3G Security Principles - PowerPoint PPT Presentation

About This Presentation
Title:

3G Security Principles

Description:

3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP GSM Network Architecture GSM Security Elements ... – PowerPoint PPT presentation

Number of Views:93
Avg rating:3.0/5.0
Slides: 22
Provided by: mya92
Category:

less

Transcript and Presenter's Notes

Title: 3G Security Principles


1
3G Security Principles
  • Build on GSM security
  • Correct problems with GSM security
  • Add new security features

Source 3GPP
2
GSM Network Architecture
PSTN/ISDN
  •  

MS
MSC
BTS
BSC
Um
A
A-bis
Mobility mgt
OMC
Voice Traffic
Circuit-switched technology
3
GSM Security Elements, 1
  • Key functions privacy, integrity and
    confidentiality
  • Authentication
  • Protect from unauthorized service access
  • Based on the authentication algorithm A3(Ki,
    RAND)gt SRES
  • Problems with inadequate algorithms
  • Encryption
  • Scramble bit streams to protect signaling and
    user data
  • Ciphering algorithm A8(Ki, RAND) gt Kc

  • A5(Kc, Data) gt Encrypted Data
  • Need stronger encryption
  • Confidentiality
  • Prevent intruder from identifying users by IMSI
  • Temporary MSI
  • Need more secure mechanism

4
GSM Security Elements, 2
  • SIM
  • A removable hardware security module
  • Manageable by network operators
  • Terminal independent
  • Secure Application Layer
  • Secure application layer channel between
    subscriber module and home
  • network
  • Transparency
  • Security features operate without user
    assistance
  • Needs greater user visibility
  • Minimized Trust
  • Requires minimum trust between HE and SN

5
Problems with GSM Security, 1
  • Active Attacks
  • Impersonating network elements such as false
    BTS is possible
  • Key Transmission
  • Cipher keys and authentication values are
    transmitted in clear within and between networks
    (IMSI, RAND, SRES, Kc)
  • Limited Encryption Scope
  • Encryption terminated too soon at edge of
    network to BTS
  • Communications and signaling in the fixed
    network portion arent protected
  • Designed to be only as secure as the fixed
    networks
  • Channel Hijack
  • Protection against radio channel hijack relies
    on encryption. However, encryption is not used
    in some networks.

6
Problems with GSM Security, 2
  • Implicit Data Integrity
  • No integrity algorithm provided
  • Unilateral Authentication
  • Only user authentication to the network is
    provided.
  • No means to identify the network to the user.
  • Weak Encryption Algorithms
  • Key lengths are too short, while computation
    speed is increasing
  • Encryption algorithm COMP 128 has been broken
  • Replacement of encryption algorithms is quite
    difficult
  • Unsecured Terminal
  • IMEI is an unsecured identity
  • Integrity mechanisms for IMEI are introduced
    late

7
Problems with GSM Security, 3
  • Lawful Interception Fraud
  • Considered as afterthoughts
  • Lack of Visibility
  • No indication to the user that encryption is on
  • No explicit confirmation to the HE that
    authentication parameters are properly used in
    SN when subscribers roam
  • Inflexibility
  • Inadequate flexibility to upgrade and improve
    security functionality over time

8
3G Network Architecture
CircuitNetwork
Circuit/ Signaling Gateway
Mobility Manager
Feature Server(s)
Circuit Switch
IN Services
RNC
Call Agent
Data Packet Voice
Voice
IP Core Network
Radio Access Control
Packet Network (Internet)
Packet Gateway
3G
2G/2.5G
2G
9
New Security Features, 1
  • Network Authentication
  • The user can identify the network
  • Explicit Integrity
  • Data integrity is assured explicitly by use of
    integrity algorithms
  • Also stronger confidentiality algorithms with
    longer keys
  • Network Security
  • Mechanisms to support security within and
    between networks
  • Switch Based Security
  • Security is based within the switch rather than
    the base station
  • IMEI Integrity
  • Integrity mechanisms for IMEI provided from the
    start

10
New Security Features, 2
  • Secure Services
  • Protect against misuse of services provided by
    SN and HE
  • Secure Applications
  • Provide security for applications resident on
    USIM
  • Fraud Detection
  • Mechanisms to combating fraud in roaming
    situations
  • Flexibility
  • Security features can be extended and enhanced
    as required by new threats and services
  • Visibility and Configurability
  • Users are notified whether security is on and
    what level of security is available
  • Users can configure security features for
    individual services

11
New Security Features, 3
  • Compatibility
  • Standardized security features to ensure
    world-wide interoperability and roaming
  • At least one encryption algorithm exported on
    world-wide basis
  • Lawful Interception
  • Mechanisms to provide authorized agencies with
    certain information about subscribers

12
Summary of 3G Security Features, 1
  • User Confidentiality
  • Permanent user identity IMSI, user location,
    and user services cannot be determined by
    eavesdropping
  • Achieved by use of temporary identity (TMSI)
    which is assigned by VLR
  • IMSI is sent in cleartext when establishing TMSI

13
Summary of 3G Security Features, 2
  • Mutual Authentication
  • During Authentication and Key Agreement (AKA)
    the user and network authenticate each other,
    and also they agree on cipher and integrity key
    (CK, IK). CK and IK are used until their time
    expires.
  • Assumption trusted HE and SN, and trusted
    links between them.
  • After AKA, security mode must be negotiated to
    agree on encryption and integrity algorithm.
  • AKA process

14
Summary of 3G Security Features, 3
  • Generation of authentication data at HLR

15
Summary of 3G Security Features, 4
  • Generation of authentication data in USIM

16
Summary of 3G Security Features, 5
  • Data Integrity
  • Integrity of data and authentication of origin
    of signalling data must be provided
  • The user and network agree on integrity key and
    algorithm during AKA and security mode set-up

17
Summary of 3G Security Features, 6
  • Data Confidentiality
  • Signalling and user data should be protected
    from eavesdropping
  • The user and network agree on cipher key and
    algorithm during AKA and security mode set-up

18
Summary of 3G Security Features, 7
  • IMEI
  • IMEI is sent to the network only after the
    authentication of SN
  • The transmission of IMEI is not protected
  • User-USIM Authentication
  • Access to USIM is restricted to authorized
    users
  • User and USIM share a secret key, PIN
  • USIM-Terminal Authentication
  • User equipment must authenticate USIM
  • Secure Applications
  • Applications resident on USIM should receive
    secure messages over the network
  • Visibility
  • Indication that encryption is on
  • Indication what level of security (2G, 3G) is
    available

19
Summary of 3G Security Features, 8
  • Configurability
  • User configures which security features
    activated with particular services
  • Enabling/disabling user-USIM authentication
  • Accepting/rejecting incoming non-ciphered calls
  • Setting up/not setting up non-ciphered calls
  • Accepting/rejecting use of certain ciphering
    algorithms
  • GSM Compatibility
  • GSM user parameters are derived from UMTS
    parameters using the following conversion
    functions
  • cipher key Kc c3(CK, IK)
  • random challenge RAND c1(RAND)
  • signed response SRES c2(RES)
  • GSM subscribers roaming in 3GPP network are
    supported by GSM security context (example,
    vulnerable to false BTS)

20
Problems with 3G Security
  • IMSI is sent in cleartext when allocating TMSI to
    the user
  • The transmission of IMEI is not protected IMEI
    is not a security feature
  • A user can be enticed to camp on a false BS. Once
    the user camps on the radio channels of a false
    BS, the user is out of reach of the paging
    signals of SN
  • Hijacking outgoing/incoming calls in networks
    with disabled encryption is possible. The
    intruder poses as a man-in-the-middle and drops
    the user once the call is set-up

21
References
  • 3G TS 33.120 Security Principles and Objectives
  • http//www.3gpp.org/ftp/tsg_sa/WG3_Security/_Spec
    s/33120-300.pdf
  • 3G TS 33.120 Security Threats and Requirements
  • http//www.arib.or.jp/IMT-2000/ARIB-spec/ARIB/211
    33-310.PDF
  • Michael Walker On the Security of 3GPP Networks
  • http//www.esat.kuleuven.ac.be/cosic/eurocrypt200
    0/mike_walker.pdf
  • Redl, Weber, Oliphant An Introduction to GSM
  • Artech House, 1995
  • Joachim Tisal GSM Cellular Radio Telephony
  • John Wiley Sons, 1997
  • Lauri Pesonen GSM Interception
  • http//www.dia.unisa.it/ads.dir/corso-security/ww
    w/CORSO-9900/a5/Netsec/netsec.html
  • 3G TR 33.900 A Guide to 3rd Generation Security
  • ftp//ftp.3gpp.org/TSG_SA/WG3_Security/_Specs/339
    00-120.pdf
  • 3G TS 33.102 Security Architecture
  • ftp//ftp.3gpp.org/Specs/2000-12/R1999/33_series/
    33102-370.zip
  • 3G TR 21.905 Vocabulary for 3GPP Specifications
  • http//www.quintillion.co.jp/3GPP/Specs/21905-010
    .pdf
Write a Comment
User Comments (0)
About PowerShow.com