1

Identity-based Identity-based Cryptography for Cryptography for

Securing Mobile Phone Securing Mobile Phone CallsCalls

Matthew Smith, Christian Schridde, Bj ¨orn Agel, Matthew Smith, Christian Schridde, Bj ¨orn Agel, Bernd FreislebenBernd Freisleben

2009 International Conference on Advanced Information Networking and Applications Workshops

2

OutLineOutLine• IntroductionIntroduction• ProtocolProtocol• Implementation IssuesImplementation Issues• Experimental ResultsExperimental Results• ConclusionsConclusions

3

1 Introduction1 Introduction

• 目前目前 (GSM(GSM （第二代）和（第二代）和 UMTSUMTS （（ 3G3G ） ） )) 的加的加密方式密方式 ::

– 手機送出加密文件給基地台在基地台發送給目的端手機送出加密文件給基地台在基地台發送給目的端

4

1 Introduction1 Introduction• 常見的攻擊方式常見的攻擊方式 ::

5

2 Protocol2 Protocol

• The identity-based key agreement The identity-based key agreement protocol SSF (Secure Session Framework) protocol SSF (Secure Session Framework) consists of four main algorithms: Setup, consists of four main algorithms: Setup, Extract, Build SIK, and Compute.Extract, Build SIK, and Compute.

• ID-PKG ID-PKG

6

2 Protocol2 Protocol2.2 Key Agreement

7

2 Protocol2 Protocol

2.2 Key Agreement

8

2 Protocol2 Protocol

2.2 Key Agreement

9

2 Protocol2 Protocol

2.2 Key Agreement

10

2 Protocol2 Protocol

2.3 Key Agreement Between Domains

11

2 Protocol2 Protocol2.3 Key Agreement Between Domains

12

2 Protocol2 Protocol

13

3 Implementation Issues3 Implementation Issues

• 3.2 Distribution of the Identity Keys3.2 Distribution of the Identity Keys

– IBEs & PKIs IBEs & PKIs

• 3.3 Key Expiration3.3 Key Expiration

– Mobile phone call encryption is the fact that teleMobile phone call encryption is the fact that telephone numbers are reused.phone numbers are reused.

14

4 Experimental Results4 Experimental Results

• Nokia N82-1 and a Nokia N95-1 both wiNokia N82-1 and a Nokia N95-1 both with an ARM-11 CPU with 330 MHz runnith an ARM-11 CPU with 330 MHz running Symbian 9.2 FP1. ng Symbian 9.2 FP1.

• N = 512, 1024, 2048 and 4096 Bit N = 512, 1024, 2048 and 4096 Bit • rID = 64, 128, 256 and 512 Bit rID = 64, 128, 256 and 512 Bit • R = f3, 17, 513, 65537g R = f3, 17, 513, 65537g

15

4 Experimental Results4 Experimental Results

16

6 Conclusions6 Conclusions

• An identity-based key agreement systeAn identity-based key agreement system for mobile telephony in GSM and Um for mobile telephony in GSM and UMTS networks was presented. MTS networks was presented.

• Experimental results based on a SymbExperimental results based on a Symbian implementation for the Nokia smaian implementation for the Nokia smartphones N95-1 and N82-1 were presenrtphones N95-1 and N82-1 were presented showing that current smartphones ted showing that current smartphones are powerful enough to run the presenare powerful enough to run the presented system. ted system.