Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

Published byKarina Lovering Modified over 10 years ago

Similar presentations

Presentation on theme: "An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,"— Presentation transcript:

1 An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science, Kyungpook National University, Korea

2 Kyungpook National University, Korea 2/18 Contents Introduction Acronyms GSM authentication protocol Proposed authentication protocol Location privacy in GSM Enhanced location privacy protocol Discussions Conclusion

3 Kyungpook National University, Korea 3/18 Introduction Two major security worries in Mobile communication Confidentiality (privacy) The guarantee that messages are not intercepted by an eavesdropper Authentication To ensure that any unauthorized user cannot fraudulently obtain services Security features provided by GSM Subscriber identity authentication Subscriber identity confidentiality User data and signaling information confidentiality on radio path

4 Kyungpook National University, Korea 4/18 Acronyms MS : Mobile Station HLR : Home Location Register AuC : Authentication Center VLR o/n : Visiting Location Register old/new MSC: Mobile Switching Center IMSI : International MS Identity TMSI o/n: Temporary Mobile Subscriber Identity old/new RAND : Random Number SRES : Signed response K c : a Ciphering Session Key K i : a user’s secret key shared with HLR A3, A8, A5 : unpublished one-way func. Standardized Enc/Dec alg.

5 Kyungpook National University, Korea 5/18 GSM authentication protocol Authentication and Confidentiality in GSM MSVLRHLR / AuC A3 A8 A3 A8 RAND Ki SRES [n] RAND [n] Kc [n] = RAND Ki Yes/No A5 Kc Data Ciphertext TMSIIMSI Authentication Confidentiality SRES

6 Kyungpook National University, Korea 6/18 GSM authentication protocol Drawbacks The space overhead can occur when the VLR stores sets of authentication parameters. VLR needs the assistance of HLR when it identifies the MS. If VLR consumes all sets of authentication parameters of MS, it requests additional parameters to the HLR. There is bandwidth consumption between the VLR and the HLR, when the VLR needs other sets of authentication parameters. The authentication of VLR/HLR is not instituted in the GSM protocol. There is no way to provide data/location confidentiality in wired network.

7 Kyungpook National University, Korea 7/18 Proposed authentication protocol The design goals of the proposed protocol To achieve mutual authentication between MS and VLR To improve the location privacy in wired network To simplify the authentication flows To reduce the storage in VLR To reduce bandwidth consumption between VLR and HLR Authentication of mobile users is to be done by the VLR instead of the HLR, even if the VLR does not know the subscriber's secret key Ki and A3 algorithm. Assumption HLR and VLR shares a symmetric key.

8 Kyungpook National University, Korea 8/18 Proposed authentication protocol MSVLRHLR SRES1,TMSI, LAI Eku(RAND) VLR_ID, E VH (IMSI) Eku(RAND) HLR_ID,SRES2 E VH (RAND, Tki) SRES1 = SRES2 ? E Tki (TMSInew) RAND K VH : a shared key, Ku = f (IMSI,HLR_ID,Ki) : 64bit-length Authentication (location updating) KiRAND A3 & A8 SRES1Tki KiRAND A3 & A8 SRES2Tki

9 Kyungpook National University, Korea 9/18 Location privacy in GSM Location update using TMSI IMSI : International MS Identity TMSI : Temporary Mobile Subscriber Identity LAI : Location Area Identity

10 Kyungpook National University, Korea 10/18 Location privacy in GSM Drawbacks IMSI is exposed and delivered in the wired network without any protection In some abnormal cases, MS sends its IMSI to VLR in the wireless network without any protection

11 Kyungpook National University, Korea 11/18 Location privacy problems Authentication at location updating in a new VLR, TMSI unknown in old VLR MSVLR n VLRo LAI, TMSIo TMSIo Unknown Identity Request IMSI

12 Kyungpook National University, Korea 12/18 Location privacy problems Authentication at location updating in a new VLR, old VLR not reachable MSVLR n VLRo LAI, TMSIo Identity Request IMSI VLR not reachable

13 Kyungpook National University, Korea 13/18 A possible attack MSAttacker LAI, TMSIo Identity Request IMSI VLR not reachable TMSI o unknown or Acquire IMSI of the MS

14 Kyungpook National University, Korea 14/18 Enhanced location privacy protocol MS VLR HLR TMSI, LAI, SRES1 Eku(RAND) VLR_ID, E VH (AL) Eku(RAND) SRES2, HLR_ID E VH (RAND, Tki, IMSI) SRES1 = SRES2 ? E Tki (TMSInew) RAND, LAIn Identity Request AL, HLR_ID, SRES1 Eku(RAND) AL : Alias of the MS.15 bit-length Abnormal Authentication (location updating)

15 Kyungpook National University, Korea 15/18 Discussions Features Mutual authentication between MS and VLR RAND Enhanced Location privacy in wired network Shared symmetric keys (K VH ), Alias Reduced the data flows during the authentication. 5 flows -> 4flows Reduced storage space in the VLR (Only Tki is stored) Reduced bandwidth consumption between the VLR and HLR VLR Authenticates MS without assistance of HLR The security of the protocol is based on the existing architecture of the GSM authentication, e.g. A3,A5,A8

16 Kyungpook National University, Korea 16/18 Discussions Comparison

17 Kyungpook National University, Korea 17/18 Conclusion Drawbacks of the original GSM authentication Drawbacks of the location privacy protocol The proposed authentication protocol Mutual authentication between MS and VLR Enhanced Location privacy Reduced the data flows during the authentication.(5 flows -> 4flows) Reduced storage space in the VLR Reduced bandwidth consumption between the VLR and HLR VLR Authenticates MS without assistance of HLR The security of the protocol is based on the existing architecture of the GSM authentication, e.g. A3,A5,A8

18 Kyungpook National University, Korea 18/18 Thank you

Download ppt "An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,"

Similar presentations

Kingdom Special Operations SJS-KW

Kingdom Special Operations SJS-KW
GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.
GSM Security and Encryption

GSM Security and Encryption
Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit

Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit
Mario Čagalj University of Split 2013/2014. Security of Cellular Networks: Man-in-the Middle Attacks ‘Security in the GSM system’ by Jeremy Quirke, 2004.

Mario Čagalj University of Split 2013/2014. Security of Cellular Networks: Man-in-the Middle Attacks ‘Security in the GSM system’ by Jeremy Quirke, 2004.
Extension of authentication protocol for GSM 報告者 : 廖翊均.

Extension of authentication protocol for GSM 報告者 : 廖翊均.
Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.

Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.
Security of Mobile Banking

Security of Mobile Banking
1 Channel Overview 3 Types 1.Broadcast Control Channel: Point to Multipoint, Downlink (BTS) to MS) (A)BCCH (Board cast Control Channel) It inform the Mobile.

1 Channel Overview 3 Types 1.Broadcast Control Channel: Point to Multipoint, Downlink (BTS) to MS) (A)BCCH (Board cast Control Channel) It inform the Mobile.
GSM System Architecture

GSM System Architecture
Myagmar, Gupta UIUC 2001 1 3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
Security Issues in Wireless Networks Kumar Viswanath CMPE 293.

Security Issues in Wireless Networks Kumar Viswanath CMPE 293.
One-Pass GPRS and IMS Authentication Procedure for UMTS

One-Pass GPRS and IMS Authentication Procedure for UMTS
GSM standard (continued)

GSM standard (continued)
SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.

SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.

G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
Modes Mobile Station ( MS )

Modes Mobile Station ( MS )
An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 92321527) Date: 2004/05/26.

An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 ) Date: 2004/05/26.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Similar presentations

Ads by Google