Documente Academic
Documente Profesional
Documente Cultură
SECURITY PRINCIPLES
SECURITY IN GSM AND 3G
SAURABH PIYUSH MCA 4509/10 11/10/2012 MUKESH H MULANI MCA/4527/10
Cipher keys and authentication values are transmitted in clear within and between networks (IMSI, RAND, SRES, Kc) Limited Encryption Scope Encryption terminated too soon at edge of network to BTS Communications and signaling in the fixed network portion arent protected Designed to be only as secure as the fixed networks Channel Hijack
Protection against radio channel hijack relies on encryption. However, encryption is not used in some networks. Implicit Data Integrity No integrity algorithm provided Unilateral Authentication Only user authentication to the network is provided. No means to identify the network to the user. Weak Encryption Algorithms Key lengths are too short, while computation speed is increasing Encryption algorithm COMP 128 has been broken Replacement of encryption algorithms is quite difficult Unsecured Terminal IMEI is an unsecured identity Integrity mechanisms for IMEI are introduced late Lawful Interception & Fraud Considered as afterthoughts Lack of Visibility No indication to the user that encryption is on No explicit confirmation to the HE that authentication parameters are properly used in SN when subscribers roam Inflexibility Inadequate flexibility to upgrade and improve security functionality over time
Security features can be extended and enhanced as required by new threats and services Visibility and Configurability Users are notified whether security is on and what level of is available security
Users can configure security features for individual services Compatibility Standardized security features to ensure world-wide interoperability and roaming
At least one encryption algorithm exported on world-wide basis Lawful Interception Mechanisms to provide authorized agencies with certain information about subscribers
3G Security Features
User Confidentiality Permanent user identity IMSI, user location, and user services cannot be determined by eavesdropping Achieved by use of temporary identity (TMSI) which is assigned by VLR IMSI is sent in clear text when establishing TMSI.
Mutual Authentication During Authentication and Key Agreement (AKA) the user and network authenticate each other, and also they agree on cipher and integrity key (CK, IK). CK and IK are used until their time expires. Assumption: trusted HE and SN, and trusted links between them. After AKA, security mode must be negotiated to agree on encryption and integrity algorithm. AKA process:
Data Integrity
Integrity of data and authentication of origin of signaling data must be provided. The user and network agree on integrity key and algorithm during AKA and security mode set-up.
Data Confidentiality
Signalling and user data should be protected from eavesdropping The user and network agree on cipher key and algorithm during AKA and security mode set-up
References
3G TS 33.120 Security Principles and Objectives http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300.pdf 3G TS 33.120 Security Threats and Requirements http://www.arib.or.jp/IMT-2000/ARIB-spec/ARIB/21133-310.PDF Michael Walker On the Security of 3GPP Networks http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/mike_walker.pdf Redl, Weber, Oliphant An Introduction to GSM Artech House, 1995 Joachim Tisal GSM Cellular Radio Telephony John Wiley & Sons, 1997 Lauri Pesonen GSM Interception http://www.dia.unisa.it/ads.dir/corso-security/www/CORSO-9900/a5/Netsec/netsec.html 3G TR 33.900 A Guide to 3rd Generation Security ftp://ftp.3gpp.org/TSG_SA/WG3_Security/_Specs/33900-120.pdf 3G TS 33.102 Security Architecture