GSM Presentation8 SIM and Security
SIM What i s a Su bscrib er Id ent ity Mod ul e ( SIM)? The Su bs cr ib er I denti ty Mod ul e (SI M) is a small sma rt card which contai ns both p rog ramm in g an d inf ormation . The A3 an d A 8 alg ori th ms are imp lemented i n th e Su bsc rib er Identi ty Mo dule (SI M). Sub scri ber informati on, such as the IMS I (I nte rnation al Mob ile Sub sc ri ber Id enti ty) , is stor ed in the Subscri ber Identity Mod ule (SIM). The Subscri ber Iden tity Mod ul e ( SIM) can be use d to store u serdef in ed inf ormatio n such as p hon ebook entr ies .
2
IMEI
International Mobile Equipment Identity
The IMEI (International Mobile Equipment Identity) is a unique 15-digit code used to identify an individual GSM mobile station to a GSM network. The IMEI is stored in the Equipment Identity Register (EIR). 3
IMEI Classifications The EIR stores three IMEI classifications:
White Valid GSM Mobile Stations Grey GSM Mobile Stations to be tracked Black Barred Mobile Stations 4
IMEI Format The format of an IMEI is AA-BBBB-CC-DDDDDD-E. AA Country Code BBBB Final Assembly Code CC Manufacturer Code DDDDDD Serial Number E Unused 5
IMSI
International Mobile Subscriber Identity
The IMSI (International Mobile Subscriber Identity) is a unique 15-digit code used to identify an individual user on a GSM network. The IMSI consists of three components: Mobile Country Code (MCC) Mobile Network Code (MNC) Mobile Subscriber Identity Number (MSIN) The IMSI is stored in the Subscriber Identity Module (SIM). 6
The first three digits of the IMSI form the mobile country code (MCC) and this is used to identify the country of the particular subscriber’s home network, i.e. the network with which the subscriber is registered. The next two digits of the IMSI form the mobile network code (MNC) and this identifies the subscriber’s home PLMN within the country indicated by the MCC. The remaining digits of the IMSI are the mobile subscriber identification number (MSIN) which is used to uniquely identify each subscriber within the context of their home PLMN. 7
MSISDN
MSISDN refers to the 15-digit number that is used to refer to a particular mobile station. The actual mobile no. starting from the country code The MSISDN is the subscriber's mobile number which is linked to the IMSI in the HLR. Once the Mobile Station's MSISDN has been used to identify the IMSI, the HLR verifies the subscription records to ensure that the call can be delivered to the last known location of the Mobile Station.
8
Security algorithms in GSM
3 algorithms specified in GSM
A3 for authentication (“secret”, open interface) A5 for encryption (standardized) A8 for key generation for ciphering (“secret”, open interface)
9
Ki, Kc, RAND, and SRES
Ki is the 128-bit Individual Subscriber Authentication Key utilized as a secret key shared between the Mobile Station and the Home Location Register of the subscriber's home network.
RAND is 128-bit random challenge generated by the Home Location Register.
SRES is the 32-bit Signed Response generated by the Mobile Station and the Mobile Services Switching Center.
10
Kc is the 64-bit ciphering key used as a Session Key for encryption of the over-the-air channel. Kc is generated by the Mobile Station from the random challenge presented by the GSM network and the Ki from the SIM utilizing the A8 algorithm.
11
How do Authentication and Key generation work in a GSM network? Encryption in the GSM network utilizes a Challenge/Response mechanism. The Mobile Station (MS) signs into the network. The Mobile Services Switching Center (MSC) requests 5 triples from the Home Location Register (HLR). The Home Location Register creates five triples utilizing the A8 algorithm. These five triples each contain: A 128-bit random challenge (RAND) A 32-bit matching Signed Response (SRES) A 64-bit ciphering key used as a Session Key (Kc). 12
Authentication Procedure
1. The MSC/VLR transmits the RAND to the MS. 2. The MS computes the signature SRES using RAND and the subscriber authentication key (Ki) through the A3 algorithm. 3. The signature SRES is sent back to MSC/VLR, which performs authentication, by checking whether, the SRES from the MS and the SRES from the AUC match. If so, the subscriber is permitted to use the network. If not, the subscriber is barred from network access.
13
14
Authentication can by operator’s choice be performed during: Each registration Each call setup attempt Location updating Before supplementary service activation and deactivation 15
Ciphering
The Mobile Station generates a Session Key (Kc) utilizing the A8 algorithm, the Individual Subscriber Authentication Key (Ki) assigned to the Mobile Station, and the random challenge received from the Base Transceiver Station. The Mobile Station sends the Session Key (Kc) to the Base Transceiver Station. 16
The Mobile Services Switching Center sends the Session Key (Kc) to the Base Transceiver Station. The Base Transceiver Station receives the Session Key (Kc) from the Mobile Services Switching Center. The Base Transceiver Station receives the Session Key (Kc) from the Mobile Station. The Base Transceiver Station verifies the Session Keys from the Mobile Station and the Mobile Services switching Center. 17
Encryption
The A5 algorithm is initialized with the Session Key (Kc) and the number of the frame to be encrypted. Over-the-air communication channel between the Mobile Station and Base Transceiver Station can now be encrypted utilizing the A5 algorithm. This process authenticates the GSM Mobile Station (MS) to the GSM network. 18
GSM - authentication SIM
mobile network Ki
RAND
128 bit
AC
RAND
128 bit
RAND
Ki
128 bit
128 bit
A3
A3 SIM
SRES* 32 bit
MSC
SRES* =? SRES
SRES SRES 32 bit
Ki: individual subscriber authentication key
32 bit
SRES
SRES: signed response
19
What algorithm is utilized for authentication in GSM networks?
The authentication algorithm used in the GSM system is known as the A3 algorithm. Most GSM network operators utilize a version of the COMP128 algorithm as the implementation of the A3 algorithm. 20
A3's task is to generate the 32-bit Signed Response (SRES) utilizing the 128-bit random challenge (RAND) generated by the Home Location Register (HLR) and the 128-bit Individual Subscriber Authentication Key (Ki) from the Mobile Station's Subscriber Identity Module (SIM) or the Home Location Register (HLR).
The A3 algorithm is implemented in the Subscriber Identity Module (SIM).
21
What algorithm is utilized for encryption in GSM networks?
The encryption algorithm used in the GSM system is a stream cipher known as the A5 algorithm. Multiple versions of the A5 algorithm exist which implement various levels of encryption. The stream cipher is initialized with the Session Key (Kc) and the number of each frame.
22
The same Session Key (Kc) is used as long as the Mobile Services Switching Center (MSC) does not authenticate the Mobile Station again. In practice, the same Session Key (Kc) may be in use for days.
The A5 algorithm is implemented in the Mobile Station (MS). 23
What algorithm is utilized for key generation in GSM networks?
The key generation algorithm used in the GSM system is known as the A8 algorithm.
Most GSM network operators utilize the a version of the COMP128 algorithm as the implementation of the A8 algorithm.
A8's task is to generate the 64-bit Session Key (Kc), from the 128-bit random challenge (RAND) received from the Mobile Services Switching Center (MSC) and from the 128-bit Individual Subscriber Authentication Key (Ki) from the Mobile Station's Subscriber Identity Module (SIM) or the Home Location Register (HLR). 24
One Session Key (Kc) is used until the MSC decides to authenticate the MS again. This might take days.
A8 actually generates 128 bits of output. The last 54 bits of those 128 bits form the Session Key (Kc). Ten zero-bits are appended to this key before it is given as input to the A5 algorithm.
The A8 algorithm is implemented in the Subscriber Identity Module (SIM).
25
TMSI / TIMSI The TIMSI (Temporary IMSI) is a pseudo-random number generated from the IMSI (International Mobile Subscriber Identity) number.
The TIMSI is utilized in order to remove the need to transmit the IMSI over-the-air. This helps to keep the IMSI more secure. To track a GSM user via the IMSI/TIMSI, an eavesdropper must intercept the GSM network communication where the TIMSI is initially negotiated. In addition, because the TIMSI is periodically renegotiated, the eavesdropper must intercept each additional TIMSI re-negotiation session.
26
The "Temporary Mobile Subscriber Identity" (TMSI) is the identity that is most commonly sent between the mobile and the network. TMSI is randomly assigned by the VLR to every mobile in the area, the moment it is switched on. The number is local to a location area, and so it has to be updated, each time the mobile moves to a new geographical area. 27
The network can also change the TMSI of the mobile at any time. And it normally does so, in order to avoid the subscriber from being identified, and tracked by eavesdroppers on the radio interface. This makes it difficult to trace which mobile is which A key use of the TMSI is in paging a mobile 28
Subscriber Identity Confidentiality
Subscriber identity confidentiality means that the IMSI is not disclosed to unauthorized individuals, entities or processes. This function protects a subscriber’s identity when the subscriber is using PLMN resources. It also prevents tracing the mobile subscriber’s location by listening to the signaling exchanges on the radio path. 29
Subscriber Identity Confidentiality contd..,
Each time a mobile station requests a system procedure (e.g. location updating, call attempt), the MSC/VLR can allocate a new TMSI to an IMSI. The MSC/VLR transmits the TMSI to MS that stores it on the SIM card. Signaling between MSC/VLR and MS utilizes only the TMSI from this point on. IMSI is only used in cases when location updating fails or when the MS has no allocated TMSI. 30
SIM Fe at ures
Must be tamper-resistant Is removable from the terminal Contains all data specific to the end user which have to reside in the Mobile Station: IMSI: International Mobile Subscriber Identity (permanent user’s identity) PIN TMSI (Temporary Mobile Subscriber Identity) K : User’s secret key i List of the last call attempts List of preferred operators Supplementary service data (abbreviated dialing, last short messages received,...) 31