GSM and UMTS Security - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

GSM and UMTS Security

Description:

Data on the radio path is encrypted between the Mobile Equipment (ME) and the ... only. Integrity and authentication of origin of signalling data provided. ... – PowerPoint PPT presentation

Number of Views:198
Avg rating:3.0/5.0
Slides: 31
Provided by: cseIi8
Category:

less

Transcript and Presenter's Notes

Title: GSM and UMTS Security


1
GSM and UMTS Security
  • Vishal Prajapati (08305030)
  • Vishal Sevani (07405010)
  • Om Pal (07405702)
  • Sudhir Rana (05005002)

2
GSM Security Architecture
HLR/AuC
VLR
Home network
Switching and routing
Other Networks (GSM, fixed, Internet, etc.)
SIM
Visited network
3
GSM Security Features
  • Authentication
  • network operator can verify the identity of the
    subscriber making it infeasible to clone someone
    elses mobile phone
  • Confidentiality
  • protects voice, data and sensitive signalling
    information (e.g. dialled digits) against
    eavesdropping on the radio path
  • Anonymity
  • protects against someone tracking the location of
    the user or identifying calls made to or from the
    user by eavesdropping on the radio path

4
GSM Authentication Protocol
Authentication Data Request
RAND, XRES, Kc
RAND
RES XRES?
RES
5
Encryption in GSM
6
GSM Encryption Principles
  • Data on the radio path is encrypted between the
    Mobile Equipment (ME) and the Base Transceiver
    Station (BTS)
  • protects user traffic and sensitive signalling
    data against eavesdropping
  • extends the influence of authentication to the
    entire duration of the call
  • Uses the encryption key (Kc) derived during
    authentication

7
GSM User Identity Confidentiality
  • User identity confidentiality on the radio access
    link
  • temporary identities (TMSIs) are allocated and
    used instead of permanent identities (IMSIs)
  • Helps protect against
  • tracking a users location
  • obtaining information about a users calling
    pattern
  • IMSI International Mobile Subscriber Identity
  • TMSI Temporary Mobile Subscriber Identity

8
Specific GSM Security Problems
  • The GSM cipher A5/2
  • A5/2 is now so weak that the cipher key can be
    discovered in near real time using a very small
    amount of known plaintext
  • Aim find the initial internal state of the
    registers.
  • Each frame in - 4.615 ms
  • So 28 frames in a sec.
  • After finding the initial state go backward and
    can generate Kc

9
  • False Base Station Attack(1)
  • Compromises User Identity Confidentiality
  • Force MS to send IMSI
  • Cipher mode fault

10
  • False Base Station Attack(2)
  • Active attack
  • IDENTITY REQUEST
  • Compromises User Data Confidentiality

Source LiTH-ISY-EX-3559-2004
11
Accessing Signaling network
  • No requirement of decrypting skills
  • Need a instrument that captures microwave
  • Gains control of communication between MS and
    intended receiver

12
UMTS Security Mechanisms
13
Limitations of GSM Security
  • Design only provides access security -
    communications and signalling in the fixed
    network portion arent protected
  • Design does not address active attacks, whereby
    network elements may be impersonated
  • Design goal was only ever to be as secure as the
    fixed networks to which GSM systems connect
  • Short key size of Kc (64 bits) makes it more
    vulnerable to various attacks

14
Enhancements in UMTS vs GSM
  • Mutual Authentication
  • provides enhanced protection against false base
    station attacks by allowing the mobile to
    authenticate the network
  • Data Integrity
  • provides enhanced protection against false base
    station attacks by allowing the mobile to check
    the authenticity of certain signalling messages
  • Network to Network Security
  • Secure communication between serving networks.
    MAPSEC or IPsec can be used

15
UMTS Enhancements (contd)
  • Wider Security Scope
  • Security is based within the RNC rather than the
    base station
  • Flexibility
  • Security features can be extended and enhanced as
    required by new threats and services
  • Longer Key Length
  • Key length is 128 as against 64 bits in GSM

16
UMTS Radio Access Link Security
(1) Distribution of authentication vectors
(2) Authentication
D
HLR
AuC
H
MSC
(3) CK,IK
(3) CK, IK
(4) Protection of the access link (ME-RNC)
MSC circuit switched services SGSN packet
switched services
RNC
USIM
ME
BTS
SGSN
Access Network (UTRAN)
Visited Network
User Equipment
Home Network
17
Authentication and Key Agreement
  • Mutual Authentication between user and the
    network
  • Establishes a cipher key and integrity key
  • Assures user that cipher/integrity keys were not
    used before, thereby providing protection against
    replay attacks

18
Authentication and Key Agreement
19
Authentication and Key Agreement
20
UMTS Integrity Protection Principles
  • Protection of some radio interface signalling
  • protects against unauthorised modification,
    insertion and replay of messages
  • applies to security mode establishment and other
    critical signalling procedures
  • Helps extend the influence of authentication when
    encryption is not applied
  • Uses the 128-bit integrity key (IK) derived
    during authentication
  • Integrity applied at the Radio Resource Control
    (RRC) layer of the UMTS radio protocol stack
  • signalling traffic only

21

Integrity Check
Integrity and authentication of origin of
signalling data provided. The integrity algorithm
(KASUMI) uses 128 bit key and generates 64 bit
message authentication code.
22
UMTS Encryption Principles
  • Data on the radio path is encrypted between the
    Mobile Equipment (ME) and the Radio Network
    Controller (RNC)
  • protects user traffic and sensitive signalling
    data against eavesdropping
  • extends the influence of authentication to the
    entire duration of the call
  • Uses the 128-bit encryption key (CK) derived
    during authentication

23
Encryption
Signaling and user data protected from
eavesdropping. Secret key, block cipher algorithm
(KASUMI) uses 128 bit cipher key.
24
Protection Against Active Attacks
25
  • False Base Station Attack(1)
  • Compromises User Identity Confidentiality
  • Reason
  • No provision to ascertain the origin of
    information ie. lack of integrity check

26
  • False Base Station Attack(2)
  • Exploits user data confidentiality
  • Reason
  • No provision to ascertain the origin of
    information ie. lack of integrity check

Source LiTH-ISY-EX-3559-2004
27
  • False Base Station Attack
  • Solution
  • Use of Integrity Check
  • After AKA SRNC sends integrity protected message
    containing security capabilities of the ME, which
    the mobile verifies to ensure there is no foul
    play

28
Lack of Network Domain Security
  • No security for communication between network
    elements in GSM
  • Easy to gain access to sensitive information such
    as Kc
  • Network Domain Security in UMTS foils these
    attacks

29
Summary of UMTS Security
  • UMTS builds upon security mechanisms of GSM, and
    in addition provides following enhancements,
  • Encryption terminates at the radio network
    controller
  • Mutual authentication and integrity protection of
    critical signalling procedures to give greater
    protection against false base station attacks
  • Longer key lengths (128-bit)
  • Network Domain Security using MAPSEC or IPSec

30
References
  • UMTS security, Boman, K. Horn, G. Howard, P.
    Niemi, V. Electronics Communication Engineering
    Journal, Oct 2002, Volume 14, Issue5, pp. 191-
    204
  • "Evaluation of UMTS security architecture and
    services, A. Bais, W. Penzhorn, P. Palensky,
    Proceedings of the 4th IEEE International
    Conference on Industrial Informatics, p. 6,
    Singapore, 2006
  • UMTS Security, Valtteri Niemi, Kaisa Nyberg,
    published by John Wiley and Sons, 2003
  • GSM-Security a Survey and Evaluation of the
    Current Situation, Paul Yousef, Masters thesis,
    Linkoping Institute of Technology, March 2004
  • GSM Security, Services, and the SIM Klaus
    Vedder, LNCS 1528, pp. 224-240, Springer-Verlag
    1998
  • Instant ciphertext-only cryptanalysis of GSM
    encrypted communication, Elad Barkan, Eli Biham,
    Nathan Keller, Advances in Cryptology CRYPTO
    2003
Write a Comment
User Comments (0)
About PowerShow.com