security 3gpp
TRANSCRIPT
-
7/30/2019 Security 3gpp
1/15
SEC-3GPP 1
Mobile Communications
Security in 3GPP Networks
Manuel P. Ricardo
Faculdade de Engenharia da Universidade do Porto
-
7/30/2019 Security 3gpp
2/15
SEC-3GPP 2
How is authentication and ciphering handled in GSM?
How is authentication and ciphering handled in UMTS?
-
7/30/2019 Security 3gpp
3/15
SEC-3GPP 3
GSM
-
7/30/2019 Security 3gpp
4/15
SEC-3GPP 4
Security in GSM Security services
access control/authentication user SIM (Subscriber Identity Module): secret PIN (Personal Identification Number) SIM network: challenge - response method
Ki - subscriber secret authentication key, stored in SIM
confidentiality
voice and signaling encrypted on the wireless link (after successful authentication)
anonymity TMSI - Temporary Mobile Subscriber Identity
newly assigned at each new location update
encrypted transmission
3 algorithms specified in GSM
A3 for authentication (secret, open interface)
A5 for encryption (standardized)
A8 for encryption key generation (secret, open interface)
-
7/30/2019 Security 3gpp
5/15
SEC-3GPP 5
GSM - Authentication
A3
RANDKi
128 bit 128 bit
SRES* 32 bit
A3
RAND Ki
128 bit 128 bit
SRES 32 bit
SRES* =? SRES SRES
RAND
SRES
32 bit
mobile network SIM
AuC
MSC
SIM
Ki: individual subscriber authentication key SRES: signed response
-
7/30/2019 Security 3gpp
6/15
SEC-3GPP 6GSM - Key Generation and
Encryption
A8
RANDKi
128 bit 128 bit
Kc
64 bit
A8
RAND Ki
128 bit 128 bit
SRES
RAND
encrypted
data
mobile network (BTS) MS with SIM
AuC
BTS
SIM
A5
Kc64 bit
A5
MS
data data
cipher
key
-
7/30/2019 Security 3gpp
7/15
SEC-3GPP 7
3G
(3GPP TS 23.060, 3GPP TS 33.102)
-
7/30/2019 Security 3gpp
8/15
SEC-3GPP 8
Security Function Authentication of the MS by the network
Provides user identity confidentiality temporary identification and ciphering
Provides user data and signalling confidentiality
ciphering
In UMTS (Iu mode)
authentication of the network by the MS
data integrity and origin authentication of signalling data
-
7/30/2019 Security 3gpp
9/15
SEC-3GPP 9
Authentication Two types of authentication
UMTS authentication GSM authentication
Independent of the RAN modes
GSM authentication
Based on SIM Authentication of the MS by the network
Establishment of GSM ciphering key (Kc) between the SGSN and the MS
UMTS authentication
Based on USIM Requires authentication quintets
Implies mutual authentication
Agreement between SGSN and MS on
ciphering key (CK) and integrity key (IK)
-
7/30/2019 Security 3gpp
10/15
SEC-3GPP 10
GSM Authentication
1. SGSN requests Authentication-Info (IMSI); HLR responds2. SGSN
sends Authentication-Ciphering(RAND, CKSN, Ciphering Algorithm);
MS responds with Ciphering-Response (SRES)
A/Gb mode: MS starts ciphering after sending Response message
Iu mode: SGSN / MS shall generate CK and IK from the GSM Kc
1. Send Authentication Info
2. Authentication and Ciphering Request1. Send Authentication Info Ack
2. Authentication and Ciphering Response
MS RAN HLR SGSN
-
7/30/2019 Security 3gpp
11/15
SEC-3GPP 11
MS VLR/SGSN HE/HLR
Generate authentication
vectors AV(1..n)
Store authentication vectors
Select authentication vector AV(i)
Authentication data request
Authentication data response
AV(1..n)
User authentication request
RAND(i) || AUTN(i)
User authentication responseRES(i)
Compare RES(i) and XRES(i)
Verify AUTN(i)
Compute RES(i)
Compute CK(i) and IK(i) Select CK(i) and IK(i)
Authentication and
key establishment
Distribution of
authentication
vectors from HE
to SN
UMTS Authentication
-
7/30/2019 Security 3gpp
12/15
SEC-3GPP 12Generation of an Authentication Vector
by HE/AuC
K
SQNRAND
f1 f2 f3 f4 f5
MAC XRES CK IK AK
AUTN := SQN AK || AMF || MAC
AV := RAND || XRES || CK || IK || AUTN
Generate SQN
Generate RAND
AMF
-
7/30/2019 Security 3gpp
13/15
SEC-3GPP 13
K
SQN
RAND
f1 f2 f3 f4
f5
XMAC RES CK IK
AK
SQN AK AMF MAC
AUTN
Verify MAC = XMAC
Verify that SQN is in the correct range
User authentication function in the
USIM
-
7/30/2019 Security 3gpp
14/15
SEC-3GPP 14
Release 99+ VLR/SGSN Release 98-
VLR/SGSN
Release 99+
HLR/AuC
USIM
RANDAUTNRES
CKIK
CK, IKKc
UTRAN
ME capable ofUMTS AKA
RANDAUTNRES
[Kc]
CK, IKKc
GSM BSS
CK, IKKcRESSRES
CK, IKKc
ME notcapable of UMTS
AKA
CK, IKKc
CK, IKKcRESSRES
RAND[AUTN]
SRES
[Kc]
Kc
RANDSRES
[Kc]
Kc
ME
CK, IKKcRESSRES
Quintets Triplets
CK, IKKcRESSRES
UMTS security GSM security
CK, IKKc
-
7/30/2019 Security 3gpp
15/15
SEC-3GPP 15
Scope of Ciphering
Ciphering Algorithm
A/Gb mode: GPRS Encryption Algorithm (GEA)Kc is an input to the algorithm
Iu mode: UMTS Encryption Algorithm (UEA)
CK is an input to the algorithm.
MS BSS/UTRAN SGSN
Scope of GPRS ciphering
Scope of UMTS ciphering