Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

simcards-ietf.ppt

4,704 views

Published on

Published in: Technology
  • Be the first to comment

simcards-ietf.ppt

  1. 1. 2G/3G Authentication with SIM cards: usage & roaming basics for the Internet challenged Michael Haberler Internet Foundation Austria
  2. 2. outline <ul><li>a SIM card mini-tutorial </li></ul><ul><ul><ul><li>features, protocol flow, usage, production, addressing </li></ul></ul></ul><ul><li>UMTS authentication and key agreement </li></ul><ul><ul><ul><li>principles and protocol flow </li></ul></ul></ul><ul><li>the universal integrated circuit card (UICC) </li></ul><ul><ul><ul><li>USIM app </li></ul></ul></ul><ul><li>how 2G, 3G roaming works </li></ul><ul><li>„ over the air“ (OTA) loading of UICC apps </li></ul><ul><ul><ul><li>example: X.509 certificate download </li></ul></ul></ul><ul><li>(U)SIM‘s and Internet access authentication </li></ul><ul><ul><li>how SIMs and RADIUS roaming works </li></ul></ul><ul><li>(U)SIM‘s and SIP authentication </li></ul><ul><ul><li>what the SIP server does </li></ul></ul><ul><li>How the parameter logistics works </li></ul><ul><li>a bonus business model thrown in </li></ul><ul><li>summary </li></ul>
  3. 3. what‘s a 2G SIM card <ul><li>crypto smart card as per ISO 7816 </li></ul><ul><li>access protected by a PIN code(s) („card holder verification“) </li></ul><ul><li>fixed storage of subscriber identity – IMSI (international mobile subscriber identity) – „GSM MAC address“ </li></ul><ul><ul><li>E.164 number to IMSI mapping at the operator only </li></ul></ul><ul><li>safe storage for shared secret - accessible only through CHAP operation </li></ul><ul><ul><li>not broken as of today except for most stupid CHAP algorithm known </li></ul></ul><ul><li>CHAP algorithm in hardware </li></ul><ul><ul><li>operator chooses algorithm </li></ul></ul><ul><li>tree structured filesystem </li></ul><ul><ul><li>stream, record, cyclic record files </li></ul></ul><ul><ul><li>can be readonly, read/write or none at all (for the key) </li></ul></ul><ul><ul><li>some permission hierarchy </li></ul></ul>
  4. 4. how are SIM cards produced <ul><li>unprogrammed chips are „personalized“ and „closed“ (parameters written & sealed) </li></ul><ul><li>mass product - $5-$7 apiece at 1000+ </li></ul><ul><ul><li>GEMplus, Giesecke & Devrient .... </li></ul></ul><ul><li>everybody can have SIM‘s made – even Mom&Pop ISP </li></ul><ul><li>not everybody may </li></ul><ul><ul><li>roam with other cellular operators </li></ul></ul><ul><ul><li>use the GSM algorithm „A3/A8“ – you wouldnt want it anyway </li></ul></ul><ul><ul><li>must be member of GSM association for that </li></ul></ul><ul><li>having your own algorithm in a chip mask is a circa $50K+ affair </li></ul><ul><li>for testing & development unprogrammed castrated chips used (XOR algorithm for CHAP...) </li></ul>
  5. 5. how are (U)SIM cards accessed <ul><li>2G, 3G use </li></ul><ul><ul><li>builtin reader in the mobile handset </li></ul></ul><ul><li>for Internet use: </li></ul><ul><ul><li>maybe builtin in PDA, PC (e.g.DELL) </li></ul></ul><ul><ul><li>external USB token – 20$ apiece </li></ul></ul><ul><ul><li>re-use a mobile SIM card via Bluetooth SIG SIM Access Profile (only if roaming against 2G/3G operator) </li></ul></ul><ul><li>read 3G „(U)SIM Security Reuse by Peripheral Decices on local interfaces“ – contains some threat analysis </li></ul>
  6. 6. SIM usage in 2G authentication 2G GSM handset keys Authentication Center shared secret access request – present IMSI present challenge („RAND“) send RESP (challenge response)
  7. 7. IMSI structure <ul><li>MCC/MNC uniquely designates an operator and his authentication center </li></ul><ul><li>when roaming, MCC/MNC tells the visiting network where to route the authentication request </li></ul><ul><li>this is done via SS7 MAP (mobile application part) </li></ul>
  8. 8. what is „OTA“ (over the air) loading? <ul><li>SIM cards are writable by mobile equipment </li></ul><ul><ul><li>if authenticated to network </li></ul></ul><ul><ul><li>if instructed by operator „over the air“ </li></ul></ul><ul><ul><li>if file/directory is writable </li></ul></ul><ul><li>example: ISIM X.509 certificate „bootstrap“ </li></ul><ul><ul><li>AKA authenticated: </li></ul></ul><ul><ul><ul><li>let user visit PKI portal </li></ul></ul></ul><ul><ul><ul><li>download certificates through HTTP/Digest mechanism </li></ul></ul></ul><ul><ul><ul><li>certificates are stored in record structured files, as ar CA certifcates </li></ul></ul></ul><ul><li>„ The Air“ can also be an IP connection </li></ul><ul><li>download of executable applets possible </li></ul><ul><ul><li>SIM Toolkit, USAT (USIM Application toolkit) </li></ul></ul><ul><ul><li>bytecode instructions sent encrypted by 3DES, stored on card </li></ul></ul><ul><li>regularly used in 2G networks today – for functionality upgrades & parameter download </li></ul>
  9. 9. UMTS authentication and key agreement (AKA) <ul><li>substantially improved over 2G SIM </li></ul><ul><li>protection against replay, MITM attacks </li></ul><ul><li>sports also network-to-user authentication </li></ul><ul><li>more complex algorithm </li></ul><ul><li>compatibility functions 2G network/3G card, 3G network/2G card </li></ul>
  10. 10. 3G AKA authentication flow 3G UMTS handset keys challenge RAND || AUTN token Authentication Center shared secret, Sequence numbers result: Cipher key Integrity key access request – present IMSI send RESP (challenge response)
  11. 11. what‘s the universal integrated circuit card (UICC) about <ul><li>generic support mechanism for multiple applications on one card </li></ul><ul><li>2G,3G authentication become „applications“ selected as needed </li></ul><ul><ul><li>USIM application implements AKA </li></ul></ul><ul><ul><li>2G SIM app implements 2G CHAP </li></ul></ul><ul><ul><li>additional apps possible (ISIM, PKI certificate storage etc) </li></ul></ul><ul><ul><li>ISIM is pretty close to SIP client needs!! </li></ul></ul><ul><li>mobile equipment chooses application </li></ul>
  12. 12. using (U)SIMs for Internet access authentication <ul><li>embed flow in EAP and tunnel in RADIUS </li></ul><ul><li>between 802.1x „supplicant“ in client and RADIUS EAP backend using EAP-SIM or EAP-AKA </li></ul><ul><li>RADIUS server MAY gateway to SS7 MAP and „roam“ </li></ul><ul><ul><li>WiFi network looks like a GSM roaming partner </li></ul></ul><ul><ul><li>example: WiFi roaming through www.togewanet.com </li></ul></ul><ul><li>OR RADIUS server access an ISP-style database for keys </li></ul><ul><ul><li>ISP is the SIM card issuer! </li></ul></ul>
  13. 13. using (U)SIM for SIP authentication <ul><li>speak HTTP/AKA (RFC3310) between SIP UA and proxy </li></ul><ul><li>proxy translates into EAP-AKA-in-RADIUS </li></ul><ul><li>RFC specified only for AKA (3G auth) </li></ul><ul><li>no mapping of EAP-SIM onto HTTP/SIM for 2G auth </li></ul><ul><li>bad – almost all networks today use 2G auth – which breaks SIP authentication through GSM/UMTS operators </li></ul><ul><li>we need to address this and spec HTTP/SIM </li></ul>
  14. 14. how 2G roaming works <ul><li>mobile equipment presents IMSI </li></ul><ul><li>visited network looks at MCC,MNC part of IMSI </li></ul><ul><ul><li>if no roaming agreement, drop him </li></ul></ul><ul><ul><li>otherwise send access request thru SS7 MAP to home network </li></ul></ul><ul><ul><li>the home network verifies IMSI and sends a „triplet“: (challenge, expected response, cipher key) authentication vector </li></ul></ul><ul><ul><li>visited network presents challenge, reads response </li></ul></ul><ul><ul><li>if (response == expected response), service user </li></ul></ul><ul><li>the triplet is essentially an access ticket </li></ul><ul><ul><li>note no replay detection – these fellows seem to trust each other </li></ul></ul>
  15. 15. how 3G roaming works <ul><li>not much different from 3G, just more parameters needed for AKA </li></ul><ul><li>„ triplets“ become „quintets“ </li></ul>
  16. 16. how the 2G/3G user ids (IMSI‘s) are mapped to RADIUS authentication: <ul><li>take mobile country code, mobile network code </li></ul><ul><li>use them to create a realm </li></ul><ul><li>Example </li></ul><ul><ul><li>IMSI = 232011234567890 </li></ul></ul><ul><ul><ul><li>means mcc=232 (Austria) mnc=01 (Mobilkom) </li></ul></ul></ul><ul><ul><li>resulting realm </li></ul></ul><ul><ul><ul><li>mnc01.mcc232.owlan.org </li></ul></ul></ul><ul><ul><li>resulting RADIUS user </li></ul></ul><ul><ul><ul><li>[email_address] </li></ul></ul></ul><ul><ul><ul><li>routing to Radius servers decided by „subdomain“ </li></ul></ul></ul><ul><li>convention established by Nokia </li></ul><ul><li>Nokia owns owlan.org domain pro-bono from thereon this is vanilla RADIUS roaming </li></ul><ul><li>but its just fine if we call it mnc01.mcc232.visionNG.org if that sounds better, realms just gotta be unique </li></ul>
  17. 17. how does 2G/3G address logistics work <ul><li>if you are a service provider and have E.164 ranges, get a MNC from your MCC administrator (FCC, regulator...) </li></ul><ul><li>the E.164 range might also be, for example, from visionNG (+87810 ff) MCC = 901 </li></ul><ul><li>this doesnt mean you‘re part of 2G/3G roaming yet – contracts & regulatory prerequisites needed </li></ul><ul><li>but the addressing is all set to go!! </li></ul>
  18. 18. a bonus business model thrown in: <ul><li>combine a SIP-based iTSP with a Mobile Virtual Network Operator (MVNO) </li></ul><ul><ul><li>an MVNO has authentication, billing, customers, numbers, but the radio network is outsourced from somewhere else </li></ul></ul><ul><li>issue (U)SIM cards which work both in a 2/3G handset AND as WiFi/SIP auth tokens – note the same card authenticates both uses! </li></ul><ul><li>leave choice to user how to connect – Internet or cellular – using the same E.164 number </li></ul>
  19. 19. Summary <ul><li>2G/3G has a strong/very strong authentication architecture </li></ul><ul><li>it is almost copy & paste for iTSP use at WiFi access, WiFi roaming acces, SIP and other levels (TBD!) </li></ul><ul><li>it can serve to solve the X.509 certificate distribution problem </li></ul><ul><li>operator model (2G/3G home network, ISP home network) has no impact on Internet-side terminals </li></ul><ul><li>numbering & addressing resources are compatible and available (maybe not obviously so) </li></ul><ul><li>the Internet could become the biggest (U)SIM authenticated mobile network ever to roam with 2G/3G land </li></ul>

×