Presentation on theme: "Michael Haberler Internet Foundation Austria"— Presentation transcript:
1 Michael Haberler Internet Foundation Austria 2G/3G Authentication with SIM cards: usage & roaming basics for the Internet challengedMichael HaberlerInternet Foundation Austria
2 outline a SIM card mini-tutorial UMTS authentication and key agreement features, protocol flow, usage, production, addressingUMTS authentication and key agreementprinciples and protocol flowthe universal integrated circuit card (UICC)USIM apphow 2G, 3G roaming works„over the air“ (OTA) loading of UICC appsexample: X.509 certificate download(U)SIM‘s and Internet access authenticationhow SIMs and RADIUS roaming works(U)SIM‘s and SIP authenticationwhat the SIP server doesHow the parameter logistics worksa bonus business model thrown insummary
3 what‘s a 2G SIM card crypto smart card as per ISO 7816 access protected by a PIN code(s) („card holder verification“)fixed storage of subscriber identity – IMSI (international mobile subscriber identity) – „GSM MAC address“E.164 number to IMSI mapping at the operator onlysafe storage for shared secret - accessible only through CHAP operationnot broken as of today except for most stupid CHAP algorithm knownCHAP algorithm in hardwareoperator chooses algorithmtree structured filesystemstream, record, cyclic record filescan be readonly, read/write or none at all (for the key)some permission hierarchy
4 how are SIM cards produced unprogrammed chips are „personalized“ and „closed“ (parameters written & sealed)mass product - $5-$7 apiece at 1000+GEMplus, Giesecke & Devrient ....everybody can have SIM‘s made – even Mom&Pop ISPnot everybody mayroam with other cellular operatorsuse the GSM algorithm „A3/A8“ – you wouldnt want it anywaymust be member of GSM association for thathaving your own algorithm in a chip mask is a circa $50K+ affairfor testing & development unprogrammed castrated chips used (XOR algorithm for CHAP...)
5 how are (U)SIM cards accessed 2G, 3G usebuiltin reader in the mobile handsetfor Internet use:maybe builtin in PDA, PC (e.g.DELL)external USB token – 20$ apiecere-use a mobile SIM card via Bluetooth SIG SIM Access Profile (only if roaming against 2G/3G operator)read 3G „(U)SIM Security Reuse by Peripheral Decices on local interfaces“ – contains some threat analysis
7 IMSI structureMCC/MNC uniquely designates an operator and his authentication centerwhen roaming, MCC/MNC tells the visiting network where to route the authentication requestthis is done via SS7 MAP (mobile application part)
8 what is „OTA“ (over the air) loading? SIM cards are writable by mobile equipmentif authenticated to networkif instructed by operator „over the air“if file/directory is writableexample: ISIM X.509 certificate „bootstrap“AKA authenticated:let user visit PKI portaldownload certificates through HTTP/Digest mechanismcertificates are stored in record structured files, as ar CA certifcates„The Air“ can also be an IP connectiondownload of executable applets possibleSIM Toolkit, USAT (USIM Application toolkit)bytecode instructions sent encrypted by 3DES, stored on cardregularly used in 2G networks today – for functionality upgrades & parameter download
9 UMTS authentication and key agreement (AKA) substantially improved over 2G SIMprotection against replay, MITM attackssports also network-to-user authenticationmore complex algorithmcompatibility functions 2G network/3G card, 3G network/2G card
11 what‘s the universal integrated circuit card (UICC) about generic support mechanism for multiple applications on one card2G,3G authentication become „applications“ selected as neededUSIM application implements AKA2G SIM app implements 2G CHAPadditional apps possible (ISIM, PKI certificate storage etc)ISIM is pretty close to SIP client needs!!mobile equipment chooses application
12 using (U)SIMs for Internet access authentication embed flow in EAP and tunnel in RADIUSbetween 802.1x „supplicant“ in client and RADIUS EAP backend using EAP-SIM or EAP-AKARADIUS server MAY gateway to SS7 MAP and „roam“WiFi network looks like a GSM roaming partnerexample: WiFi roaming throughOR RADIUS server access an ISP-style database for keysISP is the SIM card issuer!
13 using (U)SIM for SIP authentication speak HTTP/AKA (RFC3310) between SIP UA and proxyproxy translates into EAP-AKA-in-RADIUSRFC specified only for AKA (3G auth)no mapping of EAP-SIM onto HTTP/SIM for 2G authbad – almost all networks today use 2G auth – which breaks SIP authentication through GSM/UMTS operatorswe need to address this and spec HTTP/SIM
14 how 2G roaming works mobile equipment presents IMSI visited network looks at MCC,MNC part of IMSIif no roaming agreement, drop himotherwise send access request thru SS7 MAP to home networkthe home network verifies IMSI and sends a „triplet“: (challenge, expected response, cipher key) authentication vectorvisited network presents challenge, reads responseif (response == expected response), service userthe triplet is essentially an access ticketnote no replay detection – these fellows seem to trust each other
15 how 3G roaming worksnot much different from 3G, just more parameters needed for AKA„triplets“ become „quintets“
16 how the 2G/3G user ids (IMSI‘s) are mapped to RADIUS authentication: take mobile country code, mobile network codeuse them to create a realmExampleIMSI =means mcc=232 (Austria) mnc=01 (Mobilkom)resulting realmmnc01.mcc232.owlan.orgresulting RADIUS userrouting to Radius servers decided by „subdomain“convention established by NokiaNokia owns owlan.org domain pro-bono from thereon this is vanilla RADIUS roamingbut its just fine if we call it mnc01.mcc232.visionNG.org if that sounds better, realms just gotta be unique
17 how does 2G/3G address logistics work if you are a service provider and have E.164 ranges, get a MNC from your MCC administrator (FCC, regulator...)the E.164 range might also be, for example, from visionNG ( ff) MCC = 901this doesnt mean you‘re part of 2G/3G roaming yet – contracts & regulatory prerequisites neededbut the addressing is all set to go!!
18 a bonus business model thrown in: combine a SIP-based iTSP with a Mobile Virtual Network Operator (MVNO)an MVNO has authentication, billing, customers, numbers, but the radio network is outsourced from somewhere elseissue (U)SIM cards which work both in a 2/3G handset AND as WiFi/SIP auth tokens – note the same card authenticates both uses!leave choice to user how to connect – Internet or cellular – using the same E.164 number
19 Summary 2G/3G has a strong/very strong authentication architecture it is almost copy & paste for iTSP use at WiFi access, WiFi roaming acces, SIP and other levels (TBD!)it can serve to solve the X.509 certificate distribution problemoperator model (2G/3G home network, ISP home network) has no impact on Internet-side terminalsnumbering & addressing resources are compatible and available (maybe not obviously so)the Internet could become the biggest (U)SIM authenticated mobile network ever to roam with 2G/3G land
Your consent to our cookies if you continue to use this website.