Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter Howard Vodafone Group R&D

Similar presentations

Presentation on theme: "Peter Howard Vodafone Group R&D"— Presentation transcript:

1 Peter Howard Vodafone Group R&D
Royal Holloway, University of London, IC3 Network Security, 10 November 2003 GSM and UMTS Security Peter Howard Vodafone Group R&D

2 Contents Introduction to mobile telecommunications
Second generation systems - GSM security Third generation systems - UMTS security Focus is on security features for network access

3 Introduction to Mobile Telecommunications
Cellular radio network architecture Location management Call establishment and handover

4 Cellular Radio Network Architecture
Radio base stations form a patchwork of radio cells over a given geographic coverage area Radio base stations are connected to switching centres via fixed or microwave transmission links Switching centres are connected to the public networks (fixed telephone network, other GSM networks, Internet, etc.) Mobile terminals have a relationship with one home network but may be allowed to roam in other visited networks when outside the home network coverage area

5 Cellular Radio Network Architecture
Roaming Home network Switching and routing Radio base station Interconnect Other Networks (GSM, fixed, Internet, etc.) Visited network

6 Location Management The network must know a mobile’s location so that incoming calls can be routed to the correct destination When a mobile is switched on, it registers its current location in a Home Location Register (HLR) operated by the mobile’s home operator A mobile is always roaming, either in the home operator’s own network or in another network where a roaming agreement exists with the home operator When a mobile registers in a network, information is retrieved from the HLR and stored in a Visitor Location Register (VLR) associated with the local switching centre

7 Other Networks (GSM, fixed, Internet, etc.)
Location Management HLR VLR Roaming Home network Switching and routing Radio base station Interconnect Other Networks (GSM, fixed, Internet, etc.) Visited network

8 Call Establishment and Handover
For mobile originating (outgoing) calls, the mobile establishes a radio connection with a nearby base station which routes the call to a switching centre For mobile terminated (incoming) calls, the network first tries to contact the mobile by paging it across its current location area, the mobile responds by initiating the establishment of a radio connection If the mobile moves, the radio connection may be re-established with a different base station without any interruption to user communication – this is called handover

9 First Generation Mobile Phones
First generation analogue phones (1980 onwards) were horribly insecure Cloning: your phone just announced its identity in clear over the radio link easy for me to pick up your phone’s identity over the air easy for me to reprogram my phone with your phone’s identity then all my calls are charged to your bill Eavesdropping all you have to do is tune a radio receiver until you can hear someone talking

10 Second Generation Mobile Phones – The GSM Standard
Second generation mobile phones are characterised by the fact that data transmission over the radio link uses digital techniques Development of the GSM (Global System for Mobile communications) standard began in 1982 as an initiative of the European Conference of Postal and Telecommunications Administrations (CEPT) In 1989 GSM became a technical committee of the European Telecommunications Standards Institute (ETSI) GSM is the most successful mobile phone standard over 863 million customers over 70% of the world market over 197 countries source: GSM Association, May 2003

11 General Packet Radio Service (GPRS)
The original GSM system was based on circuit-switched transmission and switching voice services over circuit-switched bearers text messaging circuit-switched data services charges usually based on duration of connection GPRS is the packet-switched extension to GSM sometimes referred to as 2.5G packet-switched data services suited to bursty traffic charges usually based on volume of data transmitted Typical data services browsing, messaging, download, corporate LAN access

12 GSM Security — The Goals
GSM was intended to be no more vulnerable to cloning or eavesdropping than a fixed phone it’s a phone not a “secure communications device”! GSM uses integrated cryptographic mechanisms to achieve these goals just about the first mass market equipment to do this previously cryptography had been the domain of the military, security agencies, and businesses worried about industrial espionage, and then banks (but not in mass market equipment)

13 GSM Security Features Authentication
network operator can verify the identity of the subscriber making it infeasible to clone someone else’s mobile phone Confidentiality protects voice, data and sensitive signalling information (e.g. dialled digits) against eavesdropping on the radio path Anonymity protects against someone tracking the location of the user or identifying calls made to or from the user by eavesdropping on the radio path

14 GSM Security Mechanisms
Authentication challenge-response authentication protocol encryption of the radio channel Confidentiality Anonymity use of temporary identities

15 GSM Security Architecture
Each mobile subscriber is issued with a unique 128-bit secret key (Ki) This is stored on a Subscriber Identity Module (SIM) which must be inserted into the mobile phone Each subscriber’s Ki is also stored in an Authentication Centre (AuC) associated with the HLR in the home network The SIM is a tamper resistant smart card designed to make it infeasible to extract the customer’s Ki GSM security relies on the secrecy of Ki if the Ki could be extracted then the subscription could be cloned and the subscriber’s calls could be eavesdropped even the customer should not be able to obtain Ki

16 GSM Security Architecture
HLR/AuC VLR Home network Switching and routing Other Networks (GSM, fixed, Internet, etc.) SIM Visited network

17 GSM Authentication Principles
Network authenticates the SIM to protect against cloning Challenge-response protocol SIM demonstrates knowledge of Ki infeasible for an intruder to obtain information about Ki which could be used to clone the SIM Encryption key agreement a key (Kc) for radio interface encryption is derived as part of the protocol Authentication can be performed at call establishment allowing a new Kc to be used for each call

18 (1) Distribution of authentication data Visited Access Network
GSM Authe