This document summarizes security in cellular systems, including GSM and UMTS. It covers security goals, elements of security like authentication and encryption protocols, algorithmic background of techniques like AKA, flaws in early GSM security and solutions in later standards, and challenges in implementation security across networks.

1. Securing Wireless Cellular Systems Arvind Padmanabhan [email_address] 9 th May 2009

3. Scope

4. Cellular Basics – Network Architecture GSM MS SS7 BTS BSC MSC VLR HLR AuC GMSC BSS PSTN NSS A E C D PSTN Abis B H MS IP GPRS MS PSDN Gi SGSN Gr Gb Gs GGSN Gc Gn UMTS UE Node B RNC RNS Iub IuCS ATM IuPS

5. Cellular Basics – GSM Protocol Stack Control Plane MS BTS BSC MSC/VLR

6. Cellular Basics – GPRS Protocol Stack Control Plane

7. Cellular Basics – UMTS Protocol Stack Control Plane

10. Security Contexts User-SIM context Air interface context RAN-CN context CN context Authentication context Application context

12. GSM AKA A3 Mobile Station Radio Link GSM Operator A8 A5 A3 A8 A5 K i K i K c K c SIM Authentication: are SRES values equal? Challenge RAND m i Encrypted Data m i Signed response (SRES) SRES SRES F n F n

13. AKA Overview

14. Location Update Procedure Get CKSN from SIM Get Auth Vector from AuC Invoke SIM calculations Secure data exchange

15. Incoming Call

16. RRC Security Procedure

17. Security Procedure at UE RRC

18. Change of Location Area User Identity Request User Identity Response Security context is transferred from the old VLR/SGSN to the new VLR/SGSN

19. Authenticated Session Lifetime START < Yes Session is valid. Keys can be re-used. THRESHOLD No Keys have reached their end of life. Set START as invalid. Set CKSN/KSI as invalid. Updated when RRC connection is released. Fixed by the operator. Stored on SIM/USIM.

23. Deriving Ciphering and Integrity Counters START (20 bits) USIM RRC RLC-TM RLC-UM RLC-AM

24. Ciphering Data

25. Data Integrity Additional protection within the same authentication session

26. Transmission of Signalling Content Signalling Content RRC SN MAC Message f9 MAC Signalling Content RRC SN RB ID Message f8 Signalling Content RRC SN MAC Message

28. Generating the Quintet

29. USIM Security Execution Resynchronization procedure exists in the USIM and HLR/AuC Secret Key

30. AKA for GSM Subscribers 3G phone with GSM SIM connecting to UTRAN 3G phone with GSM SIM connecting to GSM

31. AKA for UMTS Subscribers 2G phone with USIM connecting to GSM & R98- VLR/SGSN 3G phone with USIM connecting to GSM & R98- VLR/SGSN

32. Security Service Summary

34. UMTS to GPRS Cell Reselection

40. Comparing GSM & UMTS 1. A5/3 AND GEA3 are based on KASUMI Yes No Integrity Synchronization & Key Reuse Activation Ciphering inputs Algorithms & Converters AuC Generated Vectors KSI, START CKSN ActivationTime Immediate/ Handshaking CK, RB ID, COUNT-C, DIRECTION GSM: Kc, COUNT, slot number GPRS: Kc, LLC-based INPUT, DIRECTION VBS/VGCS: group key no. f1, f2, f3, f4, f5, f6, f7, f8, f9, f10, f1*, f5*, c1, c2, c3 A3, A5/[1,2,3] 1 , GEA[1,2,3] 1 , A8, c4, c5 (RAND,XRES,CK,IK,AUTN): quintet (RAND,SRES,Kc): triplet 3G GSM/GPRS

42. Performance of f8 and f9 - 1

43. Performance of f8 and f9 - 2