3G Security Principles <ul><li>Build on GSM security </li></ul><ul><li>Correct problems with GSM security </li></ul><ul><l...
GSM Network Architecture <ul><ul><li>   </li></ul></ul>BSC MS PSTN/ISDN BTS MSC OMC Um A-bis Circuit-switched technology V...
GSM Security Elements, 1 <ul><li>Key functions: privacy, integrity and confidentiality </li></ul><ul><li>Authentication </...
<ul><li>SIM </li></ul><ul><li>A removable hardware security module  </li></ul><ul><li>Manageable by network operators </li...
Problems with GSM Security, 1 <ul><li>Active Attacks </li></ul><ul><li>Impersonating network elements such as false BTS is...
Problems with GSM Security, 2 <ul><li>Implicit Data Integrity </li></ul><ul><li>No integrity algorithm provided </li></ul>...
Problems with GSM Security, 3 <ul><li>Lawful Interception & Fraud </li></ul><ul><li>Considered as afterthoughts </li></ul>...
3G Network Architecture Circuit/ Signaling Gateway 2G/2.5G 2G IN Services Call Agent Feature Server(s) RNC 3G Data + Packe...
New Security Features, 1 <ul><li>Network Authentication </li></ul><ul><li>The user can identify the network </li></ul><ul>...
New Security Features, 2 <ul><li>Secure Services </li></ul><ul><li>Protect against misuse of services provided by SN and H...
New Security Features, 3 <ul><li>Compatibility </li></ul><ul><li>Standardized security features to ensure world-wide inter...
Summary of 3G Security Features, 1 <ul><li>User Confidentiality </li></ul><ul><li>Permanent user identity IMSI, user locat...
Summary of 3G Security Features, 2 <ul><li>Mutual Authentication </li></ul><ul><li>During Authentication and Key Agreement...
Summary of 3G Security Features, 3 <ul><li>Generation of authentication data at HLR: </li></ul>
Summary of 3G Security Features, 4 <ul><li>Generation of authentication data in USIM: </li></ul>
Summary of 3G Security Features, 5 <ul><li>Data Integrity </li></ul><ul><li>Integrity of data and authentication of origin...
Summary of 3G Security Features, 6 <ul><li>Data Confidentiality </li></ul><ul><li>Signalling and user data should be prote...
Summary of 3G Security Features, 7 <ul><li>IMEI </li></ul><ul><li>IMEI is sent to the network only after the authenticatio...
Summary of 3G Security Features, 8 <ul><li>Configurability </li></ul><ul><li>User configures which security features activ...
Problems with 3G Security <ul><li>IMSI is sent in cleartext when allocating TMSI to the user </li></ul><ul><li>The transmi...
References <ul><li>3G TS 33.120 Security Principles and Objectives </li></ul><ul><li>http://www.3gpp.org/ftp/tsg_sa/WG3_Se...
Upcoming SlideShare
Loading in …5
×

Mayagmar, Gupta 3G Security

1,174 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,174
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
48
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Mayagmar, Gupta 3G Security

  1. 1. 3G Security Principles <ul><li>Build on GSM security </li></ul><ul><li>Correct problems with GSM security </li></ul><ul><li>Add new security features </li></ul>Source: 3GPP
  2. 2. GSM Network Architecture <ul><ul><li>  </li></ul></ul>BSC MS PSTN/ISDN BTS MSC OMC Um A-bis Circuit-switched technology Voice Traffic Mobility mgt A                                  EIR AUC HLR VLR
  3. 3. GSM Security Elements, 1 <ul><li>Key functions: privacy, integrity and confidentiality </li></ul><ul><li>Authentication </li></ul><ul><li>Protect from unauthorized service access </li></ul><ul><li>Based on the authentication algorithm A3(Ki, RAND)=> SRES </li></ul><ul><li>Problems with inadequate algorithms </li></ul><ul><li>Encryption </li></ul><ul><li>Scramble bit streams to protect signaling and user data </li></ul><ul><li>Ciphering algorithm A8(Ki, RAND) => Kc </li></ul><ul><li>A5(Kc, Data) => Encrypted Data </li></ul><ul><li>Need stronger encryption </li></ul><ul><li>Confidentiality </li></ul><ul><li>Prevent intruder from identifying users by IMSI </li></ul><ul><li>Temporary MSI </li></ul><ul><li>Need more secure mechanism </li></ul>
  4. 4. <ul><li>SIM </li></ul><ul><li>A removable hardware security module </li></ul><ul><li>Manageable by network operators </li></ul><ul><li>Terminal independent </li></ul><ul><li>Secure Application Layer </li></ul><ul><li>Secure application layer channel between subscriber module and home </li></ul><ul><li>network </li></ul><ul><li>Transparency </li></ul><ul><li>Security features operate without user assistance </li></ul><ul><li>Needs greater user visibility </li></ul><ul><li>Minimized Trust </li></ul><ul><li>Requires minimum trust between HE and SN </li></ul>GSM Security Elements, 2
  5. 5. Problems with GSM Security, 1 <ul><li>Active Attacks </li></ul><ul><li>Impersonating network elements such as false BTS is possible </li></ul><ul><li>Key Transmission </li></ul><ul><li>Cipher keys and authentication values are transmitted in clear within and between networks (IMSI, RAND, SRES, Kc) </li></ul><ul><li>Limited Encryption Scope </li></ul><ul><li>Encryption terminated too soon at edge of network to BTS </li></ul><ul><li>Communications and signaling in the fixed network portion aren’t protected </li></ul><ul><li>Designed to be only as secure as the fixed networks </li></ul><ul><li>Channel Hijack </li></ul><ul><li>Protection against radio channel hijack relies on encryption. However, encryption is not used in some networks. </li></ul>
  6. 6. Problems with GSM Security, 2 <ul><li>Implicit Data Integrity </li></ul><ul><li>No integrity algorithm provided </li></ul><ul><li>Unilateral Authentication </li></ul><ul><li>Only user authentication to the network is provided. </li></ul><ul><li>No means to identify the network to the user. </li></ul><ul><li>Weak Encryption Algorithms </li></ul><ul><li>Key lengths are too short, while computation speed is increasing </li></ul><ul><li>Encryption algorithm COMP 128 has been broken </li></ul><ul><li>Replacement of encryption algorithms is quite difficult </li></ul><ul><li>Unsecured Terminal </li></ul><ul><li>IMEI is an unsecured identity </li></ul><ul><li>Integrity mechanisms for IMEI are introduced late </li></ul>
  7. 7. Problems with GSM Security, 3 <ul><li>Lawful Interception & Fraud </li></ul><ul><li>Considered as afterthoughts </li></ul><ul><li>Lack of Visibility </li></ul><ul><li>No indication to the user that encryption is on </li></ul><ul><li>No explicit confirmation to the HE that authentication parameters are properly used in SN when subscribers roam </li></ul><ul><li>Inflexibility </li></ul><ul><li>Inadequate flexibility to upgrade and improve security functionality over time </li></ul>
  8. 8. 3G Network Architecture Circuit/ Signaling Gateway 2G/2.5G 2G IN Services Call Agent Feature Server(s) RNC 3G Data + Packet Voice Circuit Switch Circuit Network Packet Network (Internet) Packet Gateway Radio Access Control Voice Mobility Manager IP Core Network IP RAN
  9. 9. New Security Features, 1 <ul><li>Network Authentication </li></ul><ul><li>The user can identify the network </li></ul><ul><li>Explicit Integrity </li></ul><ul><li>Data integrity is assured explicitly by use of integrity algorithms </li></ul><ul><li>Also stronger confidentiality algorithms with longer keys </li></ul><ul><li>Network Security </li></ul><ul><li>Mechanisms to support security within and between networks </li></ul><ul><li>Switch Based Security </li></ul><ul><li>Security is based within the switch rather than the base station </li></ul><ul><li>IMEI Integrity </li></ul><ul><li>Integrity mechanisms for IMEI provided from the start </li></ul>
  10. 10. New Security Features, 2 <ul><li>Secure Services </li></ul><ul><li>Protect against misuse of services provided by SN and HE </li></ul><ul><li>Secure Applications </li></ul><ul><li>Provide security for applications resident on USIM </li></ul><ul><li>Fraud Detection </li></ul><ul><li>Mechanisms to combating fraud in roaming situations </li></ul><ul><li>Flexibility </li></ul><ul><li>Security features can be extended and enhanced as required by new threats and services </li></ul><ul><li>Visibility and Configurability </li></ul><ul><li>Users are notified whether security is on and what level of security is available </li></ul><ul><li>Users can configure security features for individual services </li></ul>
  11. 11. New Security Features, 3 <ul><li>Compatibility </li></ul><ul><li>Standardized security features to ensure world-wide interoperability and roaming </li></ul><ul><li>At least one encryption algorithm exported on world-wide basis </li></ul><ul><li>Lawful Interception </li></ul><ul><li>Mechanisms to provide authorized agencies with certain information about subscribers </li></ul>
  12. 12. Summary of 3G Security Features, 1 <ul><li>User Confidentiality </li></ul><ul><li>Permanent user identity IMSI, user location, and user services cannot be determined by eavesdropping </li></ul><ul><li>Achieved by use of temporary identity (TMSI) which is assigned by VLR </li></ul><ul><li>IMSI is sent in cleartext when establishing TMSI </li></ul>
  13. 13. Summary of 3G Security Features, 2 <ul><li>Mutual Authentication </li></ul><ul><li>During Authentication and Key Agreement (AKA) the user and network authenticate each other, and also they agree on cipher and integrity key (CK, IK). CK and IK are used until their time expires. </li></ul><ul><li>Assumption: trusted HE and SN, and trusted links between them. </li></ul><ul><li>After AKA, security mode must be negotiated to agree on encryption and integrity algorithm. </li></ul><ul><li>AKA process: </li></ul>
  14. 14. Summary of 3G Security Features, 3 <ul><li>Generation of authentication data at HLR: </li></ul>
  15. 15. Summary of 3G Security Features, 4 <ul><li>Generation of authentication data in USIM: </li></ul>
  16. 16. Summary of 3G Security Features, 5 <ul><li>Data Integrity </li></ul><ul><li>Integrity of data and authentication of origin of signalling data must be provided </li></ul><ul><li>The user and network agree on integrity key and algorithm during AKA and security mode set-up </li></ul>
  17. 17. Summary of 3G Security Features, 6 <ul><li>Data Confidentiality </li></ul><ul><li>Signalling and user data should be protected from eavesdropping </li></ul><ul><li>The user and network agree on cipher key and algorithm during AKA and security mode set-up </li></ul>
  18. 18. Summary of 3G Security Features, 7 <ul><li>IMEI </li></ul><ul><li>IMEI is sent to the network only after the authentication of SN </li></ul><ul><li>The transmission of IMEI is not protected </li></ul><ul><li>User-USIM Authentication </li></ul><ul><li>Access to USIM is restricted to authorized users </li></ul><ul><li>User and USIM share a secret key, PIN </li></ul><ul><li>USIM-Terminal Authentication </li></ul><ul><li>User equipment must authenticate USIM </li></ul><ul><li>Secure Applications </li></ul><ul><li>Applications resident on USIM should receive secure messages over the network </li></ul><ul><li>Visibility </li></ul><ul><li>Indication that encryption is on </li></ul><ul><li>Indication what level of security (2G, 3G) is available </li></ul>
  19. 19. Summary of 3G Security Features, 8 <ul><li>Configurability </li></ul><ul><li>User configures which security features activated with particular services </li></ul><ul><li>Enabling/disabling user-USIM authentication </li></ul><ul><li>Accepting/rejecting incoming non-ciphered calls </li></ul><ul><li>Setting up/not setting up non-ciphered calls </li></ul><ul><li>Accepting/rejecting use of certain ciphering algorithms </li></ul><ul><li>GSM Compatibility </li></ul><ul><li>GSM user parameters are derived from UMTS parameters using the following conversion functions: </li></ul><ul><li>cipher key Kc = c3(CK, IK) </li></ul><ul><li>random challenge RAND = c1(RAND) </li></ul><ul><li>signed response SRES = c2(RES) </li></ul><ul><li>GSM subscribers roaming in 3GPP network are supported by GSM security context (example, vulnerable to false BTS) </li></ul>
  20. 20. Problems with 3G Security <ul><li>IMSI is sent in cleartext when allocating TMSI to the user </li></ul><ul><li>The transmission of IMEI is not protected; IMEI is not a security feature </li></ul><ul><li>A user can be enticed to camp on a false BS. Once the user camps on the radio channels of a false BS, the user is out of reach of the paging signals of SN </li></ul><ul><li>Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The intruder poses as a man-in-the-middle and drops the user once the call is set-up </li></ul>
  21. 21. References <ul><li>3G TS 33.120 Security Principles and Objectives </li></ul><ul><li>http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300. pdf </li></ul><ul><li>3G TS 33.120 Security Threats and Requirements </li></ul><ul><li>http://www.arib.or.jp/IMT-2000/ARIB-spec/ARIB/21133-310.PDF </li></ul><ul><li>Michael Walker “On the Security of 3GPP Networks” </li></ul><ul><li>http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/mike_walker.pdf </li></ul><ul><li>Redl, Weber, Oliphant “An Introduction to GSM” </li></ul><ul><li>Artech House, 1995 </li></ul><ul><li>Joachim Tisal “GSM Cellular Radio Telephony” </li></ul><ul><li>John Wiley & Sons, 1997 </li></ul><ul><li>Lauri Pesonen “GSM Interception” </li></ul><ul><li>http://www.dia.unisa.it/ads.dir/corso-security/www/CORSO-9900/a5/Netsec/netsec.html </li></ul><ul><li>3G TR 33.900 A Guide to 3 rd Generation Security </li></ul><ul><li>ftp://ftp.3gpp.org/TSG_SA/WG3_Security/_Specs/33900-120. pdf </li></ul><ul><li>3G TS 33.102 Security Architecture </li></ul><ul><li>ftp://ftp.3gpp.org/Specs/2000-12/R1999/33_series/33102-370.zip </li></ul><ul><li>3G TR 21.905 Vocabulary for 3GPP Specifications </li></ul><ul><li>http://www.quintillion.co.jp/3GPP/Specs/21905-010.pdf </li></ul>

×