Professional Documents
Culture Documents
Case Study: Security in GSM and Umts
Case Study: Security in GSM and Umts
Case Study: Security in GSM and Umts
GSM
System model
users.2 Figure 7.1 describes the GSM network architecture. Moreover, it illustrates the
keys and security mechanisms stored by the network components, which are described in
detail in Section 7.1.2.
Mobile Device Currently Serving Network Home Network
BSS
BSC
Ki
BTS MSC MSC A3
Ki A8
A3 IMSI
A8
BTS BSC
A5
IMSI
SIM MD BTS
A5
A5
MD: Mobile Device VLR: Visitor Location Register A3: Authentication algorithm
BTS: Base Transeiver Station HLR: Home Location Register A8: Key generation algorithm
BSC: Base Station Controler AuC: Authentication Center A5: Encryption algorithm
MSC: Mobile Switching Center Ki: Secret per subscriber key SIM: Subscriber Identity Module
BSS: Base Station System IMSI: International Mobile Subscriber Identity
Kc = A8(Ki, RAND)
RES = A3(Kc, RAND)
Pre-defined secure channel
MN achieves no beliefs
09/05/16 GMS and UMTS security 8
GSM authen:ca:on
188 Chapter 7. Inter-provider Roaming within GSM and UMTS
GSM I TMSI
IMSI
Ki RES G
A8 / A3
RAND G Kc
Ki RES G
A8 / A3
RAND G Kc
authentication response
RES ∗G
RES ∗G = RES G
encryption key
PSfrag replacements Kc
decide mechanisms
GSM IV
start deciphering
and
start encryption
start encryption
UMTS
System model
stored in an AuC. Figure 7.3 illustrates the UMTS system components. Moreover, it shows
the keys and security mechanisms stored by each component. These are explained in detail
in the following section.
UTRAN
RNC
MD: Mobile Device MSC: Mobile Switching Center KU Secret per subscriber key
Node B: Base Transceiver Station HLR: Home Location Register f1−f5: key generation functions
RNC: Radio Network Controller AuC: Authentication Center f8: encryption mechansim
replacements VLR: Visitor Location Register f9: integrity protection mechansim
UTRAN: UMTS Terrestrial Radio Access Network
Security capabilities
Selected algorithms Pre-defined secure channel
RES = f2(Ku, RAND)
CK = f3(Ku, RAND)
IK = f4(Ku, RAND)
AUTN = SQN xor f5(Ku, RAND) || AMF || f1(Ku, SQN||AMF)
AK MAC
09/05/16 GMS and UMTS security 20
Analysis
Assump1ons
Ku
MD, HN |≡ MD ! HN
CK IK
HN |≡ (MD ↔ HN , MD ↔ HN )
Goals
CK
FN |≡ MN |≡ (FN ↔ MD)
IK Mutual authen:ca:on
MD |≡ HN |≡ (MD ↔ HN )
MD |≡ HN |≡ (security capabilities)
UMTS Authen:ca:on
MD Node B / RNC SGSN/MSC/VLR GSN/MSC/HLR
TMSI
identity request
IMSI
verify AUTN
UMTS III
compute RES ∗U , CK , IK
authentication response
RES ∗U
verify RES ∗U
decide allowed
mechanisms
allowed mechanisms
PSfrag replacements CK , IK
UMTS IV
decide mechanisms
start integrity protection