1. Location Service Security Philip Hawkes phawkes@qualcomm.com

2. Colour Notation • GREEN: Entities/Things • Mobile phones, network entities • Purple: operations • Functions, algorithms • Protocols (who does what when) • BLUE: Values • Stored secrets • Publicly known values (time) • Orange: Important things

3. H-PS MS : X MS MALBA: X MALBA MS: position request MALBA MS: X MSH-PS: X HALBA H-PS : X H-PSMS:X MS H-PS : X H-PSHALBA: X H-PSS-PS: X HALBA H-PS: IP_LOC_REQ MS H-PS: SUPL_START H-PS MS: SUPL_INIT MS has pos_info? Proxy Mode? MS has pos_info? MS has pos_info? Periodic? MS H-PS:SUPL_START(pos_info) H-PSMS: pos_info H-PS use cached pos_info? H-PS use cached pos_info? Home or Roaming? H-PS S-PS: PS_REQ/PS_ACK S-PS Assigns PDE,Modes agreed PDE (S-PS) H-PS PDE_RESPONSE H-PS assigns PDE Modes agreed SUPL_POS direct H-PSMS: SUPL_RESPONSE SUPL_POS via H-PS MS MALBA: pos_info Pos_info is now known at MS (and H-PS where applicable) H-PS HALBA: IP_LOC_RESPONSE/REPORT Stage 1 Application Request Yes No No Yes Yes Yes Stage 2 Session Negotiation No Home Roaming Yes Stage 3 Service (Positioning) No No Yes Stage 4 Application Report Stage 5: Canceling Periodic Reporting Yes

4. In-Scope Countermeasures (1) Stage 1: SUPL_INIT see Outstanding Problems Stage 2: • MSH-PS (SUPL_START/RESPONSE): • Mutual Authentication H-PSUIM • Integrity/Replay + Encrypt • TLS-PSK, fresh key generated in UIM: PSKA? • (Periodic Mode) Association can be restored for SUPL_CANCEL • Association restored for anotherSUPL_START/RESPONSEsession???

5. In-Scope Countermeasures (2) Stage 3 • MSPDE (SUPL_POS): • Mutual Authentication PDEUIM • Integrity/Replay + Encrypt • TLS-PSK, key gen’d in UIM • Fresh key for each SUPL_POS session? Stage 4: No in-scope countermeasures

6. In-Scope Countermeasures (3) Stage 5 • MSH-PS (SUPL_CANCEL): • Authentication of UIM by H-PS • Integrity/Replay + Encrypt • TLS-PSK, fresh key gen’d in UIM: • H-PS  MS (SUPL_END): • Authentication of H-PSbyUIM • Integrity/Replay + Encrypt • TLS-PSK, fresh key gen’d in UIM:

7. Out-of-Scope Countermeasure Requirements (1) Stage 1+4 MS Initiated • LBAMSrequest/response msgs: • Authenticationof LBA by MS • Integrity/Replay + Encrypt Stage 1+4 Network Initiated • LBAH-PS (IP_LOC_REQ/RESP): • Mutual Authentication • Integrity/Replay + Encrypt

8. Out-of-scope Countermeasure Requirements (2) Stage 2 • H-PSS-PS: PS_REQ/PS_ACK • Mutual Authentication • Integrity/Replay + Encrypt Stage 3 • S-PSH-PS: PS_RESPONSE/PS_REPORT • Mutual Authentication • Integrity/Replay + Encrypt

9. Out-of-scope Countermeasure Requirements (3) Stage 5: Cancelling Periodic Session • LBA H-PS/MS: Cancel msg • Already authenticated • Integrity/Replay + Encrypt • H-PSS-PS: PS_REQ_CANCEL • Already authenticated • Integrity/Replay + Encrypt

10. Outstanding Problems (1) Stage 1 MS-Initiated • LBAMSrequest/response msgs: • Authenticationof LBA by H-PS? Stage 1 Network-Initiated • LBAH-PSIP_LOC_REQ/RESP: • Authenticationof LBA by MS? • (Is this REALLY the LBA I wanted)

11. Outstanding Problems (2) Stage 1 Network-Initiated • H-PSMS (SUPL_INIT): • MS Authenticates H-PS • Integrity/Replay + Encrypt • Problem: not IP based • (Authenticationof LBA by MS?) Stage 2 • H-PSAuthorizesMS+LBA • Any mechanisms required?

12. Outstanding Problems (3) Stage 4 • H-PSHALBA: IP_LOC_RESP • Integrity/Replay verification byMS? • Is this necessary?

13. Three TLS sessions? • MSH-PS (SUPL_START/SUPL_RESPONSE): • Mutual Authentication H-PSUIM • Integrity/Replay + Encrypt • TLS-PSK, fresh key generated in UIM • MSPDE (SUPL_POS): • Mutual Authentication PDEUIM • Integrity/Replay + Encrypt • TLS-PSK, key gen’d in UIM • Fresh key for each SUPL_POS session? • MSH-PS(SUPL_CANCEL) or H-PSMS(SUPL_END): • Authentication ofSender • Integrity/Replay + Encrypt • TLS-PSK, fresh key generated in UIM

14. How? • 1,3: MSH-PS • UIM+H-PS establish fresh Master Key • Initiate TLK_PSK • 2: ?