security in gsm/gprs and umts security in gsm/gprs the cellular network must warranty a secure...
TRANSCRIPT
![Page 1: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/1.jpg)
Security in GSM/GPRS and UMTS
![Page 2: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/2.jpg)
Security in GSM/GPRS
The cellular network must warranty a secure transmission of voice and data without interception, and avoid fraud
Security in GSM/GPRS is implemented in the following elements:
• SIM – This holds the IMSI, the ultrasecret MS key Ki, ciphering key generation algorythm (A8), authentication algorythm (A3) and PIN code
• Handset – Implements the ciphering algorythms A5 (GSM), GEA1, GEA2, GEA3 (GPRS) in the hardware
• GSM Network: The AUC (AUthentication Center) is a data base that holds the master keys Ki of users and generates the triplets (RAND, SRES & Kc) vectors.
• The SGSN stores the triplets to use them during the authentication (RAND, SRES) and ciphering (Kc) and holds the temporary information about attached users (TLLI)
• Core Network: Network layer (IP) IPSEC; Session layer: (AAA)* RADIUS, DIAMETER, SSL, WTLS (WAP)
![Page 3: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/3.jpg)
Authentication and Ciphering in GPRS
Store (1..n) RAND, SRES, Kc vectors
GenerateRAND (1..n)
A3 A8
SRES (1..n) Kc (1..n)RAND (1..n)
RAND
A8A3
Ciphering? Ciphering ?
ENCRYPTEDDATA
RAI & TLLI or IMSIRequest Authentication
Ki
KiIMSI
Request Authentication Triplets
SRES
Pass Fail
= ?
Authentication
![Page 4: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/4.jpg)
GPRS Authentication no encryption
NOTE: See traces Gb_noencryption & Gr_noencryption
Authentication & Ciphering Request[RAND][Ciphering Algorithm not used]6
GMM: Attach Accept [P-TMSI]14
MAP: SendAuthenticationInfoResArg N times [RAND],[SRES] & [KC] 4
GMM: Attach Complete
New TLLI = P-TMSI
17
MAP: UpdateGPRSLocatioRes[HLR number] 8
Authentication & Ciphering Response[SRES] SRES =?
9
Ack7
MAP: InsertSubscriberData Arg[MISDN],[GPRS services and QoS contract] 6
Y MAP: UpdateGPRSLocationArg [IMSI][SGSNnumber], [SGSN IP]
5
GMM: IMSI Attach Request [IMSI], [RAI]3 MAP: SendAuthenticationInfoArg [IMSI]Request Authentication vectors [n] 1
Trace: Gb_noencrypted Trace: Gr_noencrypted
![Page 5: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/5.jpg)
Why Encryption?
Security of user data over the air interfaceThe encryption algorythm is installed in the MS and the SGSN.
This algorythm is restricted to MS to SGSN encrypted communications. Encryption is implemented at the LLC level.
![Page 6: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/6.jpg)
Encrypted Protocols in GPRS
After GGM: Authentication & ciphering response. All protocols above LLC are encrypted,between MS and SGSN
BSSGP
Relay
GMM/SM
LLC
RLC
MAC
GSM RF
GMM/SM
LLC
BSSGP
L1bis
Um Gb MS BSS SGSN
Network Service
RLC
MAC
GSM RF L1bis
Network Service
Relay
Network Service
GTP
Application
IP / X.25
SNDCP
LLC
RLC
MAC
GSM RF
SNDCP
LLC
BSSGP
L1bis
RLC
MAC
GSM RF
BSSGP
L1bis
Relay
L2
L1
IP
L2
L1
IP
GTP
IP / X.25
Um Gb Gn Gi MS BSS SGSN GGSN
Network Service
UDP / TCP
UDP / TCP
ENCRYPTED
![Page 7: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/7.jpg)
Non Ciphered Messages
The following messages are never ciphered:Attach Request
Attach Reject
Authentication and Ciphering Request
Authentication and Ciphering Response
Authentication and Ciphering Reject
Identity Request
Identity Response
Routing Area Update Request
Routing Area Update Reject
These messages are not ciphered so that the receiver (either SGSN or MS) can interpret the message
![Page 8: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/8.jpg)
GPRS Authentication with encryption
GMM: IMSI Attach Request [IMSI], [RAI]
Authentication & Ciphering Request [RAND], [SQN][Ciphering Algorithm GEA/1]
Authentication & Ciphering Response[SRES]
MAP: SendAuthenticationInfoArg [IMSI]Request Authentication vectors [n]
MAP: SendAuthenticationInfoResArg N times [RAND],[SRES] & [KC]
SRES =?
Y MAP: UpdateGPRSLocationArg [IMSI][SGSNnumber],[SGSN IP]
MAP: InsertSubscriberData Arg[MISDN],[GPRS services and QoS contract]
Ack
MAP: UpdateGPRSLocatioRes[HLR number]
GMM: Attach Accept[P-TMSI]
GMM: Attach Complete
New TLLI = P-TMSI
NOTE: See traces Gb_encryption & Gr_encryption
5
6 4
8
9
7
6
5
1
Trace: Gb_ciphering Trace: Gr_ciphering
ENCRYPTED
16
19
![Page 9: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/9.jpg)
Tools to analyze and troubleshoot a GPRS deciphered link
![Page 10: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/10.jpg)
Deciphering a Capture file
PrismLite: offline only applicationPosibility to merge up to 3 Gb links offline
• Generates a raw .txt file <Gb01ciphered_dec.txt>• Encryption is activated above the LLC level for signaling
(GMM/SM) SAPI=1 and data (SAPI= 3, 5, 9 or 11)
Gb Gr
![Page 11: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/11.jpg)
Online deciphering
Performer: both offline and online applicationOver 400,000 sessions online
You can also use:• An existing Gr File• Write the Kc keys into a Gr file.
![Page 12: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/12.jpg)
Security in UMTS
![Page 13: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/13.jpg)
Security in UMTS
Three entities are involved in the UMTS authenticationHome Network (HLR/Auc): holds the master keys K of all UEs. Generates the Quintuplets vectors (RAND, XRES, CK, IK and AUTN) using 5 one way functions.Serving Network (VLR or SGSN): requests and stores the authentication vectors from the HLR, and sends the Authentication Request message to the UE with RAND and AUTN vectors.The USIM: In the Smart Card of the terminal, holds the master key K (unique for this terminal).
• When receives the Authentication Request message from VLR/SGSN with AUTN, and RAND vectors, uses these vectors together with the master key K to generate the vectors RES (used in the Authentication Response), CK (Ciphering Key) & IK (Integrity Key). After Authentication has been resolved, the corresponding CK & IK stored in the SGSN/VLR are transferred RNC using the RANAP: Security Mode procedure to start the integrity and encryption process between the UE and the RNC
![Page 14: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/14.jpg)
Initial Parameters:K: Master Key (ultrasecret permanent 128 bits)SQN: Incremental Sequence Number (48 bits)RAND: Random bit Stream (128 bits)AMF: Administrative Authentication Management Field (16 bits)
Calculated Parameters:MAC: Message Authentication Code (64 bits)XRES: Expected Authentication Response (4-64 bits)CK: Ciphering Key (128 bits)IK: Integrity Key (128 bits)AK: Anonymous Key (48 bits)
Quintuplet Vectors: (1..n) RAND, AUTN, XRES, CK, IKGenerated in AuC, temporarily Stored in SGSN/VLR & verified with USIM.
Authentication Vectors
![Page 15: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/15.jpg)
Authentication, Integrity & ciphering in UMTS
PS: GMM_Attach Request [RAI & IMSI or P-TMSI]CS: MM_Location Update [LAI & IMSI or TMSI]
MAP_Send Auth Info Arg:[ IMSI & num of vectors]
VLR
HomeNetwork
ServingNetwork
Generate Auth VectorsMAP_Send Auth Info Resp:
[(1..n) RAND,AUTN, XRES, CK, IK]
Store Auth VectorsPS: GMM_Authentication & Ciphering Request [RAND & AUTN]
CS: MM_Authentication Request [RAND]
Verify AUTNGenerate RES
PS: GMM_Authentication & Ciphering Response [RES]CS: MM_Authentication Response [RES]
RES=XRES
RANAP_Security Mode Command [CK & IK]Encryption: Y/N
Store CK & IK
RRC_Security Mode Command Encryption: Y/N
RRC_Security Mode CompleteChosen Integrity Algorythm RANAP_Security Mode Complete
Chosen Integrity AlgorythmMAP: UpdateGPRSLocationArg [IMSI]
[SGSNnumber],[SGSN IP]
MAP: InsertSubscriberData Arg[MISDN],[GPRS services and QoS contract]
AckMAP: UpdateGPRSLocatioRes
[HLR number]GMM: Attach Accept [P-TMSI]
GMM: Attach Complete
Example: Open PTMSI_Att_Iu_Gr
![Page 16: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/16.jpg)
Authentication Keys generation: AUC & USIM
: XOR || : Concatenation
VLR
IMSI
RES
K
K
= ?
*
*
Quintuplets: = RAND || XRES || CK || IK || AUTN
f2
AMF
GenerateSQN
RAND
AK
MAC
XRES
IK
CK
f5
f4
f3
f1
AUTN: = SQN AK || AMF || MAC
RAND
IK
XMAC
RES
CK
AK SQN
f2
f3
f4
f1f5
![Page 17: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/17.jpg)
Ciphered Protocols in UMTS
After the RNC receives the Kc, the Security Mode Command is sent to the terminal to start the encryption
WCDMA Physical Channels SDH or PDH
ATM
AAL2
MAC
RELAY FP (Iub UP)
RLC
MAC
RLC
RRC RRC
Uu Iub
ENCRYPTED
RLC PDU CipheredMAC SDU Ciphered
![Page 18: Security in GSM/GPRS and UMTS Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and](https://reader038.vdocuments.site/reader038/viewer/2022110100/56649e4b5503460f94b403f5/html5/thumbnails/18.jpg)
For tools to analyze and troubleshoot a UMTS deciphered link see:
www.radcom.com