Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in GSM/GPRS and UMTS

Published byNathan Patrick Modified over 8 years ago

Similar presentations

Presentation on theme: "Security in GSM/GPRS and UMTS"— Presentation transcript:

1 Security in GSM/GPRS and UMTS

2 Security in GSM/GPRS The cellular network must warranty a secure transmission of voice and data without interception, and avoid fraud Security in GSM/GPRS is implemented in the following elements: SIM – This holds the IMSI, the ultrasecret MS key Ki, ciphering key generation algorythm (A8), authentication algorythm (A3) and PIN code Handset – Implements the ciphering algorythms A5 (GSM), GEA1, GEA2, GEA3 (GPRS) in the hardware GSM Network: The AUC (AUthentication Center) is a data base that holds the master keys Ki of users and generates the triplets (RAND, SRES & Kc) vectors. The SGSN stores the triplets to use them during the authentication (RAND, SRES) and ciphering (Kc) and holds the temporary information about attached users (TLLI) Core Network: Network layer (IP) IPSEC; Session layer: (AAA)* RADIUS, DIAMETER, SSL, WTLS (WAP) *AAA: Authentication, Authorization & Accounting

3 Authentication and Ciphering in GPRS
RAI & TLLI or IMSI Request Authentication IMSI Request Authentication Triplets Ki Generate RAND (1..n) A3 A8 SRES (1..n) Kc (1..n) RAND A8 A3 SRES Pass Fail = ? Authentication Ciphering? Ciphering ? Store (1..n) RAND, SRES, Kc vectors GPRS uses the following elements: A random number called RAND A secret Key Ki used for: (The Ki only exist in the HLR and the USIM) Authenticating the subscriber Generating another key for ciphering called Kc An algorithm A3 generating a number SRES (Signed Result) from Ki and RAND input. An algorithm A8 generating the key Kc from the Ki and RAND input. An algorithm A5 (GEA1, GEA2) to apply the ciphering on the transmitted data using the key Kc. ENCRYPTED DATA

4 GPRS Authentication no encryption
Trace: Gb_noencrypted Trace: Gr_noencrypted GMM: IMSI Attach Request [IMSI], [RAI] 3 MAP: SendAuthenticationInfoArg [IMSI] Request Authentication vectors [n] 1 MAP: SendAuthenticationInfoResArg N times [RAND],[SRES] & [KC] 4 Authentication & Ciphering Request[RAND] [Ciphering Algorithm not used] 6 Y MAP: UpdateGPRSLocationArg [IMSI] [SGSNnumber], [SGSN IP] 5 Authentication & Ciphering Response[SRES] SRES =? 9 MAP: InsertSubscriberData Arg [MISDN],[GPRS services and QoS contract] 6 Ack 7 MAP: UpdateGPRSLocatioRes [HLR number] 8 GMM: Attach Accept [P-TMSI] 14 GMM: Attach Complete New TLLI = P-TMSI 17 NOTE: See traces Gb_noencryption & Gr_noencryption

5 Why Encryption? Security of user data over the air interface
The encryption algorythm is installed in the MS and the SGSN. This algorythm is restricted to MS to SGSN encrypted communications. Encryption is implemented at the LLC level. Kc is never transmited over the radio interface. Input: This is the LLC frame dependent input parameter (32 bits) for the ciphering algorithm. Depending on the frame type, this field is derived as follows: - For I-frames carrying user data: - The input value is set to a random initial value at LLC connection set-up and incremented by 1 for each new frame. - For UI-frames carrying user data and signalling messages: - the input parameter is a non-repeating 32-bit value derived from the LLC header. Direction: (1 bit) uplink or downlink Output: This is the output of the ciphering algorithm. The maximum length (1600 octets) of the output string is the maximum length of the payload of the LLC frame, including the FCS (Frame Check Sequence, 3 octets). The minimum length of the output string is 5 octets.

6 Encrypted Protocols in GPRS
After GGM: Authentication & ciphering response. All protocols above LLC are encrypted,between MS and SGSN ENCRYPTED

7 Non Ciphered Messages The following messages are never ciphered:
Attach Request Attach Reject Authentication and Ciphering Request Authentication and Ciphering Response Authentication and Ciphering Reject Identity Request Identity Response Routing Area Update Request Routing Area Update Reject These messages are not ciphered so that the receiver (either SGSN or MS) can interpret the message

8 GPRS Authentication with encryption
Trace: Gb_ciphering Trace: Gr_ciphering GMM: IMSI Attach Request [IMSI], [RAI] 5 MAP: SendAuthenticationInfoArg [IMSI] Request Authentication vectors [n] 1 MAP: SendAuthenticationInfoResArg N times [RAND],[SRES] & [KC] Authentication & Ciphering Request [RAND], [SQN] [Ciphering Algorithm GEA/1] 4 6 Y Authentication & Ciphering Response[SRES] 9 SRES =? MAP: UpdateGPRSLocationArg [IMSI] [SGSNnumber],[SGSN IP] 5 MAP: InsertSubscriberData Arg [MISDN],[GPRS services and QoS contract] 6 ENCRYPTED 7 Ack MAP: UpdateGPRSLocatioRes [HLR number] GMM: Attach Accept[P-TMSI] 8 16 GMM: Attach Complete 19 New TLLI = P-TMSI NOTE: See traces Gb_encryption & Gr_encryption

9 Tools to analyze and troubleshoot a GPRS deciphered link

10 Deciphering a Capture file
PrismLite: offline only application Posibility to merge up to 3 Gb links offline Generates a raw .txt file <Gb01ciphered_dec.txt> Encryption is activated above the LLC level for signaling (GMM/SM) SAPI=1 and data (SAPI= 3, 5, 9 or 11) Gb Gr

11 Online deciphering Performer: both offline and online application
Over 400,000 sessions online You can also use: An existing Gr File Write the Kc keys into a Gr file.

12 Security in UMTS

13 Security in UMTS Three entities are involved in the UMTS authentication Home Network (HLR/Auc): holds the master keys K of all UEs. Generates the Quintuplets vectors (RAND, XRES, CK, IK and AUTN) using 5 one way functions. Serving Network (VLR or SGSN): requests and stores the authentication vectors from the HLR, and sends the Authentication Request message to the UE with RAND and AUTN vectors. The USIM: In the Smart Card of the terminal, holds the master key K (unique for this terminal). When receives the Authentication Request message from VLR/SGSN with AUTN, and RAND vectors, uses these vectors together with the master key K to generate the vectors RES (used in the Authentication Response), CK (Ciphering Key) & IK (Integrity Key). After Authentication has been resolved, the corresponding CK & IK stored in the SGSN/VLR are transferred RNC using the RANAP: Security Mode procedure to start the integrity and encryption process between the UE and the RNC *AAA: Authentication, Authorization & Accounting

14 Authentication Vectors
Initial Parameters: K: Master Key (ultrasecret permanent 128 bits) SQN: Incremental Sequence Number (48 bits) RAND: Random bit Stream (128 bits) AMF: Administrative Authentication Management Field (16 bits) Calculated Parameters: MAC: Message Authentication Code (64 bits) XRES: Expected Authentication Response (4-64 bits) CK: Ciphering Key (128 bits) IK: Integrity Key (128 bits) AK: Anonymous Key (48 bits) Quintuplet Vectors: (1..n) RAND, AUTN, XRES, CK, IK Generated in AuC, temporarily Stored in SGSN/VLR & verified with USIM.

15 Authentication, Integrity & ciphering in UMTS
Home Network Serving Network VLR PS: GMM_Attach Request [RAI & IMSI or P-TMSI] CS: MM_Location Update [LAI & IMSI or TMSI] MAP_Send Auth Info Arg:[ IMSI & num of vectors] Generate Auth Vectors MAP_Send Auth Info Resp: [(1..n) RAND,AUTN, XRES, CK, IK] Store Auth Vectors PS: GMM_Authentication & Ciphering Request [RAND & AUTN] CS: MM_Authentication Request [RAND] Verify AUTN Generate RES PS: GMM_Authentication & Ciphering Response [RES] CS: MM_Authentication Response [RES] RES=XRES RANAP_Security Mode Command [CK & IK] Encryption: Y/N RRC_Security Mode Command Encryption: Y/N Store CK & IK RRC_Security Mode Complete Chosen Integrity Algorythm RANAP_Security Mode Complete Chosen Integrity Algorythm MAP: UpdateGPRSLocationArg [IMSI] [SGSNnumber],[SGSN IP] MAP: InsertSubscriberData Arg [MISDN],[GPRS services and QoS contract] Ack MAP: UpdateGPRSLocatioRes [HLR number] GMM: Attach Accept [P-TMSI] GMM: Attach Complete Example: Open PTMSI_Att_Iu_Gr

16 Authentication Keys generation: AUC & USIM
f2 AMF Generate SQN  RAND AK MAC XRES IK CK f5 f4 f3 f1 VLR K IK XMAC RES CK AK SQN  f2 f3 f4 f1 f5 = ? * AUTN: = SQN  AK || AMF || MAC RAND IMSI Quintuplets: = RAND || XRES || CK || IK || AUTN RES  : XOR || : Concatenation

17 Ciphered Protocols in UMTS
After the RNC receives the Kc, the Security Mode Command is sent to the terminal to start the encryption WCDMA Physical Channels SDH or PDH ATM AAL2 MAC RELAY FP (Iub UP) RLC RRC Uu Iub ENCRYPTED MAC SDU Ciphered RLC PDU Ciphered

18 For tools to analyze and troubleshoot a UMTS deciphered link see: www
For tools to analyze and troubleshoot a UMTS deciphered link see:

Download ppt "Security in GSM/GPRS and UMTS"

Similar presentations

21-08-0xxx-00-0sec IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-08-0xxx-00-0sec-3gpp-security-non802handover Title: A Study on Security Solutions in.

xxx-00-0sec IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx-00-0sec-3gpp-security-non802handover Title: A Study on Security Solutions in.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Layer 3 Messaging and Call Procedures

Layer 3 Messaging and Call Procedures
Eurocrypt 2000Security of 3GPP networks1 On the Security of 3GPP Networks Michael Walker Vodafone AirTouch & Royal Holloway, University of London Chairman.

Eurocrypt 2000Security of 3GPP networks1 On the Security of 3GPP Networks Michael Walker Vodafone AirTouch & Royal Holloway, University of London Chairman.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
GSM Security and Encryption

GSM Security and Encryption
Cryptography in Public Wireless Networks Mats Näslund Communication Security Lab Ericsson Research Feb 27, 2004.

Cryptography in Public Wireless Networks Mats Näslund Communication Security Lab Ericsson Research Feb 27, 2004.
Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit

Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit
CELLULAR TELEPHONE NETWORK SECURITY Ari Vesanen, Department of Information Processing Sciences, University of Oulu.

CELLULAR TELEPHONE NETWORK SECURITY Ari Vesanen, Department of Information Processing Sciences, University of Oulu.
GSM and UMTS Security.

GSM and UMTS Security.
Peter Howard Vodafone Group R&D

Peter Howard Vodafone Group R&D
Network Security Security in Traditional Wireless Networks 1 Network Security Chapter 6. Security in Traditional Wireless Networks.

Network Security Security in Traditional Wireless Networks 1 Network Security Chapter 6. Security in Traditional Wireless Networks.
IN Intelligent Network Basic IN concept & technology

IN Intelligent Network Basic IN concept & technology
Security of Mobile Banking

Security of Mobile Banking
General Packet Radio Service An Overview Ashish Bansal.

General Packet Radio Service An Overview Ashish Bansal.
Signaling Measurements on the Packet Domain of 3G-UMTS Core Network G. Stephanopoulos (National Technical University of Athens, Greece) G. Tselikis (4Plus.

Signaling Measurements on the Packet Domain of 3G-UMTS Core Network G. Stephanopoulos (National Technical University of Athens, Greece) G. Tselikis (4Plus.
GSM Protocol Stack Shrish Mammattva Bajpai. What is Protocol Stack ? A protocol stack (sometimes communications stack) is a particular software implementation.

GSM Protocol Stack Shrish Mammattva Bajpai. What is Protocol Stack ? A protocol stack (sometimes communications stack) is a particular software implementation.
UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM(UMTS). EVOLUATION OF MOBILE COMMUNICATION 1 st Generation : Analog Cellular 2 nd Generation : Multiple Digital.

UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM(UMTS). EVOLUATION OF MOBILE COMMUNICATION 1 st Generation : Analog Cellular 2 nd Generation : Multiple Digital.
Replay protection in AKA with 2G RUIM Sarvar Patel and Zhibi Wang.

Replay protection in AKA with 2G RUIM Sarvar Patel and Zhibi Wang.
Telefónica Móviles España GPRS (General Packet Radio Service)

Telefónica Móviles España GPRS (General Packet Radio Service)

Similar presentations

Ads by Google