The first digital cellular technology is known as Interim Standard 95 (IS- 95) which was introduced by Qualcomm. It is a 2G Mobile Tellecommunication Standard that use CDMA technology which has multiple access scheme for digital radio, to send voice, data, and signalling.
Today many of the CDMA subscribers use Removeable User Identity Module or RUIM card inside their Mobile Phones. RUIM Card hold data those needed by subscriber to be authenticated into the network. Authentication is process to validate subscribers that done by the network. Just like if you go back home from a long vacation in the midnight, maybe your parrents, or your wife will ask you some questions to you before they really sure that it is really you and then let you in.
Subscriber Authentication
IMSI_M is an MIN based IMSI which uses the lower 10 digits to store the MIN. IMSI_M is used in IS-95A system. IMSI_M is a true IMSI which similar to IMSI for GSM which used in IS-95B system. In the authentication process if IMSI_M is personalized, the "MIN" part of IMSI_M will be used as parameter input for authentication calculation. Together with A-Key and RANDSSD, ESN is input for CAVE Algorithm (Cellular Authentication and Voice Encryption)
to generate 128 bit SSD (Shared Secret Data). SSD has two parts which is 64 bit SSD_A for creating authentication signatures, and 64 bit SSD_B for creating keys to encrypt voice and data message.
In CDMA network, the Mobile Station use SSD_A and the broadcast RAND as input for CAVE Algorithm to generate 18 bit Authentication Signature (AUTH_SIGNATURE), and send it to the Base Station. Base on this Authentication Signature, the Base Station will verify that the subscriber is authorized.
If IMSI_T is personalized, the 32 bit subset of IMSI_T will be used for authentication. IMSI is usually 15 digits long.
The following data is the minimum requirement for a RUIM card to be authenticated into the network :
IMSI_M, International Mobile Subscriber Identifier
MIN based IMSI, using the lower 10 digits to store MIN. Mobile Identification Number (MIN) it self is 34 bit number of digital representation of 10 bit number that assigned to a Mobile Phone.
IMSI_T
This is the true IMSI no associated with MIN. Just like IMSI in GSM system it contain 15 digits or fewer.
CDMA Home SID/ NID, System ID/ Network ID
This 5 bytes identifies SID and NID when the Mobile Station operates in CDMA mode. This is a unique number to identify a network in a wireless system.
PRL (Preferred Roaming List)
PRL is a database used during the CDMA Subscriber authentication into the network. It contain additional parameters such as bands, sub bands, and network provider identifier.
A-Key
A-Key is a 64 bit key stored in the RUIM and HLR/ AuC. It's used to generate or update Mobile Phone's Shared Secret Data.
References :
3GPP2 C.S0023-C, Removeable User Identity Module for Spread Spectrum System, Version 1.0, May 2006
www.gsm-security.net
Jumat, 25 April 2008
Selasa, 01 April 2008
GSM Authentication
Most of us have been very familiar with a gagdet named Mobile Phone, or many of us called it Hand Phone (well of course you have to grab your phone with your hand, not with your feet), or Cellular Phone. Also most of us have been very familiar with the Cellular Services those provided using our Cell Phone such SMS, HSDPA, Video Call, etc.
But have we ever wonder, how our Cell Phone can be authenticated, and log-on to the cellular network, and your cellular operator Logo displayed ? Well authetication process in GSM Network follow several steps below :
Mobile Phone turned on, of course you have to turned it on first.
Mobile Service Switching Center (MSC) requests 5 tripples from the Home Location Register (HLR). HLR creates 5 tripples using A8 algorithm. These 5 tripples each contain a 128 bit Random Challenge (RAND), a 32 bit matching Signed Response (SRES), and a 64 bit chipering key used as Session Key (Kc).
HLR sends 5 tripples to MSC. MSC sends 5 tripples to the Base Transceiver Station (BTS). BTS sends RAND to the Mobile Phone.
Mobile Phone receives RAND from BTS and pass it to SIM Card using RUN GSM ALGORITHM command. As a calculation result, SIM Card return the SRES and Kc value. SRES Kc passed to the Mobile Phone. Kc will be kept for any future enchiphered communication. Subscriber Authentication Key (Ki) is used in this process. Ki used as one input parameter in A3 algorithm which authenticate Mobile Phone to the network, and for A8 algorithm calculation to generate the encryption key.
Mobile Phone sends SRES to BTS, and SRES forwarded to MSC. MSC receive SRES and verify it. This verification process provide authentication.
Terms
A3, authentication algorithm. Used for authenticating the subscriber.
A8, chiper key algorithm. Used to generate Kc.
A5, chiper algorithm. Used to enchipering/ dechipering data.
HLR, Home Location Register. An entity of GSM Network which handling database contain subscriber data that authorized to authentication to the network. HLRs are devided based on each area.
Ki, Subscriber Authentication Key, a 128 bit key stored inside SIM card. Used as one input parameter for authentication and chiper key algorithm.
MSC, Mobile Service Switching Center. An entity of GSM Network that responsible to handling voice call and SMS.
RAND, Random Challenge, a 128 bit value result from A8 algorithm calculation that provided by MSC
SRES, Signed Respond. A 32 bit value that provided by MSC as a result of A8 algorithm calculation.
References :
3GPP TS11.11 Digital Cellular Tellecommunication System ( Phase 2+ ) Specification of Subscriber Identity Module - Mobile Equipment Interface, version 8.14.0, release 1999.
www.gsm-security.net
But have we ever wonder, how our Cell Phone can be authenticated, and log-on to the cellular network, and your cellular operator Logo displayed ? Well authetication process in GSM Network follow several steps below :
Mobile Phone turned on, of course you have to turned it on first.
Mobile Service Switching Center (MSC) requests 5 tripples from the Home Location Register (HLR). HLR creates 5 tripples using A8 algorithm. These 5 tripples each contain a 128 bit Random Challenge (RAND), a 32 bit matching Signed Response (SRES), and a 64 bit chipering key used as Session Key (Kc).
HLR sends 5 tripples to MSC. MSC sends 5 tripples to the Base Transceiver Station (BTS). BTS sends RAND to the Mobile Phone.
Mobile Phone receives RAND from BTS and pass it to SIM Card using RUN GSM ALGORITHM command. As a calculation result, SIM Card return the SRES and Kc value. SRES Kc passed to the Mobile Phone. Kc will be kept for any future enchiphered communication. Subscriber Authentication Key (Ki) is used in this process. Ki used as one input parameter in A3 algorithm which authenticate Mobile Phone to the network, and for A8 algorithm calculation to generate the encryption key.
Mobile Phone sends SRES to BTS, and SRES forwarded to MSC. MSC receive SRES and verify it. This verification process provide authentication.
Terms
A3, authentication algorithm. Used for authenticating the subscriber.
A8, chiper key algorithm. Used to generate Kc.
A5, chiper algorithm. Used to enchipering/ dechipering data.
HLR, Home Location Register. An entity of GSM Network which handling database contain subscriber data that authorized to authentication to the network. HLRs are devided based on each area.
Ki, Subscriber Authentication Key, a 128 bit key stored inside SIM card. Used as one input parameter for authentication and chiper key algorithm.
MSC, Mobile Service Switching Center. An entity of GSM Network that responsible to handling voice call and SMS.
RAND, Random Challenge, a 128 bit value result from A8 algorithm calculation that provided by MSC
SRES, Signed Respond. A 32 bit value that provided by MSC as a result of A8 algorithm calculation.
References :
3GPP TS11.11 Digital Cellular Tellecommunication System ( Phase 2+ ) Specification of Subscriber Identity Module - Mobile Equipment Interface, version 8.14.0, release 1999.
www.gsm-security.net
Langganan:
Postingan (Atom)