Overview of cellular system Base transceiver station Mobile telecom- unication switching office Public switching network Base transceiver station Base transceiver station
Principles of cellular network Cellular radio is a technique that was developed to increase the capacity available for mobile radio telephone service Each cell is allocated a band of frequencies and is served by the base station, consisting of transmitter, receiver and control unit. Each cell has a base transceiver.The transmission power is carefully controlled to allow communication within the cell using a given frequency while limiting the power at that frequency that escapes the cell into adjacent ones. The objective is to use the same frequency in other near by cells, thus allowing the frequency to be used for multiple simultaneous conversations.
Security Threats Authentication-only valid users are allowed to use the network. Privacy-Ensure that conversation cannot be listened to Data and Voice Integrity-Ensure that voice and data traffic cannot be read or compromised while in transmit Network and System availability- Networks must be capable of withstanding Denial of service Physical protection-The cell sites and equipment are deployed remotely in untrusted areas, must be protected by firewalls.
Spectrum Allocation Frequency Division Multiple Access(FDMA)-The available spectrum is divided into channels and each channel can be used for a single conversation. Advanced mobile phone service (AMPS) uses FDMA. Limitation: low calling capacity, limited spectrum, poor data communications, privacy concerns, and vulnerability to fraud Time Division Multiple Access(TDMA)- TDMA is a digital transmission technology that allows a number of users to access a single radio frequency without interference by allocating unique time slots to each user within each channel. Used by GSM(Europe), JDC(Japan), NADC(North America) Code Division Multiple Access(CDMA) -CDMA is a "spread spectrum" technology, which means that it spreads the information contained in a particular signal over a much greater bandwidth than the original signal. CDMA adds a unique code onto each packet before transmission. Better security without SIM card.
Mobile station AuC BTS BSC Mobile switching center HLR BTS Mobile station VLR EIR GSM Architecture BTS-Base transceiver station AuC-Authentication center BSC-Base station controller EIR-Equipment Identity register HLR-Home location register VLR-visitor location register
References http://istpub.berkeley.edu:4201/bcc/Winter2000/net.cellular.html http://spyhard.narod.ru/phreak/gsm-secur.html http://www.dia.unisa.it/ads.dir/corso-security/www/CORSO-9900/a5/Netsec/netsec.html
GSM Security A3 - An algorithm used to authenticate a handset to a GSM network. A5/1 or A5/2 - A block cipher algorithm used to encrypt voice and data after a successful authentication. A8 -A key generation algorithm used to generate symmetric encryption keys. SIM card Contains: IMSI -an electronic serial number Individual subscriber’s Authentication Key(Ki) A3 & A8 algorithm User PIN (personal Identification number) code
A3 authentication Algorithm Ki(128bit),RAND (128 bit) A3 SRES(32 bit) A3 algorithm gets the RAND from the MSC and the secret keyKi from the SIM as input and generate SRES(signed response) A8, the voice privacy key algorithm Ki(128bit),RAND (128 bit) A8 Kc(64 bit) A8 algorithm generates the Kc. The BTS received the same Kc from the MSC.HLR was able to generate the Kc,because the HLR knows both the RAND and secret key Ki.
GSM Authentication The base station generates a 128-bit random value (RAND) and send to Mobile station(MS) The MS computes the 32-bit signed response(SRES) based on the encryption of the RAND with the authentication algorithm (A3) using the individual subscriber authentication key(Ki) Simultaneously the VLR calculates the SRES.This is easy because the VLR possess the Ki, RAND andA3. VLR compares the SRES value from phone and the SRES value calculated by the VLR. If both are same, authentication is successful.
GSM Confidentiality The SIM card contain ciphering key generating algorithm(A8) which is used to produce the 64-bit ciphering key(Kc). The ciphering key is computed by applying the random number RAND used in the authentication process to the ciphering key generating algorithm(A8)with an individual subscriber authentication key(Ki) The ciphering key is used to encrypt and decrypt the data between the mobile station and the base station.