introduction to umts security
TRANSCRIPT
-
8/4/2019 Introduction to UMTS Security
1/17
Szu-Ying Chen2011.9.23
-
8/4/2019 Introduction to UMTS Security
2/17
3rd Generation Network
Universal Mobile Telecommunications System
Outline
-
8/4/2019 Introduction to UMTS Security
3/17
International Mobile Telecommunications for theyear 2000 (IMT-2000) specifications
1. Year 2000
2. 2GHz
3. 2Mbps
Proposed by International TelecommunicationUnion (ITU) in 1992
History
Standards
3rd Generation Networks
-
8/4/2019 Introduction to UMTS Security
4/17
Standards
CDMA2000
W-CDMA
TD-SCDMA
WiMAX
History
Standards
3rd Generation Networks
-
8/4/2019 Introduction to UMTS Security
5/17
Defined by the European TelecommunicationsStandards Institute (ETSI)
Developed the extremely successful 2nd generation GSMstandard
Evolved from the Global System for MobileCommunications (GSM)
Base on Wide band Code Division Multiple Access (W-CDMA)
Transferred to 3rd Generation Partnership Project
(3GPP) in 1998
History
Architecture
Components
Security
Universal Mobile Telecommunications System
-
8/4/2019 Introduction to UMTS Security
6/17
Architecture
Core Network (CN)
UMTS Terrestrial Radio Access Network (UTRAN)
User Equipment (UE)
History
Architecture
Components
Security
Universal Mobile Telecommunications System
-
8/4/2019 Introduction to UMTS Security
7/17
Components Serving Network (SN)
Visitor Location Register (VLR)
Home Environment (HE)
Access Network (AN)
Authentication Center (AuC)
International Mobile Equipment Identity number (IMEI)
International Mobile Subscriber Identity (IMSI)
Temporary Mobile Subscriber Identity (TMSI)
History
Architecture
Components
Security
Universal Mobile Telecommunications System
-
8/4/2019 Introduction to UMTS Security
8/17
Universal Subscriber Identity Module (USIM)
A secret key K shared with AuC
IMSI
TMSI
History
Architecture
Components
Security
Universal Mobile Telecommunications System
-
8/4/2019 Introduction to UMTS Security
9/17
Design Principles
1. UMTS security will build on the security of 2ndgeneration systems.
2. UMTS security will improve on the security of 2G
systems.3. UMTS security will offer new security features.
History
Architecture
Components
Security Principle
Feature
Comparison
Mechanism
Universal Mobile Telecommunications System
-
8/4/2019 Introduction to UMTS Security
10/17
Security Features
1. Network access security
2. Network domain security
3. User domain security
4. Application domain security
5. Visibility and configuration of security
History
Architecture
Components
Security Principle
Feature
Comparison
Mechanism
Universal Mobile Telecommunications System
-
8/4/2019 Introduction to UMTS Security
11/17
History
Architecture
Components
Security Principle
Feature
Comparison
Mechanism
Universal Mobile Telecommunications System
Security Features
-
8/4/2019 Introduction to UMTS Security
12/17
History
Architecture
Components
Security Principle
Feature
Comparison
Mechanism
Universal Mobile Telecommunications System
Comparison
GSM UMTS
Authentication Single Direction Bi-direction
Auth. Algorithm
A3, A8
(Not specified)
F1~F5
(MILEANAGE)
Encipher Key 64 bits 128 bits
Conf. AlgorithmA5
(Not published)F8
(KASUMI)
Integ. Algorithm -
F9
(KASUMI)
-
8/4/2019 Introduction to UMTS Security
13/17
History
Architecture
Components
Security Principle
Feature
Comparison
Mechanism
Universal Mobile Telecommunications System
Authentication and Key Agreement (AKA)
-
8/4/2019 Introduction to UMTS Security
14/17
History
Architecture
Components
Security Principle
Feature
Comparison
Mechanism
Universal Mobile Telecommunications System
Authentication and Key Agreement (AKA)1. MS request login/service of SN
2. SN demand MS to register
3. MS sends TMSI to SN
4. SN verifies the TMSI received from MS. If verification failed, ask
MS to send its IMSI5. MS sends IMSI to SN
-
8/4/2019 Introduction to UMTS Security
15/17
History
Architecture
Components
Security Principle
Feature
Comparison
Mechanism
Universal Mobile Telecommunications System
Authentication and Key Agreement (AKA)6. SN sends Auth Data Req Msg to HN
7. HN generates n ordered authentication vectors (AV)
8. HN sends AVs to SN
9. SN stores AVs to database and select on AV from them
10. SN sends User Auth Req Msg to MS including RAND(i) andAUTN(i)
11. MS verifies AUTN(i). If correct, MS computes RES(i), otherwise,
MS reject the connection.
12. MS sends User Auth Res Msg to SN including RES(i)
13. SN compares the XRES(i) stored in database with the receivedRES(i). If the values are equal, the authentication succeed. if not,the authentication failed.
14. After authentication succeed, MS could compute the value of CK,
IK with the pre-shared key K through algorithm f3, f4 for the
following communication.
-
8/4/2019 Introduction to UMTS Security
16/17
History
Architecture
Components
Security Principle
Feature
Comparison
Mechanism
Universal Mobile Telecommunications System
Authentication Vector
1. Message Authentication Code (MAC) f1( SQN, AMF,RAND, K )
2. eXpected RESponse (XRES) f2( K, RAND )
3. Cipher Key (CK) f3( K, RAND )
4. Integrity Key (IK) f4( K, RAND )
5. Anonymity Key (AK) - f5( K, RAND )
6. Authentication Token (AUTN) - SQN AK || AMF || MAC
AV(i) = RAND(i) || XRES(i) || CK(i) || IK(i) || AUTN(i)
-
8/4/2019 Introduction to UMTS Security
17/17
[1] UMTS Security Boman, K.; Horn, G.; Howard, P.; Niemi, V.;
Electronics & Communication Engineering Journal, 2002
[2] An Introduction to Access Security In UMTS
Koien, G.M.;
Wireless Communications, IEEE, 2004
[3] Securing a Wireless World
Yang, H.; Ricciato, F.; Lu, S.; Zhang, L.;
Proceedings of the IEEE ,2006
[4]
[5] Network and WiKipedia
Reference