03_ 2G-3G Authentication With SIM Cards_2003

8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003

1/19

2G/3G Authentication withSIM cards:usage & roaming basics for

the Internet challenged

Michael HaberlerInternet Foundation Austria


2/19

outline a SIM card mini-tutorial

features, protocol flow, usage, production, addressing UMTS authentication and key agreement

principles and protocol flow

the universal integrated circuit card (UICC) USIM app

how 2G, 3G roaming works

over the air (OTA) loading of UICC apps example: X.509 certificate download

(U)SIMs and Internet access authentication

how SIMs and RADIUS roaming works

(U)SIMs and SIP authentication

what the SIP server does

How the parameter logistics works

a bonus business model thrown in

summary


3/19

whats a 2G SIM card crypto smart card as per ISO 7816

access protected by a PIN code(s) (card holder verification)

fixed storage of subscriber identityIMSI (international mobilesubscriber identity)GSM MAC address

E.164 number to IMSI mapping at the operator only safe storage for shared secret - accessible only through CHAP

operation not broken as of today except for most stupid CHAP algorithm known

CHAP algorithm in hardware

operator chooses algorithm tree structured filesystem

stream, record, cyclic record files

can be readonly, read/write or none at all (for the key)

some permission hierarchy


4/19

how are SIM cards produced unprogrammed chips are personalized and closed

(parameters written & sealed)

mass product - $5-$7 apiece at 1000+ GEMplus, Giesecke & Devrient ....

everybody can have SIMs made even Mom&Pop ISP

not everybody may roam with other cellular operators

use the GSM algorithm A3/A8 you wouldnt want it anyway

must be member of GSM association for that

having your own algorithm in a chip mask is a circa$50K+ affair

for testing & development unprogrammed castratedchips used (XOR algorithm for CHAP...)


5/19

how are (U)SIM cards accessed

2G, 3G use builtin reader in the mobile handset

for Internet use: maybe builtin in PDA, PC (e.g.DELL)

external USB token20$ apiece

re-use a mobile SIM card via Bluetooth SIG SIM AccessProfile (only if roaming against 2G/3G operator)

read 3G (U)SIM Security Reuse by PeripheralDecices on local interfaces contains some threatanalysis


6/19

SIM usage in 2G authentication

2G GSM

handset

keys

access requestpresent IMSI

present challenge (RAND)

send RESP (challenge response)

Authentication

Center

shared secret


7/19

IMSI structureMCC MNC MSIN

IMSI

MCC MobileCountryCode

Three

digits

Twotothree

digits

Maximumof ten

digits

Maximumof fifteendigits

MCC/MNC uniquely designates an operator and his authentication center

when roaming, MCC/MNC tells the visiting network where to route theauthentication request

this is done via SS7 MAP (mobile application part)


8/19

what is OTA (over the air) loading?

SIM cards are writable by mobile equipment if authenticated to network

if instructed by operator over the air

if file/directory is writable

example: ISIM X.509 certificate bootstrap AKA authenticated:

let user visit PKI portal

download certificates through HTTP/Digest mechanism

certificates are stored in record structured files, as ar CA certifcates

The Air can also be an IP connection

download of executable applets possible

SIM Toolkit, USAT (USIM Application toolkit) bytecode instructions sent encrypted by 3DES, stored on card

regularly used in 2G networks todayfor functionality upgrades& parameter download


9/19

UMTS authentication and key

agreement (AKA)

substantially improved over 2G SIM

protection against replay, MITM attacks sports also network-to-user authentication

more complex algorithm

compatibility functions 2G network/3Gcard, 3G network/2G card


10/19

3G AKA authentication flow

3G UMTS

handset

keys

access requestpresent IMSI

challenge RAND || AUTN token

send RESP (challenge response)

Authentication

Center

shared secret,Sequence numbersresult:

Cipher keyIntegrity key


11/19

whats the universal integrated

circuit card (UICC) about generic support mechanism for multiple

applications on one card

2G,3G authentication become applicationsselected as needed USIM application implements AKA

2G SIM app implements 2G CHAP

additional apps possible (ISIM, PKI certificatestorage etc)

ISIM is pretty close to SIP client needs!!

mobile equipment chooses application


12/19

using (U)SIMs for Internet

access authentication embed flow in EAP and tunnel in RADIUS

between 802.1x supplicant in client and RADIUS

EAP backend using EAP-SIM or EAP-AKA RADIUS server MAY gateway to SS7 MAP androam WiFi network looks like a GSM roaming partner

example: WiFi roaming through www.togewanet.com OR RADIUS server access an ISP-style database

for keys ISP is the SIM card issuer!


13/19


14/19

how 2G roaming works

mobile equipment presents IMSI

visited network looks at MCC,MNC part of IMSI if no roaming agreement, drop him

otherwise send access request thru SS7 MAP to homenetwork

the home network verifies IMSI and sends a triplet:(challenge, expected response, cipher key) authenticationvector

visited network presents challenge, reads response if (response == expected response), service user

the triplet is essentially an access ticket note no replay detectionthese fellows seem to trust each

other


15/19

how 3G roaming works

not much different from 3G, just moreparameters needed for AKA

triplets become quintets


16/19

how the 2G/3G user ids (IMSIs) are

mapped to RADIUS authentication:

take mobile country code, mobile network code

use them to create a realm

Example IMSI = 232011234567890

means mcc=232 (Austria) mnc=01 (Mobilkom) resulting realm

mnc01.mcc232.owlan.org

resulting RADIUS [email protected]

routing to Radius servers decided by subdomain

convention established by Nokia Nokia owns owlan.orgdomain pro-bono

from thereon this is vanilla RADIUS roaming

but its just fine if we call it mnc01.mcc232.visionNG.org if thatsounds better, realms just gotta be unique


17/19


18/19

a bonus business model thrown in:

combine a SIP-based iTSP with a Mobile VirtualNetwork Operator (MVNO) an MVNO has authentication, billing, customers, numbers,

but the radio network is outsourced from somewhere else

issue (U)SIM cards which work both in a 2/3Ghandset AND as WiFi/SIP auth tokensnote thesame card authenticates both uses!

leave choice to user how to connectInternet orcellularusing the same E.164 number


19/19

Summary

2G/3G has a strong/very strong authentication architecture

it is almost copy & paste for iTSP use at WiFi access, WiFiroaming acces, SIP and other levels (TBD!)

it can serve to solve the X.509 certificate distribution problem operator model (2G/3G home network, ISP home network) has

no impact on Internet-side terminals

numbering & addressing resources are compatible and available(maybe not obviously so)

the Internet could become the biggest (U)SIM authenticatedmobile network ever to roam with 2G/3G land

03_ 2G-3G Authentication With SIM Cards_2003

Documents

Transcript of 03_ 2G-3G Authentication With SIM Cards_2003