SIM and Security

GSM Presentation8

2

SIM

What is a Subscriber Identity Module (SIM)?

The Subscriber Identity Module (SIM) is a small smart card which contains both programming and information.

The A3 and A8 algorithms are implemented in the Subscriber Identity Module (SIM).

Subscriber information, such as the IMSI (International Mobile Subscriber Identity), is stored in the Subscriber

Identity Module (SIM).

The Subscriber Identity Module (SIM) can be used to store user-defined information such as phonebook entries.

3

IMEI

International Mobile Equipment Identity

The IMEI (International Mobile Equipment Identity) is a unique 15-digit code used to identify an individual GSM mobile station to a GSM network.

The IMEI is stored in the Equipment Identity Register (EIR).

4

IMEI ClassificationsThe EIR stores three IMEI

classifications:

White Valid GSM Mobile Stations Grey GSM Mobile Stations to be

tracked Black Barred Mobile Stations

5

IMEI FormatThe format of an IMEI is

AA-BBBB-CC-DDDDDD-E. AA Country Code BBBB Final Assembly Code CC Manufacturer Code DDDDDD Serial Number E Unused

6

IMSI International Mobile Subscriber Identity

The IMSI (International Mobile Subscriber Identity) is a unique 15-digit code used to identify an individual user on a GSM network.

The IMSI consists of three components: Mobile Country Code (MCC) Mobile Network Code (MNC) Mobile Subscriber Identity Number (MSIN)

The IMSI is stored in the Subscriber Identity Module (SIM).

7

The first three digits of the IMSI form the mobile country code (MCC) and this is used to identify the country of the particular subscriber’s home network, i.e. the network with which the subscriber is registered.

The next two digits of the IMSI form the mobile network code (MNC) and this identifies the subscriber’s home PLMN within the country indicated by the MCC.

The remaining digits of the IMSI are the mobile subscriber identification number (MSIN) which is used to uniquely identify each subscriber within the context of their home PLMN.

8

MSISDN MSISDN refers to the 15-digit number that is

used to refer to a particular mobile station. The actual mobile no. starting from the

country code The MSISDN is the subscriber's mobile

number which is linked to the IMSI in the HLR.

Once the Mobile Station's MSISDN has been used to identify the IMSI, the HLR verifies the subscription records to ensure that the call can be delivered to the last known location of the Mobile Station.

9

Security algorithms in GSM

3 algorithms specified in GSM A3 for authentication (“secret”, open

interface) A5 for encryption (standardized) A8 for key generation for ciphering

(“secret”, open interface)

10

Ki, Kc, RAND, and SRES

Ki is the 128-bit Individual Subscriber Authentication Key utilized as a secret key shared between the Mobile Station and the Home Location Register of the subscriber's home network.

RAND is 128-bit random challenge generated by the Home Location Register.

SRES is the 32-bit Signed Response generated by the Mobile Station and the Mobile Services Switching Center.

11

Kc is the 64-bit ciphering key used as a Session Key for encryption of the over-the-air channel.

Kc is generated by the Mobile Station from the random challenge presented by the GSM network and the Ki from the SIM utilizing the A8 algorithm.

12

How do Authentication and Key generation work in a GSM network?

Encryption in the GSM network utilizes a Challenge/Response mechanism.

The Mobile Station (MS) signs into the network. The Mobile Services Switching Center (MSC)

requests 5 triples from the Home Location Register (HLR).

The Home Location Register creates five triples utilizing the A8 algorithm. These five triples each contain:

A 128-bit random challenge (RAND) A 32-bit matching Signed Response (SRES) A 64-bit ciphering key used as a Session Key (Kc).

13

Authentication Procedure 1. The MSC/VLR transmits the RAND to the MS. 2. The MS computes the signature SRES using

RAND and the subscriber authentication key (Ki) through the A3 algorithm.

3. The signature SRES is sent back to MSC/VLR, which performs authentication, by checking whether, the SRES from the MS and the SRES from the AUC match.

If so, the subscriber is permitted to use the network. If not, the subscriber is barred from network access.

14

15

Authentication can by operator’s choice be performed during:

Each registration Each call setup attempt Location updating Before supplementary service

activation and deactivation

16

Ciphering The Mobile Station generates a Session

Key (Kc) utilizing the A8 algorithm, the Individual Subscriber Authentication Key (Ki) assigned to the Mobile Station, and the random challenge received from the Base Transceiver Station.

The Mobile Station sends the Session Key (Kc) to the Base Transceiver Station.

17

The Mobile Services Switching Center sends the Session Key (Kc) to the Base Transceiver Station.

The Base Transceiver Station receives the Session Key (Kc) from the Mobile Services Switching Center.

The Base Transceiver Station receives the Session Key (Kc) from the Mobile Station.

The Base Transceiver Station verifies the Session Keys from the Mobile Station and the Mobile Services switching Center.

18

Encryption The A5 algorithm is initialized with

the Session Key (Kc) and the number of the frame to be encrypted.

Over-the-air communication channel between the Mobile Station and Base Transceiver Station can now be encrypted utilizing the A5 algorithm.

This process authenticates the GSM Mobile Station (MS) to the GSM network.

19

GSM - authentication

A3

RANDKi

128 bit 128 bit

SRES* 32 bit

A3

RAND Ki

128 bit 128 bit

SRES 32 bit

SRES* =? SRES SRES

RAND

SRES32 bit

mobile network SIM

AC

MSC

SIM

Ki: individual subscriber authentication key SRES: signed response

20

What algorithm is utilized for authentication in GSM networks?

The authentication algorithm used in the GSM system is known as the A3 algorithm.

Most GSM network operators utilize a version of the COMP128 algorithm as the implementation of the A3 algorithm.

21

A3's task is to generate the 32-bit Signed Response (SRES) utilizing the 128-bit random challenge (RAND) generated by the Home Location Register (HLR) and the 128-bit Individual Subscriber Authentication Key (Ki) from the Mobile Station's Subscriber Identity Module (SIM) or the Home Location Register (HLR).

The A3 algorithm is implemented in the Subscriber Identity Module (SIM).

22

What algorithm is utilized for encryption in GSM networks?

The encryption algorithm used in the GSM system is a stream cipher known as the A5 algorithm.

Multiple versions of the A5 algorithm exist which implement various levels of encryption.

The stream cipher is initialized with the Session Key (Kc) and the number of each frame.

23

The same Session Key (Kc) is used as long as the Mobile Services Switching Center (MSC) does not authenticate the Mobile Station again. In practice, the same Session Key (Kc) may be in use for days.

The A5 algorithm is implemented in the Mobile Station (MS).

24

What algorithm is utilized for key generation in GSM networks?

The key generation algorithm used in the GSM system is known as the A8 algorithm.

Most GSM network operators utilize the a version of the COMP128 algorithm as the implementation of the A8 algorithm.

A8's task is to generate the 64-bit Session Key (Kc), from the 128-bit random challenge (RAND) received from the Mobile Services Switching Center (MSC) and from the 128-bit Individual Subscriber Authentication Key (Ki) from the Mobile Station's Subscriber Identity Module (SIM) or the Home Location Register (HLR).

25

One Session Key (Kc) is used until the MSC decides to authenticate the MS again. This might take days.

A8 actually generates 128 bits of output. The last 54 bits of those 128 bits form the Session Key (Kc). Ten zero-bits are appended to this key before it is given as input to the A5 algorithm.

The A8 algorithm is implemented in the Subscriber Identity Module (SIM).

26

TMSI / TIMSI

The TIMSI (Temporary IMSI) is a pseudo-random number generated from the IMSI (International Mobile Subscriber Identity) number.

The TIMSI is utilized in order to remove the need to transmit the IMSI over-the-air. This helps to keep the IMSI more secure.

To track a GSM user via the IMSI/TIMSI, an eavesdropper must intercept the GSM network communication where the TIMSI is initially negotiated.

In addition, because the TIMSI is periodically renegotiated, the eavesdropper must intercept each additional TIMSI re-negotiation session.

27

The "Temporary Mobile Subscriber Identity" (TMSI) is the identity that is most commonly sent between the mobile and the network.

TMSI is randomly assigned by the VLR to every mobile in the area, the moment it is switched on.

The number is local to a location area, and so it has to be updated, each time the mobile moves to a new geographical area.

28

The network can also change the TMSI of the mobile at any time.

And it normally does so, in order to avoid the subscriber from being identified, and tracked by eavesdroppers on the radio interface. This makes it difficult to trace which mobile is which

A key use of the TMSI is in paging a mobile

29

Subscriber Identity Confidentiality

Subscriber identity confidentiality means that the IMSI is not disclosed to unauthorized individuals, entities or processes.

This function protects a subscriber’s identity when the subscriber is using PLMN resources.

It also prevents tracing the mobile subscriber’s location by listening to the signaling exchanges on the radio path.

30

Subscriber Identity Confidentiality contd..,

Each time a mobile station requests a system procedure (e.g. location updating, call attempt), the MSC/VLR can allocate a new TMSI to an IMSI.

The MSC/VLR transmits the TMSI to MS that stores it on the SIM card.

Signaling between MSC/VLR and MS utilizes only the TMSI from this point on.

IMSI is only used in cases when location updating fails or when the MS has no allocated TMSI.

31

SIM Features

Must be tamper-resistant Is removable from the terminal Contains all data specific to the end user which

have to reside in the Mobile Station: IMSI: International Mobile Subscriber Identity

(permanent user’s identity) PIN TMSI (Temporary Mobile Subscriber Identity) Ki : User’s secret key List of the last call attempts List of preferred operators Supplementary service data (abbreviated

dialing, last short messages received,...)