Hexuan Yu (Virginia Tech), Chaoyu Zhang (Virginia Tech), Yang Xiao (University of Kentucky), Angelos D. Keromytis (Georgia Institute of Technology), Y. Thomas Hou (Virginia Polytechnic Institute and State University), Wenjing Lou (Virginia Tech)
Mobile Network Operators (MNOs) are known to leak or sell subscribers’ sensitive information, including geolocation and communication histories. Anonymous mobile user authentication methods, such as cite{schmitt2021pretty} (USENIX Sec'21),~cite{yu2023aaka} (NDSS'24), cite{alnashwan2024strong} (CCS'24), enable users to access mobile networks without revealing long-term identifiers like phone numbers or Subscription Permanent Identifiers (SUPI). However, the absence of identity transparency and location awareness poses significant challenges to implementing anonymous access in real-world mobile networks, particularly for essential functions such as call routing, usage measurement, and charging. To address these limitations, we propose ANONYCALL, a privacy-preserving call management architecture that supports anonymous mobile network access while enabling two essential functions: textit{anonymous callee discovery} and textit{usage-based charging}. ANONYCALL incorporates an out-of-band authentication mechanism to securely share temporary call identifiers, allowing seamless call routing without revealing permanent user information. Additionally, it introduces an anonymous but accountable balance credential that enables accurate charging and prevents double-spending while preserving mobile user anonymity. Fully compatible with existing mobile networks, ANONYCALL introduces minimal overhead, adding less than 200 ms to call establishment. Evaluations with smartphones and standard calling systems demonstrate its practicality, offering a viable solution for privacy-preserving yet functional mobile communication.