GSM Security and Encryption by Poonam Sharma
-
Upload
vikas-sharma -
Category
Documents
-
view
225 -
download
1
Transcript of GSM Security and Encryption by Poonam Sharma
![Page 1: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/1.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 1/27
GSM Security and Encryption
By:-
Poonam Sharma
1
![Page 2: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/2.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 2/27
Topics
GSM: Introduction
GSM Security Objectives
◦ Concerns, Goals, Requirements
GSM Security Mechanisms
Authentication and Encryption Scheme
SIM Anatomy
2
![Page 3: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/3.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 3/27
GSM: Introduction
GSM is the most widely used cellularstandard
Over 600 million users, mostly in Europe andAsia
Limited coverage and support in USA Based on TDMA radio access and PCM
trunking
Use SS7 signalling with mobile-specificextensions
Provides authentication and encryptioncapabilities
Today’s networks are 2G evolving to 2.5G
Third generation (3G) and future (4G) 3
![Page 4: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/4.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 4/27
GSM Security Concerns
Operators◦ Bills right people
◦ Avoid fraud
◦ Protect Services
Customers
◦ Privacy
◦ Anonymity Make a system at least secure as
PSTN
4
![Page 5: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/5.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 5/27
GSM Security Goals
Confidentiality and Anonymity on theradio path
Strong client authentication to protect
the operator against the billing fraud Prevention of operators from
compromising of each others’ security
◦ Inadvertently◦ Competition pressure
5
![Page 6: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/6.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 6/27
GSM Security DesignRequirements The security mechanism
◦ MUST NOT Add significant overhead on call set up
Increase bandwidth of the channel
Increase error rate Add expensive complexity to the system
◦ MUST Cost effective scheme
◦ Define security procedures Generation and distribution of keys
Exchange information between operators
Confidentiality of algorithms
6
![Page 7: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/7.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 7/27
GSM Security Features
Key management is independent of equipment ◦ Subscribers can change handsets without compromising
security
Subscriber identity protection ◦ not easy to identify the user of the system intercepting a
user data
Detection of compromised equipment ◦ Detection mechanism whether a mobile device was
compromised or not
Subscriber authentication ◦ The operator knows for billing purposes who is using the
system
Signaling and user data protection ◦ Signaling and data channels are protected over the radio
path 7
![Page 8: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/8.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 8/27
GSM Mobile Station
Mobile Station◦ Mobile Equipment (ME)
Physical mobile device
Identifiers IMEI – International Mobile Equipment Identity
◦ Subscriber Identity Module (SIM) Smart Card containing keys, identifiers and algorithms
Identifiers Ki – Subscriber Authentication Key
IMSI – International Mobile Subscriber Identity
TMSI – Temporary Mobile Subscriber Identity MSISDN – Mobile Station International Service Digital Network
PIN – Personal Identity Number protecting a SIM
LAI – location area identity
8
![Page 9: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/9.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 9/27
GSM Architecture
9
Mobile Stations Base Station
Subsystem
Exchange
System
Network
Management
Subscriber and terminal
equipment databases
BSC MSCVLR
HLR
EIR
AUC
OMC
BTS
BTS
BTS
![Page 10: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/10.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 10/27
Subscriber Identity Protection
TMSI – Temporary Mobile Subscriber Identity◦ Goals
TMSI is used instead of IMSI as an a temporary subscriber identifier
TMSI prevents an eavesdropper from identifying of subscriber
◦
Usage TMSI is assigned when IMSI is transmitted to AuC on the first phone
switch on
Every time a location update (new MSC) occur the networks assignsa new TMSI
TMSI is used by the MS to report to the network or during a call
initialization Network uses TMSI to communicate with MS
On MS switch off TMSI is stored on SIM card to be reused next time
◦ The Visitor Location Register (VLR) performs assignment,administration and update of the TMSI
10
![Page 11: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/11.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 11/27
Key Management Scheme
Ki – Subscriber Authentication Key◦ Shared 128 bit key used for authentication of subscriber by the
operator
◦ Key Storage Subscriber’s SIM (owned by operator, i.e. trusted)
Operator’s Home Locator Register (HLR) of the subscriber’s homenetwork
SIM can be used with different equipment
11
![Page 12: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/12.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 12/27
Detection of CompromisedEquipment International Mobile Equipment Identifier
(IMEI)◦ Identifier allowing to identify mobiles◦ IMEI is independent of SIM◦
Used to identify stolen or compromisedequipment
Equipment Identity Register (EIR)◦ Black list – stolen or non-type mobiles◦ White list - valid mobiles◦ Gray list – local tracking mobiles
Central Equipment Identity Register (CEIR)◦ Approved mobile type (type approval authorities)◦ Consolidated black list (posted by operators)
12
![Page 13: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/13.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 13/27
Authentication
Authentication Goals◦ Subscriber (SIM holder) authentication
◦ Protection of the network against
unauthorized use◦ Create a session key
Authentication Scheme◦ Subscriber identification: IMSI or TMSI
◦ Challenge-Response authentication of thesubscriber by the operator
13
![Page 14: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/14.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 14/27
Authentication and EncryptionScheme
14
A3
Mobile Station Radio Link GSM Operator
A8
A5
A3
A8
A5
Ki Ki
Challenge RAND
KcKc
mi Encrypted Data mi
SIM
Signed response (SRES)SRESSRES
Fn Fn
Authentication: are SRESvalues equal?
![Page 15: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/15.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 15/27
Authentication
AuC – Authentication Center◦ Provides parameters for authentication and
encryption functions (RAND, SRES, Kc)
HLR – Home Location Register◦
Provides MSC (Mobile Switching Center) withtriples (RAND, SRES, Kc)◦ Handles MS location
VLR – Visitor Location Register◦ Stores generated triples by the HLR when a
subscriber is not in his home network◦ One operator doesn’t have access to subscriber
keys of the another operator.
15
![Page 16: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/16.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 16/27
A3 – MS AuthenticationAlgorithm Goal
◦ Generation of SRES response to MSC’s
random challenge RAND
16
A3
RAND (128 bit)
Ki (128 bit)
SRES (32 bit)
![Page 17: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/17.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 17/27
A8 – Voice Privacy Key GenerationAlgorithm
Goal◦ Generation of session key Ks
A8 specification was never made public
17
A8
RAND (128 bit)
Ki (128 bit)
KC (64 bit)
![Page 18: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/18.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 18/27
Logical Implementationof A3 and A8
Both A3 and A8 algorithms areimplemented on the SIM
◦ Operator can decide, which algorithm to
use.◦ Algorithms implementation is independent
of hardware manufacturers and networkoperators.
18
![Page 19: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/19.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 19/27
Logical Implementationof A3 and A8
COMP128 is used for both A3 and A8in most GSM networks.
◦ COMP128 is a keyed hash function
19
COMP128
RAND (128 bit)
Ki (128 bit)
128 bit outputSRES 32 bit and Kc 54 bit
![Page 20: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/20.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 20/27
A5 – Encryption Algorithm
◦ A5 is a stream cipher Implemented very efficiently on hardware
Design was never made public
Leaked to Ross Anderson and Bruce Schneier
◦ Variants
A5/1 – the strong version
A5/2 – the weak version
A5/3 GSM Association Security Group and 3GPP design
Based on Kasumi algorithm used in 3G mobilesystems
20
![Page 21: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/21.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 21/27
Logical A5 Implementation
21
A5
Kc (64 bit) Fn (22 bit)
114 bit
XOR
Data (114 bit)
A5
Kc (64 bit) Fn (22 bit)
114 bit
XOR
Ciphertext (114 bit) Data (114 bit)
Mobile Station BTS
Real A5 output is 228 bit for both directions
![Page 22: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/22.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 22/27
A5 Encryption
22
Mobile Stations Base Station
Subsystem
Exchange
System
Network
Management
Subscriber and terminal
equipment databases
BSC MSCVLR
HLR
EIR
AUC
OMC
BTS
BTS
BTS
A5 Encryption
![Page 23: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/23.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 23/27
SIM Anatomy
◦ Subscriber Identification Module (SIM) Smart Card – a single chip computer containing OS, File
System, Applications
Protected by PIN
Owned by operator (i.e. trusted) SIM applications can be written with SIM Toolkit
23
![Page 24: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/24.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 24/27
Smart Card Anatomy
24
![Page 25: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/25.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 25/27
Microprocessor Cards
Typical specification◦ 8 bit CPU
◦ 16 K ROM
◦ 256 bytes RAM
◦ 4K EEPROM◦ Cost: $5-50
Smart Card Technology◦ Based on ISO 7816 defining
Card size, contact layout, electrical characteristics
I/O Protocols: byte/block based
File Structure
25
![Page 26: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/26.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 26/27
Summary
GSM: Introduction GSM Security Objectives
◦ Concerns, Goals, Requirements
GSM Security Mechanisms
Authentication and EncryptionScheme
SIM Anatomy
26
![Page 27: GSM Security and Encryption by Poonam Sharma](https://reader031.fdocuments.in/reader031/viewer/2022021113/577d20c61a28ab4e1e93bb92/html5/thumbnails/27.jpg)
8/2/2019 GSM Security and Encryption by Poonam Sharma
http://slidepdf.com/reader/full/gsm-security-and-encryption-by-poonam-sharma 27/27