Extension of authentication protocol for GSM

1. Extension of authentication protocol for GSM 報告者: 廖翊均

2. Outline • 1. Overview of authentication protocol for GSM • 2. Lee, C.-C. ’s authentication protocol for GSM • 3. Improve scheme (1) & (2) • 4. Compare

3. 1. Overview of authentication protocol for GSM ( con’t )

4. Request(TMSI, LAI) IMSI n sets{RANDi,SRESi,KC} i RANDi SRESj 1. Overview of authentication protocol for GSM VLR HLR MS Fig. Authentication protocol for GSM

5. MS HLR RAND T T Ki Ki A3 A3 TKi Auth_VLRm TKi Auth_VLRh accept yes equal No VLR reject RANDj TKi A5 A5 accept SRESm yes SRES equal No reject 2. Lee, C.-C. ’s authentication protocol for GSM

6. Request(TMSI ,LAI,T) VLR_ID, IMSI, T Auth_VLRh , RAND , TKi RAND , RAND1 , Auth_VLRh , T SRESm 2. Lee, C.-C. ’s authentication protocol for GSM ( con’t ) MS VLR HLR VLR

7. 3. Improve scheme (1) • 在第一次做完VLR和MS的認證後，兩者同時擁有temporary key TKi • VLR再利用 TKi 和 timestamp T 產生 Auth_VLRh = A3( Tj , TKi ) • VLR send Auth_VLRh 和 RANDj to MS • MS: Auth_VLRm=A3( Tj , TKi ) 做VLR 認證 SRESm = A5(RANDj , TKi) send to VLR 做 MS 認證

8. 3. Improve scheme (1) MS VLR Request(TMSI, Tj) Auth_VLRh, RANDj, Tj SRESm

9. 3. Improve scheme (2) • MS驗證: VLR利用 Tj-1,Tj and TKi來產生 SRES = A5( Tj-1||Tj ,TKi ) =>VLR不必每次generate random number • VLR驗證: Auth_VLRh = A3( Tj , TKi )

10. Request(TMSI ,LAI,T) VLR_ID, IMSI, T Auth_VLRh , RAND , TKi RAND , Auth_VLRh , T SRESm 3. Improve scheme (2) phase-1 MS VLR HLR VLR

11. 3. Improve scheme (2) phase-2 MS VLR Request(TMSI, SRES j, T j) Auth_VLRh, T j

12. 4. Compare • 只有第一次對 VLR 做認證而已 =>利用在第一次做完 VLR 和 MS 的認證後，兩者同時擁有的 temporary key TKi 來產生產生 Auth_VLRh = A3( Tj , TKi ) ,用以完成每次都有同時對 VLR 和 MS 做認證 • Improve MS驗證: VLR利用 Tj-1,Tj and TKi來產生 SRES = A5( Tj-1||Tj ,TKi ) => VLR不必每次generate random number