Embed Size (px)
Citation preview
CDMA SECURITY
Security Threats & Solutions
Cloning Fraud (Unauthorized Access)• Authentication
Eavesdropping• Voice Privacy & User Data Encryption
Threats on System Operational Integrity• Signaling Message Encryption
Lucent Security ArchitectureLucent Security Architecture
Security ServicesSecurity Services
PrivacyPrivacy FraudFraud Secure Systems
Reliability
Secure Systems
Reliability
AvailabilityAvailabilityIntegrityIntegrity
Non-Repudiation
Non-Repudiation
ConfidentialityConfidentiality
Identification and AuthenticationIdentification and Authentication
Access ControlAccess Control
CDMA - Security and Cryptography
Controllerand
Switch
Controllerand
Switch
Every phone has unique secret keyand generates unique privacy parametersfor each call using the CAVE algorithm .
CDMA - Security Architecture
CDMAChannelCDMA
Channel
ENCRYPTEDENCRYPTED
CAVECAVE
SSDSSD
SPREADINGSPREADINGPublic orPublic orPrivatePrivate
Long CodeLong CodeCODED SPEECHCODED SPEECHCODED SPEECHCODED SPEECH
SIGNALING & SMSSIGNALING & SMSMESSAGEMESSAGE
ASYNC DATA, G-3 ASYNC DATA, G-3 FAX,FAX,
PACKET DATAPACKET DATA
Private Private Long CodeLong CodeGeneratorGenerator
CHALLENGE RESPONSE
AUTHENTICATION
ENCRYPTION KEYSENCRYPTION KEYS
ECMEAECMEA
EORYXEORYX
ENCRYPTEDENCRYPTED
Secret Key Hierarchy
A-Key (Seed)A-Key (Seed)
SSD - Secret Shared DataVPM - Voice Privacy MaskCMEA - EnhancedCellular Message Encryption Alg.
SSD - Secret Shared DataVPM - Voice Privacy MaskCMEA - EnhancedCellular Message Encryption Alg.
SSD - ASSD - A SSD- BSSD- B
64-Bits Infrequently64-Bits Infrequently
64-Bits Periodically64-Bits Periodically 64-Bits Periodically64-Bits Periodically
32-Bits32-Bits 520-Bits Each Call520-Bits Each Call 64-Bits Each Call64-Bits Each Call
192-Bits/Variable Each Call192-Bits/Variable Each Call
Data MaskData Mask
Data KeyData Key VPMVPM ECMEA KeyECMEA Key
(AUTHENTICATION)(AUTHENTICATION)
Key TypeKey Type
Size Update FrequencySize Update Frequency
(PRIVACY)(PRIVACY)
Generation of Shared Secret Data
CAVEA-Key
RANDSSD
SSD_A
SSD_B
SSD
CDMA - Authentication
A-key
SSD
AC
MSC
CHALLENGE
Equal ?(Authentication)
CAVE
CAVE
SSD
SSD - Shared Secret Data
MSC - Mobile Switching Center
AC - Authentication Center
SSD
RESPONSE
CDMA - Voice Privacy
SPREADINGCODED SPEECH
PRIVATE LCM
PUBLIC LCM
VOICEPRIVACY
MASK
ESN
CAVE
SSD
RAND
CDMA - Message and Data Encryption
CDMAChannelCDMA
Channel
ENCRYPTEDENCRYPTED
CAVECAVE
SSDSSD
SPREADINGSPREADINGPublic orPublic orPrivatePrivate
Long CodeLong CodeCODED SPEECHCODED SPEECHCODED SPEECHCODED SPEECH
SIGNALING & SMSSIGNALING & SMSMESSAGEMESSAGE
ASYNC DATA, G-3 ASYNC DATA, G-3 FAX,FAX,
PACKET DATAPACKET DATA
Private Private Long CodeLong CodeGeneratorGenerator
CHALLENGE RESPONSE
AUTHENTICATION
ENCRYPTION KEYSENCRYPTION KEYS
ECMEAECMEA
EORYXEORYX
ENCRYPTEDENCRYPTED
CDMASpread Spectrum
FDMA (AMPS)Different Carriers
TDMA & GSMCarriers Split into Time Slots
Multiple Access Schemes for Wireless
CDMA Provides Improved Security Increased Capacity
(>3x TDMA, 10x AMPS)
CDMA - Security Architecture
CDMAChannelCDMA
Channel
ENCRYPTEDENCRYPTED
CAVECAVE
SSDSSD
SPREADINGSPREADINGPublic orPublic orPrivatePrivate
Long CodeLong CodeCODED SPEECHCODED SPEECHCODED SPEECHCODED SPEECH
SIGNALING & SMSSIGNALING & SMSMESSAGEMESSAGE
ASYNC DATA, G-3 ASYNC DATA, G-3 FAX,FAX,
PACKET DATAPACKET DATA
Private Private Long CodeLong CodeGeneratorGenerator
CHALLENGE RESPONSE
AUTHENTICATION
ENCRYPTION KEYSENCRYPTION KEYS
ECMEAECMEA
EORYXEORYX
ENCRYPTEDENCRYPTED
CODED SPEECHCODED SPEECHCODED SPEECHCODED SPEECH
TDMA - Security Architecture
TDMAChannelTDMA
Channel
ENCRYPTEDENCRYPTED
CAVECAVE
SSDSSD
FrameFrameSelectorSelector
SIGNALING & SMSSIGNALING & SMSMESSAGEMESSAGE
ASYNC DATA, G-3 ASYNC DATA, G-3 FAX,FAX,
PACKET DATAPACKET DATA
CHALLENGE RESPONSE
AUTHENTICATION
ENCRYPTION KEYSENCRYPTION KEYS
ECMEAECMEA
EORYXEORYX
ENCRYPTEDENCRYPTED
VoiceVoicePrivacyPrivacyMaskMask
MASKEDSPEECHMASKEDSPEECH
GSM - Security Architecture
Root KeyKi
Root KeyKi
GSMChannel
GSMChannelCHANNELCHANNEL
CODINGCODING
CODED SPEECHCODED SPEECHCODED SPEECHCODED SPEECH
MESSAGINGMESSAGING
DATADATA
A5A5
ENCRYPTION KEY KENCRYPTION KEY Kcc
A3A3
A8A8
CHALLENGE RESPONSE
AUTHENTICATION
Subscriber Identity Module (SIM Card)
Evolution of Security Systems
Analog System• Cryptographic Authentication only in recent equipment• Un-authenticated Systems (majority) vulnerable to Cloning
Fraud • No Voice Privacy
Digital Cellular• Proliferation of Authentication• Inherent concealment of information in the digital stream• User anonymity (TMSI) • Voice and Data EncryptioOver the Air Service
Provisioning(OTASP) supported Enhanced Algorithms
• ECMEA, EORYX granted in standards ballot 3G Security Solution in Progress
CDMA - Inherent Security
Even without encryption, CDMA
provides inherent privacy of all
transmitted information (e.g., voice,
data, signaling) due to signal
spreading.
Synergy of encryption and spreading
gives CDMA extremely high security.
Security Assessments: Providing a comprehensive assessment of cellular networks for security vulnerabilities.
Technology: Developing security hardware and software prototypes are performed.
Consultancy: Providing identification of vulnerabilities are done in order to keep customers up-to-date on the latest security attacks and solutions.
Security Laboratory: Prototyping security solutions and demonstration of security and fraud scenarios are executed in the laboratory.
Cryptography: Developing, prototyping, and analysis of cryptographic and key management algorithms will be executed.
Security Architecture: Ensuring that security entered into the architecture design of wireless products will be supported.
Industry: Technical representation into the (CTIA), TR45 (AHAG), and ITU is provided.
Security Training and Education: Providing security training for customers, internal groups, and law enforcement is supported.
SecurityAssessments
Consultancy
Security Laboratory
Cryptography IndustryTechnology
SecurityArchitecture
Security Trainingand Education
Wireless Core Technologies Department
Wireless Security Charter
