Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Security 3gpp

    Încărcat de

    hshai
    106 vizualizări15 pagini

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    106 vizualizări15 pagini

    Security 3gpp

    Încărcat de

    hshai

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 15

    SEC-3GPP 1

    Mobile Communications
    Security in 3GPP Networks
    Manuel P. Ricardo
    Faculdade de Engenharia da Universidade do Porto

    SEC-3GPP 2

    How is authentication and ciphering handled in GSM? How is authentication and ciphering handled in UMTS?

    SEC-3GPP 3

    GSM

    SEC-3GPP 4

    Security in GSM

    Security services
    access control/authentication
    user SIM (Subscriber Identity Module): secret PIN (Personal Identification Number) SIM network: challenge - response method Ki - subscriber secret authentication key, stored in SIM

    confidentiality
    voice and signaling encrypted on the wireless link (after successful authentication)

    anonymity
    TMSI - Temporary Mobile Subscriber Identity newly assigned at each new location update encrypted transmission

    3 algorithms specified in GSM


    A3 for authentication (secret, open interface) A5 for encryption (standardized) A8 for encryption key generation (secret, open interface)

    SEC-3GPP 5

    GSM - Authentication
    mobile network Ki AuC 128 bit A3 SRES* 32 bit SRES RAND 128 bit RAND SIM RAND 128 bit A3 SIM 32 bit Ki 128 bit

    MSC

    SRES* =? SRES

    SRES 32 bit

    SRES

    Ki: individual subscriber authentication key

    SRES: signed response

    GSM - Key Generation and Encryption


    mobile network (BTS) Ki AuC 128 bit A8 cipher key Kc 64 bit data A5 encrypted data RAND 128 bit RAND MS with SIM RAND 128 bit A8 Ki 128 bit

    SEC-3GPP 6

    SIM

    Kc 64 bit SRES data MS A5

    BTS

    SEC-3GPP 7

    3G
    (3GPP TS 23.060, 3GPP TS 33.102)

    SEC-3GPP 8

    Security Function

    Authentication of the MS by the network Provides user identity confidentiality


    temporary identification and ciphering

    Provides user data and signalling confidentiality


    ciphering

    In UMTS (Iu mode)


    authentication of the network by the MS data integrity and origin authentication of signalling data

    SEC-3GPP 9

    Authentication

    Two types of authentication


    UMTS authentication GSM authentication Independent of the RAN modes

    GSM authentication
    Based on SIM Authentication of the MS by the network Establishment of GSM ciphering key (Kc) between the SGSN and the MS

    UMTS authentication
    Based on USIM Requires authentication quintets Implies mutual authentication Agreement between SGSN and MS on
    ciphering key (CK) and integrity key (IK)

    SEC-3GPP 10

    GSM Authentication
    MS RAN SGSN HLR 1. Send Authentication Info 1. Send Authentication Info Ack 2. Authentication and Ciphering Request 2. Authentication and Ciphering Response

    1. SGSN requests Authentication-Info (IMSI); HLR responds 2. SGSN


    sends Authentication-Ciphering(RAND, CKSN, Ciphering Algorithm);
    MS responds with Ciphering-Response (SRES)

    A/Gb mode: MS starts ciphering after sending Response message Iu mode: SGSN / MS shall generate CK and IK from the GSM Kc

    SEC-3GPP 11
    MS VLR/SGSN HE/HLR

    UMTS Authentication
    Distribution of authentication vectors from HE to SN

    Authentication data request Generate authentication vectors AV(1..n) Authentication data response AV(1..n) Store authentication vectors

    Select authentication vector AV(i) User authentication request RAND(i) || AUTN(i) Verify AUTN(i) Compute RES(i) User authentication response RES(i) Compare RES(i) and XRES(i) Authentication and key establishment

    Compute CK(i) and IK(i)

    Select CK(i) and IK(i)

    Generation of an Authentication Vector by HE/AuC


    Generate SQN Generate RAND SQN AMF K

    SEC-3GPP 12

    RAND

    f1

    f2

    f3

    f4

    f5

    MAC

    XRES

    CK

    IK

    AK

    AUTN := SQN AK || AMF || MAC AV := RAND || XRES || CK || IK || AUTN

    User authentication function in the USIM


    RAND AUTN f5 AK SQN AK AMF MAC

    SEC-3GPP 13

    SQN K

    f1

    f2

    f3

    f4

    XMAC

    RES

    CK

    IK

    Verify MAC = XMAC Verify that SQN is in the correct range

    Release 99+

    SEC-3GPP 14
    CK, IK Kc RES SRES Triplets

    HLR/AuC
    Quintets

    Release 99+ VLR/SGSN


    CK, IK CK IK [Kc] Kc CK, IK Kc RES SRES [Kc]

    Release 98VLR/SGSN

    [Kc]

    UTRAN
    RAND AUTN RES RAND AUTN RES

    GSM BSS
    RAND [AUTN] SRES
    ME not capable of UMTS AKA

    RAND SRES

    ME capable of UMTS AKA

    ME

    CK, IK Kc CK, IK Kc

    CK, IK Kc CK, IK Kc

    Kc

    Kc

    CK, IK Kc RES SRES

    CK, IK Kc RES SRES

    USIM UMTS security context GSM security context

    SEC-3GPP 15

    Scope of Ciphering
    MS BSS/UTRAN SGSN Scope of GPRS ciphering Scope of UMTS ciphering

    Ciphering Algorithm
    A/Gb mode: GPRS Encryption Algorithm (GEA)
    Kc is an input to the algorithm

    Iu mode: UMTS Encryption Algorithm (UEA)


    CK is an input to the algorithm.

    S-ar putea să vă placă și