 =====T-Nova 1 GSM - UMTS Interworking - Mechanisms Roland Schmitz T-Nova Deutsche Telekom Group TSG-T3 (USIM) meeting #8Tdoc T Bonn July, 1999

 =====T-Nova 2 Different Security Levels of UMTS and GSM  GSM •No Serving Network (SN) Authentication •No Guarantee of Key Freshness •Length of KC 64 Bit  UMTS •Proof of Trust of HE by SN •Guarantee of Key Freshness •Integrity Protection of Signalling Messages •Length of CK, IK 128 Bit

 =====T-Nova 3 UMTS-GSM Interworking- Scenarios  Roaming •GSIM - Authentication in GSM R1 •GSIM - Authentication in UMTS R2 •USIM - Authentication in GSM R3 •USIM - Authentication in UMTS R4  HandOver •GSIM HO from GSM to UMTS HO1 •USIM from GSM to UMTS HO2 •GSIM from UMTS to GSM HO3 •USIM from UMTS to GSM HO4

 =====T-Nova 4 Assumptions  GSIM is unchanged  Challenge RAND is the same in GSM and UMTS  Each HLR/AuC is capable of generating GSM- Triplets and UMTS-AV.  Re-authentication at HO is too time-consuming

 =====T-Nova 5 Requirements for an Interworking-Mechanism  Every Roaming/Handover - Scenario should be supported  If possible, UMTS-Subscribers should get UMTS-Level Security each time they are connected to a UTRAN => HO 2 (Handover of USIM from GSM to UMTS) is a critical scenario

 =====T-Nova 6 Mechanisms  Mechanism I (Ericsson) •does not allow for GSIM roaming; not covered here  Mechanism II (Siemens) •HLR/AuC generates UMTS-AV or derives GSM- Triplet via RAND*=RAND, RES* = c1(RES), Kc* = c2(CK), according to type of requesting VLR •UMTS-AV or GSM-Triplett are sent to VLR •On HO from GSM to UMTS or GSIM-Auth. in UMTS GSM-Keys are „stretched“ by UMTS-VLR via CK*=c3(KC), IK*=c4(KC) J No Impact on existing GSM-Infrastructure! L After USIM-Auth. in GSM or after HO to GSM only GSM-level security for UMTS-subscribers

 =====T-Nova 7 Mechanism II (HO) UTRAN GSM BSS CK, IK KC Kc CK* = c3(Kc) IK* = c4(Kc) Kc* = c2(CK) CK, IK HO01HO02HO03HO04 Kc* = c2(CK) CK* = c3(Kc) IK* = c4(Kc) GSIM USIMGSIMUSIM CK* = c3(Kc*) IK* = c4(Kc*)

 =====T-Nova 8 Mechanism II (Roaming) UTRAN GSM BSS CK, IK KC CK* = c3(Kc) IK* = c4(Kc) GSIM- Roaming USIM- Roaming R01R02R03R04 Kc* = c2(CK) GSIM- Roaming USIM- Roaming Kc CK, IK

 =====T-Nova 9 Mechanisms  Mechanism III (Siemens) •like mechanism II, but: In HO 4 (USIM HO from UMTS to GSM), UMTS VLR sends the tripel (KC*=c2(CK), CK, IK) to the GSM-VLR •in case of another HO to UMTS the CK, IK can be used again J UMTS-Security after HO2 (if registered in UMTS) L GSM VLRs have to handle UMTS-AVs L On USIM Registration in GSM only GSM-security even after subsequent HO to UMTS

 =====T-Nova 10 Mechanism III (HO) UTRAN GSM BSS CK, IK KC Kc CK* = c3(Kc) IK* = c4(Kc) Kc* = c2(CK) CK, IK HO01HO02HO03HO04 Kc* = c2(CK) CK* = c3(Kc) IK* = c4(Kc) GSIM USIMGSIMUSIM CK, IK

 =====T-Nova 11 Alternative Mechanisms  Mechanism IIa: (T-Mobil/T-Nova) •HLR/AuC generates UMTS-AVs and GSM-Tripletts and sends both to VLR, regardless if GSM-VLR or UMTS-VLR •on HO both kinds of authentication data are passed on to new VLR J „Maximum“ Security L High Signalling Load  Mechanism IIIa: (T-Mobil/T-Nova) •HLR/AuC generates UMTS-AV and sends them to all VLRs •GSM-VLRs generate derived RES*, KC* via RES*=c1(RES), KC*=c2(CK); on HO the pair (CK, IK) is passed on L „Maximum“ Security L GSM-VLRs have to implement c1, c2

 =====T-Nova 12 Mechanisms IIa/IIIa (HO) UTRAN GSM BSS CK, IK KC Kc CK* = c3(Kc) IK* = c4(Kc) Kc* = c2(CK) CK, IK HO01HO02HO03HO04 Kc* = c2(CK) CK* = c3(Kc) IK* = c4(Kc) GSIM USIMGSIMUSIM CK, IK

 =====T-Nova 13 Mechanisms IIa/IIIa (Roaming) UTRAN GSM BSS CK, IK Kc* = c2(CK) CK* = c3(Kc) IK* = c4(Kc) GSIM- Roaming USIM- Roaming R01R02R03R04 Kc* = c2(CK) GSIM- Roaming USIM- Roaming Kc CK, IK

 =====T-Nova 14 Summary