1 / 18

An Improvement on Privacy and Authentication in GSM

An Improvement on Privacy and Authentication in GSM. Young Jae Choi , Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science, Kyungpook National University, Korea. Contents. Introduction Acronyms GSM authentication protocol

sirius
Download Presentation

An Improvement on Privacy and Authentication in GSM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Improvement on Privacy and Authentication in GSM Young Jae Choi , Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science, Kyungpook National University, Korea

  2. Contents • Introduction • Acronyms • GSM authentication protocol • Proposed authentication protocol • Location privacy in GSM • Enhanced location privacy protocol • Discussions • Conclusion Kyungpook National University, Korea

  3. Introduction • Two major security worries in Mobile communication • Confidentiality (privacy) • The guarantee that messages are not intercepted by an eavesdropper • Authentication • To ensure that any unauthorized user cannot fraudulently obtain services • Security features provided by GSM • Subscriber identity authentication • Subscriber identity confidentiality • User data and signaling information confidentiality on radio path Kyungpook National University, Korea

  4. Acronyms • MS : Mobile Station • HLR : Home Location Register • AuC : Authentication Center • VLR o/n : Visiting Location Register old/new • MSC: Mobile Switching Center • IMSI : International MS Identity • TMSIo/n: Temporary Mobile Subscriber Identity old/new • RAND : Random Number • SRES : Signed response • Kc : a Ciphering Session Key • Ki : a user’s secret key shared with HLR • A3, A8, A5 : unpublished one-way func. Standardized Enc/Dec alg. Kyungpook National University, Korea

  5. GSM authentication protocol • Authentication and Confidentiality in GSM MS VLR HLR / AuC TMSI IMSI RAND Ki A3 Ki SRES [n] RAND RAND [n] A8 Kc [n] SRES A3 = Authentication Yes/No A8 Kc Ciphertext A5 Confidentiality Data Kyungpook National University, Korea

  6. GSM authentication protocol • Drawbacks • The space overhead can occur when the VLR stores sets of authentication parameters. • VLR needs the assistance of HLR when it identifies the MS. If VLR consumes all sets of authentication parameters of MS, it requests additional parameters to the HLR. • There is bandwidth consumption between the VLR and the HLR, when the VLR needs other sets of authentication parameters. • The authentication of VLR/HLR is not instituted in the GSM protocol. • There is no way to provide data/locationconfidentiality in wired network. Kyungpook National University, Korea

  7. Proposed authentication protocol • The design goals of the proposed protocol • To achieve mutual authentication between MS and VLR • To improve the location privacy in wired network • To simplify the authentication flows • To reduce the storage in VLR • To reduce bandwidth consumption between VLR and HLR • Authentication of mobile users is to be done by the VLR instead of the HLR, even if the VLR does not know the subscriber's secret key Ki and A3 algorithm. • Assumption • HLR and VLR shares a symmetric key. Kyungpook National University, Korea

  8. Proposed authentication protocol • Authentication (location updating) MS VLR HLR SRES1 ,TMSI, LAI VLR_ID, EVH(IMSI) Ki RAND Eku(RAND) Eku(RAND) A3 & A8 Ki RAND SRES2 Tki A3 & A8 HLR_ID,SRES2 SRES1 Tki EVH(RAND, Tki) ? SRES1 = SRES2 ETki(TMSInew) RAND KVH : a shared key , Ku = f (IMSI ,HLR_ID ,Ki) : 64bit-length Kyungpook National University, Korea

  9. Location privacy in GSM • Location update using TMSI • IMSI : International MS Identity • TMSI: Temporary Mobile Subscriber Identity • LAI : Location Area Identity Kyungpook National University, Korea

  10. Location privacy in GSM • Drawbacks • IMSI is exposed and delivered in the wired network without any protection • In some abnormal cases, MS sends its IMSI to VLR in the wireless network without any protection Kyungpook National University, Korea

  11. Location privacy problems • Authentication at location updating in a new VLR, TMSI unknown in old VLR MS VLRn VLRo LAI , TMSIo TMSIo Unknown Identity Request IMSI Kyungpook National University, Korea

  12. Location privacy problems • Authentication at location updating in a new VLR, old VLR not reachable MS VLRn VLRo LAI , TMSIo VLR not reachable Identity Request IMSI Kyungpook National University, Korea

  13. A possible attack MS Attacker LAI , TMSIo VLR not reachable TMSI o unknown or Identity Request IMSI Acquire IMSI of the MS Kyungpook National University, Korea

  14. Enhanced location privacy protocol • Abnormal Authentication (location updating) MS HLR VLR TMSI, LAI , SRES1 Eku(RAND) Identity Request AL, HLR_ID, SRES1 VLR_ID, EVH(AL) Eku(RAND) Eku(RAND) SRES2 , HLR_ID EVH(RAND, Tki, IMSI) ? SRES1 = SRES2 ETki(TMSInew) RAND, LAIn AL : Alias of the MS.15 bit-length Kyungpook National University, Korea

  15. Discussions • Features • Mutual authentication between MS and VLR • RAND • Enhanced Location privacy in wired network • Shared symmetric keys (KVH), Alias • Reduced the data flows during the authentication. • 5 flows -> 4flows • Reduced storage space in the VLR (Only Tki is stored) • Reduced bandwidth consumption between the VLR and HLR • VLR Authenticates MS without assistance of HLR • The security of the protocol is based on the existing architecture of the GSM authentication, e.g. A3,A5,A8 Kyungpook National University, Korea

  16. Discussions • Comparison Kyungpook National University, Korea

  17. Conclusion • Drawbacks of the original GSM authentication • Drawbacks of the location privacy protocol • The proposed authentication protocol • Mutual authentication between MS and VLR • Enhanced Location privacy • Reduced the data flows during the authentication.(5 flows -> 4flows) • Reduced storage space in the VLR • Reduced bandwidth consumption between the VLR and HLR • VLR Authenticates MS without assistance of HLR • The security of the protocol is based on the existing architecture of the GSM authentication, e.g. A3,A5,A8 Kyungpook National University, Korea

  18. Thank you Kyungpook National University, Korea

More Related