1 / 11

GBA support in R-UIM

GBA support in R-UIM. Jacques SEIF JSeif@axalto.com. Definition.

thanos
Download Presentation

GBA support in R-UIM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GBA support in R-UIM Jacques SEIF JSeif@axalto.com

  2. Definition • Removable UIM (R-UIM):An UIM that can be physically removed from the MN. The R-UIM can be either a stand-alone module as defined in C.S0023-B [25], or a multi-application platform (also called a UICC) that may hold several applications that can be operated concurrently. (e.g. ISIM application, cdma2000 application).

  3. GBA_ME drawbacks • An attacker accessing the ME can retrieve Ks (+ other parameters) • The ME may also distribute Ks ( + other parameters) • The knowledge of Ks allows the attacker to compute Ks_NAF of any NAF during the key lifetime of Ks • Cannot be used to provision keys inside the UIM

  4. Solution • Perform the bootstrapping procedure in the UIM and keep Ks inside the UIM => GBA_U • Benefits: • Higher security: Ks will never leave the UIM and the derivation of NAF keys requires the intervention of the UIM • Increase the bootstrapping key lifetime • Decrease the frequency of bootstrapping procedures and the consumption of authentication vectors • There is no need to delete bootstrapping keys from the UIM in case of ME power down or R-UIM removal • Other advantages: • Enables key provisioning inside the UIM (Ks_int_NAF) • Implementation cost in an R-UIM capable ME: • The support of GBA_U in the ME requires only the extension of the currently defined AUTHENTICATE command

  5. GBA_U overview • The UIM will handle bootstrapping operations • Ks will be generated by the UIM • Ks is not revealed to the ME • The UIM will handle the NAF-specific keys generation

  6. GBA_U support in R-UIM capable MEs • A GBA-aware ME that is R-UIM capable shall support both GBA_U and GBA_ME procedures. • Why? • An operator implementing GBA_U in their network will not be able to take full advantage of GBA_U security benefits unless the GBA_U is mandated in the ME. In fact, when both the operator's BSF and the user's R-UIM are GBA_U aware the BSF will perform a GBA_U bootstrapping procedure. In such a case, if the GBA-aware ME does not support GBA_U, the whole procedure will fail. This may lead the BSF to fall back systematically to GBA_ME when the bootstrapping procedure fails even though the reason for failure may be quite different from the one mentioned above (e.g. bidding down attack).

  7. Pending point for bootstrapping in CDMA1X and CDMA1X EV-DO • The UIM shall be able to distinguish between authentication requests for GBA_U, and authentication requests for other authentication domains. • Potential solutions • Special RAND • ….

  8. Backup slides

  9. CDMA1x

  10. CDMA1x EV-DO

  11. AKA

More Related