Mobile Phone Security


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Akey , esn, ssd
  • Mobile Phone Security

    1. 1. Mobile Phone Security
    2. 2. Worldwide wireless phone users
    3. 3. In-Stat/MDR Report <ul><li>The next five years(2002-2007) will see a slowing of worldwide cellular subscriber growth. </li></ul><ul><li>However, there will be more than 931 million new subscribers over the next 5 years. </li></ul><ul><li>By 2007, the total worldwide wireless population will exceed two billion subscribers. </li></ul><ul><li>China, in the Eastern Asia region, continues to lead the world in overall subscriber growth, the new percentage growth leaders are found in Southern Asia and Southeast Asia. </li></ul><ul><li>“ It is rather remarkable that the fastest numerically growing country, China, is trailing Africa, Eastern Europe, and the Middle East in Compound Annual Growth Rate,” says Ken Hyers, a Senior Analyst with In-Stat/MDR. </li></ul>
    4. 4. In-Stat/MDR Report <ul><li>Western Europe’s growth virtually stops during In-Stat/MDR’s 2002-2007 forecast period, with a CAGR of 1.2%. This can be expected, as the penetration rate in 2007 will be 83.6%. </li></ul><ul><li>Analog will be completely phased out of Western Europe by 2004, and does not expect CDMA to make any inroads in Western Europe. UMTS subscriber growth will come at the expense of GSM. </li></ul><ul><li>In Europe, overall, GSM’s overall market share will decline, from 99.1% in 2002 to 91.4% in 2007. In-Stat/MDR continues to believe that UMTS will not achieve significant market share during this forecast period. </li></ul>
    5. 5. In-Stat/MDR Report <ul><li>CDMA will continue to be the single most dominant air link in the US throughout the forecast period. TDMA will be phased out, in favor of GSM, and by the end of the forecast period, TDMA networks will no longer be operational in the US. </li></ul><ul><li>Despite NTT DoCoMo’s strong support for FOMA in Japan, the service faces stiff competition for KDDI’s AU. NTT DoCoMo will not be able to leverage its dominant Share-Of-Market (SOM) vis-à-vis FOMA to surpass AU before 2006. </li></ul>
    6. 6. Characteristics of selected wireless link standards 384 Kbps 56 Kbps 54 Mbps 5-11 Mbps 1 Mbps 802.15 802.11b 802.11{a,g} IS-95 CDMA, GSM UMTS/WCDMA, CDMA2000 .11 p-to-p link 2G 3G Indoor 10 – 30m Outdoor 50 – 200m Mid range outdoor 200m – 4Km Long range outdoor 5Km – 20Km
    7. 7. History of Mobile phone technology Internet Packet network PSTN, packet network PSTN PSTN Core Network CDMA? CDMA TDMA,CDMA TDMA,CDMA FDMA Multiplexing 200Mbps 2Mbps 384kbps 14.4kbps 1.9kbps Data Bandwidth Single standard WCDMA, CDMA2000 GPRS, EDGE,1xRTT TDMA, CDMA,GSM,PDC AMPS, TACS, NMT, etc. Standards Higher capacity, completely IP-oriented, multimedia, data to hundreds of megabits Higher capacity, broadband data up to 2 Mbps Higher capacity, packetized data Digital voice, short messages Analog Voice, synchronous data to 9.6kbps Service 2010? 2002 1999 1991 1984 Implementation 2000 1990 1985 1980 1970 Design Began 4G 3G 2.5G 2G 1G Technology
    8. 8. History of Mobile phone technology <ul><li>Legend: </li></ul><ul><ul><li>1xRTT = 2.5G CDMA data service up to 384 kbps </li></ul></ul><ul><ul><li>AMPS = advanced mobile phone service </li></ul></ul><ul><ul><li>CDMA = code division multiple access </li></ul></ul><ul><ul><li>EDGE = enhanced data for global evolution </li></ul></ul><ul><ul><li>FDMA = frequency division multiple access </li></ul></ul><ul><ul><li>GPRS = general packet radio system </li></ul></ul><ul><ul><li>GSM = global system for mobile </li></ul></ul><ul><ul><li>NMT = Nordic mobile telephone </li></ul></ul><ul><ul><li>PDC = personal digital cellular </li></ul></ul><ul><ul><li>PSTN = pubic switched telephone network </li></ul></ul><ul><ul><li>TACS = total access communications system </li></ul></ul><ul><ul><li>TDMA = time division multiple access </li></ul></ul><ul><ul><li>WCDMA = wideband CDMA </li></ul></ul>
    9. 10. UMTS and all that (2G, 2.5G, 3G) <ul><li>Third Generation Mobile Phones: </li></ul><ul><li>Digital Voice and Data </li></ul><ul><li>ITU-Standard “International Mobile </li></ul><ul><li>Telecommunications“ (IMT-2000): </li></ul><ul><ul><li>High-quality voice transmission </li></ul></ul><ul><ul><li>Messaging (replace email, fax, SMS, chat, etc.) </li></ul></ul><ul><ul><li>Multimedia (music, videos, films, TV, etc.) </li></ul></ul><ul><ul><li>Internet access (web surfing + multimedia) </li></ul></ul><ul><li>Single worldwide technology envisioned by ITU, but: </li></ul><ul><ul><li>Europe: GSM-based UMTS </li></ul></ul><ul><ul><li>US: IS-95 based CDMA2000 (different chip rate, frame time, spectrum, ..) </li></ul></ul><ul><li>Intermediate solutions (2.5G): </li></ul><ul><ul><li>Enhanced Data rates for GSM Evolution (EDGE): GSM with more bits per baud </li></ul></ul><ul><ul><li>General Packet Radio Service (GPRS): packet network over D-AMPS or GSM </li></ul></ul><ul><li>Success of WLAN hotspots endangers 3G solutions! </li></ul>Note: wireless = security hazard The emerging network of 21 st century
    10. 11. CDMA2000 Family of 3G standards <ul><li>CDMA2000 1X : Double voice capacity; up to 307 kbps packet data speeds; supports advanced services such as MMS, games, location services, picture and music download. </li></ul><ul><li>CDMA2000 1xEV: </li></ul><ul><ul><li>CDMA2000 1xEV-DO: Optimized for packet data services; up to 2.4 Mbps packet data speeds; leverages IP; “always-on” services supporting Internet and Intranet. </li></ul></ul><ul><ul><li>CDMA2000 1xEV-DV: Will provide integrated voice with high-speed packet data services, such as video-conferencing and other multimedia services, at speeds of up to 3.09 Mbps. </li></ul></ul>First launched October 2000 SK Telecom LG Telecom First launched January 2002 SK Telecom Approved by the ITU as part of the IMT-2000 family; anticipated commercial deployment in 2005
    11. 12. Privacy and Security in GSM <ul><li>Criteria that GSM has to meet </li></ul><ul><li>GSM services </li></ul><ul><li>GSM architecture </li></ul><ul><li>GSM security issues </li></ul>
    12. 13. Criteria that GSM has to meet <ul><li>GSM </li></ul><ul><ul><li>유럽 표준 이동 통신 규격 </li></ul></ul><ul><ul><li>Global System for Mobile Communication </li></ul></ul><ul><li>Criteria that GSM has to meet </li></ul><ul><ul><li>Good subjective speech quality </li></ul></ul><ul><ul><li>Support for international roaming </li></ul></ul><ul><li>GSM 서비스 </li></ul><ul><ul><li>Bearer service : 음성 , 데이터 , 동화상 등의 정보를 실시간으로 전송할 수 있는 기능 </li></ul></ul><ul><ul><li>Tele-services: 위의 기능에 정보처리 기능을 추가한 서비스 </li></ul></ul><ul><ul><li>Supplementary service: 부가 서비스 </li></ul></ul>
    13. 14. GSM Architecture <ul><li>The geographic area is divided into cells </li></ul><ul><li>Each cell has a Base Station managing the communications </li></ul><ul><li>A set of cells managed by a single MSC is called Location Area </li></ul>Base Station VLR MSC VLR MSC HLR MSC Mobile Switching Center VLR Visitor Location Register HLR Home Location Register land link land link Radio link
    14. 15. GSM Architecture Databases Switches Radio Systems BTS BSC MS MSC MSC GMSC SSP PSTN BSS BSS HLR VLR VLR EIR SSP AuC NSS PLMN NSS: Network and Switching Subsystem EIR: Equipment Identity Register AuC: Authentication Center GMSC: Gateway MSC BSS: Base Station System BSC: Base Station Controller BTS: Base Transceiver Station MS: Mobile Station SSP: Service Switching Point
    15. 16. GSM Hack Databases Switches Radio Systems BTS BSC MS MSC MSC GMSC SSP PSTN BSS BSS HLR VLR VLR EIR SSP AuC NSS PLMN Hard to break Easy to break
    16. 17. GSM Security <ul><li>Security service provided by GSM </li></ul><ul><ul><li>Anonymity: not easy to identify the user of the system </li></ul></ul><ul><ul><li>Authentication: operator knows who is using the system for billing purpose </li></ul></ul><ul><ul><li>User Data and Signaling protection: user data passing over the radio path is protected </li></ul></ul><ul><li>Two security architectures in GSM </li></ul><ul><ul><li>Architecture I: uses proprietary algorithms </li></ul></ul><ul><ul><li>Architecture II: uses public algorithms </li></ul></ul>
    17. 18. Security Architecture I Mobile Device Air Interface Base Station A3 K m Random # R A3 K m SRES (Signed RESponse) =? A8 SRES A8 K i K i A5 Message m i A5 Message m i Encrypted data A3: authentication, A8: Key generation, A5: encryption/decryption
    18. 19. GSM Protocol MOBILE RADIO INTERFACE Base Station / AC Challenge R (128bit) Response SRES ( 32 bit ) A3 K I (128 bit) A3 A5 A5 ENCRYPTED DATA A8 K C ( 64 bit ) A8 K C ( 64 bit ) K I (128 bit) SIM ?
    19. 20. Authentication and Data Privacy <ul><li>A random challenge (R) is issued to the mobile </li></ul><ul><li>Mobile encrypts the challenge using the authentication algorithm ( A3 ) and the key assigned to the mobile (K I ) </li></ul><ul><li>Mobile sends response back (SRES) </li></ul><ul><li>Network checks that the response to the challenge is correct. </li></ul><ul><li>A8 algorithm is used to compute session key ( K C ) </li></ul><ul><li>Data is encrypted using A5 series privacy algorithms by session key (K C ) </li></ul>
    20. 21. Cryptographic Algorithms <ul><li>Authentication algorithm ( A3 ) and key generation algorithm ( A8 ) </li></ul><ul><ul><li>Implemented in the SIM </li></ul></ul><ul><ul><li>Operators can choose their own A3/A8 </li></ul></ul><ul><ul><li>COMP-128 provided as example algorithm </li></ul></ul><ul><ul><li>Can securely pass ( RAND , SRES , Kc ) while roaming </li></ul></ul><ul><li>Encryption algorithm ( A5 ) </li></ul><ul><ul><li>Implemented in the handset </li></ul></ul><ul><ul><li>A5/0 - unencrypted </li></ul></ul><ul><ul><li>A5/1 - more secure </li></ul></ul><ul><ul><li>A5/2 - less secure </li></ul></ul><ul><ul><li>A5/3 - 3G mobiles ( coming soon) </li></ul></ul>
    21. 22. GSM Attacks <ul><li>Algorithms were kept secret </li></ul><ul><li>After reverse-engineering, many attacks: </li></ul><ul><ul><li>Golic, 1997 (A5/1) </li></ul></ul><ul><ul><li>Goldberg+Wagner, 1998 (COMP128) </li></ul></ul><ul><ul><li>Goldberg+Wagner+Briceno, 1999 (A5/2) </li></ul></ul><ul><ul><li>Biryukov+Shamir+Wagner, 2000 (A5/1) </li></ul></ul><ul><ul><li>Biham +Dunkelman, 2000 (A5/1) </li></ul></ul><ul><ul><li>Ekdahl+Johansson, 2002 (A5/1) </li></ul></ul><ul><ul><li>Barkan+Biham+Keller, 2003 (A5/2)+ </li></ul></ul><ul><li>COMP128 and A5/2 completely broken, A5/1 weak </li></ul>
    22. 23. SIM Attacks <ul><li>Secret key K I is compromised. </li></ul><ul><li>Physical access to SIM is needed. </li></ul><ul><li>COMP-128 leaks K I (April 1998) </li></ul><ul><ul><li>Requires about 50K challenges </li></ul></ul><ul><li>Side-channel attacks </li></ul><ul><ul><li>Power consumption </li></ul></ul><ul><ul><li>Timing of operation </li></ul></ul><ul><ul><li>Electromagnetic emanations </li></ul></ul><ul><li>Cloning of SIM is possible </li></ul>
    23. 24. GSM Security Implementation <ul><li>A3 implemented within a Smart Card </li></ul><ul><ul><li>Tamper proof smart card containing the key </li></ul></ul><ul><li>A5 is in the data path and must be fast (in the phone hardware) </li></ul><ul><ul><li>Implemented in low cost, custom ASICs for speed </li></ul></ul><ul><ul><li>A5/1 is strong encryption </li></ul></ul><ul><ul><li>Weaker A5/2 for export-level encryption </li></ul></ul>
    24. 25. GSM Security Issues <ul><li>A3 standard has been compromised </li></ul><ul><ul><li>Leaked by accident, vulnerabilities exposed </li></ul></ul><ul><ul><li>Can extract key from a SIM -> cloning possible </li></ul></ul><ul><li>A5 standard has also been leaked </li></ul><ul><li>Recently a strong attack against A5/2 and A5/1 was found [CRYPTO 2003] </li></ul><ul><li>Protocol vulnerabilities </li></ul><ul><ul><li>Standard supports non-encrypted channel </li></ul></ul><ul><ul><li>Could be used by rogue BTS to spoof access </li></ul></ul><ul><ul><li>No authenticaton of BTS-> Mobile </li></ul></ul>
    25. 26. GSM Hack [Anderson’97] <ul><li>Operator proposes silly challenge </li></ul><ul><ul><li>Break my network for money! </li></ul></ul><ul><li>Cambridge University research group </li></ul><ul><ul><li>Found nifty solution for problem </li></ul></ul><ul><li>Go after the easy part, not the hard part </li></ul><ul><ul><li>Break the network, not the link </li></ul></ul>
    26. 27. GSM Hack <ul><li>Equipment </li></ul><ul><ul><li>About $20,000 worth of equipment to intercept authentication information on links btw MSC <-> BSC or BSC <-> BTS </li></ul></ul><ul><ul><li>Operator Response </li></ul></ul><ul><ul><ul><li>What challenge? </li></ul></ul></ul><ul><ul><li>PacBell’s “Can’t be cloned” slogan for GSM </li></ul></ul><ul><ul><ul><li>Didn’t last long </li></ul></ul></ul><ul><ul><li>Solutions? </li></ul></ul>
    27. 28. Possible solutions <ul><li>Aziz & Diffie, Wireless LANs, 1994 </li></ul><ul><li>Brown, Privacy and Authentication for PCS, 1995 </li></ul><ul><li>Sam, Identity Privacy for Mobile Users, 1995 </li></ul><ul><li>R. Molva, Authentication of Mobile Users, 1994 … </li></ul>
    28. 29. Cryptanalytic Attack <ul><li>Weakness in the encryption algorithm </li></ul><ul><li>Session key K C is compromised </li></ul><ul><li>Over the air attack (physical access not required) </li></ul>
    29. 30. A5/2 Algorithm Majority Function Majority Function Majority Function 1 1 0 1 1 0 1 0 1 0 0 1 1 1 1 0 1 1 1 0 1 1 1 0 1 1 0 1 R 1 - 19bit R 2 - 22bit R 3 – 23bit R 4 - 17bit K C (64 bit) + Frame No (22 bit) Key stream (228 bit) Clocking Unit
    30. 31. Description of A5/2 <ul><li>4 LFSR R 1 ,R 2 ,R 3 ,R 4 . </li></ul><ul><li>R 4 controls the clocking of R 1 ,R 2 ,R 3. </li></ul><ul><li>LFSRs are initialized using K C and frame # f . </li></ul><ul><li>After key is loaded, one bit of each register is forced to be set. </li></ul><ul><li>Output (228 bit key stream) is quadratic function of R 1 ,R 2 ,R 3 . </li></ul><ul><li>114 bits of key stream are used to encrypt uplink and rest 114 are used for downlink. </li></ul>
    31. 32. Known Plaintext Attack on A5/2 <ul><li>Session key K C can be found, if internal states of R 1 ,R 2 ,R 3 ,R 4 and frame # f are known. </li></ul><ul><ul><li>Each bit of registers is represented as variable </li></ul></ul><ul><ul><ul><li>18+21+22=61 variables. </li></ul></ul></ul><ul><ul><li>Output is quadratic in these variables, linearise them using new variables. </li></ul></ul><ul><ul><ul><li>18+(18*17)/2+21+(21*20)/2+22+(22*21)/2+1 = 656 variables. </li></ul></ul></ul><ul><ul><li>Get 656 linearly independent equations and solve them to get the internal state of the registers. </li></ul></ul>
    32. 33. Known Plaintext Attack (Contd.) <ul><li>To get linearly independent equations </li></ul><ul><ul><li>C = P  key-stream </li></ul></ul><ul><ul><li>Output of A5/2: key-stream = C  P </li></ul></ul><ul><ul><li>For each bit of output one linear equation can be formed. </li></ul></ul><ul><ul><li>Each frame can give 114 equations. </li></ul></ul><ul><ul><li>Though there are 656 equations only 61 are linear and other variables depend upon them. </li></ul></ul><ul><ul><li>Around 450 linear equations ( 4 frames) are sufficient to get 61 linear variables. </li></ul></ul>
    33. 34. Known Plaintext Attack (Contd.) <ul><li>Complexity </li></ul><ul><ul><li>Time to solve set of linear equations: </li></ul></ul><ul><ul><ul><li>656 3  2 28 bit XOR operations for each possible guess of R 4 . </li></ul></ul></ul><ul><ul><li>Total time for computation: </li></ul></ul><ul><ul><ul><li>2 44 bit XOR operations. </li></ul></ul></ul><ul><ul><ul><li>2 39 register XOR operations on 32 bit machine. </li></ul></ul></ul><ul><ul><li>Implementation on PIII 800 MHz required approximately 40 minutes and 54KB memory. </li></ul></ul><ul><ul><li>Complexity can be reduced by doing some pre-computation. </li></ul></ul>
    34. 35. Ciphertext-only Attack on A5/2 <ul><li>Error correction codes are employed in GSM before encryption. </li></ul><ul><li>Plaintext has highly structured redundancy. </li></ul><ul><li>Complexity </li></ul><ul><ul><li>Implementation on a personal computer recovers K C in less than a second and takes less than 5.5hours for one time pre-computation. </li></ul></ul>
    35. 36. Possible Attack Scenarios <ul><li>Eavesdropping conversation (passive listening) </li></ul><ul><li>Call hijacking (man in the middle) </li></ul><ul><li>Altering of data messages (SMS) </li></ul><ul><li>Call theft (parallel session) </li></ul>
    36. 37. What Went Wrong <ul><li>GSM security design process was conducted in secrecy. </li></ul><ul><li>The A5 encryption algorithm was never published. </li></ul><ul><li>The key calculated does not depend on which of the A5 algorithms it is destined to be used with. </li></ul><ul><li>Real time cryptanalysis of A5/2. </li></ul><ul><li>The encryption is done after coding for error correction. </li></ul>
    37. 38. Our Observations <ul><li>Attack takes lesser time than authentication timeout. </li></ul><ul><li>No authentication for base station. </li></ul><ul><li>Replay attack is possible as nonce or time stamp are not used. </li></ul><ul><li>A5/2 is already broken and A5/1 is weak. Even changing to A5/3 won’t help. </li></ul><ul><li>GSM interceptor/scanners are easily available. </li></ul><ul><li>Security problems in mobile communications are keeping the applications like m-commerce from deployment. </li></ul>
    38. 39. Security Architecture II Mobile Device Air Interface Base Station C3 C3 M C8 C8 K i K i C5 Message m i C5 Message m i Encrypted data C3: authentication, C8: Key generation, C5: encryption/decryption Mutual Authentication Key Exchange M m i m i
    39. 40. Architecture – Authentication protocol (C3) Mobile Device Air Interface Base Station C3 C3 M SVC_REQ_PARMS, R1, Certificate(m) M Certificate(s), ENC pub_m (SIG pri_s (SVC_REQ_PARMS, R1, M, R2)) ENC pub_s (SIG pri_m (SVC_REQ_PARMS, R2), SIG pri_m (M)) m: mobile user, s: base station SVC_REQ_PARMS: (IDm,IDs, service_id_key, key_len) R1: rand. # generated by m R2: rand. # generated by s M: rand. bit string generated by s Authentication Phase
    40. 41. Architecture – Authentication protocol (C3) (Cont’d) Mobile Device Air Interface Base Station C3 C3 REL_REQ, IDs, IDm, ENC pub_s (R2,R3) IDm, IDs, BILL_INFO, R3 Release Phase Goal : non-repudiation
    41. 42. Architecture – Key generation (C8) <ul><li>C8 algorithm processes input data on a byte-by-byte basis. </li></ul><ul><li>Some simulation results show that the key stream generated by C8 algorithm maintain a maximal periods, regardless of input patterns. </li></ul><ul><ul><li>We can expect that C8 algorithm provides strong security property </li></ul></ul>
    42. 43. Architecture – Message Encryption/Decryption (C5) <ul><li>C5 algorithm uses stream cipher for encryption/decryption </li></ul><ul><li>The simplest stream cipher is using only the XOR operation </li></ul><ul><ul><li>Message  Key_stream </li></ul></ul>
    43. 44. Comparison of two architectures <ul><li>C1, C8, C5 are publicly available </li></ul><ul><li>SIM only stores user’s personal information </li></ul><ul><li>A3, A5, A8 are proprietary </li></ul><ul><li>SIM stores user’s personal information and A3 algorithm </li></ul>Flexibility <ul><li>Secure authentication </li></ul><ul><li>Mutual authentication </li></ul><ul><li>Key generation has a long period </li></ul><ul><li>Authentication is not secure enough </li></ul><ul><li>Only the mobile user is authenticated </li></ul>Security <ul><li>Slow authentication </li></ul><ul><li>Key exchange depends on key length </li></ul><ul><li>Fast encryption </li></ul><ul><li>Fast authentication </li></ul><ul><li>Fast key exchange </li></ul><ul><li>Fast encryption </li></ul>Complexity Architecture II Architecture I
    44. 45. Security Services <ul><li>Subscriber identity authentication </li></ul><ul><ul><li>Through challenge-response </li></ul></ul><ul><li>User data confidentiality </li></ul><ul><ul><li>Through encryption </li></ul></ul><ul><li>Signaling data confidentiality </li></ul><ul><ul><li>Through encryption </li></ul></ul><ul><li>Subscriber identity confidentiality </li></ul><ul><ul><li>Through temporary identification number </li></ul></ul>
    45. 46. Part II Code Division Multiple Access (CDMA) Systems
    46. 47. Security Standards in CDMA2000 1XRTT <ul><li>Electronic Serial Number (ESN) </li></ul><ul><li>Authentication Key (A-key) </li></ul><ul><li>CAVE </li></ul><ul><ul><li>dedicated hash with 64-bit key (A-key) </li></ul></ul><ul><ul><li>Challenge response authentication protocol </li></ul></ul><ul><ul><li>Key generation </li></ul></ul>
    47. 48. Security Standards (Contd.) <ul><li>Voice privacy </li></ul><ul><ul><li>XOR with 520-bit mask for voice data confidentiality </li></ul></ul><ul><li>ORYX </li></ul><ul><ul><li>LFSR-based stream cipher for data traffic </li></ul></ul><ul><li>CMEA </li></ul><ul><ul><li>variable-width block cipher with 2 rounds for control channel </li></ul></ul>
    48. 49. Overview of CDMA Protocol CAVE A-key (64) ESN (32) CAVE A-key (64) ESN (32) Rand SSD (56) SSD_B (64) SSD_A (64) SSD_A (64) SSD_B(64) CAVE VPM CAVE VPM Scrambled Voice ORYX ORYX Encrypted DATA CMEA CMEA Encrypted Signaling Message CAVE Broadcast Random CAVE ? RAND AUTHU(18)
    49. 50. Security of A-key <ul><li>Security of A-key is important component </li></ul><ul><li>Re-programmable </li></ul><ul><ul><li>Factory </li></ul></ul><ul><ul><li>Dealer at the point of sale </li></ul></ul><ul><ul><li>Subscriber via telephone </li></ul></ul><ul><ul><li>Over the air service provisioning (OTASP) </li></ul></ul><ul><ul><ul><li>512-bit Diffie-Hellman key exchange </li></ul></ul></ul>
    50. 51. Additional Features <ul><li>Global challenge </li></ul><ul><ul><li>All mobiles are challenged with same random number </li></ul></ul><ul><ul><li>Allows rapid authentication </li></ul></ul><ul><li>Unique challenge </li></ul><ul><ul><li>A specific RAND is used for each requesting mobile </li></ul></ul><ul><li>Call history count ( 6 -bit) </li></ul><ul><ul><li>Tracked by both, mobile and the network </li></ul></ul><ul><ul><li>Provides a way to detect cloning, as the operator gets alerted if there is a mismatch. </li></ul></ul><ul><li>Anonymity </li></ul><ul><ul><li>Temporary Mobile Station Identifier (TMSI) </li></ul></ul>
    51. 52. Cellular Crypto Algorithms COMP128 (same) CAVE Key Generation COMP128 (COMP128-2, 3DES-CBC-MAC) CAVE Authentication Confidentiality A5/2 or A5/1 (soon: A5/3) GSM XOR mask & CMEA (ORYX) CDMA Key: = insecure
    52. 53. Our Observation <ul><li>CDMA 2000 1XRTT are comparatively strong </li></ul><ul><li>The problems are due to inefficient implementation. </li></ul><ul><ul><li>A-key is kept weak </li></ul></ul><ul><ul><li>Call history count is not implemented </li></ul></ul>
    53. 54. Conclusion <ul><li>Though GSM and CDMA provide a basic range of security features, due to the problems in the design or weak implementation, they are not adequate to both the customers and operators. </li></ul><ul><li>With increase in application like m-commerce more secure algorithms are required to be adopted in mobile systems. </li></ul>