Scribd Logo
Upload

Welcome to Scribd!

  • GSM Umts Sec

    Uploaded by

    Johan Tinelius
    35 views6 pages
    GSM and UMTS security Why is security more of a concern in wireless? no inherent physical protection - physical connections between devices are replaced by logical associations. Broadcast communications - wireless usually means radio, which has a broadcast nature. Transmissions can be overheard by anyone in range - anyone can generate transmissions, which will be received by other nearby devices.

    Original Description:

    Original Title

    gsm-umts-sec

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    GSM and UMTS security Why is security more of a concern in wireless? no inherent physical protection - physical connections between devices are replaced by logical associations. Broadcast communications - wireless usually means radio, which has a broadcast nature. Transmissions can be overheard by anyone in range - anyone can generate transmissions, which will be received by other nearby devices.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    35 views6 pages

    GSM Umts Sec

    Uploaded by

    Johan Tinelius
    GSM and UMTS security Why is security more of a concern in wireless? no inherent physical protection - physical connections between devices are replaced by logical associations. Broadcast communications - wireless usually means radio, which has a broadcast nature. Transmissions can be overheard by anyone in range - anyone can generate transmissions, which will be received by other nearby devices.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    GSM and UMTS security

    © 2007 Levente Buttyán

    Why is security more of a concern in wireless?


    ƒ no inherent physical protection
    – physical connections between devices are replaced by logical associations
    – sending and receiving messages do not need physical access to the network
    infrastructure (cables, hubs, routers, etc.)

    ƒ broadcast communications
    – wireless usually means radio, which has a broadcast nature
    – transmissions can be overheard by anyone in range
    – anyone can generate transmissions,
    • which will be received by other devices in range
    • which will interfere with other nearby transmissions and may prevent their correct
    reception (jamming)

    ¾ eavesdropping is easy
    ¾ injecting bogus messages into the network is easy
    ¾ replaying previously recorded messages is easy
    ¾ illegitimate access to the network and its services is easy
    ¾ denial of service is easily achieved by jamming

    GSM and UMTS security 2/11

    1
    GSM Security
    ƒ main security requirement
    – subscriber authentication (for the sake of billing)
    • challenge-response protocol
    • long-term secret key shared between the subscriber and the home
    network operator
    • supports roaming without revealing long-term key to the visited networks

    ƒ other security services provided by GSM


    – confidentiality of communications and signaling over the wireless
    interface
    • encryption key shared between the subscriber and the visited network is
    established with the help of the home network as part of the subscriber
    authentication protocol
    – protection of the subscriber’s identity from eavesdroppers on the
    wireless interface
    • usage of short-term temporary identifiers

    GSM and UMTS security 3/11

    The SIM card (Subscriber Identity Module)


    ƒ tamper-resistant
    ƒ protected by a PIN code (checked locally by the SIM)
    ƒ removable from the terminal
    ƒ contains all data specific to the end user which have to
    reside in the Mobile Station:
    – IMSI: International Mobile Subscriber Identity (permanent user’s
    identity)
    – PIN
    – TMSI (Temporary Mobile Subscriber Identity)
    – Ki : User’s secret key
    – CK : Ciphering key
    – List of the last call attempts
    – List of preferred operators
    – Supplementary service data (abbreviated dialing, last short messages
    received,...)

    GSM and UMTS security 4/11

    2
    GSM authentication and cipher key setup
    mobile phone visited home
    + SIM card network network

    IMSI PRNG
    IMSI
    RAND K

    RAND K (RAND, SRES, CK)


    RAND A3 A8

    A3 A8 SRES'
    RAND SRES CK

    ?
    SRES' CK' SRES = SRES'

    GSM and UMTS security 5/11

    Ciphering in GSM

    Kc FRAME NUMBER Kc FRAME NUMBER

    A5 A5
    A5
    A5

    CIPHERING CIPHERING
    SEQUENCE SEQUENCE

    PLAINTEXT CIPHERTEXT PLAINTEXT


    SEQUENCE ⊕ SEQUENCE ⊕ SEQUENCE

    Sender Receiver
    (Mobile Station or Network) (Network or Mobile Station)

    GSM and UMTS security 6/11

    3
    Conclusion on GSM security

    ƒ focused on the protection of the air interface


    ƒ no protection on the wired part of the network (neither for
    privacy nor for confidentiality)
    ƒ the visited network has access to all data (except the secret
    key of the end user)
    ƒ generally robust, but a few successful attacks have been
    reported:
    – faked base stations
    – cloning of the SIM card

    GSM and UMTS security 7/11

    3GPP security design principles


    ƒ Reuse of 2nd generation security principles (GSM):
    – Removable hardware security module
    • In GSM: SIM card
    • In 3GPP: USIM (User Services Identity Module)
    – Radio interface encryption
    – Limited trust in the Visited Network
    – Protection of the identity of the end user (especially on the radio
    interface)

    ƒ Correction of the following weaknesses of the previous


    generation:
    – Possible attacks from a faked base station
    – Cipher keys and authentication data transmitted in clear between and
    within networks
    – Encryption not used in some networks Î open to fraud
    – Data integrity not provided
    – …

    GSM and UMTS security 8/11

    4
    3GPP authentication vectors
    PRNG K SQN AMF

    RAND

    f2 f3 f4 f5 f1

    AK

    SQN ⊕AK AMF MAC

    RAND XRES CK IK AUTN

    AMF: Authentication and Key Management Field

    GSM and UMTS security 9/11

    Processing in the USIM

    RAND AUTN
    SQN ⊕ AK AMF MAC

    f5f5

    AK ⊕
    SQN
    K

    f1f1 f2f2 f3f3 f4f4

    XMAC RES CK IK
    (Expected MAC) (Response) (Cipher (Integrity
    Key) Key)

    ••Verify
    Verifythat
    thatSQN
    SQNisisininthe
    thecorrect
    correctrange
    range
    ••Verify
    VerifyMAC
    MAC==XMAC
    XMAC USIM: User Services Identity Module

    GSM and UMTS security 10/11

    5
    Conclusion on 3GPP security
    ƒ Some improvement with respect to 2nd generation
    – Cryptographic algorithms are published
    – Integrity of the signalling messages is protected
    ƒ Quite conservative solution
    ƒ Privacy/anonymity of the user not completely protected
    ƒ 2nd/3rd generation interoperation will be complicated and
    might open security breaches

    GSM and UMTS security 11/11

    You might also like