3G security.pptx

UMTS Security Security in Mobile Networks GSM UMTS SIM SIM authentication authentication (PIN (PIN code) code) USIM USIM authentication authentication (PIN (PIN code) code) User User authentication authentication User User authentication authentication Network Network authentication authentication Ciphering Ciphering (air (air interface) interface) Ciphering Ciphering (air (air interface) interface) KASUMI algorithm (known) Signalling Signalling data data integrity integrity UMTS: larger key lengths than in GSM IP IP security security (e.g. (e.g. IPSEC) IPSEC) Authentication: SIM authentication (PIN code) user authentication (GSM, UMTS, DECT, TETRA) network authentication (UMTS, TETRA) Integrity: signalling data integrity (UMTS) Confidentiality (privacy): ciphering of signals over radio interface hiding of user identifiers over radio interface end-to-end encryption (offered by service provider) UMTS Security at a glance • Mutual Authentication with Replay Protection • Protection of signalling data • Secure negotiation of protection algorithms • Integrity protection and origin authentication • Encryption • Protection of user data payload • Encryption • “Open” algorithms basis for security • AES for authentication and key agreement • block cipher for confidentiality/integrity • Security level (key sizes): 128 bits • Protection further into the network Authentication Authentication: Procedure of verifying the authenticity of an entity (user, terminal, network, network element). In other words, is the entity the one it claims to be? SIM authentication is local (network is not involved) In GSM, only user is authenticated In UMTS, both user and network are authenticated User/network is authenticated at the beginning of each user-network transaction (e.g. location updating or connection set-up) and always before ciphering starts. Integrity Data integrity: The property that data has not been altered in an unauthorised manner. “Man-in-the-middle” security attack, e.g. false BS Data integrity checking is not done in GSM In UMTS, signalling messages are appended with a 32 bit security field (MAC-I) at the terminal or RNC before transmission and checked at the receiving end In UMTS, also volume of user data (not the user data itself) is integrity protected K HLR/AuC GPRS, ”2.5G” To other (mobile) network(s) MSC Encryption: UEA1 or UEA2 SGSN RNC ”secure env” Signalling integrity: UIA1 or UIA2 GGSN Authentication, shared key Milenage (AES) algorithm ”insecure env” NodeB K ME ”Internet” UMTS SIM (USIM) Signalling integrity protection in UMTS Both in terminal and RNC Signalling Signallingmessage message MAC-I generation UE UE MAC-I checking Algorithm f 9 MAC-I MAC-I Integrity Key (IK) and other keys/parameters MAC-I checking RNC RNC MAC-I generation Confidentiality Confidentiality: The property that information is not made available to unauthorised individuals, entities or processes. Example 1: Ciphering (encryption) over the air interface Example 2: Preventing unencrypted transmission of user ID information such as IMSI number over the air interface => Temporary Mobile Subscriber Identity (TMSI) is generated (at the end of each MM or CM transaction) and is used at the beginning of the next transaction instead of IMSI. Example 1: ciphering (encryption) GSM MS MS BTS BTS BSC BSC Core CoreNetwork Network BTS BTS BSC BSC SGSN SGSN GPRS MS MS Signalling integrity protection UMTS UE UE BS BS Air interface RNC RNC Core CoreNetwork Network Both CS and PS information Network domain security Circuit switched network => quite good IP-based network (Internet) => rather poor at present (security mechanisms are developed by IETF, 3GPP...) Some security threats in IP-based network: Confidentiality Sniffing (electronic eavesdropping) Integrity Spoofing, session hijacking Denial of service (DoS), ”spamming” UMTS AKA “Authentication and Key Agreement” • Home network (AuC) and USIM (Universal Subscriber Identity Module) in user equipment (UE) share secret 128bit key K. • AuC can generate random challenges RAND. • USIM and AuC have synchronized sequence numbers SQN available. • Key agreement on 128-bit cipher key CK and 128-bit integrity key IK. • AMF: Authentication Management Field. 13 UMTS AKA: VLR ↔ AuC VLR/SGSN AuC IMSI IMSI generate RAND authentication vector <RAND,AUTN,XRES,CK,IK> store <RAND,AUTN,XRES,CK,IK> tuples for IMSI www.wiley.co.uk/go/ gollmann 14 K SQN AV Generation at AuC generate SQN RAND K AMF f1 MAC www.wiley.co.uk/go/ gollmann f2 XRES 15 f3 f4 f5 CK IK AK UMTS AKA: USIM ↔ VLR Radio Link USIM VLR/SGSN RAND, AUTN RAND K Lookup XRES from store AUTN XRES RES SQN CK IK = yes/no www.wiley.co.uk/go/ gollmann 16 Authentication in USIM AUTN SQN AK AMF MAC RAND K SQN f2 f3 f4 f5 RES CK IK AK f1 XMAC = www.wiley.co.uk/go/ gollmann yes/no 17 UMTS AKA – Discussion • Checks at USIM: • Compares MAC received as part of AUTN and XMAC computed to verify that RAND and AUTN had been generated by the home AuC. • Checks that SQN is fresh to detect replay attacks. • Checks at VLR: • Compares RES and XRES to authenticate USIM. • False base station attacks prevented by a combination of key freshness and integrity protection of signaling data, not by authenticating the serving network. 18

Document Details

Related

Full Transcript