Recent Changes - Search:

Research@UNIK

Admin & Tools

Mobile Networking

edit SideBar

UniK, Kjeller

GSM authentication

MS
Mobile device, contains SIM with Ki and IMSI
MSC
Mobile switching center. Swithing, billing information
BSC
Base station controller
BTS
Base transceiver station
VLR
Visitor location register
HLR
Home location register
SIM
smart card has A3, A5 and A8 algorithm; has Ki. 64/32 KiB (Kilo binary byte) in size.
IMSI
International mobile subscriber identiy. only first time transmitted over network, after only TMSI is used
TMSI
Temporary mobile subscriber identity. randomly generated from network to be related to IMSI
Ki
128 bit Individual subscriber authentication key, unique for each number
Kc
64 bit ciphering key used as a session key for encryption of over-the-air channel, generated both in mobile and in SIM card (GSM)
AuC
Auhtentication centre, might be coloacted with HLR. Ki, all algorithms are there.
Algorithm
A3,A5,A8. A3 to generate SRES from RAND and Ki. A8 to generate Kc from RAND and Ki. A5 to generate cipher strings from Kc and frame number. A3 & A5 together used as one algorithm A38. This algorithm use a COMP-128 a keyed hash function can be broken in about 8 hrs and specification is readily available in internet. This has lead to new version of COMP-128 coming out.
A5
Frame number + Kc with A5 algorithm, crates 114 bit cipher string, XOR together with 114 bit (datastring) to generated encrypted data; Several versions
                 A5/0 no encryption
                 A5/1 used in Europe
                 A5/2 weak used in US
                 A5/3 stronger used by 3GPP standards  

In A5/2 or A5/1 among 64 bits of Kc 10 bits are set default to zero. This makes them weaker. Though the deisgn never made public, these algorithms can also be cracked fairly easily. By analysing the output of A5/1 for 2 minutes it can be cracked in less then a second. The weaker A5/2 algorithm can be cracked in milliseconds and attacks against A5/3 have been described already.

RAND
is a 128 bit random challenge generated by HLR
SRES
32 bit signes response generated in reponse to RAND

Three function to provide security in GSM:

  • User identity authentication
  • User identity confidentiality
  • User and signalling data confidentiality
  • User identity authentication/registration:
  1. MS requents service to network
  2. In response to MSC request HLR produce RAND, SRES,Kc (security triplet) for this user.
  3. RAND sent from MSC to MS
  4. MS produce SRES and Kc from RAND and Ki using A3 and A5 algorithm respectively
  5. SRES,Response to challenge RAND, sent to MSC from MS
  6. MSC compares this SRES with precomputed value, agrees when matched
  7. Kc sent from MSC to BTS
  8. Kc sent from MS to BTS
  9. BTS varifies Kc. The key for encryption is established as a part of the authentication protocol.
  10. User Authenticated and Over-the-air communication channel between the Mobile Station and Base Transceiver Station can now be encrypted utilizing the A5 algorithm.
  • User identity confidentiality

TMSI, a pseudorandom number used instead of IMSI during ongoing conversation or session. IMSI sent once during registration over the air. Use of TMSI ensures user identity confidentiality.

  • User and signalling data confidentiality

The A5 algorithm is initialized with the Session Key (Kc) and the number of the frame to be encrypted. Over-the-air communication channel between the Mobile Station and Base Transceiver Station can now be encrypted utilizing the A5 algorithm.

Topology: MS --> BTS --> BSC -- MSC -- VLR/HLR -- Auc
(VLR might be in MSC), SS7 used as signalling from MSC into HLR

UMTS authentication

  • UMTS authenticates mutually (both network and user), Network authentication in response to false base station attacks. GSM authenticates only user
  • Authentication key is longer in UMTS

Authentication versus Confirmation

PKI
Public key infrastructure, uses Priv_S, Publ_S (private and public key of sender), and Priv_R, Publ_R (receiver)
  • public key encrypts document (of receiver), private key (of sender) encrypts signature
  • receiver uses public key of user to check signature of document, private key do decrypt document

Confirmation

used for encryption of documents, either symmetrical or asymmetrical

  • symmetrical uses DES, 3DES or AES
  • asymmetrical uses PKI, with PGP being the most popular of them

Authentication

uses certificates, either hierachical or Web of trust

  • hierachical uses X.509, PKIX or LDAP
  • Web of trust uses PGP with a general database of "signatures"

Categories: GSM, Authentication

Edit - History - Print - Recent Changes - Search
Page last modified on January 08, 2009, at 12:33 AM EST