Design of Umts Security

The 1st International Conference on Information Science and Engineering (ICISE2009) Design of a High Security GSM/UMTS Inter-system Zhang Lei1,2, Guo Shize1,2, Zheng Kangfeng1,2, Li Zhongxian 1 3 Key Laboratory of network and information attack & defence technology of MOE, Beijing University of Post and Telecommunications 2 Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Post and Telecommunications 3 National Cybernet Security Ltd, 100088 Beijing, China authentication mechanism in GSM and UMTS network. It is just a brief overview. For more details on the authentication mechanism, please refer to the GSM standard [1] and original 3GPP specification [2]. A. GSM authentication mechanism When Mobile Station (MS) access the network, the Mobile Services Switching Centre (MSC) requests GSM triples from the Home Location Register (HLR). HLR creates five triples which contain [1]: A 128-bit random challenge (RAND), a 32bit matching Signed Response (SRES), a 64-bit cipher key used as a Session Key (Kc). The HLR sends the MSC the five triples. The MSC sends the random challenge from the first triple to the Base Transceiver Station (BTS) which sends the random challenge to the MS. The MS receives the random challenge and encrypts it with Individual Subscriber Authentication Key (Ki) assigned to the MS. [1] The MS generates Kc with the Ki and the random challenge received from the BTS. After that, the MS sends the Kc to the BTS and the MSC sends the Kc to the BTS. The BTS verifies the Kc. If the Kc matches, the authentication completes successfully. B. UMTS authentication mechanism The commercial success of GSM network is partly owed to it’s security architecture. Therefore the 3GPP security group retain basic security features of GSM for UMTS network. 3GPP group also provides other security features. The UMTS Authentication and Key Agreement(AKA) is based on the assumption that the Authentication Centre(AUC) of the user’s home environment and the user’s USIM share a user specific secret key K, certain message authentication functions and certain key generating functions[3][5]. The AKA protocol consists of two procedures [3]: First, the home environment (HE) distributes authentication information to the Serving Network (SN). Second, authentication information exchange between the subscriber and the SN. After receiving an authentication information request, the HE generates an ordered array of authentication vectors which consists of five components: A random number RAND, an expected response Abstract— GSM and UMTS mobile radio network will coexist for a few years. Security of interoperation between GSM and UMTS becomes more important. This paper proposes a high security GSM/UMTS inter-system which supports all possible network roaming and provides high security service for both GSM and UMTS subscriber. The paper discusses the architecture of proposed system and authentication procedure in different network environment. The high security GSM/UMTS is efficient in GSM and UMTS coexistence environment in future through a comparison with previous GSM/UMTS inter-system. Keywords-GSM; UMTS; security; authentication; inter-system; handover; mobile communication I. INTRODUCTION Although UMTS radio network develops quickly and has been put into use in some countries, GSM radio network will exist for a long time. Interoperation of GSM and UMTS network will be a more important issue in the future. There are many security flaws in GSM mobile radio network while UMTS radio network provides users an increased level of security. In the place where GSM and UMTS network work together, security level of network maybe decreased to the same as GSM network. UMTS network users have security risk and maybe attacked by malicious people. Therefore, problem may arise when a UMTS subscriber tries to access GSM network, or when a GSM subscriber tries to register to a UMTS network. Security level of UMTS subscriber decrease to GSM subscriber level and GSM subscriber may not access to UMTS network. There should be some means and technological ways so that security is provided to users and network operators. For this purpose the present paper concentrates on the security aspects of GSM and UMTS network coexistence environment. We analyse GSM and UMTS security mechanism developed by the 3GPP group and proposed a new GSM and UMTS security inter-system model which offer high security for users and network operators. II. GSM AND UMTS AUTHENTICATION MECHANISM In this section, we will separately illustrate the 978-0-7695-3887-7/09 $26.00 © 2009 Crown Copyright 1703 the keys are then used by the ciphering and integrity functions in the MS and in the RNC[7]. In other words. the network identify the user type to provide corresponding service. Therefore the migration from GSM to UMTS. UMTS→ GSM handover: [9] When a UMTS subscriber accesses into GSM system. A HIGH SECURITY GSM/UMTS INTER-SYSTEM In order to improve the security level of users and network operators ， we design a high security mechanism in GSM/UMTS inter-system. c1：RAND[GSM]=RAND； c2：SRES[GSM]=XRES1⊕XRES2⊕XRES3⊕XRES4； c3：Kc[GSM]=CK1⊕CK2⊕IK1⊕IK2。 GSM→UMTS handover: [9] When a GSM subscriber accesses into UMTS system. provides UMTS subscribers UMTS-grade security in both GSM and UMTS network. a GSM subscriber have GSM-grade security even if in UMTS system. The UMTS subscriber can not judge the BTS authenticate information and may be easily deceived by false BTS. 2) Lack of authentication token: The challenge information used in UMTS system is protected against replay attack by the sequence number. The different types of network share the authentication information. Fig. If the AUTN(i)can be accepted. User 1704 . If they match. security level of handover between GSM and UMTS is reduced to GSM-grade. A. But there is no authentication token in GSM system. Certain conversion functions are specified to convert UMTS quintets into GSM triplets and vice versa. There are security flaws in the mechanism as follows: [10] 1) Lack of integrity-protected: In UMTS system the information is protected by integrity key. Authentication exchange complete successfully if the sequence number is within the right scope. The established keys CK(i) and IK(i) will then be transferred by the USIM to the mobile equipment and by the VLR (or SGSN) to the RNC. III. The USIM checks whether AUTN(i) can be accepted. The architecture concludes both GSM network and UMTS network. HANDOVER SECURITY IN GSM/UMTS INTER-SYSTEM It was guided by the principle that UMTS should have the maximal compatibility with GSM architecture. In this system. The authentication vectors are sent from the HE to the SN. GSM network tries to provide UMTS subscribers the high security feature. In an authentication exchange. coverage will be provided only in many isolate areas so that handover between UMTS and GSM will be needed frequently. and the handover between GSM and UMTS. should be made as easy as possible. several original GSM servers should be upgraded to support some UMTS function. GSM network makes a judgement in order to identify the user type. c4：CK[UMTS]=Kc||Kc； c5：IK[UMTS]=Kc1⊕Kc2||Kc||Kc1⊕Kc2 GSM and UMTS users can access each other system in this way which also brings out some security flaws in GSM/UMTS inter-system. following functions is used to get GSM triplets from UMTS quintets. A. Even UMTS users can only have low security level service. While the previous GSM/UMTS inter-system can only provides UMTS subscribers GSM-grade security in GSM network. The SN compares the received RES(i) with XRES(i). IV. CK and IK are computed through following function. GSM network provides GSM grade security services. 1: Hybrid Mobile Network Architecture Fig1 shows some architectural details in hybrid mobile network. the SN first selects the next (the i-th) authentication vector and sends the parameters RAND(i) and AUTN(i) to the user. The high security mechanism provides GSM subscribers GSM-grade security in both GSM and UMTS network. For GSM subscribers. Subscriber type judgement When a subscriber accesses to network. which can provide high security service. an integrity key IK and an authentication token AUTN. the USIM produces a response RES(i) which is sent back to the SN. the authentication exchange is successfully completed. B. The UMTS AKA protocol has been designed to adapt to roaming and handover cases between GSM and UMTS as smoothly as possible. But in GSM/UMTS inter-system. For UMTS subscribers. Current Handover mechanism in GSM/UMTS Inter-system In the initial years of UMTS. Security risk in Current Handover Mechanism The conversion of a GSM triplet to a UMTS quintet can only achieve GSM-grade security. 3) Lack of Mutual authentication: UMTS system provides mutual authentication between network and UMTS subscriber which prevents the false BTS attack. When UMTS subscriber accesses to GSM network. a cipher key CK. But in GSM system user can not authenticate the network.XRES. The USIM also computes CK(i) and IK(i). The UMTS subscriber information is not protected against replay attack when he accesses into GSM system. the network will identify the user as GSM subscriber. GSM network provides UMTS security service for UMTS subscriber. UMTS network uses normal UMTS protocol to communicate with UMTS subscriber. GSM network will run UMTS protocol to provide service for UMTS subscriber which can guarantee best user security. The network uses the specific function to convert triple to quintet. which can provide GSM subscriber GSM-grade security service. MSC sends RAND(i) and AUTN(i) to mobile station. then waits response from mobile station. Here we separately illustrate the four procedures. 2) For UMTS network. If the response is quintet. Details authentication procedure can be seen in GSM standard [1]. UMTS network gets users authentication information and uses the function[5] which converts GSM triple to UMTS quintet to provides GSM subscriber corresponding service. 2) UMTS subscriber access GSM network: After GSM network identifying UMTS subscriber. GSM AUC sends authentication information request to UMTS AUC and gets authentication vectors from it. With some equipment upgrade and UMTS authentication information like CK. 2) For UMTS network. Then GSM AUC sends authentication vectors to MSC which can use authentication vectors to implement mutual authentication and computation of CK. the network will identify the user as UMTS subscriber and perform UMTS protocol which provides full UMTS security service. In this way. GSM network needs to get authentication information from UMTS AUC to provide users corresponding security service. 3) GSM subscriber access UMTS network: When GSM subscriber access UMTS network in high security GSM/UMTS inter-system. 2: UMTS subscriber authentication procedure in GSM network Fig. VLR and so on. The service is GSM-grade mainly because of GSM mobile station’s low security capability. Authentication procedure There are four different authentication procedures when users access GSM/UMTS inter-system. GSM network uses normal GSM protocol to communicate with GSM subscriber without any changes. the network will identify the user as GSM subscriber. GSM subscriber Identify GSM subscriber UMTS VLR/SN UMTS AUC/HLR GSM AUC/HLR Authentication request Get authentication information from GSM AUC Authentication information request Authentication response GSM triples Generate GSM triples Authentication response GSM triples Store authentication vectors Select authentication vector RAND Authentication request RAND Compute SRES with Ki User authentication Response SRES and Kc Verify SRES and Kc Fig. 1) For GSM network.2 shows authentication procedure in detail when UMTS subscriber access GSM network in high security GSM/UMTS inter-system. If the response is triple. GSM network will provide UMTS-grade security service. authentication information and so on. the network will identify the user as UMTS subscriber. UMTS network will provide corresponding security service. then waits response. network provides two kinds of security service for GSM subscriber and UMTS subscriber. B. The network will provide subscriber the corresponding security service after getting authentication information from UMTS AUC. When UMTS subscribers access GSM network. Network information sharing Shared information includes user identity information. C. If the response is quintet. 3: GSM subscriber authentication procedure in UMTS network 1705 . network can also provides service for GSM subscriber and UMTS subscriber. 1) For GSM network. user position information. Here we use the second method. IK. IK and AUTN. 1) GSM subscriber access GSM network: GSM network performs normal GSM protocol to provide service for GSM subscribers. If the response is triple. Network information sharing between GSM and UMTS makes it convenient to provide high security service for users and saves equipment resources such as HLR. user status information. UMTS subscriber GSM VLR/MSC GSM AUC/HLR UMTS AUC/HLR Identify UMTS subscriber Authentication request Get authentication information from UMTS AUC Authentication information request Authentication response AV（1…n） Generate authentication Vectors AV（1…n） Authentication response AV（1…n） Store authentication vectors Select authentication vector AV(i) Authentication request RAND(i) | AUTN(i) Verify AUTN(i) Compute RES(i) User authentication Response RES(i) Compute CK(i) and IK(i) Compare RES(i) and XRES(i) Select CK(i) and IK(i) Fig. MSC sends mobile station the random challenge (RAND).type can be identified by user number and user authentication data. Authentication procedure when UMTS subscriber access GSM network is shown in detail in Fig3. of Communications and Multimedia Security CMS 2001. TABLE I USER SECURITY LEVEL IN DIFFERERT INTER-SYSTEM The system only provides GSM subscriber GSM-grade security service.102: “3G Security Architecture”. C. “Security for the core network of third generation mobile system. the system should provides higher security service through network. B. and the 111 Project (No. Kitsos. [3] 3GPP TS 33. “3G Security. Details authentication procedure can be seen in original 3GPP specification [2][4]. The system provides a security mechanism to deal with the situation when GSM subscriber access UMTS network and UMTS subscriber access GSM network. [8] K. December.09: “Digital cellular telecommunications system (Phase 2+). The system also has disadvantage. Schmitz. 2001 [4] 3GPP TS 33. “UMTS Security. GSM subscriber Previous GSM/UMTS inter-system High security GSM/UMTS inter-system GSM network UMTS network GSM network UMTS network GSM-grade GSM-grade GSM-grade GSM-grade UMTS subscriber GSM-grade UMTS-grade UMTS-grade UMTS-grade GSM/UMTS subscriber security level is shown in Table 1. Most of these security features will be introduced to the high security GSM/UMTS intersystem. Niemi. 2006. Roland Schmitz.[11] The system only provides GSM-grade security for GSM subscriber. September 2001. CONCLUSIONS A high security GSM/UMTS inter-system is presented in this paper.0). V. Peter Palensky. “Secure Interoperation Between 2G and 3G Mobile Radio Network.0. Sklavos and O. Security Architecture”.0. SECURITY ANALYSIS OF HIGH SECURITY GSM/UMTS INTER-SYSTEM The high security GSM/UMTS inter-system this paper proposed provides highest security service for GSM and UMTS subscriber. “3G Security.” Electronics and Communication Engineering Journal. The system provides GSM subscriber GSM security service because of the weak security capability of GSM mobile station. R. The comparison shows that the high security GSM/UMTS inter-system is efficient in future in GSM and UMTS coexistence environment.” Wireless Communications and Mobile Computing. G. The UMTS security feature is implemented in the whole GSM/UMTS network. P. Walter T. ACKNOWLEDGMENT This work is supported by National 863 (No. 4) UMTS subscriber access UMTS network: UMTS network performs normal UMTS protocol to provide service for UMTS subscribers. D. Release 4. Security Architecture. Penzhorn. [5] 3GPP TS 03.20 (9. VI. 1706 . Pütz. The system solves the security problem when UMTS user access GSM network. The system should update the new UMTS security features to provides better service for users. B08004). In this section. The security performance of high security GSM/UMTS inter-system is better than previous GSM/UMTS inter-system. we analyse the advantage and disadvantage of the system. REFERENCES [1] European Telecommunication Stand GSM02.2. Advantage of the system Compared with previous GSM/UMTS inter-system. Hardware upgrade of existing network is the first disadvantage of the system. The security level of GSM mobile station is not improved. The system solves the problem such as UMTS subscriber mutual authentication and integrity-protect in GSM network. and V.0. [11] Abdul Bais. It is efficient in terms of dealing with authentication procedure in different network environment. 608210001). The system supports all possible network roaming and provides high security service for users. UMTS SN uses the authentication vector to implement authentication procedure and can change GSM triples to UMTS quintets with the convert function if necessary. Work to be continue Work on the next UMTS release has continued which will introduce new security features. [10] P. 2007. 2001. “UMTS Security: system architecture and hardware implementation. [9] Stefan Putz. “Evaluation of UMTS security architecture and services” in proceedings of IEEE International Conference on industrial informatics 2006.1. Kröselberg. Boman. January. [7] Horn. Horn.102 V 4. National Natural Science Foundation of China (No.” 3G Mobile Communication Technologies Conference.0). 2000.” Proc.120 (4. Although the security capability of GSM mobile station is weak. Technical Specification Group Services and System Aspects. Release 7. [2] 3GPP Draft Technical Specification 33. Howard. March. UMTS AUC gets user authentication information from GSM AUC and sends it to UMTS SN.0). Disadvantage of the system The high security GSM/UMTS inter-system needs some hardware upgrade and authentication information sharing between GSM and UMTS network. The high security GSM/UMTS inter-system provides UMTS subscriber UMTS security service in whole GSM/UMTS network.. the high security GSM/UMTS inter-system provides UMTS subscriber high security service. [6] 3GPP TS 33. 3G Security. Security Principles and objectives”. N. S.102 (7. Security aspects”. Providing low security service for GSM subscriber is the second disadvantage of the system. 2007AA01Z430). A. “Security related network functions” Release 2000. October 2002. G. Koufopavlou.