Abstract
In this paper we are going to discuss the about the various security issues such as mutual authentication, key freshness, data integrity, strong encryption and confidentiality. These facts are enhanced in the 3G networks, since they are considered as flaws in the 2G networks. We are going to analyse the various factors adopted and the various functions added to overcome these issues.
Introduction
Mobile communication has been on the leap over the last two decades enhancing communication and business among the people to very large extent thereby making life sophisticated. Security has been one major concern when it comes to mobile communication.
The first generation mobile communication used just a serial number to establish a connection, which had a serious security overhead that the serial number can be intruded by the intruder during signalling in the air interface.[]
The Global System for Mobile communication (GSM) which squeezed from the roots of first generation came up with an enhanced security structure compared with the 1G.The GSM had made a rapid development over the few years and it is the most widely spread mobile technology across the globe.
The GSM has an enhanced security feature than the 1G in a way that the Authentication and Key Agreement (AKA) is confined to the home network (HN) and the mobile station (MS) and the serving network (SN) need not have the overhead of having the secret key of the mobile station. The home network then generates vector called triplets and sends it to the serving network which is then used by the server network to authenticate the mobile station [27]. Though GSM being the most widely spread mobile network technology and on top of all its advantages over 1G it has its own disadvantages in security which we discuss in the topics below.
This paper discusses the enhancement in security concerns implied in UMTS. In UMTS it is mutual authentication where both the mobile station (MS) as well as the serving network (SN) is authenticated. The UMTS AKA uses one sequence number in the home network and the other in the mobile station by which the key freshness is maintained and rectifies replay attacks. UMTS uses a 128-bit secret key for authentication and integrity algorithms. Data integrity in the air interface is an added advantage of UMTS where the intruder cannot intrude the signalling message thereby it prevents the impersonation and false base station attacks. UMTS also have enhanced cryptographic primitives when compared to GSM and these are discussed in the ETSI algorithms [2] [3].
So in this paper we are going to discuss first how a UMTS AKA and connection set-up takes place and then we discuss on how the various security enhancements such as data integrity and confidentiality is achieved in the access link.
DRAWBACKS IN 2G:
The serving network authenticates the mobile station but no authentication is performed on the serving network and hence lack of mutual authentication. The authentication protocol does not provide key freshness and this may lead to replay attacks [on the security]. GSM uses A5/1 and A5/2 algorithms and most of the GSM mobile phones today use these algorithms. Many security threats are thrown on the A5/1 and A/5 in the recent past [16], [17], [18], [21], [22].Strength of encryption is another drawback the problem here occurs with the size of the cipher key. The cipher key is 64 bit and this also has a considerable effect in reducing the strength of encryption in the GSM network [20]. There is lack of integrity the GSM network, where the intruder can intrude the signalling message which leads to false base station attacks and eavesdropping [28].
Enhancements in 3G from 2G:
The enhancements made in the 3G rectify the flaws in the 2G thereby providing mutual authentication, key freshness, data integrity and data confidentiality. The enhancements made in the 3G from the identified flaws of the 2G need to keep in mind the security principles which are defined.
3G Security principle's: [101]
The 3G system should be built on top of 2G by maintaining the basic GSM functionalities which have proved to me mandatory and robust.
The security features which were considered as drawbacks in 2G will be rectified.
New security structures to be built for the new features the 3G provides.
Authentication and key agreement (AKA) in UMTS and connection setup:
The UMTS AKA has its roots from the GSM. It uses a 128 bit secret key for authentication between the MS and the HN and for the generating the cipher and integrity keys as well. The procedure in UMTS AKA and the connection setup is discussed below.
MS RNC VLR/MSC HLR/HN
RRC connection setup
TMSI TMSI FAILURE
TMSI (user id request)
Sends TMSI (user id response)
Auth data request
Auth data response
(Quintets)
RAND & AUTH
(user data request)
Auth verification
RES
(Auth response)
XRES=RES?
Security mode command (UIA's, UEA's, CK, IK)
----Start of integrity--
Security mode command (UIA, UEA, Security capability)
Start Integrity Protection
Security mode complete
----Verify received message---
Security mode complete (Selected UIA and UEA)
Fig 1
The connection setup process is initiated when the Radio Network Controller and the mobile station makes a RRC connection. The mobile station then contacts the VLR/MSC by sending its TMSI. The VLR/MSI checks for the TMSI and if the id is resolved it goes on further else it requests the mobile station for the IMSI. The mobile station then sends a response and its unique id the IMSI on request. The VLR/MSC then sends an authentication data request message to the HLR/HN. The HLR then sends the authentication data response with the quintets which contain the RAND, XRES, CK, IK and AUTN. These five entities are contained in each quintet. RAND is a random number, XRES is the expected response used for the authentication of the mobile station, and CK and IK are the cipher and integrity keys respectively. AUTN is responsible for maintaining the SQNHN which is responsible for authentication freshness and the MAC for the authentication process of the home network to the mobile station. The VLR then sends the respective RAND and AUTN for the selected quintet. The mobile station then checks for the MAC from the AUTN and if the MAC is not resolved the MS sends a synchronization failure message to the VLR/MSC else it authenticates by sending authentication response RES after computation. In this way both the mobile station as well as the home network is being authenticated. This is known as mutual authentication The VLR then compares the RES with the XRES got from the quintet. If both are same then this marks the completion of AKA. The VLR then sends the algorithm choices RNC along with the CK and IK. The RNC then chooses the desired algorithm and sends it in security mode command message and this message is integrity protected by IK [99] .The MS then verifies and if it is ok it responds with the security mode complete message. USIM also contains CK and IK, it transfers them to the blocks which perform the cipher and integrity functions at the user end [100].
QUINTET CREATION:
The quintet is created in the HLR/HE when the VLR initializes the connection and sends a request to the HLR. The key freshness is obtained by the SQNHE which is stored in a SQN counter. The challenge RAND is generated randomly. The MAC is generated using the message authentication function and is given by MAC=f1K (SQN||RAND||AMF). The expected response XRES is given by f2K (RAND), where f2K may be a slightly shrunk form of the message authentication function. The cipher CK is generated using the key generation function f3k and is given by CK=f3k (RAND). The integrity key IK is generated using the key generation function f4k and is given by IK=f4k (RAND). If the SQN is concealed by the anonymity key, then f5k is used and the anonymity key is given by AK=f5k (RAND). The AUTN token consists of AUTN = SQN [ïƒ…ï€ AK] || AMF || MAC .Once the quintet is sent from the HLR the SQNHE counter is updated. [100]
Ciphering and data integrity basics:
The integrity and ciphering starts with the security mode command message. Initially during the RRC connection setup as shown in fig. 1 the MS sends its capabilities for integrity protection and ciphering and the various algorithms it supports. This message is integrity protected as well and since there was no use of the integrity key at that time it is stored for future use. Hence at the point security mode command the VLR knows the capabilities of the MS, so it selects the UIA and UEA to be used. If they match then they are used else the connection is released. The integrity algorithm used is UIA1 and ciphering algorithms UEA0, UEA1 and UEA2 are used for ciphering.UEA0 is equivalent to no ciphering [102].UEA1,UIA1 is obtained from the KASUMI algorithm [7][8] and UEA2,UIA2 from the SNOW 3G algorithm [2][12]. The above mentioned algorithms for both the security issues are nothing but the variants of the functions f8 and f9 used for data confidentiality and integrity respectively.
DATA CONFIDENTIALITY:
Data confidentiality is the fact to prevent the data from being overheard on the radio interface. The agreement for the cipher key is made by the MS and the SN during the AKA procedure.f8 is the user encryption function used which contains the UEA1 and UEA2.f8 is located in the mobile equipment and the RNC. Encryption takes place in the RLC sub-layer or in the MAC sub-layer and if the bearer of the radio interface is in the non transparent mode then ciphering takes place in the RLC sub layer and if it is in the transparent mode then ciphering takes place in the MAC sub-layer. The process which the f8 performs in encrypting and decrypting the user's signalling data is shown below. [ ]
Fig 2[ ] encryption and decryption of user signalling data
The above figure shows 4 inputs along with the CK to the key stream generator. COUNT is the time dependent value, BEARER is the radio bearer's id, DIRECTION represents the direction in which the transmission takes place and LENGTH is nothing but the length of the key stream i.e. the bit length. The f8 algorithm gets the above defined entities as inputs along with the senders cipher key (CK) and generates the key stream block. The key stream is then made XOR with the plain text thereby producing cipher text. On the receiver side the cipher text is decrypted and plain text is achieved using the same key stream block using the same inputs. In this way data confidentiality is achieved in the UMTS.
DATA INTEGRITY:
Data integrity is another important enhancement made in UMTS. f9 algorithm is used to provide integrity of the signalling data. The objective of data integrity is that absolute security has to be provided such that the {message, MAC} pair should not be unveiled and the intruder should not annex the MAC and make changes and no duplication should take place to the message after padding. [ ]
Fig 3[ ] shows the derivation of MAC on the signalling message
The f9 algorithm is confined to the RNC and the ME. The f9 algorithm gets 3 inputs apart from the integrity key. The MESSAGE is nothing but the signalling data. COUNT is the tine dependent parameter and the key stream should be initialized with it and this prevents the replay during connection. FRESH is a random number and this avoids the user from replay of old MAC-I's and confirms the message on the network side, since the integrity key might be the same.RNC generates the FRESH.[] This prevents the false base station and impersonation attacks.
