Presentation is loading. Please wait.

Presentation is loading. Please wait.

Michael Haberler Internet Foundation Austria

Published byMaverick Roundtree Modified over 10 years ago

Similar presentations

Presentation on theme: "Michael Haberler Internet Foundation Austria"— Presentation transcript:

1 Michael Haberler Internet Foundation Austria
2G/3G Authentication with SIM cards: usage & roaming basics for the Internet challenged Michael Haberler Internet Foundation Austria

2 outline a SIM card mini-tutorial UMTS authentication and key agreement
features, protocol flow, usage, production, addressing UMTS authentication and key agreement principles and protocol flow the universal integrated circuit card (UICC) USIM app how 2G, 3G roaming works „over the air“ (OTA) loading of UICC apps example: X.509 certificate download (U)SIM‘s and Internet access authentication how SIMs and RADIUS roaming works (U)SIM‘s and SIP authentication what the SIP server does How the parameter logistics works a bonus business model thrown in summary

3 what‘s a 2G SIM card crypto smart card as per ISO 7816
access protected by a PIN code(s) („card holder verification“) fixed storage of subscriber identity – IMSI (international mobile subscriber identity) – „GSM MAC address“ E.164 number to IMSI mapping at the operator only safe storage for shared secret - accessible only through CHAP operation not broken as of today except for most stupid CHAP algorithm known CHAP algorithm in hardware operator chooses algorithm tree structured filesystem stream, record, cyclic record files can be readonly, read/write or none at all (for the key) some permission hierarchy

4 how are SIM cards produced
unprogrammed chips are „personalized“ and „closed“ (parameters written & sealed) mass product - $5-$7 apiece at 1000+ GEMplus, Giesecke & Devrient .... everybody can have SIM‘s made – even Mom&Pop ISP not everybody may roam with other cellular operators use the GSM algorithm „A3/A8“ – you wouldnt want it anyway must be member of GSM association for that having your own algorithm in a chip mask is a circa $50K+ affair for testing & development unprogrammed castrated chips used (XOR algorithm for CHAP...)

5 how are (U)SIM cards accessed
2G, 3G use builtin reader in the mobile handset for Internet use: maybe builtin in PDA, PC (e.g.DELL) external USB token – 20$ apiece re-use a mobile SIM card via Bluetooth SIG SIM Access Profile (only if roaming against 2G/3G operator) read 3G „(U)SIM Security Reuse by Peripheral Decices on local interfaces“ – contains some threat analysis

6 SIM usage in 2G authentication
access request – present IMSI Authentication Center 2G GSM handset present challenge („RAND“) send RESP (challenge response) keys shared secret

7 IMSI structure MCC/MNC uniquely designates an operator and his authentication center when roaming, MCC/MNC tells the visiting network where to route the authentication request this is done via SS7 MAP (mobile application part)

8 what is „OTA“ (over the air) loading?
SIM cards are writable by mobile equipment if authenticated to network if instructed by operator „over the air“ if file/directory is writable example: ISIM X.509 certificate „bootstrap“ AKA authenticated: let user visit PKI portal download certificates through HTTP/Digest mechanism certificates are stored in record structured files, as ar CA certifcates „The Air“ can also be an IP connection download of executable applets possible SIM Toolkit, USAT (USIM Application toolkit) bytecode instructions sent encrypted by 3DES, stored on card regularly used in 2G networks today – for functionality upgrades & parameter download

9 UMTS authentication and key agreement (AKA)
substantially improved over 2G SIM protection against replay, MITM attacks sports also network-to-user authentication more complex algorithm compatibility functions 2G network/3G card, 3G network/2G card

10 3G AKA authentication flow
access request – present IMSI Authentication Center 3G UMTS handset challenge RAND || AUTN token send RESP (challenge response) keys shared secret, Sequence numbers result: Cipher key Integrity key

11 what‘s the universal integrated circuit card (UICC) about
generic support mechanism for multiple applications on one card 2G,3G authentication become „applications“ selected as needed USIM application implements AKA 2G SIM app implements 2G CHAP additional apps possible (ISIM, PKI certificate storage etc) ISIM is pretty close to SIP client needs!! mobile equipment chooses application

12 using (U)SIMs for Internet access authentication
embed flow in EAP and tunnel in RADIUS between 802.1x „supplicant“ in client and RADIUS EAP backend using EAP-SIM or EAP-AKA RADIUS server MAY gateway to SS7 MAP and „roam“ WiFi network looks like a GSM roaming partner example: WiFi roaming through OR RADIUS server access an ISP-style database for keys ISP is the SIM card issuer!

13 using (U)SIM for SIP authentication
speak HTTP/AKA (RFC3310) between SIP UA and proxy proxy translates into EAP-AKA-in-RADIUS RFC specified only for AKA (3G auth) no mapping of EAP-SIM onto HTTP/SIM for 2G auth bad – almost all networks today use 2G auth – which breaks SIP authentication through GSM/UMTS operators we need to address this and spec HTTP/SIM

14 how 2G roaming works mobile equipment presents IMSI
visited network looks at MCC,MNC part of IMSI if no roaming agreement, drop him otherwise send access request thru SS7 MAP to home network the home network verifies IMSI and sends a „triplet“: (challenge, expected response, cipher key) authentication vector visited network presents challenge, reads response if (response == expected response), service user the triplet is essentially an access ticket note no replay detection – these fellows seem to trust each other

15 how 3G roaming works not much different from 3G, just more parameters needed for AKA „triplets“ become „quintets“

16 how the 2G/3G user ids (IMSI‘s) are mapped to RADIUS authentication:
take mobile country code, mobile network code use them to create a realm Example IMSI = means mcc=232 (Austria) mnc=01 (Mobilkom) resulting realm mnc01.mcc232.owlan.org resulting RADIUS user routing to Radius servers decided by „subdomain“ convention established by Nokia Nokia owns owlan.org domain pro-bono from thereon this is vanilla RADIUS roaming but its just fine if we call it mnc01.mcc232.visionNG.org if that sounds better, realms just gotta be unique

17 how does 2G/3G address logistics work
if you are a service provider and have E.164 ranges, get a MNC from your MCC administrator (FCC, regulator...) the E.164 range might also be, for example, from visionNG ( ff) MCC = 901 this doesnt mean you‘re part of 2G/3G roaming yet – contracts & regulatory prerequisites needed but the addressing is all set to go!!

18 a bonus business model thrown in:
combine a SIP-based iTSP with a Mobile Virtual Network Operator (MVNO) an MVNO has authentication, billing, customers, numbers, but the radio network is outsourced from somewhere else issue (U)SIM cards which work both in a 2/3G handset AND as WiFi/SIP auth tokens – note the same card authenticates both uses! leave choice to user how to connect – Internet or cellular – using the same E.164 number

19 Summary 2G/3G has a strong/very strong authentication architecture
it is almost copy & paste for iTSP use at WiFi access, WiFi roaming acces, SIP and other levels (TBD!) it can serve to solve the X.509 certificate distribution problem operator model (2G/3G home network, ISP home network) has no impact on Internet-side terminals numbering & addressing resources are compatible and available (maybe not obviously so) the Internet could become the biggest (U)SIM authenticated mobile network ever to roam with 2G/3G land

Download ppt "Michael Haberler Internet Foundation Austria"

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.

HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
WPKI available technology diagram and the business model

WPKI available technology diagram and the business model
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security

Cryptography and Network Security
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation 22.4.2008 ESPOO, Finland.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation ESPOO, Finland.
Myagmar, Gupta UIUC 2001 1 3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate

SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate

Similar presentations

Ads by Google