security in gsm/gprs and umts security in gsm/gprs the cellular network must warranty a secure...
TRANSCRIPT
Security in GSM/GPRS and UMTS
Security in GSM/GPRS
The cellular network must warranty a secure transmission of voice and data without interception, and avoid fraud
Security in GSM/GPRS is implemented in the following elements:
• SIM – This holds the IMSI, the ultrasecret MS key Ki, ciphering key generation algorythm (A8), authentication algorythm (A3) and PIN code
• Handset – Implements the ciphering algorythms A5 (GSM), GEA1, GEA2, GEA3 (GPRS) in the hardware
• GSM Network: The AUC (AUthentication Center) is a data base that holds the master keys Ki of users and generates the triplets (RAND, SRES & Kc) vectors.
• The SGSN stores the triplets to use them during the authentication (RAND, SRES) and ciphering (Kc) and holds the temporary information about attached users (TLLI)
• Core Network: Network layer (IP) IPSEC; Session layer: (AAA)* RADIUS, DIAMETER, SSL, WTLS (WAP)
Authentication and Ciphering in GPRS
Store (1..n) RAND, SRES, Kc vectors
GenerateRAND (1..n)
A3 A8
SRES (1..n) Kc (1..n)RAND (1..n)
RAND
A8A3
Ciphering? Ciphering ?
ENCRYPTEDDATA
RAI & TLLI or IMSIRequest Authentication
Ki
KiIMSI
Request Authentication Triplets
SRES
Pass Fail
= ?
Authentication
GPRS Authentication no encryption
NOTE: See traces Gb_noencryption & Gr_noencryption
Authentication & Ciphering Request[RAND][Ciphering Algorithm not used]6
GMM: Attach Accept [P-TMSI]14
MAP: SendAuthenticationInfoResArg N times [RAND],[SRES] & [KC] 4
GMM: Attach Complete
New TLLI = P-TMSI
17
MAP: UpdateGPRSLocatioRes[HLR number] 8
Authentication & Ciphering Response[SRES] SRES =?
9
Ack7
MAP: InsertSubscriberData Arg[MISDN],[GPRS services and QoS contract] 6
Y MAP: UpdateGPRSLocationArg [IMSI][SGSNnumber], [SGSN IP]
5
GMM: IMSI Attach Request [IMSI], [RAI]3 MAP: SendAuthenticationInfoArg [IMSI]Request Authentication vectors [n] 1
Trace: Gb_noencrypted Trace: Gr_noencrypted
Why Encryption?
Security of user data over the air interfaceThe encryption algorythm is installed in the MS and the SGSN.
This algorythm is restricted to MS to SGSN encrypted communications. Encryption is implemented at the LLC level.
Encrypted Protocols in GPRS
After GGM: Authentication & ciphering response. All protocols above LLC are encrypted,between MS and SGSN
BSSGP
Relay
GMM/SM
LLC
RLC
MAC
GSM RF
GMM/SM
LLC
BSSGP
L1bis
Um Gb MS BSS SGSN
Network Service
RLC
MAC
GSM RF L1bis
Network Service
Relay
Network Service
GTP
Application
IP / X.25
SNDCP
LLC
RLC
MAC
GSM RF
SNDCP
LLC
BSSGP
L1bis
RLC
MAC
GSM RF
BSSGP
L1bis
Relay
L2
L1
IP
L2
L1
IP
GTP
IP / X.25
Um Gb Gn Gi MS BSS SGSN GGSN
Network Service
UDP / TCP
UDP / TCP
ENCRYPTED
Non Ciphered Messages
The following messages are never ciphered:Attach Request
Attach Reject
Authentication and Ciphering Request
Authentication and Ciphering Response
Authentication and Ciphering Reject
Identity Request
Identity Response
Routing Area Update Request
Routing Area Update Reject
These messages are not ciphered so that the receiver (either SGSN or MS) can interpret the message
GPRS Authentication with encryption
GMM: IMSI Attach Request [IMSI], [RAI]
Authentication & Ciphering Request [RAND], [SQN][Ciphering Algorithm GEA/1]
Authentication & Ciphering Response[SRES]
MAP: SendAuthenticationInfoArg [IMSI]Request Authentication vectors [n]
MAP: SendAuthenticationInfoResArg N times [RAND],[SRES] & [KC]
SRES =?
Y MAP: UpdateGPRSLocationArg [IMSI][SGSNnumber],[SGSN IP]
MAP: InsertSubscriberData Arg[MISDN],[GPRS services and QoS contract]
Ack
MAP: UpdateGPRSLocatioRes[HLR number]
GMM: Attach Accept[P-TMSI]
GMM: Attach Complete
New TLLI = P-TMSI
NOTE: See traces Gb_encryption & Gr_encryption
5
6 4
8
9
7
6
5
1
Trace: Gb_ciphering Trace: Gr_ciphering
ENCRYPTED
16
19
Tools to analyze and troubleshoot a GPRS deciphered link
Deciphering a Capture file
PrismLite: offline only applicationPosibility to merge up to 3 Gb links offline
• Generates a raw .txt file <Gb01ciphered_dec.txt>• Encryption is activated above the LLC level for signaling
(GMM/SM) SAPI=1 and data (SAPI= 3, 5, 9 or 11)
Gb Gr
Online deciphering
Performer: both offline and online applicationOver 400,000 sessions online
You can also use:• An existing Gr File• Write the Kc keys into a Gr file.
Security in UMTS
Security in UMTS
Three entities are involved in the UMTS authenticationHome Network (HLR/Auc): holds the master keys K of all UEs. Generates the Quintuplets vectors (RAND, XRES, CK, IK and AUTN) using 5 one way functions.Serving Network (VLR or SGSN): requests and stores the authentication vectors from the HLR, and sends the Authentication Request message to the UE with RAND and AUTN vectors.The USIM: In the Smart Card of the terminal, holds the master key K (unique for this terminal).
• When receives the Authentication Request message from VLR/SGSN with AUTN, and RAND vectors, uses these vectors together with the master key K to generate the vectors RES (used in the Authentication Response), CK (Ciphering Key) & IK (Integrity Key). After Authentication has been resolved, the corresponding CK & IK stored in the SGSN/VLR are transferred RNC using the RANAP: Security Mode procedure to start the integrity and encryption process between the UE and the RNC
Initial Parameters:K: Master Key (ultrasecret permanent 128 bits)SQN: Incremental Sequence Number (48 bits)RAND: Random bit Stream (128 bits)AMF: Administrative Authentication Management Field (16 bits)
Calculated Parameters:MAC: Message Authentication Code (64 bits)XRES: Expected Authentication Response (4-64 bits)CK: Ciphering Key (128 bits)IK: Integrity Key (128 bits)AK: Anonymous Key (48 bits)
Quintuplet Vectors: (1..n) RAND, AUTN, XRES, CK, IKGenerated in AuC, temporarily Stored in SGSN/VLR & verified with USIM.
Authentication Vectors
Authentication, Integrity & ciphering in UMTS
PS: GMM_Attach Request [RAI & IMSI or P-TMSI]CS: MM_Location Update [LAI & IMSI or TMSI]
MAP_Send Auth Info Arg:[ IMSI & num of vectors]
VLR
HomeNetwork
ServingNetwork
Generate Auth VectorsMAP_Send Auth Info Resp:
[(1..n) RAND,AUTN, XRES, CK, IK]
Store Auth VectorsPS: GMM_Authentication & Ciphering Request [RAND & AUTN]
CS: MM_Authentication Request [RAND]
Verify AUTNGenerate RES
PS: GMM_Authentication & Ciphering Response [RES]CS: MM_Authentication Response [RES]
RES=XRES
RANAP_Security Mode Command [CK & IK]Encryption: Y/N
Store CK & IK
RRC_Security Mode Command Encryption: Y/N
RRC_Security Mode CompleteChosen Integrity Algorythm RANAP_Security Mode Complete
Chosen Integrity AlgorythmMAP: UpdateGPRSLocationArg [IMSI]
[SGSNnumber],[SGSN IP]
MAP: InsertSubscriberData Arg[MISDN],[GPRS services and QoS contract]
AckMAP: UpdateGPRSLocatioRes
[HLR number]GMM: Attach Accept [P-TMSI]
GMM: Attach Complete
Example: Open PTMSI_Att_Iu_Gr
Authentication Keys generation: AUC & USIM
: XOR || : Concatenation
VLR
IMSI
RES
K
K
= ?
*
*
Quintuplets: = RAND || XRES || CK || IK || AUTN
f2
AMF
GenerateSQN
RAND
AK
MAC
XRES
IK
CK
f5
f4
f3
f1
AUTN: = SQN AK || AMF || MAC
RAND
IK
XMAC
RES
CK
AK SQN
f2
f3
f4
f1f5
Ciphered Protocols in UMTS
After the RNC receives the Kc, the Security Mode Command is sent to the terminal to start the encryption
WCDMA Physical Channels SDH or PDH
ATM
AAL2
MAC
RELAY FP (Iub UP)
RLC
MAC
RLC
RRC RRC
Uu Iub
ENCRYPTED
RLC PDU CipheredMAC SDU Ciphered
For tools to analyze and troubleshoot a UMTS deciphered link see:
www.radcom.com