authentication seminar ligin

8/9/2019 Authentication Seminar Ligin

1/28

GSMSecurity, Authentication And Encryption

Prepared by

Ligin Mathew

[email protected]


2/28

Components of a GSM Network

Subscriber Equipment (MS)

The Switching System (SS)

The Base Station System (BSS)The Operation and Support System (OSS)

7/17/20102


3/28

Subscriber Equipment

Mobile Station (MS)

- The mobile telephone.

7/17/20103

Switching System

Mobile Services Switching Center.

Home Location Register (HLR)

Visitor Location Register (VLR)

Authentication Center (AUC)

Equipment Identity Register (EIR)


4/28

Base Station System (BSS)

Base Station Controller (BSC

Base Transceiver Station (BTS)

7/17/20104

Operation and Support System (OSS)

Message Center (MXE)

Mobile Service Node (MSN)

Gateway Mobile Services Switching Center (GMSC)

GSM Interworking Unit (GIWU)


5/28

Encryption Algorithm used in GSM

GSM networks utilize encryptionalgorithm for three purposes:

Authentication

Encryption

Key generation

7/17/20105


6/28

Authentication

A3Al rit i f r Aut ti ti

A3 l rit i i l t i t I r

A3's t sk is t r t t 32- it i R sponse( R ) utili ing t e 128- it r ndom challenge (RAND)generated by the Home Location Register (HLR) and the128-bit Indi idual ubscriber Authentication Key (Ki)from the Mobile Station's Subscriber Identity Module(SIM) or the Home Location Register (HLR).

7/17/20106


7/28

Encryption

In GSM, encryption refers to the process of creating authentication and ciphering cryptovariables using a special key and an

encryption algorithm.

7/17/20107


8/28

Encryption

Stream cipher known as the A5 algorithm isused.

Multiple versions of the A5 algorithm existwhich implement various levels of encryption.

A5 algorithm is implemented in the MobileStation.

The stream cipher is initialized with the Session Key (Kc) and thenumber of each frame. The same Kc is used throughout thecall, but the 22-bit frame number changes during the call,

thus generating a unique keystream for every frame. Thesame Session Key (Kc) is used as long as the Mobile ServicesSwitching Center (MSC) does not authenticate the MobileStation again. In practice, the same Session Key (Kc) may bein use for days.

7/17/20108


9/28

Key Generation

Key generation algorithm used in the GSMsystem is known as the A8 algorithm.

A8 algorithm is implemented in the SIM Card

Most GSM network operators utilize the aversion of the COMP128 algorithm as theimplementation of the A8 algorithm.

7/17/20109


10/28

Authentication Procedures

7/17/201010

Whenever a MS requests access to anetwork, the network must authenticate

the MS. Authentication verifies theidentity and validity of the SIM card tothe network and ensures that thesubscriber is authorized access to the

network.


11/28


7/17/201011Step 1


12/28


7/17/201012Step 2


13/28


7/17/201013Step 3


14/28


7/17/201014Step 4


15/28


7/17/201015Step 5


16/28


7/17/201016Step 6


17/28


7/17/201017Step 7


18/28


7/17/201018Step 8


19/28


7/17/201019Step 9


20/28

Ciphering Procedure

7/17/201020

Ciphering refers to the process of changing plaintext data into encrypted

data using a special key and a specialencryption algorithm. Transmissionsbetween the MS and the BTS on the Umlink, are enciphered.


21/28

Ciphering Procedure

7/17/201021Step 1


22/28

Ciphering Procedure

7/17/201022Step 2


23/28

Ciphering Procedure

7/17/201023Step 3


24/28

IMSI

The IMSI (International Mobile Subscriber Identity) is aunique 15-digit code used to identify an individual user ona GSM network.

The IMSI consists of three components:

Mobile Country Code (MCC) Mobile Network Code (MNC)

Mobile Subscriber Identity Number (MSIN)

eg :IMSI: 404 95 1234567890MCC 404 India

MNC 95 Bharti Airtel Ltd. Kerala Circle

MSIN 1234567890

The IMSI is stored in the Subscriber Identity Module (SIM).

7/17/201024


25/28

TMSI or TIMSI

The TIMSI (Temporary IMSI) is a pseudo-random numbergenerated from the IMSI (International Mobile SubscriberIdentity) number.

The TIMSI is utilized in order to remove the need to transmitthe IMSI over-the-air. This helps to keep the IMSI moresecure.

To track a GSM user via the IMSI/TIMSI, an eavesdroppermust intercept the GSM network communication where theTIMSI is initially negotiated.

In addition, because the TIMSI is periodically renegotiated,the eavesdropper must intercept each additional TIMSI re-negotiation session.

7/17/201025


26/28

Ki, Kc, RAND, SRES

Ki is the 128-bit Individual Subscriber Authentication Keyutilized as a secret key shared between the Mobile Station andthe Home Location egister of the subscriber's home network.

RAND is 128-bit random challenge generated by the HomeLocation egister.

SRES is the 32-bit Signed esponse generated by the MobileStation and the Mobile Services Switching Center.

Kc is the 64-bit ciphering key used as a Session Key forencryption of the over-the-air channel. Kc is generated by the

Mobile Station from the random challenge presented by theGSM network and the Ki from the SIM utilizing the A8algorithm.

7/17/201026


27/28

7/17/201027

Thank You


28/28

7/17/201028

authentication seminar ligin

Documents