lecutre7 gsm security and addressing authentication stop unauthorised access to telecom services via...
TRANSCRIPT
Lecutre7
GSM Security and Addressing
Authentication• Stop unauthorised access to telecom services via cloning
of a valid user identifier• GSM anticipated this and defined an authentication
procedure• A user is challenged to provide proof of the claimed
identity• User accesses network and provides the user identifier• Network sends a random number (RAND) to the MS• Which together with Ki provide a response (SRES)
Ciphering
• MS sends a connection request to the network
• Among others, this request contains – Ciphering key sequence number (CKSN) – Mobile station class mark
• Mobile station class mark indicates the available ciphering algorithms (A5/X) in the mobile station
Ciphering• VLR examines the CKSN and decides whether authentication is necessary • Authentication not required a second time during the same network access • Multiparty call- an example of second connection while another connection already
exists• A message sent to the MS in case authentication is necessary• Message contains the random number, RAND• SIM uses the RAND, value Ki and algorithm A3 to calculate SRES• MS sends SRES to the VLR• VLR compares this SRES with the one earlier sent by HLR/AuC • Auth successful if both values are identical• Immed after SRES, the MS calculates ciphering key Kc using RAND, Ki and algorithm
A8• To activate ciphering, the VLR sends
– Value Kc that the AuC has calculated – A reference to the chosen A5/X algorithm
• Via the MSC and the BSC to the BTS
Calculation of SRES & Kc
Ciphering• BTS retrieves from the ENCR_CMD message
– Kc – Info about the required ciphering algorithm
• BTS only forwards info about the A5/X algorithm in a CIPH_MOD_CMD message to the MS• Which triggers MS to enable
– Ciphering of all outgoing data and – Deciphering of all incoming information
• MS confirms the change to ciphering mode by sending a CIPH_MOD_COM message• A5/X uses the current value of the frame number (FN) at the time and Kc as input parameters• Output of this operation are ciphering sequences, each 114 bits long, one is needed for ciphering and
the other one for deciphering• First ciphering sequence and the 114 bits of “useful data” of a burst are XORed
– To provide encrypted 114 bits that are actually sent over the Air-interface• Ciphering sequences altered with every frame number• Which in turn changes the encryption with every frame number• Deciphering takes place exactly the same way but in the opposite direction
Ciphering
De-ciphering
Authentication
= ?
NSS
RAND = RANDom numberSRES = Signed RESponseKc = Ciphering KeyKi = Identification Key
RAND
Kc
RAND (128 bits)SIM card
G S M
Global GSM MobilityCardThe Smart Card to use
A8
A3
Ki Ki
A3
A8
MS
AUC (A3 and A8)
(RAND, SRES, Kc)
SRES
SRESm (32 bits)
SRESm
CIPHERMODE
Ki (128 bits) Ki (128 bits)
A3
A8
A3
A8
BSS
OK
RadioInterface
Kc
A3
Ki RAND
SRESm
Purpose:Avoid logging of lost, stolen orforgery SIM-Cards.
5
Triplets3
AUC (A3 and A8)
(RAND, SRES, Kc)
HLR
MSC
BTS
BSS
BSC
RAND4
SRESm6
1
1
4 6
4RAND
6SRESm
Authentication
7CipheringCommand7
CIPHERMODE
3
2
VLRSRESm = SRES ?
SR
ES
m
6
74
RA
ND
Ciphereddata
MS BTS
Radiointerface
Frame Number(22 bits)
Kc (64 bits)
+
Kc (64 bits)
Ciphering
+
+
+
: exclusive-or+
A5 A5
Frame Number(22 bits)
Block (114 bits)
Data to transmit
Received data Data to transmit
Received data
Block (114 bits)
Block (114 bits)
Block (114 bits)
BTS
BSS
BSC
VLR
(Rand, SRES, Kc)
A5
KcTDMA#
+
A8
Ki Rand
Kc
MSCKc
Kc2
Ciphereddata 5
CIPHERING
SET CIPHER MODE(Kc)
1
3CIPHER MODE COMMAND
4CIPHER MODE COMPLETE
CIPHER MODE COMPLETE6
Purpose: avoid communication to be tapped.
IMEI• Mobile station equipment identity• Not mandatory for the network operator to query
the IMEI• Purpose of the IMEI is to prevent passive theft
protection• EIR maintains information on stolen mobile
equipment in a “black list,” which makes stolen mobile equipment useless
IMEIIMEI comprises following:• A 24-bit-long type approval code
(TAC) – Before any mobile equipment is
brought into service, it undergoes a test to show that it complies with safety regulations and functionality requirements
– Process called type approval, and the requirements are specified by GSM
• An 8-bit-long final assembly code (FAC) identifies the manufacturing facility
• A 24-bit-long serial number• A spare field, currently not used
Type ApprovalCode
TAC FAC SNR SP
Final AssemblyCode
Serial number (SPare)
TYPE
APPROVED
MOBILE IDENTIFICATION
IMEISV• IMEI plus a software
version number (SVN)• Which can be
modified by the manufacturer in case of a software update
IMSI
International mobile subscriber identity• An identifier for a GSM subscriber• Part of the subscriber data stored on (SIM) card• Uniquely identifies one subscription worldwide • Structure similar to the ISDN number, defined in
ITU-T Recommendation E.164
IMSI• 15-digit number and is
composed of :• Mobile country code (MCC), • Mobile network code (MNC)• Mobile subscriber identification
number (MSIN)• MSIN of the IMSI not used as
the subscriber’s telephone number
• To make tracking more difficult, IMSI used only as an identifier when the temporary mobile subscriber identity (TMSI) not available, e.g., for initial system connections
MCC & MNC
Mobile country code• A three-digit identifier • Uniquely identifies a country (not a PLMN)Mobile network code• A two-digit identifier • Used (like the 3-bit-long NCC) to uniquely
identify a PLMN
IMSI Attach/Detach• IMSI detach informs network that
– An MS will go into an inactive state – And is no longer available for incoming calls– For example, due to power down or because the SIM is removed
• MS sends an IMSI_DET_IND message to the network each time it is powered down• VLR keeps track of this state• This approach saves radio resources and processing time• Call processing can switch to secondary call treatment
– without first sending a PAGING message and then waiting for expiration of respective timers
• Secondary call treatment means initiating– Call forwarding– Voice mail, or – Telling caller that the subscriber currently not reachable
• Complementary to IMSI detach is IMSI attach• It indicates to network that a mobile station is active again• IMSI attach is related to periodic location updating• The location updating procedure is utilized to perform IMSI attach
IMSI Attach
MSCBTS
BSS
BSC
VLR
3
4
5
4
6
1 CHANNELREQUEST
2IMMEDIATEASSIGNMENT
LOCATION UPDATINGREQUEST (IMSI Attach)
3
5LOCATION UPDATINGACCEPT (LAC, TMSI)
4AuthenticationProcedure
IMSI Detach
MSC
BTS
BSS
BSC
VLR
1 CHANNELREQUEST
2IMMEDIATEASSIGNMENT
IMSI DETach INDication
3
4CHANNELRELEASE
IMSI DETach INDication
3
TMSI• Temporary mobile subscriber identity• Identifies a mobile subscriber, like the IMSI• 4-byte-long• Unlike the IMSI, TMSI has only temporary significance• VLR assigns a TMSI upon location registration for confidentiality • So not required to transfer the IMSI over the Air-interface frequently• TMSI can take any value, except FF FF FF FFhex• This value reserved in case SIM does not contain a valid TMSI
MSISDNMobile subscriber ISDN• Dir No of a mobile subscriber• Example: 49 171 5205787 is the
directory number of a subscriber to the D1 network in Germany
• Country code (CC) identifies a country or region (e.g., 49 for Germany, 1 for the United States);
• National destination code (NDC) identifies the PLMN (e.g., 171 for the operator D1)
• Subscriber number (SN) is a unique identifier within the PLMN
MSRN• Mobile station roaming number• A temporary identifier used for mobile
terminating calls– To route a call from the gateway MSC to
the serving MSC/VLR• VLR assigns MSRN to a mobile• MSRN used solely to route an incoming
call and contains no information to identify the caller or the called party
• Contains following codes: • Country code (CC) is the prefix of a
country• National destination code (NDC) identifies
the PLMN (e.g., 172 is the D2 operator of• Germany);• Temporary subscriber number (temp. SN)
assigned by the serving MSC/VLR of the called subscriber
NDCNational destination code• Part of an ISDN number as defined by ITU-T in
Recommendation E.164• Typically, the NDC addresses an area• May also be used to address a service, just as the
NDC 800 addresses free phone service in the United States
• In Germany, the NDCs 171 and 172 used to address the two GSM 900 operators
CKSN• Ciphering key sequence number • References to a ciphering key, Kc• When a particular Kc is stored in the MS and the MSC/VLR, a CKSN is
assigned as well• Allows MS and network a negotiation of the Kc without compromising
security by transmitting the value of Kc over the air• Particularly when an MS tries to establish an additional or subsequent
operation with the network• In such a case, when the MS requests a connection, it sends its last valid
CKSN to the VLR• VLR then decides, based on the CKSN, if ciphering can start immediately or if
another authentication is required • VLR may decide to request another authentication, even if the CKSN matches
the VLR’s entry
LMSI• Local mobile subscriber identity• VLR assigns it to a subscriber on a temporary basis• Purpose is to expedite queries in the VLR• Although no use for the LMSI in the HLR, but it still must
be stored in the HLR• HLR required to send the LMSI whenever data between
the two databases exchanged
CI
• Cell identity
• A 2-byte-long hexadecimal identifier
• CI together with the location area (LAI) uniquely identifies a cell within a PLMN
Location area (LA)• LA comprises at least one but typically several BTSs• Defined for the following purpose:
– An MS that changes the serving cell in the same location area does not need to perform a location update
– When network tries to establish a connection to an MS for a mobile terminating call, PAGING message is sent to only those BTSs that belong to the current location area of the MS
• LA therefore, serves mainly one purpose– Reduction of signalling load
• Every BTS broadcasts the LA via the parameter location area identity (LAI)
Location area Identity (LAI)• Even during an active call, LA
communicated to the MS (particularly important in a handover)
• Shaded, one-digit field is a filler (1111bin) and Extends three-digit MCC to 2 bytes
• Actual location area code (LAC) is four digits long
• LAC is an identifier that can be assigned by the network operator
• All values, except 0000hex and FFFE hex allowed
• Those two values reserved for cases when the LAI on a SIM has been deleted
Registration: The Very First Location Updat
• 1. Channel allocation (Connection request procedure):– MS sends (on RACH) a CHANNEL REQUEST message– Network responds with IMMEDIATE ASSIGNMENT (on dedicated
channel)• 2. MS sends to BSS a LOCATION UPDATING REQUEST
message with IMSI• 3. VLR triggers and monitors the Authentication procedure and can
also activate Ciphering procedure• 4. VLR stores the LA of the MS and informs the HLR which:
– stores VLR identity– downloads the subscriber profile, if the MS is allowed to roam
• 5. VLR may assign a TMSI and sends it to the MS in the LOCATION UPDATING ACCEPT message
• 6. MSC releases the connection
LAI HLR
IMSIVLR id
TMSI
IMSI
TMSI
Release
VLR
IMSITMSILAI
MSC
BTS
BSS
BSC
Registration: the Very First Location Update
2
3
5
1
2
6
1
2
3
5
6
4
3TMSI 5
BSIC• Base station identity code• An identifier for a BTS• Does not uniquely identify a single BTS, since it is reused
several times per PLMN• Purpose of the BSIC is to allow the MS to identify and
distinguish among neighbor cells, even when neighbor cells use the same BCCH frequency
• Since BSIC is broadcast within SCH of a BTS, MS need not even have to establish a connection to a BTS to retrieve the BSIC
BSIC• Consists of the
– Network color code (NCC), which identifies the PLMN
– Base station color code (BCC)
NCC
• Network color code
• 3-bit-long code
• Identifies the PLMN
• Is part of the BSIC and
• Is broadcast in the synchronization channel
BCC• Base station color code• 3-bit-long parameter • Part of the BSIC• Used to distinguish among the eight different
training sequence codes (TSCs) • The BCC is used by the MS (Mobile Station
) to distinguish between cells using the same frequencies, when the MS is deciding on which cell to select and to lock-on to.
PIN• Personal identification number• A four- to eight-digit number• Provides limited protection against unauthorized use. • Can be changed by the user and is stored on the SIM. • Optional and can be disabled• When enabled, the PIN needs to be entered at power up• When the wrong PIN entered three consecutive times, the
SIM is blocked and • Only the PIN unblocking key (PUK) can release the Pin
PUK
• PIN unblocking key
• A 10-digit code stored on the SIM
• Cannot be altered by the user
• Unblocks a SIM that was blocked due to wrong PIN entry three consecutive times
The Abis-Interface
• Interface between the BTS and the BSC• A PCM30 interface, like all the other terrestrial interfaces in GSM• Specified by ITU in the G-series of recommendations• Transmission rate is 2.048 Mbps• Partitioned into 32 channels of 64 Kbps each • GSM compression techniques pack up to 8 GSM traffic channels into a single
64-Kbps channel (for half rate channles) and 4 GSM channles to a single 64-Kbps channels for full rate channels.
• Like B interface GSM never specified the Abis-interface in every detail• Abis-interface regarded as proprietary leading to
– Variations in the Layer 2 protocol between manufacturers– Different channel configurations
• Consequence - normally, a BTS from manufacturer A cannot be used with a BSC from manufacturer B
Channel Configurations
• Two possible channel configurations of the Abis-interface ahead
• Fixed mapping of the air-interface traffic channels (Air0, Air1, …) of a BTS onto a TS of the Abis-interface
• Advantage-possible to determine which Abis TS will be used when a particular air-interface channel is assigned
Star configuration and Serial connection (4x BTSs with twoTRX each)
Alternatives for Connecting the BTS to the BSC
• Line resources on the Abis-interface usually not used efficiently
• As a BTS, typically, has only a few TRXs resulting small traffic volume capability
• Consequently, the line between the BTS and the BSC used only to a fraction of its capacity
• Star configuration- a case of a BTS with four TRXs, in which only 47% of the 2 Mbps actually needed
• Shaded areas mark the unused channels. • For BTS with only one TRX, value goes down to 16%• Such waste of resources has a historical background
Alternatives for Connecting the BTS to the BSC
• GSM specifications allows for a BTS to have up to 16 TRXs• Since a single 2-Mbps link able to support only up to 10 TRXs incl
O&M signaling• So two 2-Mbps links req to connect such a BTS to the BSC• Even fewer resources req on the Abis-interface for a BTS with a
smaller number of TRXs • Remaining resources cannot easily be used• Practically- optimum for a BTS is in the range of one to four TRXs• This compromise reflects parameters :
– Capacity: How many traffic and signalling channels does a BTS need to provide, on average and during busy hours to avoid overload
– Available frequency range: What is the minimum distance between BTSs after which frequencies can be reused
Alternatives for Connecting the BTS to the BSC
• N/W operators worldwide-bad experiences particularly with the latter point• With the Introduction of Digital radio it was assumed that ACI and CCI
impact will reduce • However, the assumption was soon proved wrong as more and more
interference problems b/w BTSs degraded the QoS• Hence, in urban areas use more cells with fewer TRXs and smaller output
power rather fewer cells with more TRXs and high output power• Such a configuration req a larger no of BTSs to cover any given area• Connecting larger no of BTSs to BSCs in turn req a larger no of Abis
interfaces• Serial connection configuration introduced
– Because of above stated trend– High costs of links b/w BTS and BSC – Low efficiency when using such links
BTS Connection in a Serial Configuration
• BTSs connected in a line or a ring topology• Only one BTS, for the line topology or two BTSs,
for the ring topology, physically connected to the BSC
• For network operator, serial approach saves line cost in comparison to star configuration
• Serial connection- more efficient use of when co located or sectored BTSs used
• Disadvantage- a single link failure causes loss of connection to a large number of BTSs
BTS Connection in a Serial & Star Configuration
Signaling on the Abis-Interface
OSI Protocol Stack on the Abis-Interface• Abis-interface utilizes Layers 1 through 3 of the
OSI protocol stack• Layer 1 forms the D-channel• LAPD is in Layer 2• Layer 3 is divided into
– TRX management (TRXM) – Common channel management (CCM)– Radio link management (RLM)– Dedicated channel management (DCM)
OSI Protocol Stack on the Abis Interface
D channel (data) is a telecommunications term which refers to the ISDN channel in which the control and signalling information is carried.
Radio Link Layer Management (RLM): Procedures to establish, modify and release connection of link layer (LAPDm) to MS at the air interface Um.
Dedicated Channel Management (DCM): Procedures to start ciphering, transfer of channel measurement reports of a MS, transmitter power control of MS and BTS e.t.c
Common Channel Management (CCM): Procedure for transferring channel requests from MS (received on RACH), modification of BCCH broadcast information, channel assignment to MS e.t.c
TRX management (TRXM): Procedure for the transfer of measurement of free traffic channels of a TRX to the BSC e.t.c.
Four groups of Layer 3, Traffic management messages