Embed Size (px)
Citation preview
Naveen Kumar
GSM is the most widely used cellular standard Over 600 million users, mostly in Europe and Asia Provides authentication and encryption capabilities Today’s networks are 2G & 3G Future (4G LTE)
Homenetwork
Switching and
routing
Other Networks (GSM, fixed, Internet, etc.)
Visited network
HLR/AuCVLR
SIM
Authentication◦ network operator can verify the identity of the subscriber making
it infeasible to clone someone else’s mobile phone Confidentiality
◦protects voice, data and sensitive signalling information (e.g. dialled digits) against eavesdropping on the radio path
Anonymity◦ protects against someone tracking the location of the user or
identifying calls made to or from the user by eavesdropping on the radio path
Three algorithms have been specified to provide security services in GSM.
A3 is used for authentication, A5 for encryption, and
A8 for the generation of a cipher key
For authentication, the VLR sends the random value RAND to the SIM.
The MS sends back the SRES generated by the SIM; the VLR can now compare both values. If they are the same, the VLR accepts the subscriber, otherwise the subscriber is rejected.
To ensure privacy .All user-related data is encrypted. After authentication, BTS (base transceiver station) and MS apply encryption to voice, data, and signaling by applying the cipher key Kc .
Kc is generated using the individual key Ki and a random value by applying the algorithm A8.
This confidentiality exists only between MS and BTS, but it does not exist end-to-end or within the whole GSM network.
Note that the SIM in the MS and the network both calculate the same Kc based on the random value RAND. The key Kc itself is not transmitted over the air interface.
MS and BTS can now encrypt and decrypt data using the algorithm A5 and the cipher key Kc.
Kc should be a 64 bit key – which is not very strong, but is at least a good protection against simple eavesdropping.
However, the publication of A3 and A8 on the internet showed that in certain implementations 10 bits out of 64 bits are always set to 0, so that the real length of the key is thus only 54 consequently, the encryption is much weaker.
To provide user anonymity, all data is encrypted before transmission, and user identifiers (which would reveal an identity) are not used over the air.
Instead, GSM transmits a temporary identifier (TMSI), which is newly assigned by the VLR after each location update.
Additionally, the VLR can change the TMSI at any time.
User identity confidentiality on the radio access link◦ temporary identities (TMSIs) are allocated and used instead of
permanent identities (IMSIs) Helps protect against:
◦ tracking a user’s location◦ obtaining information about a user’s calling pattern
IMSI: International Mobile Subscriber IdentityTMSI: Temporary Mobile Subscriber Identity
The GSM cipher A5/2◦ A5/2 is now so weak that the cipher key can be
discovered in near real time using a very small amount of known plaintext
No requirement of decrypting skills
Need a instrument that captures microwave
Gains control of communication between MS and intended receiver
• Design only provides access security - communications and signalling in the fixed network portion aren’t protected
• Design does not address active attacks, whereby network elements may be impersonated
• Design goal was only ever to be as secure as the fixed networks to which GSM systems connect
• Short key size of Kc (64 bits) makes it more vulnerable to various attacks
Mutual Authentication• provides enhanced protection against false base
station attacks by allowing the mobile to authenticate the network
Data Integrity• provides enhanced protection against false base
station attacks by allowing the mobile to check the authenticity of certain signalling messages
Network to Network Security• Secure communication between serving networks.
MAPSEC (Mobile Application Part Securit) or IPsec can be used
Wider Security Scope• Security is based within the RNC rather than the
base station Flexibility
• Security features can be extended and enhanced as required by new threats and services
Longer Key Length• Key length is 128 as against 64 bits in GSM
HLRHLR AuCAuC
Access Network(UTRAN)
VisitedNetwork
User Equipment
D
RNCBTSUSIMUSIM MEME
SGSNSGSN
HMSCMSC
HomeNetwork
(2) Authentication
(1) Distribution of authentication vectors
(4) Protection of the access link (ME-RNC)
(3) CK,IK (3) CK, IK
MSC – circuit switched services
SGSN – packet switched services
Mutual Authentication between user and the network
Establishes a cipher key and integrity key
Assures user that cipher/integrity keys were not used before, thereby providing protection against replay attacks
Protection of some radio interface signalling• protects against unauthorised modification, insertion and replay
of messages• applies to security mode establishment and other critical
signalling procedures Helps extend the influence of authentication when
encryption is not applied Uses the 128-bit integrity key (IK) derived during
authentication Integrity applied at the Radio Resource Control (RRC)
layer of the UMTS radio protocol stack• signalling traffic only
Data on the radio path is encrypted between the Mobile Equipment (ME) and the Radio Network Controller (RNC)
• protects user traffic and sensitive signalling data against eavesdropping
• extends the influence of authentication to the entire duration of the call
Uses the 128-bit encryption key (CK) derived during authentication
No security for communication between network elements in GSM
Easy to gain access to sensitive information such as Kc
Network Domain Security in UMTS foils these attacks
UMTS builds upon security mechanisms of GSM, and in addition provides following enhancements:
Encryption terminates at the radio network controller Mutual authentication and integrity protection of critical
signalling procedures to give greater protection against false base station attacks
Longer key lengths (128-bit) Network Domain Security using MAPSEC or IPSec
GSM-Security: a Survey and Evaluation of the Current Situation, Paul Yousef, Master’s thesis, Linkoping Institute of Technology, March 2004
UMTS security, Boman, K. Horn, G. Howard, P. Niemi, V. Electronics & Communication Engineering Journal, Oct 2002, Volume: 14, Issue:5, pp. 191- 204
"Evaluation of UMTS security architecture and services“, A. Bais, W. Penzhorn, P. Palensky, Proceedings of the 4th IEEE International Conference on Industrial Informatics, p. 6, Singapore, 2006
UMTS Security, Valtteri Niemi, Kaisa Nyberg, published by John Wiley and Sons, 2003
GSM: Security, Services, and the SIM Klaus Vedder, LNCS 1528, pp. 224-240, Springer-Verlag 1998
