440 likes | 653 Vues
Introduction for CDMA Authentication. By Du Guangzheng, Motorola Co. Contents. Authentication Basics Concepts Authentication implementation in RUIM-support mobile phone. Authentication Basics Concepts. Authentication Basics Concepts A-key Shared Secret Data(SSD)
E N D
Introduction for CDMA Authentication By Du Guangzheng, Motorola Co.
Contents • Authentication Basics Concepts • Authentication implementation in RUIM-support mobile phone
Authentication Basics Concepts • Authentication Basics Concepts • A-key • Shared Secret Data(SSD) • Enable/Disable Authentication • Global Challenge • SSD Update Procedure • Unique Challenge
Authentication Basics Concept(Cont.) • Authentication Basics Concepts • Voice Privacy • Signaling Message Encryption • These two are not included in this presentation
Implementation in RUIM-Phone • Implementation in RUIM-Phone • Parameter Storage • Parameter Exchange Procedures • Authentication Procedures
Authentication Basics • Features that are used to prevent fraud and increase the security in Cellular system: • Authentication • VoicePrivacy • SignalingEncryption • The three calculations are based on a set of algorithms, known as CAVE(Cellular Authentication and Voice Encryption)
Authentication Basics(Cont.) • ?What is authentication • Authentication is a process by which the information is exchanged between a mobile and the network for the purpose of verifying the identity of the mobile. Authentication is needed to prevent fraudulent use of the network by mobiles programmed counterfeit MIN and ESN.
Authentication Basics (Cont.) • Signaling Encryption: • Feature that provides an enhanced degree of privacy by encrypting selected parameters that are send on an analog voice channel or CDMA traffic channel.
Authentication Basics (Cont.) • Voice privacy • Feature that provides an another degree of enhanced privacy by encrypting subscriber’s conversation and signaling using a Private-Long-Code Mask. • Only applicable for digital mode.
Authentication Basics (Cont.) • Applicable Standards: • TIA/EIA-95A • TIA/EIA-95B • JSTD-008
Authentication Basics (Cont.) • A successful outcome of authentication occurs when the mobile and the networks possess identical results of independent calculation performed by the mobile and the network.
Authentication Basics (Cont.) • The authentication process can be invoked by many events. All accesses to the base station are authenticated when authentication is required by the base station. The accesses are: : • Registration( various type) • Mobile-originated calls • Mobile-terminated calls • Mobile-Originated Data burst Messages
Authentication Basics (Cont.) • Authentication is based on two secrete numbers: • Authentication Key(A-key) • Shared secret Data(SSD)
A-Key • A-Key: • A 64-bit secret number which is permanent • Used to generate the Shared secret Data • Stored securely in the mobile, which is not sent over the air( ** exclude OTASP) • Generally provisioned into the phone during subscription • Known only to the mobile and its associated HLR/AC
Shared Secret Data • SSD is a secret number that is semi-permanent. It is used in the calculation of authentication signatures, the Signaling Message Encryption Key (CMEA), and the Voice Privacy Mask (VPM)
Enable/Disable Authentication • The base station has the primary responsibility of enable and disabling authentication on the mobile by setting and unsetting the AUTH and RAND parameters in the Access Parameters Message.
Global Challenge • Global Challenge encompasses the process by which the base station presents a numeric challenge RAND to all of the mobiles. Mobiles use the 32-bit RAND number for calculation an 18-bit authentication signature AUTHR. • If authentication is enabled AUTHR will be included in every Registration, Origination, Page Response and Data Burst message • AUTHR will be calculated differently depends on the type of system access.
AUTHR calculation • For Registration:
AUTHR calculation (Cont.) • For Origination:
AUTHR calculation (Cont.) For Termination:
AUTHR calculation (Cont.) • For Data Burst:
AUTHR calculation (Cont.) • For Unique Challenge
AUTHR calculation (Cont.) • In addition to AUTHR, the mobile will include RANDC(8 MSB of RAND) and COUNT value as parameters in every System Access Message. • COUNT is a modulo-64 count for call history that is held in the mobile and updated by the mobile when a Parameter Update order is received. • When success(AUTHR both in mobile and base station matches), the mobile is considered authentic, and the system access is allowed.
AUTHR calculation (Cont.) • If authentication fails, the network could take any of the following step: • Allow the access • Deny the access • Unique-challenge the mobile, and then decide to allow or deny the system access • Update the SSD of the mobile, and then decide to allow or deny the system access
SSD Update Procedure • The SSD update procedure is always initiated by the base station • When the mobile first provisioned (The most initial value of SSD is set to zero) • The mobile station may decide to initiate the SSD update procedure whenever it deems necessary (Timed/AUTHR mismatch/Operator)
SSD Update Procedure (Cont.) • This procedure is performed as follows: • To start SSD update, the base station sends a SSD Update Order Message to the mobile with a 56-bit random number RANDSSD. • Upon receiving the Order message, the mobile calculates the new SSD_A and SSD_B values using A-Key, ESN and RANDSSD.
SSD Update Procedure (Cont.) • The mobile then challenges the base station to verify the newly generated SSD and sends a Base Station Challenge Order Message with a 32-bit random RANDBS. • The base station then calculates the authenti-cation signature AUTHBS. • The mobile compares the locally generated AUTHBS with that received from the base station
SSD Update Procedure (Cont.) • If the signature match, the mobile updates its SSD and forwards a confirmation order to the base station If the signature do not match, the mobile forwards a failure order to the base station. It is up to the base station to decide how to proceed when this occurs.
Voice Privacy and Message Encryption • Omitted
Authentication with RUIM • Parameter Storage • Parameter Exchange Procedures • Authentication Procedures
Parameter Storage • Main Parameters stored in RUIM • A-Key • CAVE algorithm • Shared Secret Data (SSD) • COUNT • RUIM_ID • Others (including OTASP/OTAPA related)
Parameters Storage(Cont.) • Main Parameters stored in ME • All algorithms used for the encryption of voice, user data, and signaling messages • Key-processing for ECMEA and ECMEA_NF functions • ESN_ME • Others (Control mechanism for OTASP)
Parameters Exchange • From the ME to the R-UIM • RAND, RANDU, RANDSeed(for RANDBS), RANDSSD • Last Dialed Digits, use for AUTH_DATA composition • AUTHBS • ESN_ME
Parameters Exchange(Cont.) • From the R-UIM to ME • AUTHR • Keys, as needed, for use with encryption • AUTHU • RANDBS
Authentication Procedures • Managing Shared Secret Data • Authentication Calculations • Managing the Call History Parameter
Managing Shared Secret Data • Base Station Challenge Function:
Managing Shared Secret Data(Cont.) • Update SSD, AUTHBS Calculation:
Managing Shared Secret Data(Cont.) • Confirm SSD
Authentication Calculations • RUN CAVE:
Managing the Call History Parameter • CALL COUNT
Reference • TIA/EIA-95B, spec on CDMA Protocol. • IS-820, spec on RUIM • Application Note: Authentication and Call Processing, Qualcomm spec(CL93-V1622-1).