1. Extension of authentication protocol for GSM 報告者 : 廖翊均

2. Outline 1. Overview of authentication protocol for GSM 2. Lee, C.-C. ’s authentication protocol for GSM 3. Improve scheme (1) & (2) 4. Compare

3. 1. Overview of authentication protocol for GSM ( con’t )

4. 1. Overview of authentication protocol for GSM MS VLRHLR Request(TMSI, LAI) IMSI n sets{RANDi,SRESi,K C } i RANDi SRESj Fig. Authentication protocol for GSM

5. 2. Lee, C.-C. ’s authentication protocol for GSM A3 Ki RAND A3 Ki TKiAuth_VLR m TKiAuth_VLR h equal RAND j A5 SRES A5 SRES m equal TT TKi MSHLR VLR yes No accept reject

6. 2. Lee, C.-C. ’s authentication protocol for GSM ( con’t ) MSVLRHLR Request(TMSI,LAI,T) VLR_ID, IMSI, T Auth_VLR h, RAND, TK i RAND, RAND 1, Auth_VLR h, T SRES m VLR

7. 3. Improve scheme (1) 在第一次做完 VLR 和 MS 的認證後，兩者同 時擁有 temporary key TK i VLR 再利用 TK i 和 timestamp T 產生 Auth_VLR h = A3( Tj, TK i ) VLR send Auth_VLR h 和 RAND j to MS MS: Auth_VLR m =A3( Tj, TK i ) 做 VLR 認證 SRES m = A5(RAND j, TK i ) send to VLR 做 MS 認證

8. 3. Improve scheme (1) MS VLR Request(TMSI, T j ) Auth_VLR h, RAND j, T j SRES m

9. 3. Improve scheme (2) MS 驗證 : VLR 利用 T j-1,T j and TK i 來產生 SRES = A5( T j-1 ||T j,TK i ) =>VLR 不必每次 generate random number VLR 驗證 : Auth_VLR h = A3( Tj, TK i )

10. 3. Improve scheme (2) phase-1 MSVLRHLR Request(TMSI,LAI,T) VLR_ID, IMSI, T Auth_VLR h, RAND, TK i RAND, Auth_VLR h, T SRES m VLR

11. 3. Improve scheme (2) phase-2 MSVLR Request(TMSI, SRES j, T j ) Auth_VLR h, T j

12. 4. Compare 只有第一次對 VLR 做認證而已 => 利用在第一次做完 VLR 和 MS 的認證後，兩者同時 擁有的 temporary key TK i 來產生產生 Auth_VLR h = A3( Tj, TK i ), 用以完成每次都有同時對 VLR 和 MS 做認 證 Improve MS 驗證 : VLR 利用 T j-1,T j and TK i 來產生 SRES = A5( T j-1 ||T j,TK i ) => VLR 不必每次 generate random number