1 / 21

Security in 3G TWNs

Explore the security architecture, anonymity features, and authentication process in UMTS (Universal Mobile Telecommunications System) networks. Learn how subscriber identity is protected and how key establishment ensures confidentiality and integrity.

fjohnson
Download Presentation

Security in 3G TWNs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in 3G TWNs

  2. Security in 3G TWNs • UMTS (Universal Mobile telecommunications System) Security Architecture • Designed using the GSM Security as the starting point • Adopt the GSM features that have proved to be secure • Redesign the features that have been found to be weak. • To ensure interoperability between GSM and UMTS.

  3. UMTS Authentication

  4. Anonymity in UMTS • What is it? • To protect the identity of subscriber (i.e., to avoid subscriber traceability) • How? • Builds on the concept of TMSI (introduced by GSM) • Security-aware Architectural Design • Use TMSI (assigned by VLR/MSC) instead of IMSI, if possible • Maintain the TMSI-IMSI mapping in the network (VLR/MSC) • Don’t use the same TMSI for a long period of time • Protect TMSI using encryption (ciphering), especially when transmitting it over the air • Don’t send IMSI over the air, if possible • TMSI allocation in GSM (Review)

  5. Anonymity in UMTS Chicken and Egg situation First, ME has to identify (its IMSI) to the network. (First-time authentication) TMSI allocation should be performed after initiation of ciphering to ensure TMSI protection Ciphering can not start unless CK (Cipher Key) has been established between USIM and network. CKcan not be established unless the network first identifies the subscriber using its IMSI.

  6. Anonymity in UMTS Roaming Scenario The subscriber roams into the coverage area of another VLR/MSC (VLRn for “new VLR”) It continues to identify itself using the TMSI that was allocated by the previous VLR (VLRo for “old VLR”). VLRn does not recognize this TMSI (allocated by VLRo) UMTS Security Architectural Design: VLRn -> VLRo: request IMSI corresponding to this TMSI IMSI is NOT transmitted over the air! NOTE: VLRn can determine the IMSI of a subscriber WITHOUT the ME actually having to transmit the IMSI over the air

  7. Anonymity in UMTS After this, Authentication and Key Agreement (know as AKA) process can be carried out. At the completion of AKA, Ciphering Key (CK) is established (between USIM and the network) VLR/MSC can assign a new TMSI to the ME (encrypted with CK) From this point on, the TMSI can be safely used by the network and USIM to identify the subscriber! AKA (To be discussed in Authentication in UMTS) Generates various keys

  8. Anonymity in UMTS Besides {IMSI, TMSI}, There is another identity, called “Sequence Number (SQN)”, that can be used to trace a subscriber. Originally, SQN is designed for the ME to authenticate the network SQN (Sequence Number) Network maintains a per-subscriber SQN Need to be encrypted. AK (Anonymity key): At the completion of AKA USIM <-> VLR/MSC Without ever being transmitted over the air!

  9. Key Establishment in UMTS • Same Architectural Decision as GSM • No key establishment protocol in UMTS. • 128-bit pre-shared secret key Ki between USIM and AuC.

  10. Similar to GSM, but one main difference Mutual Authentication USIM authenticates the network first Then, the network authenticates USIM Complex & Integrated Approach (known as AKA) Both Authentication and Key Establishment Note: Key Establishment is based on “the pre-shared key (128 bit Ki between USIM and AuC.) At the end of AKA Mutual authentication is complete, and The following keys are established between USIM and the network CK (Ciphering/encryption Key): for confidentiality IK (Integrity Key): for integrity AK (Anonymity Key): for subscriber anonymity Authentication in UMTS - Summary

  11. Authentication in UMTS • USIM VLR/MSC : sign-on • VLR  AuC/HLR : Auth data req. • AuC VLR : Auth vectors (several sets of Auth data) • VLR select the first vector and store the rest. (usually 5 sets are sent for future/roaming cases) • VLRUSIM: RAND(128bit), AUTN(128bit) • USIM: if MAC in AUTH ?= XMAC, SQN is in correct range ? then authenticated the network! (7) If verification is OK, USIM  VLR : RES (8) VLR: If RES ?= XRES from AuC, then authenticated the USIM!

  12. AKA Variables and Functions Note: K is the original pre-shared key (Ki) stored in USIM and AuC (thus, Ki is a master key, or a key with the root of trust)

  13. UMTS Authentication Vector Generation Pre-shared key Authentication Vector Generation in UMTS (Network Side) • AMF: Authentication Management Field

  14. UMTS Response Generation at USIM Response Generation (at USIM) Input (3): 1. RAND, 2. AUTN, 3, Ki [1 &2 – received from VLR/MSC, 3 – stored in USIM] Output (4): 1. XMAC, 2. RES, 3. CK, 4. IK [1 – used for authenticating the network, 2 – to send it to the network as the response for the challenge, 3 &4 – calculated at USIM for confidentiality / integrity protection

  15. Authentication in UMTS • After mutual authentication has completed, VLR/MSC and USIM establishes - CK, - IK, and - AK • MILENAGE: Suggested algorithm for UMTS Authentication. (Similar to COMP-128 in GSM) • HOWEVER, the service providers can choose any algorithms (as long as it follows the UMTS input/output spec.)

  16. Confidentiality in UMTS • f8 : key stream generation algorithm KASUMI, use 128-bit session key. • Count-C (32-bit) : ciphering sequence number, updated every sequentially every plaintext block • BARIER (5-bit) : bearer channel number • DIRECTION(1-bit): the direction of link(uplink or downlink) • LENGTH(16-bit) : length of key stream block

  17. UMTS Stream Cipher f8

  18. Confidentiality in UMTS • Provide confidentiality to the link between ME – RNC • Include BTS-RNC link which is equivalent to BTS-BSC. • Closing loopholes of GSM Security in BTS-BSC link. • UMTS encryption is applied to all subscriber traffic as well as signaling messages.

  19. Integrity Protection in UMTS • GSM security did not provided integrity protection. • MUTS solve this problem using integrity key IK. • MAC-1 : attached to the message by the sender. • FRESH: 32-bit per connection nonce.

  20. UMTS Integrity Function f9

  21. Voice Data Integrity Protection in UMTS • Integrity protection involves a lot of overhead in terms of processing and bandwidth. • For a voice integrity, to integrity protect the number of user packets in conversation is sufficient. • Inserting, deleting or modifying words in a conversation would lead to a change in the number of packets. • In UMTS, periodically RNC send a message containing sequence number to the ME. This message is integrity protected.

More Related