Top Banner
GSM and UMTS Security Vishal Prajapati (08305030) Vishal Sevani (07405010) Om Pal (07405702) Sudhir Rana (05005002)
30
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Presentation - PPT

GSM and UMTS Security

Vishal Prajapati (08305030)Vishal Sevani (07405010)

Om Pal (07405702)Sudhir Rana (05005002)

Page 2: Presentation - PPT

GSM Security Architecture

Homenetwork

Switching and

routing

Other Networks (GSM, fixed, Internet, etc.)

Visited network

HLR/AuCVLR

SIM

Page 3: Presentation - PPT

GSM Security Features• Authentication

– network operator can verify the identity of the subscriber making it infeasible to clone someone else’s mobile phone

• Confidentiality– protects voice, data and sensitive signalling information (e.g.

dialled digits) against eavesdropping on the radio path• Anonymity

– protects against someone tracking the location of the user or identifying calls made to or from the user by eavesdropping on the radio path

Page 4: Presentation - PPT

GSM Authentication ProtocolMSC orSGSN

HLR/AuCSIM

RAND

RES

{RAND, XRES, Kc}

Authentication Data Request A3 A8

Ki RAND

Kc

Kc RES

A3 A8

Ki RAND

XRES

RES = XRES?

Page 5: Presentation - PPT

Encryption in GSM

Page 6: Presentation - PPT

GSM Encryption Principles

• Data on the radio path is encrypted between the Mobile Equipment (ME) and the Base Transceiver Station (BTS)– protects user traffic and sensitive signalling data against

eavesdropping– extends the influence of authentication to the entire

duration of the call• Uses the encryption key (Kc) derived during

authentication

Page 7: Presentation - PPT

GSM User Identity Confidentiality

• User identity confidentiality on the radio access link– temporary identities (TMSIs) are allocated and used

instead of permanent identities (IMSIs)• Helps protect against:

– tracking a user’s location– obtaining information about a user’s calling pattern

IMSI: International Mobile Subscriber IdentityTMSI: Temporary Mobile Subscriber Identity

Page 8: Presentation - PPT

Specific GSM Security Problems

• The GSM cipher A5/2– A5/2 is now so weak that the cipher key can

be discovered in near real time using a very small amount of known plaintext

– Aim find the initial internal state of the registers.• Each frame in - 4.615 ms• So 2^8 frames in a sec.• After finding the initial state go backward and can

generate Kc

Page 9: Presentation - PPT

False Base Station Attack(1)

• Compromises User Identity Confidentiality

• Force MS to send IMSI• Cipher mode fault

Page 10: Presentation - PPT

False Base Station Attack(2)

• Active attack• IDENTITY REQUEST• Compromises User Data

Confidentiality

Source: LiTH-ISY-EX-3559-2004

Page 11: Presentation - PPT

Accessing Signaling network• No requirement of

decrypting skills• Need a instrument

that captures microwave

• Gains control of communication between MS and intended receiver

Page 12: Presentation - PPT

UMTS Security Mechanisms

Page 13: Presentation - PPT

Limitations of GSM Security

• Design only provides access security - communications and signalling in the fixed network portion aren’t protected

• Design does not address active attacks, whereby network elements may be impersonated

• Design goal was only ever to be as secure as the fixed networks to which GSM systems connect

• Short key size of Kc (64 bits) makes it more vulnerable to various attacks

Page 14: Presentation - PPT

Enhancements in UMTS vs GSM

• Mutual Authentication• provides enhanced protection against false base

station attacks by allowing the mobile to authenticate the network

• Data Integrity• provides enhanced protection against false base

station attacks by allowing the mobile to check the authenticity of certain signalling messages

• Network to Network Security• Secure communication between serving networks.

MAPSEC or IPsec can be used

Page 15: Presentation - PPT

UMTS Enhancements (contd)

• Wider Security Scope• Security is based within the RNC rather than

the base station

• Flexibility• Security features can be extended and

enhanced as required by new threats and services

• Longer Key Length• Key length is 128 as against 64 bits in GSM

Page 16: Presentation - PPT

HLRHLR AuCAuC

Access Network(UTRAN)

VisitedNetwork

User Equipment

D

RNCBTSUSIMUSIM MEME

SGSNSGSN

HMSCMSC

HomeNetwork

(2) Authentication

(1) Distribution of authentication vectors

UMTS Radio Access Link Security

(4) Protection of the access link (ME-RNC)

(3) CK,IK (3) CK, IK

MSC – circuit switched services

SGSN – packet switched services

Page 17: Presentation - PPT

Authentication and Key Agreement

• Mutual Authentication between user and the network

• Establishes a cipher key and integrity key

• Assures user that cipher/integrity keys were not used before, thereby providing protection against replay attacks

Page 18: Presentation - PPT

Authentication and Key Agreement

Page 19: Presentation - PPT

Authentication and Key Agreement

Page 20: Presentation - PPT

UMTS Integrity Protection Principles

• Protection of some radio interface signalling• protects against unauthorised modification, insertion and replay of

messages• applies to security mode establishment and other critical signalling

procedures • Helps extend the influence of authentication when encryption

is not applied• Uses the 128-bit integrity key (IK) derived during

authentication• Integrity applied at the Radio Resource Control (RRC) layer of

the UMTS radio protocol stack• signalling traffic only

Page 21: Presentation - PPT

Integrity and authentication of origin of signalling data provided. The integrity algorithm (KASUMI) uses 128 bit key and generates 64 bit message authentication code.

Integrity CheckIntegrity Check

Page 22: Presentation - PPT

UMTS Encryption Principles

• Data on the radio path is encrypted between the Mobile Equipment (ME) and the Radio Network Controller (RNC)

• protects user traffic and sensitive signalling data against eavesdropping

• extends the influence of authentication to the entire duration of the call

• Uses the 128-bit encryption key (CK) derived during authentication

Page 23: Presentation - PPT

Encryption

Signaling and user data protected from eavesdropping. Secret key, block cipher algorithm (KASUMI) uses 128 bit cipher key.

Page 24: Presentation - PPT

Protection Against Active Attacks

Page 25: Presentation - PPT

False Base Station Attack(1)

• Compromises User Identity Confidentiality

Reason

• No provision to ascertain the origin of information ie. lack of integrity check

Page 26: Presentation - PPT

False Base Station Attack(2)

• Exploits – user data confidentiality

Reason • No provision to ascertain

the origin of information ie. lack of integrity check

Source: LiTH-ISY-EX-3559-2004

Page 27: Presentation - PPT

False Base False Base Station AttackStation Attack

SolutionSolution

• Use of Integrity Use of Integrity CheckCheck

• After AKA SRNC After AKA SRNC sends integrity sends integrity protected message protected message containing security containing security capabilities of the capabilities of the ME, which the ME, which the mobile verifies to mobile verifies to ensure there is no ensure there is no foul playfoul play

Page 28: Presentation - PPT

Lack of Network Domain Security

• No security for communication between network elements in GSM

• Easy to gain access to sensitive information such as Kc

• Network Domain Security in UMTS foils these attacks

Page 29: Presentation - PPT

Summary of UMTS Security

UMTS builds upon security mechanisms of GSM, and in addition provides following enhancements,

Encryption terminates at the radio network controller Mutual authentication and integrity protection of critical

signalling procedures to give greater protection against false base station attacks

Longer key lengths (128-bit) Network Domain Security using MAPSEC or IPSec

Page 30: Presentation - PPT

References• UMTS security, Boman, K. Horn, G. Howard, P. Niemi, V.

Electronics & Communication Engineering Journal, Oct 2002, Volume: 14, Issue:5, pp. 191- 204

• "Evaluation of UMTS security architecture and services“, A. Bais, W. Penzhorn, P. Palensky, Proceedings of the 4th IEEE International Conference on Industrial Informatics, p. 6, Singapore, 2006

• UMTS Security, Valtteri Niemi, Kaisa Nyberg, published by John Wiley and Sons, 2003

• GSM-Security: a Survey and Evaluation of the Current Situation, Paul Yousef, Master’s thesis, Linkoping Institute of Technology, March 2004

• GSM: Security, Services, and the SIM Klaus Vedder, LNCS 1528, pp. 224-240, Springer-Verlag 1998

• Instant ciphertext-only cryptanalysis of GSM encrypted communication, Elad Barkan, Eli Biham, Nathan Keller, Advances in Cryptology – CRYPTO 2003