3g security principles
Download
1 / 21

3g security principles - PowerPoint PPT Presentation


  • 211 Views
  • Updated On :

3G Security Principles. Build on GSM security Correct problems with GSM security Add new security features. Source: 3GPP. VLR. HLR. AUC. EIR. GSM Network Architecture. PSTN/ISDN. MS. MSC. BTS. Um. BSC. A. A-bis. Mobility mgt. OMC. Voice Traffic. Circuit-switched technology.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '3g security principles' - JasminFlorian


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
3g security principles l.jpg
3G Security Principles

  • Build on GSM security

  • Correct problems with GSM security

  • Add new security features

Source: 3GPP

Myagmar, Gupta UIUC 2001


Gsm network architecture l.jpg

VLR

HLR

AUC

EIR

GSM Network Architecture

PSTN/ISDN

MS

MSC

BTS

Um

BSC

A

A-bis

Mobility

mgt

OMC

Voice Traffic

Circuit-switched technology

Myagmar, Gupta UIUC 2001


Gsm security elements 1 l.jpg
GSM Security Elements, 1

Key functions: privacy, integrity and confidentiality

  • Authentication

    Protect from unauthorized service access

    Based on the authentication algorithm A3(Ki, RAND)=> SRES

    Problems with inadequate algorithms

  • Encryption

    Scramble bit streams to protect signaling and user data

    Ciphering algorithm A8(Ki, RAND) => Kc

    A5(Kc, Data) => Encrypted Data

    Need stronger encryption

  • Confidentiality

    Prevent intruder from identifying users by IMSI

    Temporary MSI

    Need more secure mechanism

Myagmar, Gupta UIUC 2001


Gsm security elements 2 l.jpg
GSM Security Elements, 2

  • SIM

    A removable hardware security module

    Manageable by network operators

    Terminal independent

  • Secure Application Layer

    Secure application layer channel between subscriber module and home

    network

  • Transparency

    Security features operate without user assistance

    Needs greater user visibility

  • Minimized Trust

    Requires minimum trust between HE and SN

Myagmar, Gupta UIUC 2001


Problems with gsm security 1 l.jpg
Problems with GSM Security, 1

  • Active Attacks

    Impersonating network elements such as false BTS is possible

  • Key Transmission

    Cipher keys and authentication values are transmitted in clear within and between networks (IMSI, RAND, SRES, Kc)

  • Limited Encryption Scope

    Encryption terminated too soon at edge of network to BTS

    Communications and signaling in the fixed network portion aren’t protected

    Designed to be only as secure as the fixed networks

  • Channel Hijack

    Protection against radio channel hijack relies on encryption. However, encryption is not used in some networks.

Myagmar, Gupta UIUC 2001


Problems with gsm security 2 l.jpg
Problems with GSM Security, 2

  • Implicit Data Integrity

    No integrity algorithm provided

  • Unilateral Authentication

    Only user authentication to the network is provided.

    No means to identify the network to the user.

  • Weak Encryption Algorithms

    Key lengths are too short, while computation speed is increasing

    Encryption algorithm COMP 128 has been broken

    Replacement of encryption algorithms is quite difficult

  • Unsecured Terminal

    IMEI is an unsecured identity

    Integrity mechanisms for IMEI are introduced late

Myagmar, Gupta UIUC 2001


Problems with gsm security 3 l.jpg
Problems with GSM Security, 3

  • Lawful Interception & Fraud

    Considered as afterthoughts

  • Lack of Visibility

    No indication to the user that encryption is on

    No explicit confirmation to the HE that authentication parameters are properly used in SN when subscribers roam

  • Inflexibility

    Inadequate flexibility to upgrade and improve security functionality over time

Myagmar, Gupta UIUC 2001


3g network architecture l.jpg

IP RAN

3G Network Architecture

CircuitNetwork

Circuit/ Signaling

Gateway

Mobility Manager

Feature

Server(s)

Circuit Switch

IN Services

RNC

Call Agent

Voice

Data + Packet Voice

IP Core

Network

Radio Access Control

Packet Network

(Internet)

Packet Gateway

3G

2G/2.5G

2G

Myagmar, Gupta UIUC 2001


New security features 1 l.jpg
New Security Features, 1

  • Network Authentication

    The user can identify the network

  • Explicit Integrity

    Data integrity is assured explicitly by use of integrity algorithms

    Also stronger confidentiality algorithms with longer keys

  • Network Security

    Mechanisms to support security within and between networks

  • Switch Based Security

    Security is based within the switch rather than the base station

  • IMEI Integrity

    Integrity mechanisms for IMEI provided from the start

Myagmar, Gupta UIUC 2001


New security features 2 l.jpg
New Security Features, 2

  • Secure Services

    Protect against misuse of services provided by SN and HE

  • Secure Applications

    Provide security for applications resident on USIM

  • Fraud Detection

    Mechanisms to combating fraud in roaming situations

  • Flexibility

    Security features can be extended and enhanced as required by new threats and services

  • Visibility and Configurability

    Users are notified whether security is on and what level of security is available

    Users can configure security features for individual services

Myagmar, Gupta UIUC 2001


New security features 3 l.jpg
New Security Features, 3

  • Compatibility

    Standardized security features to ensure world-wide interoperability and roaming

    At least one encryption algorithm exported on world-wide basis

  • Lawful Interception

    Mechanisms to provide authorized agencies with certain information about subscribers

Myagmar, Gupta UIUC 2001


Summary of 3g security features 1 l.jpg
Summary of 3G Security Features, 1

  • User Confidentiality

    Permanent user identity IMSI, user location, and user services cannot be determined by eavesdropping

    Achieved by use of temporary identity (TMSI) which is assigned by VLR

    IMSI is sent in cleartext when establishing TMSI

Myagmar, Gupta UIUC 2001


Summary of 3g security features 2 l.jpg
Summary of 3G Security Features, 2

  • Mutual Authentication

    During Authentication and Key Agreement (AKA) the user and network authenticate each other, and also they agree on cipher and integrity key (CK, IK). CK and IK are used until their time expires.

    Assumption: trusted HE and SN, and trusted links between them.

    After AKA, security mode must be negotiated to agree on encryption and integrity algorithm.

    AKA process:

Myagmar, Gupta UIUC 2001


Summary of 3g security features 3 l.jpg
Summary of 3G Security Features, 3

Generation of authentication data at HLR:

Myagmar, Gupta UIUC 2001


Summary of 3g security features 4 l.jpg
Summary of 3G Security Features, 4

Generation of authentication data in USIM:

Myagmar, Gupta UIUC 2001


Summary of 3g security features 5 l.jpg
Summary of 3G Security Features, 5

  • Data Integrity

    Integrity of data and authentication of origin of signalling data must be provided

    The user and network agree on integrity key and algorithm during AKA and security mode set-up

Myagmar, Gupta UIUC 2001


Summary of 3g security features 6 l.jpg
Summary of 3G Security Features, 6

  • Data Confidentiality

    Signalling and user data should be protected from eavesdropping

    The user and network agree on cipher key and algorithm during AKA and security mode set-up

Myagmar, Gupta UIUC 2001


Summary of 3g security features 7 l.jpg
Summary of 3G Security Features, 7

  • IMEI

    IMEI is sent to the network only after the authentication of SN

    The transmission of IMEI is not protected

  • User-USIM Authentication

    Access to USIM is restricted to authorized users

    User and USIM share a secret key, PIN

  • USIM-Terminal Authentication

    User equipment must authenticate USIM

  • Secure Applications

    Applications resident on USIM should receive secure messages over the network

  • Visibility

    Indication that encryption is on

    Indication what level of security (2G, 3G) is available

Myagmar, Gupta UIUC 2001


Summary of 3g security features 8 l.jpg
Summary of 3G Security Features, 8

  • Configurability

    User configures which security features activated with particular services

    Enabling/disabling user-USIM authentication

    Accepting/rejecting incoming non-ciphered calls

    Setting up/not setting up non-ciphered calls

    Accepting/rejecting use of certain ciphering algorithms

  • GSM Compatibility

    GSM user parameters are derived from UMTS parameters using the following conversion functions:

    cipher key Kc = c3(CK, IK)

    random challenge RAND = c1(RAND)

    signed response SRES = c2(RES)

    GSM subscribers roaming in 3GPP network are supported by GSM security context (example, vulnerable to false BTS)

Myagmar, Gupta UIUC 2001


Problems with 3g security l.jpg
Problems with 3G Security

  • IMSI is sent in cleartext when allocating TMSI to the user

  • The transmission of IMEI is not protected; IMEI is not a security feature

  • A user can be enticed to camp on a false BS. Once the user camps on the radio channels of a false BS, the user is out of reach of the paging signals of SN

  • Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The intruder poses as a man-in-the-middle and drops the user once the call is set-up

Myagmar, Gupta UIUC 2001


References l.jpg
References

  • 3G TS 33.120 Security Principles and Objectives

    http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300.pdf

  • 3G TS 33.120 Security Threats and Requirements

    http://www.arib.or.jp/IMT-2000/ARIB-spec/ARIB/21133-310.PDF

  • Michael Walker “On the Security of 3GPP Networks”

    http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/mike_walker.pdf

  • Redl, Weber, Oliphant “An Introduction to GSM”

    Artech House, 1995

  • Joachim Tisal “GSM Cellular Radio Telephony”

    John Wiley & Sons, 1997

  • Lauri Pesonen “GSM Interception”

    http://www.dia.unisa.it/ads.dir/corso-security/www/CORSO-9900/a5/Netsec/netsec.html

  • 3G TR 33.900 A Guide to 3rd Generation Security

    ftp://ftp.3gpp.org/TSG_SA/WG3_Security/_Specs/33900-120.pdf

  • 3G TS 33.102 Security Architecture

    ftp://ftp.3gpp.org/Specs/2000-12/R1999/33_series/33102-370.zip

  • 3G TR 21.905 Vocabulary for 3GPP Specifications

    http://www.quintillion.co.jp/3GPP/Specs/21905-010.pdf

Myagmar, Gupta UIUC 2001


ad