paper details the pseudonymisation of identifiers contained in SS7 (Signaling System No. 7) mobile signaling traffic in order to protect subscriber privacy. This is necessary to comply with the General Data Protection Regulation (GDPR) rules when processing data holding private information, such as in our project on 2G/3G SS7 attack detection. A method using random tables to substitute sensitive SS7 identifiers is presented. Applied independently to all necessary identifiers, this approach maximizes the protection of subscribers and offers a simple and fast implementation. It must be used at the operator premises on SS7 traffic before transfer to the research institute, where special care is taken to comply with GDPR. In particular, a Data Protection Impact Assessment (DPIA) document was written to describe the context of the research, the required data and intended processing, the measures taken to protect the rights of the subscribers, and an evaluation of the risks and their mitigation. This publication provides the reader with a comprehensive description of all aspects of pseudonymisation in a real case study involving mobile telephony data processing for research purposes.
AB - This paper details the pseudonymisation of identifiers contained in SS7 (Signaling System No. 7) mobile signaling traffic in order to protect subscriber privacy. This is necessary to comply with the General Data Protection Regulation (GDPR) rules when processing data holding private information, such as in our project on 2G/3G SS7 attack detection. A method using random tables to substitute sensitive SS7 identifiers is presented. Applied independently to all necessary identifiers, this approach maximizes the protection of subscribers and offers a simple and fast implementation. It must be used at the operator premises on SS7 traffic before transfer to the research institute, where special care is taken to comply with GDPR. In particular, a Data Protection Impact Assessment (DPIA) document was written to describe the context of the research, the required data and intended processing, the measures taken to protect the rights of the subscribers, and an evaluation of the risks and their mitigation. This publication provides the reader with a comprehensive description of all aspects of pseudonymisation in a real case study involving mobile telephony data processing for research purposes.
KW - GDPR
KW - Pseudonymisation
KW - Random tables
KW - SS7
UR - https://www.scopus.com/pages/publications/105000948824
U2 - 10.1007/978-3-031-85363-0_22
DO - 10.1007/978-3-031-85363-0_22
M3 - Conference contribution
AN - SCOPUS:105000948824
SN - 9783031853623
T3 - Lecture Notes in Networks and Systems
SP - 369
EP - 378
BT - Advances in Information and Communication - Proceedings of the 2025 Future of Information and Communication Conference, FICC 2025
A2 - Arai, Kohei
PB - Springer Science and Business Media Deutschland GmbH
T2 - Future of Information and Communication Conference, FICC 2025
Y2 - 28 April 2025 through 29 April 2025
ER -