GISFI GICT.105 file · Web viewAll GISFI reports are to be based on this skeleton

GISFI TR SP.109 V1.0.0 (2013-09)Technical Report

Global ICT Standardisation Forum for India;Technical Working Group Security and Privacy;

GPRS: SGSN and GGSN Security Requirements; (Release 1)

The present document has been developed within GISFI and may be further elaborated for the purposes of GISFI.

GISFI

GISFI office addressSuite 303, 3rd Floor, Tirupati Plaza, Plot No. 4, Sector 11, Dwarka, New Delhi-110075, India

Tel.: +91-11-47581800 Fax: +91-11-47581801

Internethttp://www.gisfi.org

E-mail: [email protected]

Copyright Notification

No part may be reproduced except as authorized by written permission.The copyright and the foregoing restriction extend to reproduction in all media.

© 2013, GISFI All rights reserved.

GISFI

GISFI TR SP.109 V1.0.0 (2013-09)2Release 1

ContentsForeword.............................................................................................................................................................5

Introduction.........................................................................................................................................................5

1 Scope.........................................................................................................................................................6

2 References.................................................................................................................................................6

3 Definitions and abbreviations...................................................................................................................83.1 Definitions...........................................................................................................................................................83.2 Abbreviations.......................................................................................................................................................8

4 General....................................................................................................................................................114.1 Functionality of GGSN and SGSN in GPRS....................................................................................................114.2 Standards based GPRS architecture.................................................................................................................124.2.1 The Access Network (AN) entities.............................................................................................................134.2.2 The Core Network (CN) Entities.................................................................................................................134.2.2.1 Gateway GPRS Support Node..............................................................................................................134.2.2.2 Serving GPRS Support Node................................................................................................................134.3 Interfaces between PS domain and Access Network........................................................................................144.3.1 Interface between SGSN and BSS (Gb-interface).......................................................................................144.3.2 Interface between SGSN and BSS (Iu_PS-interface)..................................................................................144.3.3 Interface between SGSN and RNS (Iu_PS-interface)..................................................................................144.4 Interfaces internal to the Core Network............................................................................................................144.4.1 Interface between SGSN and HLR (Gr-interface).......................................................................................144.4.2 Interface between SGSN and GGSN (Gn- and Gp-interface).....................................................................144.4.3 Signalling Path between GGSN and HLR (Gc-interface)...........................................................................144.4.4 Interface between SGSN and EIR (Gf-interface)........................................................................................154.4.5 Reference Point between the CSS and the Gn/Gp SGSN (Ghv Reference Point).......................................154.4.6 Interface between MSC/VLR and SGSN (Gs-interface) for GPRS............................................................154.4.7 Interface between HLR/HSS and AuC (H-Interface)..................................................................................154.4.8 Interface between SGSN/IP-SM-GW and SMS-GMSC/SMS-IWMSC (Gd-Interface) for GPRS.............154.5 Various practical configurations of GPRS deployment....................................................................................164.6 Protocols in GPRS networks............................................................................................................................174.6.1 GPRS Protocol Architecture for USER Plane............................................................................................174.6.2 GPRS Protocol Architecture for Signalling Plane......................................................................................194.6.2.1 MS – SGSN............................................................................................................................................194.6.2.2 SGSN - HLR.........................................................................................................................................194.6.2.3 SGSN - MSC/VLR.................................................................................................................................204.6.2.4 SGSN – EIR...........................................................................................................................................204.6.2.5 SGSN - SMS-GMSC or SMS-IWMSC.................................................................................................204.6.2.6 GSN - GSN.............................................................................................................................................214.6.2.7 GGSN - HLR..........................................................................................................................................214.6.2.8 MAP-based GGSN - HLR Signalling....................................................................................................214.6.2.9 GTP and MAP-based GGSN - HLR Signalling.....................................................................................224.6.3 Summary of Interface with protocol used in GPRS.........................................................................................22

5 Security Threats and Requirements........................................................................................................235.1 General security requirements..........................................................................................................................235.2 Requirements from certification bodies etc. if available, e.g. GCF..................................................................235.3 Security requirements from specifications........................................................................................................245.3.1 Subscriber Identity Module - SIM...............................................................................................................245.3.2 Subscriber identity confidentiality..............................................................................................................245.3.2.1 Functional requirements.........................................................................................................................245.3.2.2 Procedure................................................................................................................................................245.3.3 Subscriber Identity Authentication..............................................................................................................255.3.3.1 Functional requirements.........................................................................................................................255.3.3.2 Authentication procedure..................................................................................................................265.3.3.3 Subscriber Authentication Key management...................................................................................265.3.4 Data and Signaling Protection......................................................................................................................27

GISFI


5.3.4.1 Functional Requirements...................................................................................................................................285.3.4.2 The ciphering method........................................................................................................................................285.3.4.3 Key setting.........................................................................................................................................................285.3.4.4 Ciphering key sequence number........................................................................................................................295.3.4.5 Starting of the ciphering and deciphering processes.........................................................................................295.3.4.6 Synchronisation.................................................................................................................................................295.3.5 GPRS Backbone Security............................................................................................................................305.4 Threats and requirements from threats..............................................................................................................315.4.1 The MS and The SIM-card..........................................................................................................................315.4.2 Interface between the MS and SGSN..........................................................................................................325.4.2.1 Threats to Availability [37, 12]..............................................................................................................325.4.2.2 Threats to Authentication [37]..............................................................................................................325.4.2.3 Threats to Confidentiality and Integrity [37]........................................................................................325.4.2.4 Threats to Privacy [35]..........................................................................................................................325.4.3 Security Threats on IP Technology – Gn Interface......................................................................................325.4.3.1 Threats to Authentication and Authorization [37].................................................................................325.4.3.2 Threats to Confidentiality [37]..............................................................................................................335.4.3.3 Threats to Integrity [37]........................................................................................................................335.4.3.4 Threats to Availability [37]...................................................................................................................335.4.4 Security Threats on SS7 technology [37]....................................................................................................335.4.4.1 Threats to Authentication and Authorization........................................................................................335.4.4.2 Threats to Confidentiality......................................................................................................................335.4.4.3 Threats to Availability...........................................................................................................................335.4.5 Gp Interface..................................................................................................................................................335.4.5.1 Threats to Availability [36, 37].............................................................................................................345.4.5.2 Threats to Authentication and Authorisation [37].................................................................................345.4.5.3 Threats to Confidentiality [36]..............................................................................................................345.4.5.4 Threats to Integrity [36]........................................................................................................................345.4.6 Gi Interface..................................................................................................................................................345.4.6.1 Threats to Availability [18, 37].............................................................................................................345.4.6.2 Threats to Confidentiality [37]..............................................................................................................345.4.6.3 Threats to Integrity [37]........................................................................................................................345.4.6.4 Threats to Authorisation [37]................................................................................................................355.4.7 Security requirements as per 3GPP standards..............................................................................................355.4.7.1 Subscriber identity confidentiality.........................................................................................................355.4.7.2 Subscriber identity authentication..........................................................................................................35

A.1 Heading levels in an annex.....................................................................................................................36

Annex B: Change history:..............................................................................................................................37

GISFI


ForewordThis Technical Report has been produced by GISFI.

The contents of the present document are subject to continuing work within the Technical Working Group (TWG) and may change following formal TWG approval. Should the TWG modify the contents of the present document, it will be re-released by the TWG with an identifying change of release date and an increase in version number as follows:

Version x.y.z

where:

x the first digit shows the release to which the document belongs

y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc.

z the third digit is incremented when editorial only changes have been incorporated in the document.

.

IntroductionThe global system for mobile communications (GSM) is the most popular standard that implements second generation (2G) cellular systems. 2G systems combined with general packet radio services (GPRS) are often described as 2.5G, that is, a technology between the 2G and third generation (3G) of mobile systems. GPRS is a service that provides packet radio access for GSM users. This document describes the security architecture employed in 2.5G mobile systems focusing on GPRS, mainly focussing on GPRS key network gateway elements like Serving GSN (SGSN) and Gateway GSN (GGSN).

GISFI


1 ScopeThe scope of this document is limited to 2.5 G security threat and requirements mentioned in 3GPP standard documents. This document also lists out possible general security requirements, requirements from certification bodies, and requirements from threats. This document mainly focuses on the GPRS key network elements like GGSN and SGSN.

2 References1. 3GPP TS 23.060 V12.2.0 (2013-09), 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; General Packet Radio Service (GPRS); Service description; Stage 2 (Release 12)

2. 3GPP TS 29.060 V12.1.0 (2013-06), 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) across the Gn and Gp interface (Release 12)

3. 3GPP TS 23.002 V12.2.0 (2013-06). 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Network architecture (Release 12)

4. 3GPP TS 48.002 V11.0.0 (2012-09), 3rd Generation Partnership Project; Technical Specification Group GSM/EDGE Radio Access Network; Base Station System - Mobile-services Switching Centre (BSS - MSC) interface; Interface principles (Release 11)

5. 3GPP TS 24.002 V11.0.0 (2012-09), 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; GSM - UMTS Public Land Mobile Network (PLMN) Access Reference Configuration (Release 11)

6. GISFI TR SP.108 V1.0.0 (2013-09), Technical Report on GSM: BSS Security Testing – Standard based

7. 3GPP TS 23.078: "Customised Applications for Mobile network Enhanced Logic (CAMEL) Phase 3 - Stage 2".

8. 3GPP TS 48.014: "General Packet Radio Service (GPRS); Base Station System (BSS) - Serving GPRS Support Node (SGSN) interface; Gb interface layer 1".

9. 3GPP TS 48.016: "General Packet Radio Service (GPRS); Base Station System (BSS) - Serving GPRS Support Node (SGSN) interface; Network Service".

10. 3GPP TS 48.018: "General Packet Radio Service (GPRS); Base Station System (BSS) - Serving GPRS Support Node (SGSN); BSS GPRS Protocol (BSSGP)".

11. 3GPP TS 25.412: "UTRAN Iu interface signalling transport".

12. 3GPP TS 25.413: "UTRAN Iu interface Radio Access Network Application Part (RANAP) signalling".

13. 3GPP TS 29.002 V12.1.0 (2013-06), 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Mobile Application Part (MAP) specification (Release 12)

14. IETF RFC 768 (1980): "User Datagram Protocol" (STD 6).

15. 3GPP TS 29.016: "General Packet Radio Service (GPRS); Serving GPRS Support Node (SGSN) - Visitors Location Register (VLR); Gs interface network service specification".

16. 3GPP TS 29.018: "General Packet Radio Service (GPRS); Serving GPRS Support Node (SGSN) - Visitors Location Register (VLR); Gs interface layer 3 specification".

17. GPRS Architecture: Interfaces and Protocols: Nokia Training Documents http://www.roggeweck.net/uploads/media/Student_-_GPRS_Architecture.pdf

GISFI


http://www.roggeweck.net/uploads/media/Student_-_GPRS_Architecture.pdf

18. Wireless Cellular Network Technologies: 2.5G Mobile Telephony GPRS: http://wireless.arcada.fi/MOBWI/material/CN_3_3.html

19. 3GPP TS 03.60 V7.9.0 (2002-09): 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Digital cellular telecommunications system (Phase 2+); General Packet Radio Service (GPRS); Service description; Stage 2 (Release 1998)

20. GSM 04.60: "Digital cellular telecommunications system (Phase 2+); General Packet Radio Service (GPRS); Mobile Station (MS) - Base Station System (BSS) interface; Radio Link Control / Medium Access Control (RLC/MAC) protocol".

21. GSM 04.65: "Digital cellular telecommunications system (Phase 2+); General Packet Radio Service (GPRS); Mobile Station (MS) – Serving GPRS Support Node (SGSN); Subnetwork Dependent Convergence Protocol (SNDCP)".

22. GSM 08.16: "Digital cellular telecommunications system (Phase 2+); General Packet Radio Service (GPRS); Base Station System (BSS) - Serving GPRS Support Node (SGSN) interface; Network Service".

23 GSM 08.18: "Digital cellular telecommunications system (Phase 2+); General Packet Radio Service (GPRS); Base Station System (BSS) - Serving GPRS Support Node (SGSN); BSS GPRS Protocol (BSSGP)".

24. GSM 09.02: "Digital cellular telecommunications system (Phase 2+); Mobile Application Part (MAP) specification".

25. GSM 09.16: "Digital cellular telecommunications system (Phase 2+); General Packet Radio Service (GPRS); Serving GPRS Support Node (SGSN) - Visitors Location Register (VLR); Gs interface network service specification".

26. GSM 09.18: "Digital cellular telecommunications system (Phase 2+); General Packet Radio Service (GPRS); Serving GPRS Support Node (SGSN) - Visitors Location Register (VLR); Gs interface layer 3 specification".

27. GSM 09.60: "Digital cellular telecommunications system (Phase 2+); General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) across the Gn and Gp Interface".

28. IETF RFC 768 (1980): "User Datagram Protocol" (STD 6).

29. IETF RFC 791 (1981): "Internet Protocol" (STD 5).

30. IETF RFC 793 (1981): "Transmission Control Protocol" (STD 7).

31. 3GPP TS 03.20 : 3rd Generation Partnership Project; Digital cellular telecommunications system (Phase 2+); Security related network functions (Release 2000) V9.0.0 (2001-01)

32. Srisuresh,P., &Holdrege,M. (1999). IP network address translator (NAT) terminology and considerations (RFC 2663).

33. GSM 01.61 V8.0.0 (2000-04): Digital cellular telecommunications system (Phase 2+); General Packet Radio Service (GPRS); GPRS ciphering algorithm requirements(GSM 01.61 version 8.0.0 Release 1999)

34. 3GPP TS 21.133 (V4.1.0): Security Threats and Requirements, 2001

35. ETSI TS 100 922 (v7.1.1): Subscriber Identity Modules (SIM) Functional Characteristics, 1999

36. A. Bavosa: GPRS Security Threats and Solution Recommendations http://www.yumpu.com/en/document/view/3550182/gprs-security-threats-and-solution-juniper-networks

37. C. Xenakis: Malicious Actions Against the GPRS technology, International Journal of Network Security, vol. 6, no. 2, Mar. 2008, pp. 158-169.

GISFI


http://www.yumpu.com/en/document/view/3550182/gprs-security-threats-and-solution-juniper-networks

http://www.yumpu.com/en/document/view/3550182/gprs-security-threats-and-solution-juniper-networks

http://wireless.arcada.fi/MOBWI/material/CN_3_3.html

3 Definitions and abbreviations3.1 Definitions

Authentication: The provision of assurance of the claimed identity of an entity.

Cloning: The process of changing the identity of one entity to that of an entity of the same type, so that there are two entities of the same type with the same identity.

Confidentiality: The property of information that it has not been disclosed to unauthorised parties.

General Packet Radio Service (GPRS): GPRS is a mobile data service available to users of GSM.

Global System for Mobile Communications (GSM): GSM is the most popular standard for mobile phones in the world.

GPRS Tunneling Protocol (GTP): GTP is an IP-based protocol that carries signaling and user data with the GPRS core network.

International Mobile Subscriber Identity (IMSI): IMSI is a unique number associated with all GSM network mobile phone users.

Integrity: The property of information that it has not been changed by unauthorised parties.

Key Management: The administration and use of the generation, registration, certification, deregistration, distribution, installation, storage, archiving, revocation, derivation and destruction of keying material in accordance with a security policy .

Law Enforcement Agency (LEA): An organisation authorised by a lawful authorisation, based on a national law, to receive the results of telecommunication interceptions .

Lawful Authorisation: Permission granted to an LEA under certain conditions to intercept specified telecommunications and requiring co-operation for a network operator or service provider. Typically this refers to a warrant or order issued by a lawfully authorised body.

Lawful Interception: The action (based on the law), performed by a network operator or service provider, of making available certain information and providing that information to a Law Enforcement Monitoring Facility.

Non-Repudiation Service: A security service which counters the threat of repudiation.

Second Generation (2G): 2G is a short for second-generation wireless telephone technology.

Second and a Half Generation (2.5G): 2.5G is used to describe 2G systems that have implemented a packet-switched domain in addition to the circuit-switched domain.

Signaling System 7 (SS7): SS7 is a set of telephony signaling protocols which are used to set up the vast majority of the world's public switched telephone network telephone calls.

Subscriber Identity Module (SIM): SIM is a removable smart card for mobile phones that stores network specific information used to authenticate and identify subscribers on the network.

Temporary Mobile Subscriber Identity (TMSI): TMSI is a randomly allocated number that is given to the mobile the moment it is switched on and serves as a temporary identity between the mobile and the network.

3.2 Abbreviations

AoCC Advice of Charge - Charging

GISFI


AoCI Advice of Charge - InformationAP Access PointATM Asynchronous Transfer ModeAuC Authentication CentreBCCH Broadcast Control ChannelBG Border GatewayBGIWP Barring of GPRS Interworking Profile(s)BGP Border Gateway ProtocolBSC Base Station ControllerBSS Base Station SubsystemBSSAP BSS Application PartBSSGP BSS GPRS ProtocolBSSMAP BSS Management Application ProcessBTS Base Transceiver StationBTSM BTS ManagementCC Call ControlCCBS Customer Care and Billing SystemCCITT ` Comité Consultatif International Télégraphique et TéléphoniqueCDR Call Detail RecordCFNRc Call Forwarding on Mobile Subscriber Not ReachableCFU Call Forwarding UnconditionalCG Charging GatewayCG/AD CG/Alarm DispatcherCG/ARC CG/Accounting Record CollectionCG/ARM CG/Accounting Record ModificationCG/FTM CG/File Transfer Manager CLNS Connectionless Network ServiceCM Communication ManagementCONS Connection-Oriented Network ServiceCUG Closed User GroupDAMPS Digital Advanced Mobile Phone ServiceDB DatabaseDCS Digital Cellular SystemDHCP Dynamic Host Configuration ProtocolDNS Domain Name SystemDRX Discontinuous ReceptionDTAP Direct Transfer Application ProcessEDGE Enhanced Data Rates for GSM EvolutionEIR Equipment Identity RegisterETSI European Telecommunications Standards InstituteETSI European Telecommunications Standards InstituteFDMA Frequency Division Multiple AccessFTAM File Transfer, Access and ManagementFTMID Sequential number of method instanceFTP File Transfer ProtocolG-CDR Gateway GPRS Support Node-Call Detail RecordGGSN Gateway GPRS Support NodeGMSC Gateway MSCGPRS General Packet Radio ServiceGSM Global System for Mobile CommunicationsGSN GPRS Support NodeGTP GPRS Tunnelling ProtocolGTP´ GPRS Tunnel Protocol (enhanced)HLR Home Location RegisterHPLMN Home Public Land Mobile NetworkHSCSD High Speed Circuit Switched DataHTML Hyper Text Markup LanguageHTTP Hyper Text Transfer ProtocolICMP Internet Control Message Protocol

GISFI


IGRP Interior Gateway Routing ProtocolIMEI International Mobile Equipment IdentityIMGI International Mobile Group IdentityIMSI International Mobile Subscriber IdentityIETF Internet Engineering Task ForceIP Internet ProtocolIPv4 Internet Protocol version 4IPv6 Internet Protocol version 6ISDN Integrated Services Digital NetworkITU International Telecommunication UnionITU-T Telecommunication standardisation sector of ITULA Location AreaLAN Local Area NetworkLAPD Link Access Protocol for the D channelLAPDm Link Access Protocol for the Dm channelLLC Logical Link ControlMAC Medium Access ControlMAP Mobile Application PartM-CDR Mobility Management-Call Detail RecordME Mobile EquipmentMIB-II Management Information Base IIMM Mobility ManagementMoU Memorandum of UnderstandingMS Mobile StationMSC Mobile (services) Switching CentreMT Mobile TerminationMTP Message Transfer PartNFS Network File SystemNMS Network Management SubsystemNSAPI Network layer Service Access Point IdentifierNSS Network and Switching SubsystemOMC Operations and Maintenance CentreOSI Open System InterconnectionOSPF Open Shortest Path FirstOSS Operation SubsystemPACCH Packet Associated Control ChannelPAD Packet Assembly/Disassembly

GISFI


4 GeneralThe General Packet Radio Services (GPRS) [1] is a service that provides packet radio access for Global System for Mobile Communications (GSM) users. The GPRS network architecture, which constitutes a migration step toward third-generation (3G) communication systems, consists of an overlay network onto the GSM network. In the wireless part, the GPRS technology reserves radio resources only when there is data to be sent, thus, ensuring the optimized utilization of radio resources. The fixed part of the network employs the IP technology and is connected to the public Internet. Taking advantage of these features, GPRS enables the provision of a variety of packet-oriented multimedia applications and services to mobile users, realizing the concept mobile Internet.

4.1 Functionality of GGSN and SGSN in GPRSGPRS reuses the majority of the GSM network infrastructure. However, in order to build a packet-oriented mobile network, two new network elements (GGSN and SGSN) are introduced in GSM. GPRS support nodes (GSN), are responsible for the delivery and routing of data packets between a MS and an external packet data network (PDN). Serving GSN (SGSN) is responsible for the delivery of data packets from, and to, a MS within its service area. Its task includes packet routing and transfer, mobility management, logical link management, authentication and charging functions. A Gateway GSN (GGSN) acts as an interface between the GPRS backbone and an external PDN. It converts the GPRS packets coming from the SGSN into the appropriate packet data protocol (PDP) format (e.g., IP), and forwards them to the corresponding PDN. Similar is the functionality of GGSN in the opposite direction. The communication between GSNs (i.e., SGSN and GGSN) is based on IP tunnels through the use of the GPRS Tunnelling Protocol (GTP) [2].

GISFI


4.2 Standards based GPRS architecture

BSS

BSC

RNS

RNC

CN

Node B Node B

IuCS IuPS

Iur

Iub

USIM

ME

MS

Cu

Uu

MSC server SGSN

Gs

GGSN GMSC server

Gn HSS (HLR,AuC)

Gr

Gc C

D

E

EIR

F Gf

Gi PSTN

IuCS IuPS

VLR B

Gp

VLR G

BTS BTS

Um

RNC Abis

SIM

SIM-ME i/f or

MSC server B

PSTN

cell

CS-MGW CS-MGW

CS-MGW

Nb

Mc Mc

Nb

PSTN PSTN

Nc

Mc

A Gb

Nc

PDF Go

Gq Go*

CRF Gx

Rx

Legend:Bold lines: interfaces supporting user traffic;Dashed lines: interfaces supporting signalling.NOTE 1: The figure shows direct interconnections between the entities. The actual links may be provided by an underlying network (e.g. SS7 or

IP): this needs further studies.NOTE 2: When the MSC and the SGSN are integrated in a single physical entity, this entity is called UMTS MSC (UMSC).NOTE 3: A (G)MSC server and associated CS-MGW can be implemented as a single node: the (G)MSC.NOTE 4: The Gn interface (between two SGSNs) is also part of the reference architecture, but is not shown for layout purposes only.

Figure 1: Basic Configuration of a PLMN supporting CS and PS services (using GPRS) and interfaces [3]

GISFI


4.2.1 The Access Network (AN) entitiesThe access network entities such as Base Station System (BSS), Base Station Controller (BSC), Base Transceiver station (BTS) and Mobile Station (MS) which are common in GSM and GPRS networks, are described in the 3GPP TS 48.002 V11.0.0 (2012-09) [4] and 3GPP TS 24.002 V11.0.0 (2012-09) [5]. More details are also discussed in the GISFI TR on GSM: BSS Security Testing – Standard based [6].

4.2.2 The Core Network (CN) EntitiesThe Home Location Register (HLR), Authentication Centre (AuC), Visitor Location Register (VLR), and Equipment Identity Register (EIR) are also performing similar GSM functionality in GPRS. More details are also discussed in GISFI TR on GSM: BSS Security Testing – Standard based [6]

The additional new network nodes in GPRS are GGSN and SGSN.

4.2.2.1 Gateway GPRS Support Node

The Gateway GPRS Support Node (GGSN) is the node that is accessed by the packet data network due to evaluation of the PDP address. It contains routing information for PS-attached users. The routing information is used to tunnel N-PDUs to the MS's current point of attachment, i.e. the Serving GPRS Support Node. The GGSN may request location information from the HLR via the optional Gc interface. The GGSN is the first point of PDN interconnection with a PLMN supporting GPRS (i.e. the Gi reference point is supported by the GGSN). GGSN functionality is common for all types of RANs.

For emergency bearer service, the GGSN shall block any traffic that is not from/to addresses of network entities (e.g. P-CSCF) providing emergency service. The list of allowed addresses may be configured by the operator.

4.2.2.2 Serving GPRS Support Node

The Serving GPRS Support Node (SGSN) is the node that is serving the MS. The SGSN supports GPRS for A/Gb mode (i.e. the Gb interface is supported by the SGSN) and/or Iu-mode (i.e. the Iu interface is supported by the SGSN). At PS attach, the SGSN establishes a mobility management context containing information pertaining to e.g. mobility and security for the MS. At PDP Context Activation, the SGSN establishes a PDP context, to be used for routeing purposes, with the GGSN that the subscriber will be using. Two mode of operation Iu mode and Gn/Gp modes. (Details are given in the section 4.5)

In Iu mode, the SGSN and RNC may be interconnected with one or more IP routers.

In Gn/Gp mode and when the SGSN and the GGSN are in different PLMNs, they are interconnected via the Gp interface.

The Gp interface provides the functionality of the Gn interface, plus security functionality required for inter-PLMN communication. The security functionality is based on mutual agreements between operators.

In Gn/Gp mode, the SGSN interworks signalling on the Gn/Gp interface with Iu/Gb interface signalling.

In S4 mode, the SGSN interworks signalling on the S4 interface with Iu/Gb interface signalling. One SGSN may have some MSs using Gn/Gp mode and other MSs using S4 mode.

The SGSN may send location information to the MSC/VLR via the optional Gs interface. The SGSN may receive paging requests from the MSC/VLR via the Gs interface.

The SGSN interfaces with the GSM-SCF for optional CAMEL control using Ge reference point. Depending on the result from the CAMEL interaction, the session and packet data transfer may proceed normally. Otherwise, interaction with the GSM-SCF continues as described in TS 23.078 [7]. Only the GSM-SCF interworking points are indicated in the signalling procedures in this specification.

If there is already an emergency bearer activated, the SGSN shall reject any additional PDP context activation request by the MS for emergency services.

GISFI


4.3 Interfaces between PS domain and Access Network4.3.1 Interface between SGSN and BSS (Gb-interface)The BSS-SGSN interface is used to carry information concerning:

- Packet data transmission;- Mobility management.

The Gb interface is defined in TS 48.014 [8], TS 48.016 [9] and TS 48.018 [10].

4.3.2 Interface between SGSN and BSS (Iu_PS-interface)The BSS-SGSN interface is used to carry information concerning:


The Iu_PS interface is defined in the 25.41x-series of 3GPP Technical Specifications [11, 12].

4.3.3 Interface between SGSN and RNS (Iu_PS-interface)The RNS-SGSN interface is used to carry information concerning:


The Iu_PS interface is defined in the 25.41x-series of Technical Specifications [11, 12].

4.4 Interfaces internal to the Core Network4.4.1 Interface between SGSN and HLR (Gr-interface)This interface is used to exchange the data related to the location of the mobile station and to the management of the subscriber. The main service provided to the mobile subscriber is the capability to transfer packet data within the whole service area. The SGSN informs the HLR of the location of a mobile station managed by the latter. The HLR sends to the SGSN all the data needed to support the service to the mobile subscriber. Exchanges of data may occur when the mobile subscriber requires a particular service, when he wants to change some data attached to his subscription or when some parameters of the subscription are modified by administrative means.

Signalling on this interface uses the Mobile Application Part (MAP), which in turn uses the services of Transaction Capabilities (TCAP) (see TS 29.002 [13]).

4.4.2 Interface between SGSN and GGSN (Gn- and Gp-interface)These interfaces are used to support mobility between the SGSN and GGSN. The Gn interface is used when GGSN and SGSN are located inside one PLMN. The Gp-interface is used if GGSN and SGSN are located in different PLMNs. The Gn/Gp interface also includes a part which allows SGSNs to communicate subscriber and user data, when changing SGSN.

Signalling on this interface uses the User Datagram Protocol, UDP/IP [14]. The Gn/Gp interface is defined in TS 29.060 [2].

4.4.3 Signalling Path between GGSN and HLR (Gc-interface)This optional signalling path may be used by the GGSN to retrieve information about the location and supported services for the mobile subscriber, to be able to activate a packet data network address.

There are two alternative ways to implement this signalling path:

GISFI


- if an SS7 interface is implemented in the GGSN, signalling between the GGSN and the HLR uses the Mobile Application Part (MAP), which in turn uses the services of Transaction Capabilities (TCAP) (see TS 29.002 [13]);

- if there is no SS7 interface in the GGSN, any GSN in the same PLMN and which has an SS7 interface installed can be used as a GTP to MAP protocol converter, thus forming a signalling path between the GGSN and the HLR.

4.4.4 Interface between SGSN and EIR (Gf-interface)This interface is used between SGSN and EIR to exchange data, in order that the EIR can verify the status of the IMEI retrieved from the Mobile Station.


4.4.5 Reference Point between the CSS and the Gn/Gp SGSN (Ghv Reference Point)

This reference point is used to transfer to the Gn/Gp SGSN the CSG subscription information stored in the VPLMN for roaming UEs.


4.4.6 Interface between MSC/VLR and SGSN (Gs-interface) for GPRSThe SGSN may send location information to the MSC/VLR via the optional Gs interface. The SGSN may receive paging requests from the MSC/VLR via the Gs interface. The MSC/VLR may indicate to an SGSN, via the Gs interface, that an MS is engaged in a service handled by the MSC.

Signalling on this interface uses connectionless SCCP (without TCAP). SCCP Global Title (GT) is used for addressing. The Gs-interface is defined in TS 29.016 [15] and TS 29.018 [16].

4.4.7 Interface between HLR/HSS and AuC (H-Interface)When an HLR/HSS receives a request for authentication and ciphering data for a Mobile Subscriber and it does not hold the requested data, the HLR/HSS requests the data from the AuC. The protocol used to transfer the data over this interface is not standardised.

4.4.8 Interface between SGSN/IP-SM-GW and SMS-GMSC/SMS-IWMSC (Gd-Interface) for GPRS

This interface is used to transfer short messages between SGSN/IP-SM-GW and SMS-GMSC or SMS-IWMSC over GPRS. Signalling on this interface uses the Mobile Application Part (MAP) (see TS 29.002 [13]).

GISFI


4.5 Various practical configurations of GPRS deployment

Figure 2: GPRS Architecture [17]

Figure 2 shows the architecture of a GPRS network. The GPRS system brings some new network elements to an existing GSM network. These elements are:

Packet Control Unit (PCU) Serving GPRS Support Node (SGSN): the MSC of the GPRS network Gateway GPRS Support Node (GGSN): gateway to external networks Border Gateway (BG): a gateway to other PLMN Intra-PLMN backbone: an IP based network inter-connecting all the GPRS elements Charging Gateway (CG) Legal Interception Gateway (LIG) Domain Name System (DNS) Firewalls: used wherever a connection to an external network is required.

Not all of the network elements are compulsory for every GPRS network.

From the external network's point of view, the GGSN is simply a router to an IP sub-network. This is shown in Figure 3. When the GGSN receives data addressed to a specific user in the mobile network, it first checks if the address is active. If it is, the GGSN forwards the data to the SGSN serving the mobile. If the address is inactive, the data is discarded. The GGSN also routes mobile originated packets to the correct external network.

GISFI


Figure 3: GPRS network as seen by another data network [17]

4.6 Protocols in GPRS networks4.6.1 GPRS Protocol Architecture for USER Plane

Figure 4 GPRS Protocol Architecture for User Plane

The user plane consists of a layered protocol structure providing user information transfer, along with associated information transfer control procedures (e.g., flow control, error detection, error correction and error recovery), see Figure 4. The needed protocols are

i. SNDCP: Subnetwork Dependent Convergence Protocol

ii. LLC Logical Link Control

iii. RLC Radio Link Control

iv. MAC Medium Access Control

v. PLL Physical Link Layer

vi. RFL Physical RF Layer

GISFI


vii. BSSGP Base Station System GPRS Protocol

viii. IP Internet Protocol

ix. TCP Transmission Control Protocol

x. UDP User Datagram Protocol

xi. GTP GPRS Tunneling Protocol

The transmission plane independence of the Network Subsystem (NSS) platform from the underlying radio interface is preserved via the Gb interface. The Tunnel Identifier (TID) is composed of IMSI and Network Layer Service Access Point Identifier (NSAPI). TID is unique for user and indicates Packet Data Protocol context. In BSS addressing uses the Temporary Logical Link Identifier (TLLI). Mapping between TLLI and IMSI is unique. However user identity is confidential since TLLI is derived derived from the Packet Temporary Mobile Subscriber Identity (PTMSI).

o GPRS Tunnelling Protocol (GTP): This protocol tunnels user data and signalling between GPRS Support Nodes in the GPRS backbone network. All PDP PDUs shall be encapsulated by the GPRS Tunnelling Protocol. GTP is specified in GSM 09.60 [27].

o TCP carries GTP PDUs in the GPRS backbone network for protocols that need a reliable data link (e.g., X.25), and UDP carries GTP PDUs for protocols that do not need a reliable data link (e.g., IP). TCP provides flow control and protection against lost and corrupted GTP PDUs. UDP provides protection against corrupted GTP PDUs. TCP is defined in RFC 793 [30]. UDP is defined in RFC 768 [28].

o IP: This is the GPRS backbone network protocol used for routeing user data and control signalling. The GPRS backbone network may initially be based on the IP version 4 protocol. Ultimately, IP version 6 shall be used. IP version 4 is defined in RFC 791 [29].

o Subnetwork Dependent Convergence Protocol (SNDCP): This transmission functionality maps network-level characteristics onto the characteristics of the underlying network. SNDCP is specified in GSM 04.65 [21].

o Logical Link Control (LLC): This layer provides a highly reliable ciphered logical link. LLC shall be independent of the underlying radio interface protocols in order to allow introduction of alternative GPRS radio solutions with minimum changes to the NSS. LLC is specified in GSM 04.64.

o Relay: In the BSS, this function relays LLC PDUs between the Um and Gb interfaces. In the SGSN, this function relays PDP PDUs between the Gb and Gn interfaces.

o Base Station System GPRS Protocol (BSSGP): This layer conveys routeing- and QoS-related information between BSS and SGSN. BSSGP does not perform error correction. BSSGP is specified in GSM 08.18 [23].

o Network Service (NS): This layer transports BSSGP PDUs. NS is based on the Frame Relay connection between BSS and SGSN, and may be multi-hop and traverse a network of Frame Relay switching nodes. NS is specified in GSM 08.16 [22].

o RLC/MAC: This layer contains two functions: The Radio Link Control function provides a radio-solution-dependent reliable link. The Medium Access Control function controls the access signalling (request and grant) procedures for the radio channel, and the mapping of LLC frames onto the GSM physical channel. RLC/MAC is defined in GSM 04.60 [20].

o GSM RF: As defined in GSM 05 series

GISFI


4.6.2 GPRS Protocol Architecture for Signalling PlaneThe signaling plane consists of protocols for control and support of the transmission plane functions:

Controlling the GPRS network access connections, such as attaching to and detaching from the GPRS network;

Controlling the attributes of an established network access connection, such as activation of a PDP address;

Controlling the routing path of an established network connection in order to support user mobility;

Controlling the assignment of network resources to meet changing user demands.

The signaling planes are used in GPRS are discussed in the below subsection.

4.6.2.1 MS – SGSN

Figure 5 Signalling Plane MS - SGSN

GPRS Mobility Management and Session Management (GMM/SM): This protocol supports mobility management functionality such as GPRS attach, GPRS detach, security, routeing area update, location update, PDP context activation, and PDP context deactivation, as described in subclauses "Mobility Management Functionality" and "PDP Context Activation, Modification, and Deactivation Functions".

4.6.2.2 SGSN - HLR

Figure 7 Signalling Plane SGSN - HLR

Mobile Application Part (MAP): This protocol supports signalling exchange with the HLR, as defined in GSM 09.02 [24], with enhancements for GPRS as described in the present document.

TCAP, SCCP, MTP3, and MTP2 are the same protocols as used to support MAP in non-GPRS GSM PLMNs.

GISFI


4.6.2.3 SGSN - MSC/VLR

Figure 8 Signalling Plane SGSN - MSC/VLR

Base Station System Application Part + (BSSAP+): A subset of BSSAP procedures supports signalling between the SGSN and MSC/VLR, as described in subclause "Mobility Management Functionality" and in GSM 09.18 [26]. The requirements for the lower layers are specified in GSM 09.16 [25].

4.6.2.4 SGSN – EIR

Figure 9 Signalling Plane SGSN - EIR

Mobile Application Part (MAP): This protocol supports signalling between the SGSN and the EIR, as described in subclause "Identity Check Procedures".

4.6.2.5 SGSN - SMS-GMSC or SMS-IWMSC

Figure 10 Signalling Plane SGSN - SMS-GMSC and SGSN - SMS-IWMSC

Mobile Application Part (MAP): This protocol supports signalling between the SGSN and SMS-GMSC or SMS-IWMSC, as described in subclause "Point-to-point Short Message Service".

GISFI


4.6.2.6 GSN - GSN

Figure 11 Signalling Plane GSN - GSN

GPRS Tunnelling Protocol (GTP): This protocol tunnels user data and signalling messages between SGSNs and GGSNs, and between SGSNs, in the GPRS backbone network.

User Datagram Protocol (UDP): This protocol transfers signalling messages between GSNs. UDP is defined in RFC 768[28].

4.6.2.7 GGSN - HLR

This optional signalling path allows a GGSN to exchange signalling information with an HLR. There are two alternative ways to implement this signalling path:

- If a SS7 interface is installed in the GGSN, the MAP protocol can be used between the GGSN and an HLR.

- If a SS7 interface is not installed in the GGSN, any GSN with a SS7 interface installed in the same PLMN as the GGSN can be used as a GTP-to-MAP protocol converter to allow signalling between the GGSN and an HLR.

4.6.2.8 MAP-based GGSN - HLR Signalling

Figure 12 Signalling Plane GGSN - HLR Using MAP

Mobile Application Part (MAP): This protocol supports signalling exchange with the HLR, as described in subclause "Network-Requested PDP Context Activation Procedure".

GISFI


4.6.2.9 GTP and MAP-based GGSN - HLR Signalling

Figure 13 Signalling Plane GGSN - HLR Using GTP and MAP

GPRS Tunnelling Protocol (GTP): This protocol tunnels signalling messages between the GGSN and the protocol-converting GSN in the GPRS backbone network.

Interworking: This function provides interworking between GTP and MAP for GGSN - HLR signalling.

4.6.3 Summary of Interface with protocol used in GPRSThe below table summaries interfaces used to provide GPRS using GGSN and SGSN

Sl.NoName of

the Interface

Functionality Protocol Used

1. Gb BSS-SGSN interface Frame Relay or IP

2. Gn between GSNs GTP

3. Gr between SGSN and HLR MAP

4. Gs SGSN to MSC BSSAP+

5. Gi GGSN to external data networks IP

6. Gf SGSN and the EIR MAP

7. Gd between SGSN and the GMSC SMSC

8. Ga between GSNs and CG

9. Gp internal SGSN and external GGSNs GTP

10. Gx between the GGSN and the charging rules function (CRF).

Diameter

11. Gy between the GGSN and the online charging system (OCS).

Diameter

12. Gz off-line (CDR-based) charging interface between the GSN and the CG

GTP

GISFI


5 Security Threats and RequirementsFor the successful implementation of the new emerging applications and services over GPRS, security is considered as a vital factor. This is because of the fact that wireless access is inherently less secure and the radio transmission is by nature more susceptible to eavesdropping and fraud in use than wire-line transmission. In addition, users' mobility and the universal access to the network imply higher security risks compared to those encountered in fixed networks. In order to meet security objectives, GPRS uses a specific security architecture, which aims at protecting the network against unauthorized access and the privacy of users and the majority of the existing literature on security in 2.5G systems refers to GSM. However, GPRS differs from GSM in certain operational and service points, which require a different security analysis. This is because GPRS is based on IP, which is an open and wide deployed technology that presents many vulnerable points. Similarly to IP networks, intruders to the GPRS system may attempt to breach the confidentiality, integrity, or availability, or otherwise attempt to abuse the system in order to compromise services, defraud users, or any part of it. Thus, the GPRS system is more exposed to intruders compared to GSM. This section will discuss security threats and requirements of GGSN and SGSN.

5.1 General security requirements In order to meet security objectives, GPRS employs a set of security mechanisms that constitutes the GPRS security architecture. Most of these mechanisms have been originally designed for GSM, but they have been modified to adapt to the packet-oriented traffic nature and the GPRS network components.The GPRS security architecture, mainly, aims at two goals[31]:

Protect the network against unauthorized access Protect the privacy of users

It includes the following five components [31]:

Subscriber Identity Module (SIM)

Subscriber identity confidentiality

Subscriber identity authentication

Confidentiality of user information and signalling between MS and SGSN

Security of the GPRS backbone

The implementation of these five security features is mandatory on both the fixed infrastructure side and the MS side.

This means that all GSM PLMNs and all MSs shall be able to support every security feature. Use of these five security

features is at the discretion of the operator for its own subscribers while on the HPLMN. For roaming subscribers, use

of these five security features is mandatory unless otherwise agreed by all the affected PLMN operators.

5.2 Requirements from certification bodies etc. if available, e.g. GCF

-Details Not Available-

GISFI


5.3 Security requirements from specifications5.3.1 Subscriber Identity Module - SIMThe subscription of a mobile user to a network is personalized through the use of a smart card named Subscriber identity Module (SIM) [6]. Each SIM-card is unique and related to a user. It has a microcomputer with a processor, ROM, persistent EPROM memory, volatile RAM, and an I/O interface. Its software consists of an operating system, file system, and application programs (e.g., SIM Application Toolkit). The SIM card is responsible for the authentication of the user by prompting for a code (Personal Identity Number - PIN), the identification of the user to a network through keys, and the protection of user data through cryptography. To achieve these functions it contains a set of security objects including:

• A (4-digit) PIN code, which is used to lock the card preventing misuse.• A unique permanent identity of the mobile user, named International Mobile Subscriber Identity (IMSI) [7].• A secret key, Ki, (128 bit) that is used for authentication.• An authentication algorithm (A3) and an algorithm that generates encryption keys (A8) [5].

Since the SIM-card of a GSM/GPRS subscriber contains security critical information, it should be manufactured, provisioned, distributed, and managed in trusted environments.

5.3.2 Subscriber identity confidentialityThe purpose is to avoid the possibility for an intruder to identify which subscriber is using a given resource on the radio path by listening to the signalling exchanges or the user traffic on the radio path. This allows both a high level of confidentiality for user data and signalling and protection against the tracing of users location.

5.3.2.1 Functional requirements

The provision of this function implies that the IMSI (International Mobile Subscriber Identity), or any information allowing a listener to derive the IMSI easily, should not normally be transmitted in clear text in any signalling message on the radio path.

To obtain the required level of protection, it is necessary that:

- a protected identifying method is normally used instead of the IMSI on the radio path;

- the IMSI is not normally used as addressing means on the radio path (see 3GPP TS 42.009);

- when the signalling procedures permit it, signalling information elements that convey information about the mobile subscriber identity must be ciphered for transmission on the radio path.

Anonymous Access allows a user to access the network without a subscriber identity (see 3GPP TS 23.060). Therefore, Anonymous Access always guarantees by its nature subscriber identity confidentiality

The MS and the serving VLR and SGSN only know the relation between the active TMSI and the IMSI. The allocation of a new TMSI corresponds implicitly for the MS to the de-allocation of the previous one. When a new TMSI is allocated to the MS, it is transmitted to it in a ciphered mode. The MS stores the current TMSI and the associated RAI in a non-volatile memory, so that these data are not lost when the MS is switched off.

Further to the TMSI, a Temporary Logical Link Identity (TLLI) [7] identifies also a GPRS user on the radio interface of a routing area. Since the TLLI has a local significance, when it is exchanged between the MS and the SGSN, it should be accompanied by the RAI. The TLLI is either derived from the TMSI allocated by the SGSN or built by the MS randomly, and, thus, provides identity confidentiality. The relationship between the TLLI and the IMSI is only known in the MS and in the SGSN.

5.3.2.2 Procedure

This section presents the procedures, or elements of procedures, pertaining to the management of TLLIs.

These security procedures may also be applied between two PLMNs of different operators for seamless service when the PLMN is changed.

GISFI


Routing area updating in the same SGSN area

This procedure is part of the routing area updating procedure which takes place when the original routing area and the new routing area depend on the same SGSN. The part of this procedure relative to TLLI management is reduced to a TLLI re-allocation (from TLLIo with "o" for "old" to TLLIn with "n" for "new").

The MS sends TLLIo as an identifying field at the beginning of the routing area updating procedure.

The procedure is schematised in figure 14.

MS SGSNRAI, TLLIo

----------------------------------------------------------------------------------->

Allocationof TLLIn

Ciphered(TLLIn)<

Acknowledge----------------------------------------------------------------------------------->

De-allocationof TLLIo

Figure 14 Routing area updating in the same SGSN area

Simmilar to the above sinario there many possible scenario explained in 3GPP TS 43.020, which are listed below

Routing area updating in a new SGSN; old SGSN not reachable Reallocation of a TLLI Local TLLI unknown Routing area updating in a new SGSN in case of a loss of information Unsuccessful TLLI allocation

5.3.3 Subscriber Identity AuthenticationA mobile user that attempts to access the network must first prove his/her identity to it. User authentication protects against fraudulent use and ensures correct billing [19]. GPRS uses the authentication procedure already defined in GSM with the same algorithms for authentication and generation of encryption key, and the same secret key, Ki, . However, from the network side, the whole procedure is executed by the SGSN (instead of the BS) and employs a different random number (GPRS-RAND) and thus, it produces a different signed response (GPRS-SRES) and encryption key (GPRS-Kc) than the GSM voice counterpart.

5.3.3.1 Functional requirements

The purpose of this authentication security feature is to protect the network against unauthorized use. It enables also the protection of the GSM/GPRS PLMN subscribers by denying the possibility for intruders to impersonate authorized users.

The authentication of the GSM/GPRS PLMN subscriber identity may be triggered by the network when the subscriber applies for:

- a change of subscriber-related information element in the VLR or HLR (including some or all of: location updating involving change of VLR, registration or erasure of a supplementary service); or

- an access to a service (including some or all of: set-up of mobile originating or terminated calls, activation or deactivation of a supplementary service); or

GISFI


- first network access after restart of MSC/VLR;

or in the event of cipher key sequence number mismatch.

Physical security means must be provided to preclude the possibility to obtain sufficient information to impersonate or duplicate a subscriber in a GSM/GPRS PLMN, in particular by deriving sensitive information from the mobile station equipment.

If, on an access request to the GSM/GPRS PLMN, the subscriber identity authentication procedure fails.

5.3.3.2 Authentication procedure

NOTE: IMSI is used to retrieve Ki in the network.

Figure 15 The authentication procedure

To achieve authentication of a mobile user, the serving SGSN must possess security-related information forthe specific user. This information is obtained by requesting the HLR/AuC of the home network that the mobile user is subscribed. It includes a set of authentication vectors, each of which includes a random challenge (GPRS-RAND), the related signed response (GPRS-SRES), and the encryption key (GPRS-Kc) forthe specific subscriber. The authentication vectors are produced by the home HLR/AuC using the secret key Ki of the mobile subscriber.

During authentication the SGSN of the serving network sends the random challenge (GPRS-RAND) of a chosen authentication vector to the MS. The latter encrypts the GPRS -RAND by using the A3 hash algorithm, which is implemented in the SIM card, and the secret key, Ki. The first 32 bits of the A3 output are used as a signed response (GPRS-SRES)tothe challenge (GPRS-RAND) and are sent back to the network. The SGSN checks if the MS has the correct key, Ki, and, then, the mobile subscriber is recognized as an authorized user. Otherwise, the serving network (SN) rejects the subscriber's access to the system. The remaining 64 bits of the A3 output together with the secret key, Ki, are used as input to the A8 algorithm that produces the GPRS encryption key (GPRS-Kc).

5.3.3.3 Subscriber Authentication Key management

When needed, the SGSN requests security related information for a MS from the HLR/AuC corresponding to the IMSI of the MS. This includes an array of pairs of corresponding RAND and SRES. These pairs are obtained by applying Algorithm A3 to each RAND and the key Ki as shown in figure 15. The pairs are stored in the SGSN as part of the security related information.

The procedure used for updating the vectors RAND/SRES is schematised in figure 16.

GISFI


NOTE: The Authentication Vector Response contains also GPRS-Kc(1..n) which is not shown in this and the following figures.

SGSN HLR/AuC

Security Related Information Req(IMSI)--------------------------------------------------------------------------------->

generateRAND(1..n)

Ki

V VA3

Authentication Vector Response<

(SRES(1..n), RAND(1..n))

Store RAND/SRESvectors

Figure 16 Procedure for updating the vectors RAND/SRES

When an SGSN performs an authentication, including the case of a routing area updating within the same SGSN area, it chooses a RAND value in the array corresponding to the MS. It then tests the answer from the MS by comparing it with the corresponding SRES, as schematised in figure 17.

MS SGSN

RAND(j) SRES(j)<

Ki RAND(j)V V

A3SRES(j)

V

SRES(j)--------------------------------------------------------------------------->

V V=

Vyes/no

Figure 17 General authentication procedure

5.3.4 Data and Signaling ProtectionUser data and signaling protection over the GPRS radio access network is based on the GPRS ciphering algorithm (GPRS-A5) [33], which is also referred to as GPRS encryption algorithm (GEA) and is similar to the GSM A5. Currently, there are three versions of this algorithm: GEAI, GEA2, and GEA3 (that is actually A5/3), which are not publicly known and thus, it is difficult to perform attacks on them. The MS device (not the SIM-card) performs GEA using the encryption key (GPRS-Kc), since it is a strong algorithm that requires relatively high processing capabilities. From the network side, the serving SGSN performs the ciphering/deciphering functionality protecting signaling and user data over the Um, Abis, and Gb interfaces.

GISFI


5.3.4.1 Functional Requirements

In 3GPP TS 42.009, some signalling information elements are considered sensitive and must be protected.

To ensure identity confidentiality, the new TLLI must be transferred in a protected mode at allocation time.

The confidentiality of user information concerns the information transmitted on the logical connection between MS and SGSN.

These needs for a protected mode of transmission are fulfilled by a ciphering function in the LLC layer. It is not an end-to-end confidentiality service.

Four points have to be specified:

- the ciphering method;

- the key setting;

- the starting of the enciphering and deciphering processes;

- the synchronisation.

5.3.4.2 The ciphering method

The LLC layer information flow is ciphered by the algorithm GPRS-A5 as described in 3GPP TS 41.061. However, GPRS ciphering algorithms requireing 128-bit GPRS-Kc128 shall be given that instead of the 64-bit GPRS-Kc as ciphering key.

NOTE: Specification TS 41.061 is not maintained after Release 4 and, therefore, it does not include the possibility of 128-bit Kc.

5.3.4.3 Key setting

Mutual key setting is the procedure that allows the mobile station and the network to agree on the key GPRS-Kc to use in the ciphering and deciphering algorithms GPRS-A5. The GPRS-Kc is handled by the SGSN independently from the MSC. If a MS is using both circuit switched and packet switched, two different ciphering keys will be used independently, one (Kc or Kc128) in the MSC and one (GPRS-Kc or GPRS-Kc128) in the SGSN.

A key setting is triggered by the authentication procedure. Key setting may be initiated by the network as often as the network operator wishes. If an authentication procedure is performed during a data transfer, the new ciphering parameters shall be taken in use immediately at the end of the authentication procedure in both SGSN and MS.

Key setting may not be encrypted and shall be performed as soon as the identity of the mobile subscriber (i.e. TLLI or IMSI) is known by the network.

The transmission of GPRS-Kc to the MS is indirect and uses the authentication RAND value; GPRS-Kc is derived from RAND by using algorithm A8 and the Subscriber Authentication key Ki, in the same way for Kc.

The values GPRS-Kc are computed together with the SRES values. The security related information consists of RAND, SRES and GPRS-Kc.

The key GPRS-Kc is stored by the mobile station until it is updated at the next authentication.

Key setting is schematised in figure 18.

GISFI


MS Network side

RAI and TLLI or IMSI------------------------------------------------------------>

RAND<

Ki RAND RAND KiV V V V

A8 A8

GPRS-Kc GPRS-KcV V

Store GPRS-Kc Store GPRS-Kc

Figure 18 Key setting

5.3.4.4 Ciphering key sequence number

The GPRS-CKSN (Ciphering Key Sequence Number) is a number which is associated with each ciphering key GPRS-Kc. The GPRS-CKSN and GPRS-Kc are stored together in the mobile station and in the network. It permits the consistency check of the keys stored in the MS and in the network. Two independent pairs, Kc and CKSN (for circuit switched), and GPRS-Kc and GPRS-CKSN (for packet switched) may be stored in the MS simultaneously.

However since it is not directly involved in any security mechanism, it is addressed in 3GPP TS 24.008.

5.3.4.5 Starting of the ciphering and deciphering processes

The MS and the SGSN must co-ordinate the instants at which the ciphering and deciphering processes start. The authentication procedure governs the start of ciphering. The SGSN indicates if ciphering shall be used or not in the Authentication and Ciphering Request message. If ciphering is used, the MS starts ciphering after sending the Authentication and Ciphering Response message. The SGSN starts ciphering when a valid Authentication and Ciphering Response message is received from the MS.

Upon GPRS Attach, if ciphering is to be used, an Authentication and Ciphering Request message shall be sent to the MS to start ciphering.

If the GPRS-CKSN stored in the network does not match the GPRS-CKSN received from the MS in the Attach Request message, then the network should authenticate the MS.

As an option, the network may decide to continue ciphering without authentication after receiving a Routing Area Update Request message with a valid GPRS-CKSN. Both the MS and the network shall use the latest ciphering parameters. The MS starts ciphering after a receiving a valid ciphered Routing Area Update Accept message from the network. The SGSN starts ciphering when sending the ciphered Routing Area Update Accept message to the MS.

Upon delivery of the Authentication and Ciphering Response message or the Routing Area Update Accept message, the GPRS Mobility and Management entity in both SGSN and MS shall be aware if ciphering has started or not. LLC provides the capability to send both ciphered and unciphered PDUs. The synchronisation of ciphering at LLC frames level is done by a bit in the LLC header indicating if the frame is ciphered or not. Only a few identified signalling messages (e.g., Routing Area Update Request message) described in 3GPP TS 24.008 may be sent unciphered, any other frames sent unciphered shall be deleted. Once the encryption has been started, neither the MS nor the network shall go to an unciphered session.

5.3.4.6 Synchronisation

The enciphering stream at one end and the deciphering stream at the other end must be synchronised, for the enciphering bit stream and the deciphering bit streams to coincide. Synchronisation is guaranteed by driving Algorithm GPRS-A5 by an explicit variable INPUT per established LLC and direction.

During authentication the MS indicates which version(s) of the GEA supports and the network (SGSN) decides on a mutually acceptable version that will be used. If there is not a commonly accepted algorithm, the network (SGSN) may decide to release the connection. Both the MS and the SGSN must cooperate in order to initiate the ciphering over the radio access network. More specifically, the SGSN indicates whether ciphering should be used or not (which is also a

GISFI


possible option) in the Authentication Request message, and the MS starts ciphering after sending the Authentication Response message.

Figure 19 Basic GPRS ciphering environment

GEA is a symmetric stream cipher algorithm that uses three input parameters (GPRS-Kc, INPUT, and DIRECTION) and produces an OUTPUT string, which varies between 5 and 1,600 bytes. GPRS-Kc (64 bits) is the encryption key generated by the GPRS authentication procedure and is never transmitted over the radio interface. The input (INPUT) parameter (32 bits) is used as an additional input so that each frame is ciphered with a different output string. This parameter is calculated from the logical link control (LLC) frame number, a frame counter, and a value supplied by the SGSN called the input offset value (IOV). The IOV is set up during the negotiation of LLC and layer 3 parameters. Finally, the direction bit (DIRECTION) specifies whether the output string is used for upstream or downstream communication.

After the initiation of ciphering, the sender (MS or SGSN) processes (bit-wise XOR) the OUTPUT string with the payload (PLAIN TEXT) to produce the CIPHERED TEXT, which is sent over the radio interface. In the receiving entity (SGSN or MS), the original PLAIN TEXT is obtained by bit-wise XORed the OUTPUT string with the CIPHERED TEXT. When the MS changes SGSN, the encryption parameters (e.g., GPRS-Kc, INPUT) are transferred from the old SGSN to the new SGSN, through the (inter) routing area update procedure in order to guarantee service continuity.

5.3.5 GPRS Backbone SecurityThe GPRS backbone network includes the fixed network elements and their physical connections that convey user

data and signaling information. Signaling exchange in GPRS is mainly based on the signaling system 7 (SS7) technology [24], which does not support any security measure for the GPRS deployment. Similarly, the GTP protocol that is employed for communication between GSNs does not support security. Thus, user data and signaling information in the GPRS backbone network are conveyed in cleartext exposing them to various security threats. In addition, inter-network communications (between different operators) are based on the public Internet, which enables IP spoofing to any malicious third party who gets access to it. In the sequel, the security measures applied to the GPRS backbone network are presented.

The responsibility for security protection of the GPRS backbone as well as inter-network communications belongs to mobile operators. They utilize private IP addressing and network address translation (NAT) [32] to restrict unauthorized access to the GPRS backbone. They may also apply firewalls at the borders of the GPRS backbone network in order to protect it from unauthorized penetrations. Firewalls protect the network by enforcing security policies (e.g., user traffic addressed to anetwork element is discarded). Using security policies the GPRS operator may ensure that only traffic initiated from the MS and not from the Internet should pass through afi rewall. This is done for two reasons: (1) to re strict traffic in order to protect the MS and the network elements from external attacks; and (2) to protect the MS from receiving unrequested traffic. Unrequested traffic may be unwanted for the mobile subscribers since they pay for the traffic received as well. The GPRS operator may also want to disallow some bandwidth-demanding protocols preventing a group of subscribers to consume so much bandwidth that other subscribers are noticeably affected. In addition, application-level firewalls prevent direct access through the use of proxies for services, which analyze application commands, perform authentication, and keep logs.

GISFI


5.4 Threats and requirements from threatsThere are five critical areas where security in GPRS is exposed[31]. (I) the MS and the SIM-card, (II) the interface between the MS and the SGSN, (III) the GPRS backbone network (Gn interface), (IV) the packet network that connects different operators (Gp interface), and (V) the interface to the public Internet (Gi interface).

Figure 20 Areas of possible attacks in GPRS

5.4.1 The MS and The SIM-cardThe SIM-card [35] and the MS may be targets for adversaries. The vulnerabilities of SIM immediately affect the security of the information stored in it (i.e., IMSI & Ki). Moreover, since the GPRS terminals are connected to the public Internet, they probably face some of the security threats that threaten normal computers such as viruses, Trojan horses, worms, etc. In the following, the security threats that target the MS and the SIM-card are briefly presented [34,37].

T1a Confidentiality of user data in a terminal: Intruders may access personal user data stored by the user in its terminal, e.g., telephone books, photos, etc.

T1b Manipulation of data on a terminal: Intruders may modify, insert or delete applications or data stored in the terminal.

T1c Manipulation of the identity of a terminal: Users may modify the International Mobile Equipment Identity (IMEI) of the terminal and use a valid SIM within it to access services.

T1d Downloading of malicious software: The use of software and applications on a MS that allow computer code to be downloaded and executed might cause several security attacks. These attacks may result in the monitoring of the MS usage, the downloading of unwanted files, the realization of unwanted session calls, etc.

T1e Manipulation of data on a SIM: Intruders may modify, insert or delete applications or data stored on the SIM.

T1f Confidentiality of user data on a SIM: Intruders may access personal user data stored by the user on the SIM.

T1g Confidentiality of authentication data in a SIM: Intruders may access authentication data stored by the HN operator, e.g., authentication keys.

T1h Confidentiality of the data transmitted by or to a MS: If an attacker retrieves the secret key Ki stored in a SIM or the encryption key Kc generated by it, it can get hold of the data transmitted by or to the MS.

T1i Over-billing attack: An attacker may clone the original SIM card and then engage in transactions that are billed to the original subscriber.

GISFI


5.4.2 Interface between the MS and SGSN Although the interface between the MS and SGSN is well-protected by various security mechanisms, exploiting the weaknesses of these mechanisms may lead to several threats. The threats are divided into threats that compromise availability, authentication, confidentiality, integrity, and privacy.

5.4.2.1 Threats to Availability [37, 12]

T2a Physical intervention: Intruders may prevent user, signaling and control data from being transmitted over the radio interface by physical means. An example of physical intervention is to jam the transmitting data using special devices called jammers.

T2b Protocol intervention: Intruders may prevent user, signaling or control data from being transmitted over the radio interface by inducing specific protocol failures. They may violate the protocol’s integrity by changing its status, flags, etc. The protocol failures may be induced by physical means.

T2c Denial of service by masquerading as a network element: Intruders, masquerading as network elements, may deny services to legitimate users by preventing user or control data from being transmitted over the radio interface.

5.4.2.2 Threats to Authentication [37]

T3a Masquerading as a network element: Intruders may masquerade as network elements in order to intercept user, signaling or control data over the radio interface (i.e., man-in-the-middle attack).

5.4.2.3 Threats to Confidentiality and Integrity [37].

T4a Eavesdropping on user data: Intruders may eavesdrop on user data over the radio interface.

T4b Eavesdropping on signaling or control data: Intruders may eavesdrop on signaling or control data over the radio interface. This is used to access security related information that may be useful in conducting active attacks on the system.

T4c Manipulation of user data: Intruders may modify, insert, replay or delete user data over the radio interface.

T4d Manipulation of signaling or control data: Intruders may modify, insert, replay or delete signaling or control data over the radio interface.

5.4.2.4 Threats to Privacy [35]

T4e Passive traffic analysis: Intruders may observe the time, rate, length, sources or destinations of the conveyed messages over the radio interface to obtain access to information.

T4f Active traffic analysis: Intruders may actively initiate communication sessions and then obtain access to information through the observation of time, rate, length, sources or destinations of the associated messages over the radio interface.

5.4.3 Security Threats on IP Technology – Gn Interface The main vulnerability of the GPRS backbone is related to the fact that user and signaling data are conveyed in clear-text, which may lead to several security threats. The security threats against the GPRS backbone classified and discussed by the transmission technology used (i.e.,IP & SS7) and threats are further grouped into threats that compromise availability, confidentiality, integrity, authorization and authentication.

5.4.3.1 Threats to Authentication and Authorization [37]

T5a Masquerading as a network element: An attacker may masquerade as a legitimate part of a GPRS network by spoofing the address of a GPRS network element (i.e., GGSN or SGSN) in order to execute commands that normally the legitimate element does. This attack remains undetected until its results are noticeable.

GISFI


T5b Over-billing attack: A malicious MS that gets access to a GPRS network may perform over-billing attacks by sending massive amounts of data to unsuspected users.

T5c Over-billing attack: A malicious MS may hijack the IP address of another MS and invoke a downloading from a malicious server. Once the downloading begins, the malicious MS exits the session. The MS under attack receives the traffic and gets charged for it.

T5d Over-billing attack: An attacker can send broadcasts of unsolicited data to legitimate subscribers, which get charged for them.

5.4.3.2 Threats to Confidentiality [37]

T6a Eavesdropping on GTP traffic: An attacker, who has access to a GPRS backbone network, is able to get information regarding the GTP tunneling by monitoring the GTP traffic, which is unencrypted.

T6b Eavesdropping on network traffic: Having access to a GPRS backbone network, a malicious MS may eavesdrop on the conveyed traffic.

5.4.3.3 Threats to Integrity [37]

T7a Manipulation of GTP traffic: An attacker, who has access to a GPRS backbone network, is able to manipulate the GTP traffic, which is unencrypted.

T7b IP spoofing: Having access to the network elements of a GPRS backbone, a malicious MS may perform IP spoofing.

5.4.3.4 Threats to Availability [37]

T8a GGSN exhaustion: An attacker creates and forwards GTP commands (i.e., PDP Context Create, Delete or Update) to a GGSN, overloading it and changing the servicing contexts of users. This results in denial of service (DoS).

T8b DoS Attack: Having access to the network elements of a GPRS backbone, a malicious MS may perform DoS attacks.

5.4.4 Security Threats on SS7 technology [37]

5.4.4.1 Threats to Authentication and Authorization

T5e Masquerading as a network element: An attacker, who has access to the signaling part of a GPRS network, could masquerade as a network element in order to retrieve critical information (i.e., IMSI, TMSI, location information, authentication triplets, billing data, etc.).

5.4.4.2 Threats to Confidentiality

T6c Eavesdropping on user and network information: An attacker, who has access to the signaling part of a GPRS network, could listen to critical information exchanged (i.e., IMSI, TMSI, etc).

T6d Unauthorized access to data: An attacker that has access to the signaling part of a network could retrieve information regarding the GPRS signaling.

5.4.4.3 Threats to Availability

T8c DoS Attack: An attacker that has access to the signaling part of a network may perform DoS attacks to the GPRS signaling components.

5.4.5 Gp Interface The Gp interface connects GPRS networks that belong to different operators and supports roaming users. The traffic that is transferred through Gp is: (a) GTP traffic between a local network and the ΗΝ of a roaming user, (b) routing information between a GPRS network operator and an operator of a GPRS routing exchange (GRX) that provides roaming services to cooperating networks, and (c) domain name server (DNS) information. The main vulnerability of Gp is the lack of security measures of the GTP protocol. The security threats that target Gp mainly concern the availability of resources and services, the authentication and authorization of users, and the confidentiality and integrity of the data conveyed.

GISFI



T9a Border Gateway flooding: A malicious operator that is connected to the same GRX generates a sufficient amount of traffic directed at the border gateway of a GPRS network, denying roaming access to or from the network.

T9b GTP flooding: A malicious operator floods an SGSN or a GGSN of an operator under attack. This may prevent subscribers from being able to roam, to forward data out to external networks, or to be attached to the GPRS network.

T9c DNS flooding: A DNS servers may be flooded with either correct or malformed DNS queries or other traffic. This prevents the legitimate subscribers to locate the proper GGSN that serves as a gateway to external networks.

T9d GTP manipulation: An adversary performs attacks against the GTP protocol, such as delete or update PDP contexts, which remove or modify GPRS tunnels between a SGSN and a GGSN of an operator under attack. This results in DoS.

5.4.5.2 Threats to Authentication and Authorisation [37]

T10a Unauthorised access to services: Using appropriate information, an attacker with access to the GRX, or a malicious operator attached to the same GRX, or a malicious insider can create a bogus SGSN. The adversary then may create a GTP tunnel between itself and the serving GGSN of a legitimate subscriber. In this case, the network provides to the attacker either illegitimate Internet access or unauthorised access to co-operating networks.

T10b Hijacking: An attacker uses a bogus SGSN to send an Update PDP Context Request message to an SGSN, which handles an existing GTP session of a user. In this way, the attacker inserts its bogus SGSN into the GTP session and hijacks the user’s data.


T11a Eavesdropping on users’ data: A malicious employee or a third party, who has access to the path between a SGSN and a GGSN, and compromised access to the related GRX, may capture a user’s data session. Since no encryption is employed, the attacker can eavesdrop on the user’s data.


T12a Manipulation of users’ data: A malicious employee or a third party, who has access to the path between a SGSN and a GGSN, and compromised access to the related GRX, may capture a user’s data session. Since no integrity protection is employed, the user’s data can be manipulated.

5.4.6 Gi Interface The Gi interface connects a GPRS network to the public Internet and various service providers. Since the applications of mobile users can be whatever is supported by the Internet technology, the Gi interface may carry any type of traffic. This fact exposes the GPRS network elements and the mobile users to a variety of security threats associated with availability, confidentiality, integrity and authorization.


T13a Abuse of services: An attacker may threaten the GPRS network elements or mobile subscribers using malicious software (i.e., viruses, worms, etc) that mainly causes DoS.

T13b Flooding: An attacker may flood the links that connect a GPRS network to external PDN with useless traffic, prohibiting legitimate traffic to pass. This may cause DoS to the network elements and the connected MSs.


T14a Unauthorised access to data: Since GPRS data are conveyed unprotected over the public Internet, an attacker may be able to compromise their confidentiality.


T15a Manipulation of data: An attacker is able to manipulate the GPRS data conveyed unprotected over the public Internet.

GISFI


5.4.6.4 Threats to Authorisation [37]

T16a Over-billing attacks: An attacker can either send large emails from a malicious external network to a MS causing over billing. In addition, an adversary may create a virus that is transferred to an MS and forces it to send dummy packets to a malicious server, without any notice to the user.

5.4.7 Security requirements as per 3GPP standards

5.4.7.1 Subscriber identity confidentiality

R1: IMSI (International Mobile Subscriber Identity), should not normally be transmitted in clear text in any signalling message on the radio path.

R2: Anonymous Access of a user to access the network need to be allowed without a subscriber identity only incase of emergency call

5.4.7.2 Subscriber identity authentication

The following three algorithms are considered in 3GPP TS 43.020

- Algorithm A3: Authentication algorithm;

- Algorithm A5: Ciphering/deciphering algorithm;

- Algorithm A8: Ciphering key generator.

R3: Algorithm A5 must be common to all GSM PLMNs and all mobile stations (in particular, to allow roaming).

R4: Algorithms A3 and A8 are at each PLMN operator discretion. Only the formats of their inputs and outputs must be specified. It is also desirable that the processing times of these algorithms remain below a maximum value.

5.4.7.3 Confidentiality of user information and signalling between MS and SGSN

R5: To ensure identity confidentiality the new TLLI must be transferred in a protected mode at allocation time

R6: The network need to compare its ciphering capabilities and preferences, and any special requirements of the subscription of the MS, with those indicated by the MS and can take one of the following decisions:

1) If the MS and the network have no versions of the GPRS A5 algorithm in common and the network is not prepared to use an unciphered connection, then the connection is released.

2) If the MS and the network have at least one version of the GPRS A5 algorithm in common, then the network shall select one of the mutually acceptable versions of the GPRS A5 algorithms for use on that connection.

3) If the MS and the network have no versions of the GPRS A5 algorithm in common and the network is willing to use an unciphered version, then an unciphered connection shall be used.

R7: It is mandatory for GEA2, GEA3 and non encrypted mode (i.e. GEA0) to be implemented in mobile stations. GEA4 may be implemented in the mobile stations. In particular, it is prohibited to implement GEA1 in mobile stations

5.4.7.4 Security of the GPRS backbone.

No requirement is mandated in Standards. The operator is responsible for the security of its own Intra-PLMN backbone which includes all network elements and physical connections. The operator shall prevent unauthorised access to its Intra-PLMN backbone. A secure Intra-PLMN backbone guarantees that no intruder can eavesdrop or modify user information and signalling in the Intra-PLMN backbone.

The GPRS architecture utilises GPRS tunnelling and private IP addressing within the backbone to restrict unauthorised access to the backbone. User traffic addressed to a network element shall be discarded. Firewall functionality may provide these means at the access points (Gi reference point and Gp interface) of the Intra-PLMN backbone.

GISFI


A.1 Heading levels in an annex

GISFI


Annex B:Change history:

Change historyDate TSG # TSG Doc. CR Rev Subject/Comment Old New2013-01-10

Initial Draft -

GISFI
