GSM Authentication

5,267 views
5,148 views

Published on

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,267
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
170
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

GSM Authentication

  1. 1. An Ontology for Generic Wireless Authentication 1 Declaration Herewith, I declare that I have written this thesis myself and no other sources than listed in the references have been used. Asma Alazeib Stuttgart, 07.October.2005
  2. 2. An Ontology for Generic Wireless Authentication 2 Acknowledgements I would like to thank first and foremost my supervisors in Alcatel SEL AG, Dr. Stephan Rupp and Andreas Diehl for all their help, support, follow ups and encouragement. I thank them for the weekly meetings held, for all the guidance and assistance and for all the times they were there whenever I needed advice and support. I would also like to thank Prof. Klaus Schünemann and Prof. Wolfgang Meyer for supervising me at the Hamburg University of Technology during my master thesis and for their help and support. Special thanks also goes to Franz Josef Banet and Matthias Duspiva who were always there to answer my questions, spent several hours clarifying my doubts, and whom supported me throughout my thesis. Never ending thanks also goes to the former Telematics group of Alcatel SEL AG, now the mm-lab company for being my entrance point in Alcatel and for making the company feel like home, for all the moral support, encouragement and for always being there for me in every case. Special thanks go to Lothar Krank, Ronald Prestin, Martin Geiger, Bernd Herrmann, Michael Meiser, Wolfgang Schäffer, Michael Koch, Horst Idler, Gerald Sander, Claus Hirdes, Andreas Streit and Sandra Steege. Warm wishes go to all my friends that I’ve encountered during my stay in Germany, each person has made a positive influence in my life and in very special and different ways. I thank them for the making me see life from other aspects and whom have greatly contributed to the person I am today. Last but not least, I would like to thank all my family members for believing in me and for their encouragement.
  3. 3. An Ontology for Generic Wireless Authentication 3 Table of Contents Declaration......................................................................................................................................1 Acknowledgements........................................................................................................................2 1 Introduction...............................................................................................................................10 1.1 Restructuring Telecommunication Networks...............................................................12 1.1.1 Physical Consolidation of Subscriber Data ...........................................................13 1.1.2 Logical Consolidation of Subscriber Data .............................................................13 1.1.3 Harmonization of Interfaces....................................................................................13 2 Authentication in Wireless Networks ....................................................................................16 2.1 Security in wireless networks...........................................................................................16 2.2 Introduction to Authentication.......................................................................................17 2.3 Introduction to GSM networks ......................................................................................18 2.3.1 GSM Network Components....................................................................................19 2.3.1.1 Radio Subsystem ................................................................................................19 2.3.1.2 Base Station Subsystem.....................................................................................19 2.3.1.3 Network and Switching Subsystem.................................................................20 2.3.2 Visited Access/Core Network, Operator Home Network .................................21 2.3.3 Numbers and Identities ............................................................................................21 2.3.3.1 International Mobile Subscriber Identity .......................................................21 2.3.3.2 Mobile Subscriber Integrated Services Digital Network Number..............22 2.4 Security in GSM Networks..............................................................................................24 2.4.1 GSM Authentication .................................................................................................24 2.4.2 Security Algorithms in GSM....................................................................................26 2.4.2.1 A3 Algorithm......................................................................................................26 2.4.2.2 A5 Algorithm......................................................................................................27 2.4.2.3 A8 Algorithm......................................................................................................27 2.5 Introduction to UMTS networks....................................................................................28 2.5.1 UMTS Network Components .................................................................................29 2.5.1.1 User Equipment.................................................................................................29 2.5.1.2 UMTS Terrestrial Radio Access Network .....................................................29 2.5.1.3 Core Network.....................................................................................................30 2.6 Security in UMTS networks.............................................................................................31 2.6.1 UMTS Authentication ..............................................................................................32 2.6.1.1 UMTS Authentication Vector..........................................................................34
  4. 4. An Ontology for Generic Wireless Authentication 4 2.6.1.2 USIM Authentication ........................................................................................36 2.6.2 Security Algorithms in UMTS .................................................................................37 2.7 Introduction into the Internet Protocol Multimedia Sub-System in UMTS networks....................................................................................................................................38 2.7.1 Identities in the IMS system.....................................................................................40 2.7.1.1 Private User Identities.......................................................................................40 2.7.1.2 Public User Identities ........................................................................................40 2.7.1.3 Public Service Identities....................................................................................41 2.8 Introduction to Wireless Local Area Networks............................................................42 2.9 Security in WLAN networks ...........................................................................................43 2.9.1 802.11 ..........................................................................................................................43 2.9.2 Wired Equivalent Privacy.........................................................................................43 2.9.3 Wi-Fi Protected Access ............................................................................................44 2.10 WLAN Security Architecture ........................................................................................44 2.10.1 802.1X .......................................................................................................................44 2.10.2 Authentication, Authorization and Accounting Server .....................................46 2.10.3 Certificate Based Authentication...........................................................................47 2.10.3.1 Public Key Infrastructure ...............................................................................47 2.10.4 Password Based Authentication............................................................................48 2.10.5 Extensible Authentication Protocol .....................................................................48 2.10.5.1 Lightweight Extensible Authentication Protocol........................................49 2.10.5.2 EAP Transport Layer Security.......................................................................49 2.10.5.3 Protected Extensible Authentication Protocol............................................50 2.10.5.4 EAP- Subscriber Identity Module.................................................................51 3 Ontologies and the Semantic Web.........................................................................................55 3.1 The Semantic Web ............................................................................................................55 3.2 Ontologies ..........................................................................................................................56 3.2.1 Origin ..........................................................................................................................56 3.2.2 Definition....................................................................................................................57 3.2.2.1 In Philosophy .....................................................................................................57 3.2.2.2 In Artificial Intelligence ....................................................................................57 3.2.3 Ontology Approaches...............................................................................................58 3.2.3.1 Description Logics.............................................................................................58 3.2.3.2 Frame-based .......................................................................................................58
  5. 5. An Ontology for Generic Wireless Authentication 5 3.2.3.3 Predicate Logic...................................................................................................59 3.2.4 The Web Ontology Language..................................................................................59 3.2.4.1 OWL Lite ............................................................................................................60 3.2.4.2 OWL DL.............................................................................................................60 3.2.4.3 OWL Full ............................................................................................................61 3.2.5 OWL Language Constructs .....................................................................................61 3.2.5.1 Classes..................................................................................................................61 3.2.5.2 Properties ............................................................................................................62 3.2.5.3 Operators ............................................................................................................65 3.2.6 Ontology Tools..........................................................................................................66 3.2.6.1 Protégé.................................................................................................................66 3.2.6.2 RenamedABox and Concept Expression Reasoner Professional...............66 3.2.6.3 Graphical Visualization .....................................................................................67 3.2.7 Protégé-OWL Concepts ...........................................................................................67 3.2.8 Ontology Development............................................................................................68 3.2.8.1 Why Develop an Ontology ..............................................................................68 3.2.8.2 Steps in Developing an Ontology ...................................................................69 4 An Ontology for Generic Wireless Authentication.............................................................72 4.1 Class Overview ..................................................................................................................72 4.2 Ontology Classes and Subclasses....................................................................................73 4.2.1 The Algorithm class ..................................................................................................73 4.2.2 The AuthenticationMethod class ............................................................................74 4.2.3 The AuthenticationType class .................................................................................74 4.2.4 The Certificate class ..................................................................................................75 4.2.5 The CertificateComponent class .............................................................................75 4.2.6 The Code class ...........................................................................................................76 4.2.7 The DataBase class....................................................................................................76 4.2.8 The Identity class.......................................................................................................76 4.2.9 The Key class .............................................................................................................77 4.2.10 The Network class...................................................................................................78 4.2.11 The Number Class ..................................................................................................78 4.2.12 The Service class......................................................................................................79 4.2.13 The UserData class..................................................................................................80 4.2.14 The Subscriber class................................................................................................81
  6. 6. An Ontology for Generic Wireless Authentication 6 4.3 Disjoint Classes..................................................................................................................81 4.3.1 The Algorithm class disjoints ..................................................................................82 4.3.2 The AuthenticationMethod class disjoints ............................................................82 4.3.2.1 The EAP-SIM subclass .....................................................................................82 4.3.2.2 The EAP-TLS subclass .....................................................................................83 4.3.2.3 The LEAP subclass ...........................................................................................83 4.3.2.4 The PEAP subclass ...........................................................................................83 4.3.3 The AuthenticationType class disjoints .................................................................84 4.3.3.1 The CertificateBased subclass ..........................................................................84 4.3.3.2 The ChallengeResponse subclass ....................................................................84 4.3.3.3 The MutualAuthentication subclass................................................................84 4.3.3.4 The NetworkAuthentication subclass.............................................................84 4.3.3.5 The PasswordBased subclass ...........................................................................84 4.3.3.6 The UserAuthentication subclass ....................................................................85 4.3.4 The Certificate class disjoints...................................................................................85 4.3.5 The CertificateComponent class disjoints .............................................................85 4.3.5.1 The IssuerName, SerialNumber, Signature, Subject, ValidFrom, ValidTo and PublicKey subclasses ..............................................................................................85 4.3.5.2 The SignatureAlgorithm subclass ....................................................................85 4.3.6 The Code class disjoints ...........................................................................................86 4.3.7 The Database class disjoints ....................................................................................86 4.3.8 The Identity class disjoints .......................................................................................86 4.3.9 The Key class disjoints..............................................................................................86 4.3.9.1 The DerivedKey subclass .................................................................................86 4.3.9.2 The GeneratedKey subclass .............................................................................86 4.3.9.3 The StaticKey subclass......................................................................................87 4.3.10 The Network class disjoints...................................................................................87 4.3.11 The Number class disjoints....................................................................................87 4.3.12 The Service class disjoints ......................................................................................87 4.3.12.1 The BasicService subclass...............................................................................87 4.3.12.2 The SupplementaryService subclass..............................................................87 4.3.12.3 The MultimediaService subclass....................................................................87 4.3.13 The UserData class disjoints..................................................................................88 4.4 Inconsistencies from Disjoint classes.............................................................................88
  7. 7. An Ontology for Generic Wireless Authentication 7 4.5 Class Properties .................................................................................................................89 4.5.1 hasIdentity ↔ isIdentityOf .......................................................................................89 4.5.2 hasNetworkIdentity ↔ isNetworkIdentityOf.......................................................89 4.5.3 hasUserName ↔ isUserNameOf ...........................................................................89 4.5.4 hasAuthenticationMethod ↔ isAuthenticationMethodOf ..................................89 4.5.5 hasAuthenticationType ↔ isAuthenticationTypeOf ............................................90 4.5.6 hasCertificate ↔ isCertificateOf ..............................................................................90 4.5.7 hasPassword ↔ isPasswordOf .................................................................................90 4.5.8 hasBasicService ↔ isBasicServiceOf .......................................................................90 4.5.9 hasSupplementaryService ↔ isSupplementaryServiceOf .....................................90 4.5.10 hasDatabase ↔ isDatabaseOf ................................................................................90 4.5.11 hasChallenge ↔ isChallengeOf .............................................................................91 4.5.12 hasSecretKey ↔ isSecretKeyOf.............................................................................91 4.5.13 hasExpectedResponse ↔ isExpectedResponseOf .............................................91 4.5.14 hasTriplets ↔ isTripletsOf .....................................................................................91 4.5.15 hasInput ↔ isInputOf.............................................................................................91 4.5.16 hasOutput ↔ isOutputOf.......................................................................................91 4.5.17 hasNumber ↔ isNumberOf...................................................................................92 4.5.18 hasSubscriber ↔ isSubscriberOf ...........................................................................92 4.5.19 Stores ↔ isStoredIn .................................................................................................92 4.5.20 hasAlgorithm ↔ isAlgorithmOf ...........................................................................92 4.6 Identification of a new is-a relationship.........................................................................92 4.7 Initial ontology tests and reasoning................................................................................93
  8. 8. An Ontology for Generic Wireless Authentication 8 4.8 Property Restrictions and Defining Classes ..................................................................94 4.8.1 Restrictions defining the f1 class.............................................................................94 4.8.2 Restrictions defining the EAP-SIM class...............................................................96 4.8.3 Restrictions defining the Subscriber class..............................................................98 4.8.4 Restrictions defining the IMSI class .......................................................................99 4.9 Asserted and Inferred Hierarchy.................................................................................. 101 5 Installation and Testing......................................................................................................... 102 5.1 Installation Guidelines................................................................................................... 102 5.2 Loading the Ontology ................................................................................................... 102 5.3 Encountered Problems.................................................................................................. 103 5.3.1 Enumerated Classes ............................................................................................... 103 5.3.2 Defining values for properties instead of individuals........................................ 104 5.3.3 allValuesFrom, someValuesFrom and Disjoint classes .................................... 105 5.3.4 Defining Cardinalities ............................................................................................ 106 6 Summary and Conclusions ................................................................................................... 107 6.1 Summary.......................................................................................................................... 107 6.2 Further research.............................................................................................................. 108 6.3 Areas of application ....................................................................................................... 109 References .................................................................................................................................. 110 Abbreviations............................................................................................................................. 116 Appendix A................................................................................................................................ 120 Appendix B ................................................................................................................................ 123
  9. 9. An Ontology for Generic Wireless Authentication 9 Table of Figures Figure 1: Current status of telecommunication networks......................................................11 Figure 2: Distributed Subscriber Data ......................................................................................12 Figure 3: Physical and Logical Consolidation of Data............................................................14 Figure 4: GSM Network Architecture ......................................................................................18 Figure 5: IMSI Number Format ................................................................................................22 Figure 6: MSISDN Number Format.........................................................................................23 Figure 7: Authentication in GSM Networks............................................................................24 Figure 8: UMTS Network Architecture....................................................................................28 Figure 9: Authentication in UMTS Networks .........................................................................32 Figure 10: UMTS Authentication Vector .................................................................................34 Figure 11: USIM Authentication ...............................................................................................36 Figure 12: IMS Subsystem Architecture ...................................................................................38 Figure 13: WLAN Overview ......................................................................................................42 Figure 14: WLAN Security Architecture ..................................................................................44 Figure 15: EAP-SIM Architecture .............................................................................................51 Figure 16: EAP-SIM Authentication.........................................................................................53 Figure 17: Overview of Asserted Ontology Hierarchy...........................................................72 Figure 18: Disjoint Classes..........................................................................................................81 Figure 19: Incorrect disjoint definition - Inconsistent class ..................................................88 Figure 20: Ontology tests and reasoning results......................................................................93 Figure 21: f1 Class Restrictions..................................................................................................94 Figure 22: EAP-SIM Class Restrictions....................................................................................96 Figure 23: Subscriber Class Restrictions...................................................................................98 Figure 24: IMSI Class Restrictions ............................................................................................99 Figure 25: Asserted and Inferred Hierarchy.......................................................................... 101 Figure 26: Enumerated Classes and OWL-FULL Error..................................................... 104 Figure 27: Defining a value for an Object Property - OWL FULL Error ....................... 105 Figure 28: Integration of Future domains ............................................................................. 109
  10. 10. An Ontology for Generic Wireless Authentication 10 1 Introduction The increase in network complexity in telecommunication systems has given rise to the need of restructuring telecommunication networks. Today networks are structured in such a way, that the introduction of new network elements and network services significantly increase the complexity of networks for network operators. Thus making it difficult to deploy and integrate new services and domains into existing networks, as well as complicating the maintenance and management of such networks. Examples for telecommunication networks are mobile and wireless networks. The original architecture for mobile networks was based on supporting the mobility of phone calls. The extension of such networks and the difficulty of maintaining such extensions were not put into consideration while designing these networks. Today several network domains exist in mobile and wireless networks. Each domain brings along with it new services, features and applications. And each domain requires the introduction of new network elements, thus further contributing to the complexity of networks. Each network element requires its own independent set of services, applications and subscriber data. As well as interfaces and protocols to communicate with each other. Subscriber data is required for the new network elements existing within the network, which is sometimes redundant across the different nodes. Each network node owns its own subscriber profile (data), which is sometimes replicated and distributed across the network. This complicates access to data and makes it impossible to obtain and maintain a complete profile of a specific network subscriber, since all data related to a subscriber is distributed along the network. Managing the network elements becomes difficult and operating expenses involved for network planning and maintenance of such networks also increases. Another problem that arises from the current architecture of networks today is the integration of several networks and domains (e.g. the integration of UMTS and WLAN networks). The current architecture was not designed to support the integration of new networks and services. The never-ending extensions of these networks will only make it impossible in the future to maintain such networks.
  11. 11. An Ontology for Generic Wireless Authentication 11 The following points summarize the problems that arise from the way telecommunication networks are structured today: • Several domains • Several network elements within each domain • Inaccessible data due to vendor specific systems for the network elements • Separate set of subscriber data for each network element • Redundant subscriber data across the network elements • Several protocols and interfaces to communicate between the nodes • Increased complexity • Increased expenses The following figure illustrates the current status in telecommunication networks today: Node 3 Node 1 Node 3 Node 1 Domain 2 Domain 1 Node 4 Node 2 Node 4 Node 2 Node 3 Node 3 Node 1 Node 1 Domain 4 Domain 3 Node 4 Node 2 Node 4 Node 2 Figure 1: Current status of telecommunication networks For the purpose of this thesis the restructuring of the GSM, UMTS and WLAN domains are considered. In particular the authentication specific data related to a certain subscriber is modelled for the next generation profile register.
  12. 12. An Ontology for Generic Wireless Authentication 12 1.1 Restructuring Telecommunication Networks Next Generation Networks (NGNs) are introduced in this thesis as a solution to the previously mentioned problems. The introduction of such networks reduces the complexity of current networks, but only to a certain extent. The concept behind a NGN is the separation of data from applications. Subscriber data is one of the most vital components of a network, and in today’s networks this data is not centrally accessible. Data today is not separated from the applications they belong to and this data is locally stored, distributed and inaccessible by other applications. Such an arrangement also causes the increase of operating and maintenance efforts and costs. A NGN solves these problems by providing a common storage for subscriber data , which is accessible to all applications. This common profile store is also referred to as the Next Generation Profile Register (NGPR). It simplifies data management and the interfaces needed for applications to access the data; it also enables the re-use of data among the various applications. The following figure illustrates the distribution of subscriber data among the three network domains: Figure 2: Distributed Subscriber Data
  13. 13. An Ontology for Generic Wireless Authentication 13 Three approaches considered for the simplification of telecommunication networks today, and that complement each other are the following: • Physical Consolidation of Subscriber Data • Logical Consolidation of Subscriber Data • Harmonisation of Interfaces 1.1.1 Physical Consolidation of Subscriber Data Physical consolidation of data enables better data management, by storing data belonging to a subscriber in dedicated data servers. Data is stored in one physical location and the data servers can then be accessed via a common data interface. This process simplifies the integration of new application servers and network management, enables faster introduction of new services, and enables direct access to the data by different systems and applications. 1.1.2 Logical Consolidation of Subscriber Data Logical consolidation of subscriber data provides a common data model that provides meaning to subscriber data, and that describes this data. It solves the problem of the multiple independent subscriber sets of a certain subscriber, which are distributed across the network. It also associates subscriber data to the subscriber and provides the definition of data objects. The logical model can be used in conjunction with a common data interface. 1.1.3 Harmonization of Interfaces The number of interfaces and protocols needed to communicate between network nodes, increases with the increase of new network elements and new functions. This further complicates the integration of new services and functions within a network. A solution to this is to isolate interfaces from the applications and third party applications, and to provide a common standard interface, instead of several interfaces and protocols. The following figure illustrates the logical and physical consolidation of subscriber data for the three mentioned domains:
  14. 14. An Ontology for Generic Wireless Authentication 14 WLAN Subscriber Data UMTS Subscriber Data Logical Consolidation GSM Subscriber Data of Data Physical Consolidation of Data Figure 3: Physical and Logical Consolidation of Data This thesis concentrates on the Logical Consolidation of Subscriber data, in specific authentication specific data for GSM, UMTS and WLAN networks. In order to create a logical model for subscriber data it is important to choose an appropriate modelling language for modelling the data stored in the subscriber profiles [61]. Relational models are not sufficient to describe the data for the logical model, the Unified Modelling Language (UML) focuses on the operational properties and run time data, the Extensible Markup Language (XML) and XML schema provide and define the structure of data, the Resource Description Framework (RDF) and RDF Schema define the data model for objects and the relationship between objects. It also provides a terminology for expressing classes and properties. The appropriate method evaluated for modelling the logical data was using the Semantic Web to provide meaning for the data. The most suitable language evaluated for the description of the data was the Web Ontology Language (OWL), which supports sharing and distribution of knowledge, a richer vocabulary for modelling and which focuses on the structural properties of a domain [49][52]. The thesis is organized in the following manner: this chapter provides an introduction to the thesis and the motivation behind the work performed. Chapter two provides an overview of GSM, UMTS and WLAN networks. The main focus of this chapter is the
  15. 15. An Ontology for Generic Wireless Authentication 15 authentication procedures for each network. Chapter three describes the Semantic Web, ontologies (a knowledge based used to model the data), the Web Ontology Language and the tools needed to model an ontology. Chapter four describes the ontology created with the Protégé Tool. The ontology provides the definition of classes, the properties and the relationships between the classes. Chapter five describes the installation requirements needed to create the ontology, how the ontology can be loaded and a list of errors during testing the consistency of the ontology. The summary of the work achieved, the conclusions and open issues are described in Chapter 6.
  16. 16. An Ontology for Generic Wireless Authentication 16 2 Authentication in Wireless Networks 2.1 Security in wireless networks Security has become an important issue in current mobile and wireless networks. As the security measures for such networks increase, the tools and techniques used to attack such networks also increases. Wireless communications security in simple terms, is the procedures or methods used for protecting the communication between certain entities. (An entity could be a user or a device requesting network access). Protection mechanisms are used to protect the entity from any third party attacks, such as impersonating an identity, revealing a specific identity, data-hijacking or data modification, eavesdropping and so forth. Dedicated technologies for securing data and communication are required in wireless networks, which vary according to the type of wireless technology deployed. Security in mobile and wireless networks covers various issues, from authentication of a user accessing a certain network, to data encryption and data integrity. Thus three major aspects are considered in securing wireless networks: [5] • Access control (Authentication) • Confidentiality • Anonymity [5] Authentication is used to prove the identity of a certain entity requesting access to a network. This is used so that the network operator is able to verify that the mobile subscriber in the case of GSM and UMTS networks is really who he/she claims to be. This reduces the possibility for mobile identity impersonation [6] [7]. Encryption is used to ensure the confidentiality of data. Data integrity guarantees that the data is not modified or destroyed in any way, thus sensitive signalling information and data are protected against eavesdropping attacks. Anonymity is another security aspect that protects user identity, making it hard to track the whereabouts of a certain user. Anonymity is achieved using temporary identities [6].
  17. 17. An Ontology for Generic Wireless Authentication 17 The scope of this thesis only addresses the authentication procedures of mobile and wireless networks, specifically GSM, UMTS and WLAN networks. Other security aspects are not within this scope. 2.2 Introduction to Authentication Authentication is the process of uniquely proving an identity to a certain service, network or device and the verification of the given identity. Upon successful identity verification, access to certain services, networks or devices are granted. The kind of access and services granted depends on the privileges given to the specific entity requesting authentication. In the case the identity is not proven (unsuccessful authentication), no access is granted to the entity requesting access. The simple form of authentication is providing a user name and password, which is mainly the case in internet based authentication (e.g. email, online shopping, etc…) and in some wireless based networks. However, different types of authentication exist depending on the complexity of a certain system. Dedicated systems require a complex procedure of authentication involving the use of secret keys, tokens, certain credentials, digital certificates or signatures, complex algorithms and encryption methods and more [7] [8]. Several authentication methods exist, depending on the technology used and the type of information or services requiring access. In the following, the authentication procedures of GSM, UMTS and WLAN networks are discussed in detail.
  18. 18. An Ontology for Generic Wireless Authentication 18 2.3 Introduction to GSM networks The Global System for Mobile Communication (GSM) is a second generation (2G) network and is the largest existing 2G network. Second generation refers to the fact that the system uses digital signals in contrast to first generation networks, where analogue signals were used [5]. The GSM network comprises of several network components that interact and function with each other. For the purpose of this thesis, only the components involved in the authentication process of GSM networks will be described and illustrated. The following figure illustrates a general overview of the GSM authentication specific network architecture. (All other elements not related to authentication are not illustrated or addressed): RSS NSS BSS BTS HLR AuC MS BSC MSC VLR Mobile Device Visited Access Network Visited Core Network Home Network Figure 4: GSM Network Architecture The GSM network comprises of three subsystems, namely the Radio Subsystem (RSS), the Network and Switching Subsystem (NSS) and the Operation Subsystem (OSS) [1] [4]. The OSS is not discussed in this thesis.
  19. 19. An Ontology for Generic Wireless Authentication 19 2.3.1 GSM Network Components 2.3.1.1 Radio Subsystem The RSS [9] [4] deals with all the radio aspects of a network and is responsible for the following components it comprises: 2.3.1.1.1 Mobile Station The Mobile Station (MS) [3] [4] consists of two major components: 2.3.1.1.1.1 Mobile Equipment The Mobile Equipment (ME) is the actual mobile device a user uses to establish calls and other telephony services. The ME communicates with the radio channel and provides various services to the user of the mobile device. 2.3.1.1.1.2 Subscriber Identity Module The Subscriber Identity Module (SIM) [3] is located inside the ME and contains subscriber specific data. This data is used for identifying a subscriber to the network via the International Mobile Subscriber Identity (IMSI). Authentication specific data is also stored inside the SIM (e.g. algorithms, secret key), which are later used for key generation [4] [6]. Two security services are implemented for the SIM card. The first security mechanism for the SIM is access control, which controls a user from accessing the card and the information and services provided upon card access. This is provided via a secret Personal Identification Number (PIN), which the user has to enter before gaining access to the SIM. The second security mechanism provided is the network challenge and response mechanism described in section (2.4.1). 2.3.1.2 Base Station Subsystem The Base Station Subsystem (BSS) [1] [3] [4] is responsible for all radio functions and comprises of the Base Station Transceiver (BTS) and the Base Station Controller (BSC). These two components together support the radio interface. The responsibilities of the BSS are then assigned to the following two components:
  20. 20. An Ontology for Generic Wireless Authentication 20 2.3.1.2.1 Base Transceiver Station The Base Transceiver Station (BTS) takes care of the communication with the mobile station, and is responsible for radio specific functions (sending and receiving) [4] 2.3.1.2.1 Base Station Controller The Base Station Controller (BSC) is responsible for the switching between several BTSs, and for the switching of radio channels. The BSC provides the necessary control functions and physical links between the Network Subsystem (NSS), via the Mobile Switching Center (MSC) and the BTS [1] [3] [4]. 2.3.1.3 Network and Switching Subsystem The NSS [3][4] comprises of the Mobile Switching Center (MSC), the Home Location Register (HLR) and the Visitor Location Register (VLR). The NSS provides switching services between GSM and external networks, and maintains the location registers needed to manage and administer subscribers. 2.3.1.3.1 Mobile Switching Center The Mobile Switching Center (MSC) is the switching node in the NSS that controls all MS connections. It provides telephony switching services to fixed and mobile networks. It links the NSS to the RSS via the BSC. Several BSCs can belong to a single MSC [1] [3] [4]. 2.3.1.3.2 Home Location Register The Home Location Register (HLR) is the main subscriber profile register, and contains all data related to a mobile subscriber. This data includes but is not limited to the following: the mobile subscriber’s identity, represented as the International Mobile Subscriber Identity (IMSI) (also stored in the SIM card), administrational information, service subscription and service specific data and location information [1] [2] [3] [4]. 2.3.1.3.3 Visitor Location Register The Visitor Location Register (VLR) is a subscriber profile containing temporary information, and is distributed in the network according to geographical locations. The VLR along with the MSC are responsible for handling mobile subscribers visiting an area
  21. 21. An Ontology for Generic Wireless Authentication 21 outside their home network. Certain administrational data is replicated in the VLR from the HLR in order to provide service provisioning and call control. Information about the visiting subscriber is retrieved from the HLR and stored in the VLR as a temporary record [1] [2] [3] [4]. 2.3.1.3.4 Authentication Center) The Authentication Center (AuC) is a register that is logically part of the HLR. Authentication specific data for a given subscriber is stored in the AuC. It is responsible for storing the secret key of a subscriber (section 2.4.1). Other tasks of the AuC include the generation of authentication parameters needed for authentication and encryption, proving the identity of a subscriber and providing protection mechanisms for a subscriber’s SIM card [1] [3] [4]. 2.3.2 Visited Access/Core Network, Operator Home Network The Visited Access Network is the radio network accessed by the mobile station. Access is accomplished via the BSS. The Visited Core Network is the switching part of the network, and is a network other than the home network the subscriber is registered at. Visited Core Networks can be located at various national or international locations. The MSC and VLR reside at this network [6]. The Operator Home Network is the original network the mobile subscriber is registered at. The HLR and AuC reside in this network. 2.3.3 Numbers and Identities 2.3.3.1 International Mobile Subscriber Identity The International Mobile Subscriber Identity (IMSI) is a unique 15 digit identifier for a mobile subscriber. It is stored in the SIM card of the mobile station, and is assigned to a mobile subscriber at the time of subscription. It is used to identify a subscriber to a given network (i.e. GSM, UMTS networks). The main purpose of the IMSI is to allocate International Mobile Station Identities (INMSI) to stations. Mobile subscribers do not have access to this number or have any knowledge of it. Although this number is stored in the SIM card, it cannot be reached via a telephone call. Thus, the number is not made public.
  22. 22. An Ontology for Generic Wireless Authentication 22 The IMSI is made up of three codes: • Mobile Country Code (MCC) • Mobile Network Code (MNC) – 2 digits • Mobile Station Identification Number (MSIN) – 10 digits o HLR-Number o Subscriber Number (SN) MCC MNC MSIN Figure 5: IMSI Number Format The Mobile Country Code is a three digit code, specifying a list of predefined mobile country codes that identify a mobile station in mobile networks. The MCC for Germany, for example is 262 and each country has its own respective MCC. The Mobile Network Code is the code, which identifies the home network of the mobile subscriber. E.g. in Germany the codes 01, 02 and 03 are used to identify the T-Mobile, Vodafone and E-Plus networks respectively. This code is 2 digits in Europe and 3 in North America. The Mobile Station Identification Number is a unique identifier, consisting of 10 digits that identify a mobile subscriber to the network. The MSIN consists of two parts, the first part represents the logical HLR address (HLR-Number) and consists of two digits and the second part is an identifier representing the subscriber number (SN) [2] [10] [11]. 2.3.3.2 Mobile Subscriber Integrated Services Digital Network Number The Mobile Subscriber Integrated Services Digital Network Number (MSISDN) is the mobile subscriber’s telephone number, which is associated with the IMSI. Several MSISDN numbers can be assigned to a single IMSI and are also stored on the SIM card. Together the IMSI and MSISDN are used for call setup and call routing. The MSISDN is made up of the following codes: • Country Code (CC)
  23. 23. An Ontology for Generic Wireless Authentication 23 • National Destination Code (NDC) • Subscriber Number (SN) o HLR-Number (HLR#) o Individual Subscriber Number (ISN) CC NDC SN(HLR# + ISN) Figure 6: MSISDN Number Format The CC is consists of 1 – 3 digits and represents the code for the country. The NDC is consists of 2 – 3 digits and indicates the type of telephone number being called. In the case of mobile networks it indicates the code for the specific operator, E.g. 179 for the O2 network operator. The CC and the NDC together are used of routing purposes. The SN is a 10 digit number and consists of two parts; the HLR number representing the logical address of the HLR and the ISN, which is a number assigned to the subscriber [2] [10] [12].
  24. 24. An Ontology for Generic Wireless Authentication 24 2.4 Security in GSM Networks As described in section 1.1, the security issue covers three main aspects: • Authentication • Confidentiality • Anonymity In GSM networks Authentication is achieved by a challenge-response type of authentication (described in section 2.4.1), and by the encryption of the radio channel, which also guarantees confidentiality. Anonymity is achieved by the use of temporary identities (i.e. the Temporary Mobile Subscriber Identity TMSI), which is a temporary identity assigned to the IMSI [5] [6]. Only the Authentication part will be described in this thesis. 2.4.1 GSM Authentication The following figure illustrates a general overview of the authentication procedure in GSM Networks: Figure 7: Authentication in GSM Networks
  25. 25. An Ontology for Generic Wireless Authentication 25 GSM authentication is a challenge-response type of authentication. The mobile station initiates the authentication procedure, by issuing an authentication request. The home network generates a response and sends a challenge to the mobile station, in order to calculate the same response. If both responses generated from the home network and the mobile station match, then authentication is achieved, and access to the network is granted. Below a detailed description of the authentication procedure and the components involved in authentication are given. A new mobile subscriber is given a SIM card, in which relevant information about a subscriber is stored. The SIM card contains the necessary keys and algorithms needed for the authentication procedure, which enables a subscriber to connect to the home network. A secret key referred to as Ki is stored in the SIM card of the mobile subscriber, and in the Authentication Center of the home network of the mobile operator. This key remains secret and is never transmitted from the AuC or SIM card. The Ki is a unique 128-bit key. The whole authentication procedure depends on the privacy/secrecy of this key. The concept behind the challenge-response type of authentication is to prove that the secret key, stored in the SIM card of the mobile station is the same as the key stored in the AuC. The authentication procedure begins when a mobile station, requests access to the network. This is achieved via an authentication request, in which the mobile device sends out the IMSI as a request for authentication. The IMSI is broadcasted to a corresponding MSC, which in turn forwards this information to the HLR in the home network, and also the VLR in the visited network. The AuC is associated with the HLR, and is responsible for storing authentication specific parameters. After the reception of the IMSI by the AuC, a random number (RAND) is generated using the received IMSI and the stored secret key Ki. The RAND number is a 128-bit key, and represents the challenge to be sent to the SIM by the home network. The AuC and SIM card contain authentication algorithms, namely the A3 algorithm for authentication and the A8 algorithm for key generation (explained in section 1.4.1). With the help of these algorithms an Expected Response key (XRES), which is 32-bits long, and a Cipher key (Kc), 64-bits long are generated.
  26. 26. An Ontology for Generic Wireless Authentication 26 The XRES is used to verify if the SIM can generate the same response, and is based on a symmetric mechanism. The Kc is used for encrypting calls between the mobile and base stations, and is a temporary session key. Upon generating these keys, the HLR sends out an authentication response known as triplets, which consists of the (RAND, XRES and Kc). The triplets are generated and stored in the VLR for each subscriber. The MSC then forwards the RAND number of the generated triplets to the mobile station. This RAND number is sent as a challenge to the mobile station, and challenges the mobile station to calculate the same response generated by the AuC. With the use of the A3 and A8 algorithms, the RAND number and Ki key are used to calculate the RES and a Kc. The RES is then forwarded to the MSC/VLR, and a comparison of RES and XRES is made. If both responses match, the authentication procedure is successful and the mobile station gains access to the network and its services. If, however the XRES and RES don’t match, then access is denied to the mobile station and the authentication procedure fails [5] [6] [15]. 2.4.2 Security Algorithms in GSM Three security algorithms exist in GSM networks, namely the A3 authentication algorithm, the A5 ciphering/deciphering algorithm and the A8 ciphering key generation algorithm. These three are used in order to provide different security features and techniques, including authentication and protection of the radio link, which guarantees privacy of calls and user data [13] [14] [15]. 2.4.2.1 A3 Algorithm The A3 algorithm is the authentication algorithm for GSM networks, and resides on the SIM card of the mobile subscriber, and on the HLR/AuC of the home network. The implementation of the A3 algorithm is network specific and depends on the network operator. The A3 algorithm is a non-recursive algorithm, meaning that the output generated from the input cannot be used to derive or guess the inputs. Thus, the output gives no indication about the input. The main purpose of this algorithm is to authenticate the identity of a mobile subscriber.
  27. 27. An Ontology for Generic Wireless Authentication 27 The A3 algorithm generates the XRES on the network side and the RES on the mobile side. Both the XRES and RES are a 32-bit long key and are generated from Ki and RAND [13] [14] [15]. 2.4.2.2 A5 Algorithm The A5 algorithm is the ciphering/deciphering algorithm, and resides on the mobile station of a subscriber and on the BSS. The A5 algorithm is used for protecting data sent from the mobile station, and the BSS and vice-versa, this provides the privacy of data and calls. The Kc ensures that all calls are encrypted between the MS and the BSS. The A5 algorithm is a standardized algorithm, but this algorithm can only be obtained with a specific license from the GSM Association [5]. Although the A5 algorithm is standardized, its specification remains undisclosed [5] [13] [14] [15]. 2.4.2.3 A8 Algorithm The A8 algorithm is the ciphering key generation algorithm, as with the A3 algorithm it also resides on the SIM card and HLR/AuC. Its implementation is network specific and it is also a non-recursive algorithm. The A8 algorithm is used for generating the Kc, which is a session key and is used for encrypting voice and data traffic. The Kc is generated from the Ki and RAND and is 64- bits long [13] [14] [15].
  28. 28. An Ontology for Generic Wireless Authentication 28 2.5 Introduction to UMTS networks The Universal Mobile Telecommunications System (UMTS) is one of the new third generation (3G) networks. 3G networks build on 2G networks with the General Packet Radio Service (GPRS) support, which are known as 2.5G networks. 2.5G networks support packet switching domains. A UMTS network also provides for inter-operability with a GSM network and is an extension of existing GSM networks [18]. UMTS networks support the circuit and packet switched domains, and are backward interoperable with GSM/GPRS networks [5][18] [19]. UMTS networks provide enhanced data transmission rates and a wider range of services, including multimedia and IP based services [5] [6] [16]. The following figure illustrates the UMTS network architecture, (only components related to authentication are illustrated): MS/UE Core Network Circuit Switched Domain BTS MS BSC MSC VLR BSS Packet Switched Domain UTRAN HLR AuC Node B UE RNC 3G SGSN RNS Mobile Device Visited Access Network Visited Core Network Home Network Figure 8: UMTS Network Architecture
  29. 29. An Ontology for Generic Wireless Authentication 29 The UMTS network consists of the following components: [16] [17] [18] • User Equipment (UE) • UMTS Terrestrial Radio Access Network (UTRAN) • Core Network (CN) 2.5.1 UMTS Network Components 2.5.1.1 User Equipment The UE consists of the mobile device and the Universal Subscriber Identity Module (USIM) card. The UE separates between the user device functionality and the USIM functionality [16]. The USIM is similar in functionality to the SIM of the GSM network. The USIM is more enhanced in terms of security. The keys and algorithms used for authentication and encryption are stored on the USIM. Subscriber specific data and several identities are also stored on the USIM [15]. 2.5.1.2 UMTS Terrestrial Radio Access Network The UTRAN is the new access network for UMTS networks, which uses different multiple access methods than previous GSM networks [17]. It is responsible for network access procedures, mobility and resource allocation [4]. UTRAN is subdivided into individual Radio Network Subsystems (RNS), which consists of the following components [16] [17]: 2.5.1.2.1 Radio Network Controller The RNC is the controlling unit of the UTRAN and is responsible for communicating with the UE. It performs radio specific functions and maintains the connection to the CN for each UE. It functions like the BSC of GSM networks, and provides switching functions between other RNCs [16]. The RNC is connected to one or several Node Bs [17]. Two types of RNCs exist, namely Serving Radio Network Controllers (SRNC) and Drifting Radio Network Controllers (DRNC) [4] [18]. The SRNC is responsible for
  30. 30. An Ontology for Generic Wireless Authentication 30 controlling the connection to the CN, while the DRNC is responsible for the connection to the UE and offers additional resources [4] [18]. 2.5.1.2.2 Node B Node-Bs are the base stations of the UMTS network, and several Node-Bs can be connected to one RNC. Each Node-B can serve one or several radio cells. A Node-B fulfils almost the same functionalities as a BTS in GSM networks [16]. A Node B is mainly responsible for the transmission and reception of data [17]. 2.5.1.3 Core Network The CN consists of two domains: the Circuit Switched (CS) domain, and the Packet Switched domain (PS). The CN in UMTS is an enhanced version of the GSM core network with GPRS. Each domain has its specific components. The CS domain includes the MSC and VLR as its components, and provides circuit switched functionalities such as calls and switching of calls. The PS domain includes the 3G Serving GPRS Support Node (SGSN) as its component, which is responsible for the delivery of data packets to and from the UE. The SGSN takes the role of the MSC/VLR of the CS domain. The PS domain provides IP-Based services. Components like the HLR and AuC are shared by both CS and PS domains [17] [18].
  31. 31. An Ontology for Generic Wireless Authentication 31 2.6 Security in UMTS networks Security in UMTS networks is based and built on the existing GSM security mechanisms. However, UMTS has far more security mechanisms than in GSM, and is more enhanced in terms of security [6]. Robust security mechanisms of GSM networks have been adopted into UMTS networks. Compatibility with GSM networks is ensured in order to ease inter-working operations between the networks [21]. New security services have been introduced into UMTS networks as well as new domains. This required the introduction of new security mechanisms [5]. Some of the major security enhancements in UMTS networks are as follows: • Mutual Authentication; not only is the subscriber authenticated by the network, the subscriber can also authenticate the network. The subscriber can ensure that he/she is connecting to a trusted network. • Integrity Protection; enhanced algorithms and keys to ensure data integrity. • Network Security; security between and within different networks. • Secure Services and Applications; enhanced security features for services and applications [21]. • Interoperability and Roaming; standardized security features, enabling network to network interoperability and roaming [20].
  32. 32. An Ontology for Generic Wireless Authentication 32 2.6.1 UMTS Authentication The following figure illustrates the authentication procedure in UMTS networks: IMSI IMSI Authentication Request Authentication Request UE MSC VLR SGSN HLR AuC USIM RAND K AUTN RAND K SQN (Quintets) RAND, AUTN, RAND, AUTN XRES, CK, IK Authentication Response RES SQN CK IK RES XRES AUTN CK IK RES = XRES User Equipment Serving Network Home Network Figure 9: Authentication in UMTS Networks UMTS authentication is based on a challenge-response type of authentication, similar to that of GSM networks. It is based on the existing GSM infrastructure and is built on GSM authentication and security mechanisms [5] [6]. UMTS authentication provides mutual authentication [5] [6], meaning that the network a certain subscriber is connecting to is authenticated. Details about the exact mutual authentication procedure are described below. The UE initiates the authentication procedure by sending an authentication request, which can be in the form of different subscriber identities: • The IMSI. • The Temporary Mobile Subscriber Identity (TMSI). This is a temporary identity, used instead of the IMSI in order to avoid the user’s identity from being continuously transferred via the network. • Packet-TMSI (P-TMSI), for the packet switched domain [5].
  33. 33. An Ontology for Generic Wireless Authentication 33 These identities are also used in 2G GSM networks, apart from the P-TMSI, which is used in 2.5G networks. A permanent secret key (K) – 128 bits - resides in the USIM of the UE and in the AuC of the home network. As with GSM authentication, this key is never transmitted and is always kept secret. The user’s identity is verified by the Serving Network (SN) or the visited core network. Access to the network is granted by the SN if the verification procedure is successful. The SN forwards the authentication request (IMSI) to the HLR/AuC of the Home Network (HN). An authentication vector, called (Quintets) is generated as the authentication response and is returned back to the SN. Using the IMSI, the AuC then generates a Random Number (RAND) – 128 bits – and a Sequence Number (SQN) – 48 bits. This SQN is chosen in ascending order in order to later check the freshness of the SQN, and thus the freshness of the generated authentication vector sent to the USIM. The SQN and RAND number are then used, with the help of the f1, f2, f3, f4 and f5 functions/algorithms to generate the authentication vector. These functions are all non- recursive, and it is important to note that the output of one function cannot reveal any information about the input of another function [5]. The inputs for the authentication vector are the RAND, SQN and K, which is stored in the AuC. The authentication vector consists of the following keys: the Expected Response (XRES) generated using the f2 function and is 32 – 128 bits; the Cipher Key (CK) generated using the f3 function and is 128 bits; the Integrity Key (IK) generated using the f4 function an is 128 bits; the Authentication Token (AUTN), which is a concatenation of different keys (explained below) and is 128 bits. An authentication response is then sent out to the Serving Network in a form of quintets, this authentication response is made out of the following keys: (RAND, AUTN, XRES, CK and IK). The SN keeps a copy of the XRES to compare it with the RES that will be generated on the USIM. The SN sends a challenge to the USIM in the form of the RAND and the AUTN keys. This challenge is used in the USIM along with K as inputs for the authentication procedure on the USIM side. The generated output consists of the following keys; Response (RES) 32 – 128 bits, generated by the f2 function, the SQN 48 bits, the Cipher Key (CK) and the Integrity Key (IK), generated by the f3 and f4 functions respectively.
  34. 34. An Ontology for Generic Wireless Authentication 34 The authentication procedure on the USIM starts upon the reception of RAND and AUTN. The importance of sending these two keys is for the mutual authentication process. The AUTN can only be computed by the AuC of the home network. Therefore, the UE is able to verify that it is connecting to a trusted network; a network that holds the same secret as the USIM (i.e. K) [19]. The RES is then forwarded to the SN, and is evaluated against the XRES response received from the Home Network. If both responses match then the UE is authenticated to access the network [5] [6] [19]. 2.6.1.1 UMTS Authentication Vector The following figure illustrates the authentication vector generated in the AuC. It is important to understand this authentication vector, in order to understand how UMTS performs mutual authentication. Up till now, only the UE has been authenticated to use the network, the second step of authentication is performed on the USIM side, where the UE checks whether it is connecting to a trusted network or not. Figure 10: UMTS Authentication Vector The generation of the authentication vector on the home network side begins with the reception of the IMSI (authentication request) from the UE. A fresh SQN and a RAND number are generated. SQN proves to the USIM that the generated authentication vector
  35. 35. An Ontology for Generic Wireless Authentication 35 is fresh. Five one way functions (f1, f2, f3, f4 and f5) [5] are used for generating the authentication vector. The f1 and f2 functions/algorithms are message authentication functions. The input of the f1 function is the RAND, K, SQN and the Authentication and Management Field (AMF) a 16 bit key. The AMF is an operator-specific key, and is used for operator- specific functions in the authentication procedure. The output of the f1 function is the Message Authentication Code (MAC) a 64 bit key, which is an algorithm or a one way hash that computes bits and a secret key to generate a fixed-length of bits [20]. Its purpose is for verifying that the inputted bits have not been altered in some way or the other. The f3, f4 and f5 functions are key generating functions, which all take the RAND and K as inputs. The f2 function generates the XRES, and is used to compare the RES generated on the USIM side for subscriber authentication. The f3 and f4 functions generate the CK and IK keys respectively for ciphering and integrity protection purposes on the air interface. The f5 function generates an Anonymity Key (AK) 48 bit, which is used to conceal the generated sequence number SQN [5] [19].
  36. 36. An Ontology for Generic Wireless Authentication 36 2.6.1.2 USIM Authentication The following figure illustrates the authentication procedure on the USIM of the UE: USIM K RAND f5 f2 f3 f4 AK RES CK IK SQN SQN + AK + f1 AMF AUTN XMAC MAC ? MAC = XMAC Figure 11: USIM Authentication The functions f1 – f5 are ordered in a different manner on the USIM as compared with the functions on the AuC. In USIM authentication the f5 function must generate outputs before the f1 function. The authentication procedure starts with the computation of the Anonymity Key (AK). This key is generated from the inputs of RAND and K using the f5 function, which is used to conceal the SQN preventing any leakage of user identity through the SQN. The functions f2, f3 and f4 take the RAND and K as inputs and generate RES, CK and IK respectively. The input of the f1 function is a bit more complicated; two keys from the AUTN namely SQN and AK are concatenated with the AK, which is generated from the f5 function in the following manner: SQN = (SQN ⊕ AK) ⊕ AK [19]. This SQN is then an input for the f1 function along with the AMF key. The f1 function generates the Expected MAC (XMAC) a 64 bit key as its output. This value (XMAC) is compared to the MAC of the AUTN key, which is a concatenation of the SQN, AK, AMF and MAC
  37. 37. An Ontology for Generic Wireless Authentication 37 in the following way: AUTN = SQN ⊕ AK || AMF || MAC [19]. If both MACs match, authentication of the network is completed and the USIM verifies that it is connected to a trusted network [5] [19]. 2.6.2 Security Algorithms in UMTS The main algorithms in UMTS networks concerned with authentication are the f1, f1*, f2, f3, f4, f5 and f5* functions. These functions are operator-specific and only reside on the AuC of the home network and the USIM of the UE. Each of these functions is a one-way function. The functions are used for computing the authentication vector. The importance of these functions lies in that the output of one function cannot reveal any information about the other functions [5]. The f1 function is the network authentication function and is responsible for the generation of the MAC key on the network side and the XMAC key on the USIM side. The f1* function is the resynchronization message authentication function and is used for resynchronization purposes. The f2 function is the user authentication function and is responsible for the generation of the XRES key on the network side and the RES key on the USIM side. The f3 function is the CK derivation function. It generates the CK on both the network and USIM side. The f4 function is the IK derivation function. It generates the IK on both the network and USIM side. The f5 function is the AK derivation function for normal operation. The AK is generated using the f5 function on both the network and USIM side. The f5* function is the AK derivation function for resynchronization and is used for resynchronization purposes [5] [6].
  38. 38. An Ontology for Generic Wireless Authentication 38 2.7 Introduction into the Internet Protocol Multimedia Sub-System in UMTS networks The IP Multimedia Sub-System (IMS) plays a major role in UMTS networks as of the UMTS release number 5 [5]. The IMS is an application layer, residing on top of the packet switched domain of the UMTS network. It is independent of the access network, and supports various types of networks and devices [5]. The main intention of the IMS is to provide multimedia services and applications to end users. IMS also supports roaming services for mobile networks [5] [23]. A multimedia service is a service that supports two or more kinds of multimedia services for telecommunication networks. Services can be for example, video and audio downloading and streaming, text messaging, web browsing, etc… [22] The following figure illustrates an overview of the IMS system architecture in mobile and fixed networks: Core Network PLMN / PSTN / GMSC ISDN Home IMS BTS MS BSC BSS MSC VLR HSS UTRAN I-CSCF S-CSCF Node B P-CSCF UE RNC SGSN RNS Visited IMS GGSN Fixed Access Networks / WLAN Figure 12: IMS Subsystem Architecture
  39. 39. An Ontology for Generic Wireless Authentication 39 The IMS consists of the following components: • The Home Subscriber Server (HSS) • Proxy-Call Session Control Function (P-CSCF) • Interrogating-Call Session Control Function (I-CSCF) • Serving-Call Session Control Function (S-CSCF) • Gateway GRPS Support Node (GGSN); also supported in UMTS and 2.5G networks [22]. The HSS is the main database of the IMS network. The HLR and AuC are integrated into this database, and subscriber specific, location-related data and user identities are is stored in this database. The CSCF consists of three types that perform different functions within the network: The P-CSCF is the first contact point in the IMS. It is responsible for forwarding registration requests and responses, to and from the mobile device and the I-CSCF. The P-CSCF resides in the visited network, and is assigned to a terminal supporting IP Multimedia (E.g. mobile phone, laptop, computer, etc…). It is also responsible for the confidentiality and integrity of messages sent in the network. The I-CSCF is responsible for contacting the respective S-CSCF within the home network via the HSS. Its main task is the assignment of an S-CSCF, routing, and forwarding of requests and responses to the relevant S-CSCF. The S-CSCF is responsible for session control and session management. In addition, authentication and subscriber specific data are stored in the S-CSCF, which are retrieved from the HSS. The S-CSCF is assigned to an IMS terminal, and performs the authentication of an IMS user. Registration requests received by the S-CSCF are forwarded to the HSS [5] [22] [23]. The I-CSCF and S-CSCF reside in the home network of the IMS. The GGSN is a gateway between the IMS and UMTS networks, and represents the entrance point to the IMS system. The IMS supports the access of other networks like; Fixed Access Networks, Wireless Local Area Networks (WLAN), Public Land Mobile Networks (PLMN), Public Switched Telephone Networks (PSTN) and Integrated Services Digital Networks (ISDN). The
  40. 40. An Ontology for Generic Wireless Authentication 40 latter three can be accessed by GSM networks via, the Gateway Mobile Switching Center (GMSC) [23]. Authentication in the IMS is performed, via the IMS Authentication and Key Agreement (AKA) mechanism, which is a challenge/response type of authentication and which is analogous to UMTS authentication. The IMS uses the IMS Subscriber Identity Module (ISIM), in the UE instead of the USIM and SIM in UMTS and GSM networks respectively [5]. 2.7.1 Identities in the IMS system Several identities exist in the IMS system, which are used to uniquely identify a user or a service of the IMS system. These identities are; Public User Identities, Private User Identities and Public Service Identities and are briefly described in the following: 2.7.1.1 Private User Identities Every user of an IMS system has one private user identity, used to identify the user of the IMS system. This identity is assigned by the home network, and it takes the form of a Network Access Identifier (NAI). An NAI is a standardized way to identify users to a network during authentication via a username or a username@realm. Private user identities are static, and are used to identify information related to a specific subscriber (subscriber and authentication information), which is stored in the HSS. Apart from the private user identity being stored in the HSS, it is also stored in the ISIM of the UE and also in the S-CSCF. The private user identity takes a similar function as that of the IMSI in GSM and UMTS networks. The private user identity is authenticated during user registration [23] [24] [25]. 2.7.1.2 Public User Identities One or more public user identities can be allocated to a user of an IMS system. A user should obtain at least one public user identity, which is also stored in the ISIM. This identifier is used for communication purposes with other IMS users. It is also used by external users to address a user. The public user identity takes the form of a telephone:URL number or a URL. Public user identities are used to identify information related to a specific subscriber within the HSS, but unlike private user identities, public user identities are not authenticated by the network. IMS terminals are tied to public user identities by the S-CSCF [24] [25].
  41. 41. An Ontology for Generic Wireless Authentication 41 2.7.1.3 Public Service Identities Private and public user identities are used to identify users within an IMS system. However, public service identities are used for identifying the various services available to the IMS via application servers. Each public service identity is bound to a service of the IMS [24].
  42. 42. An Ontology for Generic Wireless Authentication 42 2.8 Introduction to Wireless Local Area Networks A WLAN is a local area network that does not use wires to communicate between the stations, instead high frequency radio waves are used for communication. An example of WLAN networks is the 802.11 standard defined by the IEEE [26]. The following figure illustrates an overview of a WLAN network: Wireless Station 1 Target Network Access Point Wireless Station 2 Figure 13: WLAN Overview The main components involved in a WLAN network are the mobile station, which could be any mobile device (E.g. a laptop, Personal Digital Assistant (PDA)), the wireless Access Point (AP) that performs the task of a wired hub – the AP acts as an entry point to access the target network- , and some kind of authentication server performing, authentication and granting access to the network via the AP [8]. In the following the WLAN security architecture will be explained along with concepts relating to WLAN authentication.
  43. 43. An Ontology for Generic Wireless Authentication 43 2.9 Security in WLAN networks 2.9.1 802.11 The 802.11 is a standard developed by the IEEE for wireless networks. The specification defines the interface between a wireless station, and an access point or another wireless station. The 802.11 also specifies how access to a WLAN is achieved or in other words how authentication of WLANs is implemented. Authentication in 802.11 networks is based on authenticating a wireless station rather than a user [29]. In order for a wireless station to connect to another station or access point, the initiating station must prove its identity, to the receiving wireless station or access point. This is achieved via various authentication methods, which depend on the type of authentication method deployed. The 802.11 is a family of standards, and several specifications of this standard exist,. Amongst these are; 802.11, 802.11a, 802.11b, 802.11g. Each specification differs from the other in the spectrums/multiplexing methods, transmission rates and bandwidths [27]. 2.9.2 Wired Equivalent Privacy The Wired Equivalent Privacy (WEP) key is used, between a wireless client, and an AP, in order to encrypt data being sent from the client to the AP, and to decrypt the same data on the AP. It is a standard defined by the IEEE 802.11 Working Group for data encryption. WEP keys are static keys, and are used as session keys, to enable communication of the client and the AP. If the client is not able to detect the AP’s WEP key, access to the network is blocked from the client. As the name implies, WEP was developed to be as secure as that of wired networks that is why it is termed as equivalent. This fact does not hold, since many flaws have been detected in this encryption scheme. Many enhancements have been made to WEP and it is deployed by several authentication methods [30].
  44. 44. An Ontology for Generic Wireless Authentication 44 2.9.3 Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is an enhancement over the vulnerable WEP encryption scheme. All flaws in WEP have been addressed in WPA. WPA provides authentication, key management and encryption mechanisms, to secure a wireless network [31]. 2.10 WLAN Security Architecture Unlike GSM and UMTS networks, security in WLAN networks is not standardized. WLANS are implementation specific, and depend on the technology deployed and chosen on the wireless devices and access points. Another issue to put into consideration when securing wireless networks is, how secure the network should be, and what are the costs of implementing such security, these factors influence the type of security mechanisms deployed. The following figure illustrates the general security architecture for a WLAN: Figure 14: WLAN Security Architecture 2.10.1 802.1X The 802.1X is an essential element in securing WLAN networks. It is a standard from the IEEE, and is used for port-based network access control. Authentication of wireless stations (e.g. laptop, access point) is performed via this standard, and is based on the EAP protocol [33]. The 802.1X is the authentication framework, and the EAP methods deployed are the authentication algorithms [29].
  45. 45. An Ontology for Generic Wireless Authentication 45 Authentication methods in wireless networks must fulfil certain minimum requirements; amongst these requirements are the following: • Generation of session keys for authentication, confidentiality and integrity purposes. • Support for mutual authentication between client and access point, thus preventing rogue (impersonating) access points. • Protection against eavesdroppers and man in the middle attacks, this can be ensured using session keys for message authentication, data confidentiality and data integrity. • Protection against dictionary attacks [33]. Three components are involved in the 802.1X framework: • The client – the wireless station • The authenticator – the access point • The authentication server – the AAA server [cisco 2] The client initiates the connection procedure, by associating itself to the access point, and issuing an EAP Start Request. At this point, the access point blocks the communication between the client and the network, until the authentication procedure is completed, (i.e. until the client presents correct authentication data (user ID and password/certificate) and is verified). The access point requests the identity of the client, by issuing an EAP Request Identity message. The client replies to this message via an EAP Response message containing its identity. This information is forwarded to the AAA server. Authentication is achieved depending on the authentication method deployed. The access point, grants the client the right to access the network upon the reception of an accept message, unsuccessful authentication leads to a reject message. Keys (session key and broadcast keys) are derived when the client authenticates the authentication server [29]. The 802.1X, along with the EAP authentication methods provide centralized authentication and dynamic key generation and distribution. Authentication methods in
  46. 46. An Ontology for Generic Wireless Authentication 46 WLAN can be of different types, the ones described in this chapter are password based and certificate based methods. 2.10.2 Authentication, Authorization and Accounting Server The basic purpose of an Authentication Authorization and Accounting (AAA) server is to control access to a wireless network. Authentication in wireless networks grants or denies a client the right to access a network, depending on the validity of credentials the client presents. This could be in the form of a user name and password, security tokens or digital certificates. Authorization specifies what rights a client is entitled to during the connection to the network. This includes but is not limited to session time, access to certain resources/groups, etc… Accounting is used for tracking a user, and for billing purposes. The user name and connection duration are stored for this purpose. Several types of authentication servers exist. The AAA server based on the Remote Authentication Dial In User Service (RADIUS) protocol is discussed in this thesis. Remote Authentication Dial In User Service (RADIUS) The Remote Authentication Dial In User Service (RADIUS) is a protocol, used for providing authentication, authorization and accounting services between an access point and an authentication server (a RADIUS server or any other kind of AAA server). It provides a central user database [35] that can be accessed by different servers, in order to authenticate users (validate credentials) as well as provide configuration information, such as the type of service to deliver to the user (authentication) and accounting services, based on the user’s usage of the network. A RADIUS server supports several methods for authentication (RFC 2138). In simple terms, a RADIUS server checks for the validity of a user, requesting access to a network. It authorizes the user to access the network, if the information stored in a database is verified [34].
  47. 47. An Ontology for Generic Wireless Authentication 47 2.10.3 Certificate Based Authentication It is necessary to understand the underlying terminologies of certificates in order to understand certificate based authentication. 2.10.3.1 Public Key Infrastructure A Public Key Infrastructure (PKI) is an infrastructure composed of digital certificates, certifying authorities (CA), public keys and private keys. The concept behind a PKI is that parties/entities, trying to communicate with each other via the internet, can be verified and authenticated against who they really claim to be via authorizing and certifying authorities. Public and private keys are managed by a PKI. Public keys are signed and verified by trusted certifying authorities [36] [37]. 2.10.3.1.1 Digital Certificates A digital certificate is an electronic identity used to prove the identity of a certain party/entity. This certificate is approved by a certifying authority, and signed by the certifying authority’s private key. Access to certain resources can be obtained using digital certificates [38]. A certificate is obtained via a CA. A digital certificate consists of the following according to the X.509 standard: • A digital signature • Version • Serial Number • Signature Algorithm • Issuer Name • Validity period • Subject • Public key [39] 2.10.3.1.2 Certifying Authority A certifying authority is a trusted third party that issues digital certificates, and verifies the validity of public keys [39].
  48. 48. An Ontology for Generic Wireless Authentication 48 2.10.3.1.3 Public Key A public key is a number belonging to a certain entity. This key is distributed among entities that interact with the entity owning this key. The public key is used for verifying a digital signature and is used for encryption [39]. 2.10.3.1.4 Private Key A private key is a number belonging to a certain entity and is not known to any other entity. The private key is used for computing signatures and decryption. Public and private keys exist in pairs and correspond to each other; a message can be decrypted by a private key upon the reception of a public key associated with that private key [39]. 2.10.3.1.5 Digital Signature A digital signature is a digital code, verifying that the sender is the one issuing the electronic message. The digital signature, also verifies that the contents of the electronic message have not been altered. 2.10.4 Password Based Authentication In password based authentication, the password is not directly transmitted to the access point from the client. Instead a password hash or secret key is generated from the password to protect it from being sniffed across the network. The secret key or password hash is calculated via a hash function, which provides a one way encryption of the password. The password is shared between the network and the client. The network calculates the password from the received secret key [29]. 2.10.5 Extensible Authentication Protocol Messages for the purpose of authentication, are sent from the wireless device to the authentication server via the Extensible Authentication Protocol (EAP), which is an envelope consisting of different types of authentication methods. EAP is a general authentication protocol, supporting various authentication procedures. Our concentration for this thesis will be EAP authentication methods for password and certificate based authentication [33].
  49. 49. An Ontology for Generic Wireless Authentication 49 The EAP protocol defines several types of authentication methods, amongst them are the following: • Lightweight Extensible Authentication Protocol (LEAP) • Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) • Protected Extensible Authentication Protocol (PEAP) • Extensible Authentication Protocol – Subscriber Identity Module (EAP-SIM) 2.10.5.1 Lightweight Extensible Authentication Protocol LEAP, is a password based authentication protocol that authenticates the user rather than the device. Authentication is performed according to the user name and password provided. No certificates are used in this type of authentication. Mutual authentication of the client and authentication server is performed in this protocol, which depends on the existence of a secret key, and the user’s password that is shared between the client and the network. An authentication challenge is sent to the client, from the authentication server. The client responds to the authentication challenge with the hashed password. The authentication server retrieves relevant authentication information, from a database to create a response to the authentication request. The response generated by the authentication server is then compared to the one received from the client. The client authenticates the authentication server in a similar fashion. A dynamic session key called WEP is generated upon successful authentication. Successful authentication ends with an EAP-Success method [28]. 2.10.5.2 EAP Transport Layer Security EAP TLS is a certificate based authentication method, and is based on the TLS protocol (RFC 2246), which is the present version of the Secure Socket Layer (SSL). SSL is used by web browsers to secure transactions within web applications [29]. In EAP-TLS, certificates are used on both the client and server side for authentication. The client authenticates the authentication server via a digital certificate, sent to the client by the authentication server, and checks for the validity of the certificate. The server in turn authenticates the client in a similar manner. Upon the reception of the EAP-Success

×