GPRS Network Security

AT&T Wireless Services, Inc.

Peter Rysavy, Primary Contributing Writer

Product Development AT&T Wireless Services, Inc. PO Box 97061 Redmond, WA 98073-9761

GPRS Network Security

Document Number 12199 Revision 0.4.5

© 2002 AT&T Wireless Services, Inc. All rights reserved.

Copyright Notice This work is protected by the copyright laws of the United States and is the property of AT&T Wireless Services, Incorporated. Copying, reproduction, merger, translation, modification, or enhancement by anyone other than authorized employees or licensees of AT&T Wireless Services, without prior consent of AT&T Wireless Services, is prohibited. All trademarks or registered trademarks are the property of their respective owners.

For questions about this document, please contact:

Bonnie Beeman AT&T Wireless PO Box 97061-6742 Redmond, WA 98073 (425) 580-6702 [email protected]

© 2002 AT&T Wireless Services, Inc. AT&T Mobile Internet Security

3 All rights reserved.

GPRS Network Security

Contents

1. Introduction..............................................................................................4 1.1. The Need For Security .................................................................4 1.2. Defining and Implementing an Effective Security Policy...............6

2. AWS GPRS Security Summary...............................................................8 2.1. AWS GPRS Network Architecture................................................9 2.2. Network Interfaces......................................................................12

3. Mobile Station to Network Interface ....................................................15 4. IP Address Management.......................................................................18

4.1. IP versus PPP Service ...............................................................18 4.2. IP Addresses ..............................................................................20

5. Internal Network Interfaces ..................................................................22 5.1. AWS GPRS Network ..................................................................22 5.2. Intercarrier Interface ...................................................................23

6. External Network Interface ...................................................................25 6.1. Naming (APNs) and Routing ......................................................26 6.2. Frame Relay Connections ..........................................................26 6.3. AT&T Wireless Connectivity Option - Frame Relay....................27 6.4. Internet Interface ........................................................................28 6.5. Virtual Private Network (VPN) Discussion..................................28 6.6. Managed Internet Connection ....................................................31 6.7. Client VPN Solution ....................................................................32

7. GSM/GPRS Mobile Internet Phone...........................................33 8. Enhanced Data Rates for GSM Evolution (EDGE)..............................36

Appendix A: Data-Security Technologies and Standards ......................38 Appendix B: Acronym List .........................................................................48

GPRS Network Security © 2002 AT&T Wireless Services, Inc.


1. Introduction

This document provides a high-level description of the security considerations associated with using General Packet Radio Service (GPRS) from AT&T Wireless Services (AWS). It addresses security concerns and identifies standard and optional solutions to address customers’ security needs.

GPRS is a wireless packet-data data service for Global System for Mobile Communications (GSM) cellular networks. AWS is deploying GSM and GPRS throughout its coverage areas. GPRS security mechanisms are based to a large extent on GSM security mechanisms, ones that have withstood the test of time and the extremely widespread use involving hundreds of millions of users worldwide.

This document explains the security features of the AWS GPRS service and clarifies how these features would best augment a company’s security policy to achieve a complete security solution. It is intended for users of wireless data services who may have concerns about the security of their data but who may not be familiar with the various security features, mechanisms and options of the AWS GPRS service. Most of the security mechanisms discussed in this paper will also apply to forthcoming wireless technologies from AWS such as Enhanced Data Rates for GSM Evolution (EDGE) and Universal Mobile Telephone System (UMTS).

1.1. The Need For Security

Many of the ways we communicate today are via relatively insecure channels. For instance, we regularly use non-secure phone lines for voice and modem communication. By contrast the AWS GPRS service offers significant security features that resist attack by a passive airlink eavesdropper or a malicious network user.



Ensuring network security in the modern world is driven by the need to:

• Maintain the confidentiality and integrity of sensitive information in a distributed network environment

• Protect the identities and information communicated by customers • Prevent attacks that deny the availability of services • Prevent fraudulent use of services • Provide necessary information to defense and law enforcement

agencies

However, securing an organization or company's data network and its various interconnections presents a challenge. Adding remote access using a wireless network adds to the challenge, but this challenge can be accommodated through deployment of security technologies available today.

It should be noted that implementing a security policy requires careful analysis. An organization must understand the technological considerations of network security and must balance the cost of security measures against its potential benefits. While security measures prevent and/or reduce the risk of unauthorized access, security may also reduce productivity by creating additional processing and work overhead. Security measures may also create expensive administrative and educational overhead, as well as use significant computing resources that require dedicated hardware.

For corporate facilities, physical security is usually based on security guards, card-key entry systems, closed-circuit television, and off-limits areas. With these security measures in place, an organization can feel confident that within their physical facilities, assets are protected, and high user productivity is maintained. To extend this physical security model into the virtual world of internal and external networking and Internet access, organizations must decide where to strike a balance between access, productivity, and security measures that may be perceived as restrictive by users of the organization's network.

The primary goal of a good security policy and design is to meet security requirements while adding as few restrictions as possible from the network user's perspective. It is of utmost importance for organizations to understand what they want to protect and what level



of access is needed. For example, an organization may need strict protection on its accounting databases, but may need only limited protection on its internal mailing list. The important point is that any decision to invest in security systems must answer two questions:

• How valuable is the information that is being protected? • What is the perceived level of threat to the information?

Extending a corporate security policy to include wireless data networks requires an understanding of the security features of the wireless data technology, as well as the security provided by networks to which the wireless network provides access.

1.2. Defining and Implementing an Effective Security Policy

An effective security policy is best defined after thorough analysis of an organization's unique security issues. These security issues must be resolved in order to implement an effective security policy:

• Know the company or organization's assets. An organization needs to understand what they want to protect and what level of access is appropriate. An organization may discover that certain parts of the infrastructure can be left open because there is little cost involved if these parts are somehow compromised.

• Balance the cost of security. Security costs must be in proportion to the actual dangers; otherwise, the cost could be unnecessarily burdensome to the entire organization. It is also important to understand how technological considerations relate to cost. For example, an organization may not have the capacity or resources to replace legacy systems that may not be supported by their original vendors. In this case, it may not be possible to implement new technical options such as encryption.

• Identify security assumptions. It is inherently dangerous for an organization to assume that its network is not compromised, that intruders are not very knowledgeable, that they are using standard software, or that a locked room is safe. It is important to examine and justify assumptions; any hidden assumption is a potential security risk.

• Allow for human factors. If security measures interfere with essential uses of the system, users will sometimes resist and even



circumvent them. For example, because automatically generated "nonsense" passwords can be difficult to remember, users often write them on desktops, on the undersides of keyboards, or on other surfaces which can easily be seen by others, and in this way render a password protection measure self-defeating. In order to achieve compliance, users must understand and accept the need for security and, more importantly, security measures must be reasonable, allowing users to get their work done.

In order to detect security problems, an organization must understand how a system normally functions, how devices are normally used, and what typical behavior to expect. Detecting unusual behavior, tracking this behavior, and logging unusual events, can help catch intruders before they can damage the system.

An organization must create barriers within their system so that if an intruder accesses one part of a system, they do not automatically have access to the rest of the system. Partitioning should be considered in order to provide as much protection as necessary for network components. Although maintaining a high level of security on the entire infrastructure is difficult, it is often possible to do so for smaller, sensitive components.

Almost any change made to a system can affect security. This is especially true when new services are created. System administrators, programmers, and users should consider the security implications of every potential system change. Understanding the security implications of a change takes practice; it requires lateral thinking and a willingness to explore every way that a service could potentially be manipulated. Another goal of a good security design and policy is to create an environment that is not susceptible to every minor system change.

It is not the intent of this document to be a complete tutorial on wireless security. Rather, it is intended as a guideline for identifying security considerations when using the AWS GPRS service. There are many good books and Internet-hosted information on the subject of security. For reference, some general information on network security is provided in “Appendix A: Data Security Technologies.”



2. AWS GPRS Security Summary

The AWS GPRS service was designed with security in mind. It is based on GPRS technology, a data service for GSM networks. The GPRS security architecture is comprehensive, proven (since it is based on GSM technology) and does not suffer from the security shortcomings of some other wireless technologies.

Not only does GPRS technology contain comprehensive security provisions, but AWS has augmented its network with additional security functions. The key benefits of these combined measures include:

• User identities are protected.

• Only legitimate mobile systems can connect to the network.

• All user data transmitted over the airlink is encrypted.

• Encryption keys between the mobile system and the GPRS network change each time the mobile system connects to the network. This means that even if an intruder were able to determine the key for one session, the key would be useless for subsequent sessions. In addition, the network can update the keys at periodic intervals.

• Customers networks connected to the AT&T GPRS service by frame relay service are protected against attacks from the Internet. In addition, AWS offers a managed Internet connection that employs virtual private networking (VPN) technology to allow secure communications across the Internet.

• IP addresses, whether for mobile systems or fixed-end systems, are never transmitted "in the clear" (unencrypted) over the airlink, reducing the risk of attacks on both mobile and fixed-end systems.

The security aspects of the AWS GPRS service, as well as its connections to other networks, are summarized in the following sections entitled “AWS GPRS Network Architecture” and “Network Interfaces”. Subsequent sections of this document elaborate on select topics introduced in these summaries. Customers should be aware that different releases of the GPRS specification incorporate different security features. The current version of the AWS GPRS service is



based on release 98 of the GPRS specification (3GPP Technical Specification 03.60 V7.7.0.) The network will be upgraded to a newer version of the GPRS specification over time, resulting in potential changes or enhancements to security features.

2.1. AWS GPRS Network Architecture

The AWS GPRS service consists of specific network components. To understand the security aspects of the network, it helps to understand the basic network components between which data transfer occurs. It is also important to consider how the AWS GPRS service connects to other networks, such as customer networks and the Internet. It is also important to consider how the AWS GPRS service interconnects with GPRS networks from other carriers. The primary elements of a GSM and GPRS network are shown in Figure 1.

MobileSwitching

CenterHome

LocationRegister

ServingGPRS

SupportNode

GatewayGPRS

SupportNode

ExternalData Network(e.g.Internet)

BaseStation

ControllerMobileStation

CircuitSwithced

IP Data

Public SwitchedTelephone Network

GPRS Addition

BaseTransceiverSubsystem

BaseTransceiverSubsystem

MobileStation

MobileStation

MobileStation

MobileStation

GSM Network

VisitorsLocationRegister

Figure 1: Components of a GPRS network

The radio interface is between the mobile station and the Base Transceiver Subsystem (BTS). The BTS connects to a base station controller (BSC). The BSC separates voice and data traffic, with circuit-switched traffic directed to the Mobile Switching Center and packet-data traffic directed to the GPRS infrastructure. The Mobile Switching Center handles voice and circuit-switched data communications but does not play a role in GPRS security.



The two key elements of the GPRS infrastructure are the Serving GPRS Support Node and the Gateway GPRS Support Node. The functions of these elements and other GPRS network elements, along with their associated security functions is described next.

• Subscriber Identity Module. One important security mechanism is the SIM card. This is a small electronic card inserted into the mobile station that contains the user’s identification information. A user cannot gain access to network services (voice and data) without a valid SIM card.

• Mobile Station (MS): This is the wireless computing device used

to connect to the GPRS network. Examples of MS include a GSM/GPRS mobile Internet phone, a notebook computer connected to a GPRS modem or a PDA with GPRS modem. The network authenticates the GPRS device (e.g. modem) against credential stored in the subscriber identity module (SIM) card. The network can also optionally request a password from a user. All user data communicated between the MS and SGSN is encrypted. Since an MS can potentially be stolen, it is best to employ a security solution that does not rely solely on the MS hardware. For any sensitive information that can be accessed by applications on the MS, the user should be required to provide a password or be required to use a hardware token. Note also that the GSM/GPRS mobile Internet phone service employs architecture with separate security protocols. These protocols are detailed in the section entitled “GSM/GPRS Mobile Internet Phone”.

• Base Transceiver Subsystem and Base Station Controller: These elements manage the radio interface, including the control of which MS has access to the radio channel at what time. These elements essentially relay messages between the MS and SGSN, and do not play a role in GPRS security.



• Serving GPRS Support Node: The SGSN manages communications with an MS, sending and receiving data and keeping track of their location. The SGSN is the equivalent of the Mobile Switching Center for data functions. The SGSN obtains subscriber information from the Home Location Register (HLR) such as what services are available to the particular subscriber. The SGSN registers the MS, authenticates the MS, and encrypts data sent to the MS.

• Gateway GPRS Support Node: The GGSN is the gateway to external networks such as the Internet or private customer networks. The GGSN assigns IP addresses, and can also authenticate users acting as a RADIUS client. If private IP addresses are used, a server at the GGSN location performs the translation from private IP address to public IP address. Firewalls located at the GGSN also perform a firewall function to restrict unauthorized traffic.

• Home Location Register: The HLR contains a database of permanent user subscription information for both voice and data services. It also contains dynamic information about active users (e.g. current SGSN providing serving to a particular MS.) The HLR stores the necessary information to authenticate an MS.

• Visitors Location Register (VLR). The VLR contains a database of subscription data for users of one (the typical case) or more MSCs. The VLR is used to manage roaming and provides more detailed mobility information on active users within an MSC administrative area.

• Fixed End System (F-ES): This element is the traditional external data application system or internal network that supports and services application systems. By definition, its location is fixed. An F-ES can be one of many stationary-computing devices, such as a workstation or host computer. The customer maintains the F-ES and its security is the customer’s responsibility. In connecting the F-ES to the AWS GPRS service, the customer must ensure that they have an effective security policy, and that appropriate firewalls have been put in place. As discussed in the section, "External Network Interface" even if using a frame relay PVC to



connect to the AWS GPRS service, IP traffic can reach the F-ES that originates from any GPRS MS, whether or not the IP traffic belongs to the particular customer.

• Firewall: This element is responsible for controlling in and out-bound network traffic. See Figure 2. Note that the implementation of the firewall is independent of the GPRS specification and will vary depending on GPRS service provider. The firewall function at the GPRS network is usually contained within or at the GGSN. A firewall implemented within the customer’s network operates independently of the firewalls in the AWS GPRS service and therefore is the customer’s complete responsibility.

• Border Gateway: This element is the interface to an intercarrier network. See Figure 2. It's principal purpose is security. It restricts traffic between carriers to legitimate traffic only, e.g. authentication of roaming users, user data and exchange of billing records.

• External Data Network: This element is the external networking solution that covers a wide geographical area and provides a connection between an F-ES and the AWS GPRS service. The most common WAN connection for the AWS GPRS service is a frame relay circuit or the Internet. Security considerations are quite different for frame relay and Internet connections. These differing security considerations are described in the section "External Network Interface".

2.2. Network Interfaces

To further understand the security features of the AWS GPRS service security, we must next examine the key interfaces of the overall network. Refer to Figure 1 above and Figure 2 below. Note we explore many of these topics in greater detail in subsequent sections.



SGSNBSC Private IP Network(GPRS Operator 1)BTS

MobileStation

MobileStation

GPRS Provider 1SGSN

BG

BG: Border GatewayBTS: Base Transceiver SubsystemBSC: Base Station ControllerGGSN: Gateway GPRS Support NodeSGSN: Serving GPRS Support Node

GGSN,firewall

Internet

Inter CarrierGPRS

Backbone

SGSNBSCBTS

MobileStation

MobileStation

GPRS Provider 2

Private IP Network(GPRS Operator 2)

BG

GGSN,firewall

PrivateIntranet

GGSN

PrivateIntranet

MS to Network Interface

External Interfaces

Intercarrier Interface

Internal Interfaces

User

User Level Security

Application Level Security

User

User

User

Figure 2: GPRS Network Interfaces

The summaries of the most important interfaces with respect to security are as follows:

• User Level Security: For a user to gain access to the GPRS network, the user must have a SIM card for their GPRS device. SIM cards can be further protected by requiring a user to enter a personal identification number (PIN). If the user enters an incorrect PIN more than three times, further attempts are blocked until the user enters a special code that can only be obtained from the AWS customer care department. Note that AWS supplies GSM/GPRS equipment with the PIN function disabled; however the customer can re-enable it. Beyond these measures, customers can further enhance security to protect against lost or stolen mobile equipment with mechanisms such as hardware tokens or passwords at the application level.

• MS to Network Interface: This is an important interface as it includes the radio interface. When an MS first connects to the network, the SGSN initiates an authentication process where the subscriber’s secret key contained in the SIM card is checked using



a challenge-response mechanism against information stored in the network. Following authentication, the MS and SGSN engage in an exchange that determines an encryption key. (Note that encryption is referred to as ciphering in GPRS technical documents.) This key is different for every data session, and is never transmitted over the air. From that point forward, data communications between the MS and SGSN is encrypted. This interface is described in more detail in the section “Mobile Station to Network Interface.”

• GPRS Internal Network Interfaces: Communications between GPRS elements occurs over private networks, and AWS takes reasonable precautions to protect these networks against unauthorized traffic, eavesdropping and denial of service. Portions of the network, such as user data communications between the SGSN and GGSN may even be encrypted. However, customers should not rely on internal security measures of the network to protect the confidentiality of their data. For any sensitive data, customers are advised to add their own security provisions. This interface is described in the section “Internal Network Interfaces.”

• Intercarrier Interface: This is the interface at the Border Gateway between the AWS GPRS service and other service providers, such as other cellular-telephone companies providing GPRS service and with whom AWS has roaming agreements. These include companies such as Cingular Wireless and T – Mobile. In some cases, GPRS carriers are linked through a GPRS roaming exchange, a network that links multiple carriers together. The Border Gateway performs a firewall function restricting traffic to authorized communications. Other security functions may be present, but customers should employ their own security provisions for sensitive data. This interface is described in the section “Internal Network Interfaces.”

• External Interface: This is the interface between the AWS GPRS service and networks that connect to the customer network where the F-ES resides. The F-ES is part of the customer's network, and its security is the responsibility of the customer. The most common network connections are via a frame relay permanent-virtual circuit (PVC) or via the Internet. AWS has specific service offerings for both frame relay and the Internet. Some security is provided by the



firewall function at the GGSN in the AWS GPRS service, but customers should not necessarily rely solely on this firewall. This interface is described in more detail in the section “External Network Interface.”

3. Mobile Station to Network Interface

This section discusses the security mechanisms between the mobile station and the AT&T GPRS network. These mechanisms include authentication of the mobile station, key derivation, and encryption. Customers should also note that unlike other wireless technologies (e.g. wireless LANs) where an intruder can easily monitor radio communications using commercial subscriber equipment, eavesdropping on a GSM/GPRS radio signal requires sophisticated equipment. This is due in part to the way GSM networks divide communications into time slots.

During operation, the GPRS network first authenticates the user using a challenge-response mechanism. This GPRS authentication mechanism is similar to GSM voice service authentication, except that it is conducted by the SGSN (responsible for packet-data service) instead of the MSC (responsible for circuit-switched services such as voice). The SGSN sends a random 128 bit number (the challenge) to the MS which computes a 32 bit response based on this number and its secret subscriber authentication key (called the Ki key which is stored in the SIM card) using a GSM algorithm called A3. The SGSN does the same calculation and matches the response from the MS with its own calculated value, and if they are the same, the MS is successfully authenticated and allowed to engage in further communications with the network. The SGSN obtains the secret subscriber key and random number from the HLR associated with the MS. This challenge-response mechanism avoids transmitting the secret subscriber key over the radio interface.

Once an MS has been authenticated, the next step is to produce an encryption key. This 64-bit key is calculated by both the MS and the network by applying a key-generating algorithm called A8 to the random number previously used for authentication and the secret subscriber key. Once the encryption key is derived, communication



between the MS and the GPRS network is encrypted using an algorithm called GPRS-A5, a modified version of the A5 algorithm used within GSM networks for voice communication. GPRS-A5 is optimized for packet-data communications. The protocol level that handles encryption is called the Logical Link Control (LLC) layer. LLC operates between the MS and SGSN at layer 2 of the network reference model. See Figure 3. Both signaling (control) information and user data are processed by the LLC layer, and so the network keeps both user data and control information such as a user’s location confidential.

The GPRS process of authentication and encryption differs from CDPD networks. With GPRS, authentication precedes derivation of the encryption key whereas with CDPD, derivation of the encryption key precedes authentication.

Once a user has a GPRS session (referred to as a packet data protocol context) activated, not only does the network protect the confidentiality of users’ IP data, but also their SMS messages. SMS messages are delivered via the SGSN, using the LLC protocol layer, and so are also encrypted.



GSM RFMAC

LLC

SNDCP

IP

GSM RFMAC Frame Relay Frame Relay

LLC TCP/UDP

IP

Layer 2

TCP/UDP

IP

Layer 2

IP

MobileStation

Base StationSubsystem

Serving GPRSSupport Node

Gateway GPRSSupport Node

SNDCP: Subnetwork Dependent Convergence ProtocolLLC: Logical Link ControlRLC: Radio Link Control

MAC: Medium Access ControlGSM RF: GSM Radio Frequency LayerBSSGP: Base Station Subsystem GPRS ProtocolGTP: GPRS Tunnel Protocol

RLCRLCRelay

BSSGP BSSGP

Layer 1Layer 1Layer 1Layer 1

SNDCPRelay

GTP GTPEncrypted Communications

Figure 3: GPRS Protocols

To further enhance security, the network can re-authenticate an MS, and also derive a new encryption key at periodic intervals. The operator controls how often this happens based on current security needs.

Neither the secret subscriber key, nor the encryption key are ever transmitted over the radio link. All that is transmitted is the 128 bit random number, which by itself is useless to an eavesdropper. At the MS, both the authentication response and the encryption keys are computed within the SIM card which physically restricts information about its contents. Details of the A3, A8 and GPRS-A5 algorithm are deliberately not made publicly available to further increase the security of GSM and GPRS networks.

Even before encryption begins, the network protects a user identity by assigning temporary user identification. The user’s actual International Mobile Subscriber Identity (IMSI), which identifies the user account, or any information allowing somebody to derive the IMSI easily are not normally communicated over the air in clear text. This protects users from eavesdroppers who might identify a user’s account information or location prior to the start of encryption.



There is one additional level of authentication that can optionally be invoked between the MS and GPRS network. The network can request that the user enter a password. The network forwards the password to the GGSN which acting as a Remote Authentication Dial-In User Service (RADIUS) client, submits the password for authentication to a RADIUS server. This form of authentication is available for customers using either GPRS IP or PPP services.

Customers should be aware that the MS does not explicitly authenticate the GPRS service. But the fact that the network can calculate the A8 encryption key, indicating knowledge of the Ki key, does provide a level of indirect authentication.

4. IP Address Management

Before examining other aspects of the AWS GPRS service, it is important to have an understanding of how the network manages IP addresses, as this has security implications.

There are two items to consider. One is the difference between IP and PPP service. The other is how the network manages IP addresses.

4.1. IP versus PPP Service

Most customers use an IP-based service. This means that the AWS GPRS service assigns an IP address to an MS, and then transports IP datagrams between the GGSN and the MS, with the GGSN acting as a gateway to external networks. In this case, the network manages how IP datagrams are routed to users and with which external networks an MS can communicate. This is explained further in the next section, “IP Addresses”.

An alternate form of service is PPP service, where instead of transporting IP datagrams, the network transports PPP frames between the MS and GGSN. The purpose of the PPP service is to either allow the customer to manage their IP addresses, or to allow the customer to use other networking protocols such as Novell IPX or AppleTalk.



The GGSN can terminate the PPP connection, or can extend it using tunneling protocols such as Layer 2 Tunneling Protocol (L2TP) to external networks, including customer networks. In such a case the PPP connection would terminate in a customer network. Using L2TP, the GGSN is the L2TP Access Concentrator (LAC) and the customer premise equipment is the L2TP network server (LNS). The LNS is likely to be supplied by AWS. See Figure 4.

GSM RFMAC

LLC

SNDCP

GSM RFMAC Frame Relay Frame Relay

LLC TCP/UDP

IP

Layer 2

TCP/UDP

IP

Layer 2

MobileStation

Base StationSubsystem

Serving GPRSSupport Node

Gateway GPRSSupport Node

PPP: Point to Point ProtocolSNDCP: Subnetwork Dependent Convergence ProtocolLLC: Logical Link ControlRLC: Radio Link Control

MAC: Medium Access ControlGSM RF: GSM Radio Frequency LayerBSSGP: Base Station Subsystem GPRS ProtocolGTP: GPRS Tunnel ProtocolL2TP: Layer 2 Tunneling Protocol

RLCRLCRelay

BSSGP BSSGP

Layer 1Layer 1Layer 1Layer 1

SNDCPRelay

GTP GTPEncrypted Communications L2TP

IP

Layer 2Layer 1

PPPRelay

PPP

Figure 4: PPP Service with L2TP Connection to Customer Site

If using IP protocols in conjunction with the PPP service, the customer network is responsible for assigning an IP address to the MS as part of establishing the PPP link. The customer also has the option of authenticating the user using the Challenge Authentication Protocol (CHAP) or Password Authentication Protocol (PAP), as both authentication protocols are options with PPP.

The PPP service is relatively secure as it limits user data communications to the exchange of PPP frames with the customer network. Any communications between the MS and the Internet has to be via the customer’s network. In addition, the L2TP protocol itself has security features, including data encryption.



As for specifying the type of service (IP vs. PPP), a customer must first order the appropriate service. For establishing connections, the Access Point Name used (APN) determines the type of service. When an MS requests data service (by establishing a packet data protocol context), it specifies the APN it wishes to use.

4.2. IP Addresses

The following discussion applies to IP service, and not the PPP service discussed in the prior section. AWS offers three types of IP addresses: public, private and customer supplied. Public means that the network assigns the MS a temporary IP address from a pool of public IP addresses owned by AWS. These addresses remain the same for user IP datagrams both inside and outside the AWS GPRS service.

In contrast, with a private IP address (as defined by Internet RFC 1918), the AWS network assigns the MS a temporary private IP address that it translates to a public IP address at a server residing between the GGSN and the external network.

There are two types of proxy servers and two address translation servers used in the GPRS network. One proxy server is the WAP gateway which is used to support WAP browsers, primary in handsets. Another proxy function is performed by the Optimization Server which provides proxy services as part of it compression function for web traffic and a variety of other common Internet based applications like FTP.

A Network Address Translation (NAT) Server provides private to public address translation and a few other services. NAT services support many common VPN tunnels and nearly all common Internet services. A Network Address and Port Translation (NAPT) server, which is optionally paired with the Optimization Server, is used to provide highly efficient address utilization for a sub-set of common Internet services and applications (primarily HTTP). With NAPT, multiple mobile stations share the same public IP address. What differentiates the mobile stations is their port numbers. Contact AT&T Wireless Services Customer Care at 1-866-293-4634 for the currently



supported applications. Internet RFC 3022 describes NAPT functionality.

Public addresses may be better suited for some applications such as certain virtual private networking software (e.g. IPSec) that embed the client IP address in the data payload.

The GPRS specification allows for both fixed and dynamic IP addresses. However, the American Registry for Internet Numbers (ARIN) which is the IPv4 address assignment authority, no longer allows static IP addresses for wireless data services. AWS currently only offers dynamically assigned IP addresses. This means customers cannot employ firewalls that filters incoming traffic based on the static IP address of the MS unless using customer-supplied addresses (discussed at the end of this section.)

If the customer is using a public IP address, the customer’s MS is more vulnerable to attack from the Internet. For this reason, customers should disable any services (e.g. file sharing) on the MS and should consider personal firewall software. Note however that if a customer has obtained a fixed-end connection (either Frame Relay or Managed Internet option) from AWS, a service option is to disable routing of traffic between the MS and the Internet. This does not prevent communication to the Internet via the customer network, but such communication is then under the customer’s control. This security option is also available for private IP addresses.

For private addresses, AWS uses the 10.0.0.0 network.

If the customer is using a private IP address, the customer’s MS is less vulnerable to attack from the Internet. The NAPT Server scans incoming data addressed to an MS and only allows the traffic when the source address and port (UDP or TCP) number matched previously sent outgoing data. This means any communication must be initiated by the MS. The network only allows IP traffic associated with specific applications, determined by the port numbers used. A similar process occurs with the proxy servers (WAP and Optimization Server).



The net result is that it is more difficult, but not impossible, for attackers to target an MS since their traffic is more likely to be blocked than with a public IP address. Nevertheless, customers are still advised to disable services such as file sharing on the MS and to consider personal firewall software. Also, WAP, NAT or NAPT servers do not protect against unauthorized traffic when an MS has previously been compromised and has unauthorized (e.g. virus or worm) software resident.

With customer-supplied addresses, AWS uses a block of IP addresses from the customer for assignment to the customer’s mobile stations. These requires prior arrangement with AWS, and these must be valid public IP addresses.. AWS does not advertise these addresses to the Internet. This approach requires that the customer connect their network to the AWS GPRS service using either a frame-relay or managed Internet connection. The benefit of this approach is that customers can filter incoming traffic from MS based on their IP address.

5. Internal Network Interfaces

This section briefly examines the interfaces of the AWS GPRS service and their security functions. These include the portions controlled by AWS and the interface to other GPRS service providers.

5.1. AWS GPRS Network

AWS makes security a high priority, and employs various mechanisms beyond those specified in the GPRS specifications to protect customer data, customer networks, customer mobile stations and its own network.

As discussed in the prior section, “Mobile Station to Network Interface”, GPRS technology provides for authentication and encryption between the MS and SGSN. See Figure 1 and Figure 2. Since the SGSN is geographically centralized to cover regional service



areas, user data is protected over these large areas. Private circuits are used to connect base station controllers to the SGSN.

Communication between the SGSN and GGSN occurs over an IP network. User data is tunneled between these nodes using the GPRS Tunneling Protocol. See Figure 3. GTP does not provide any security mechanisms. Instead, some security is provided by the underling IP network being a private network.

Other nodes such as the HLR which contains subscriber information are protected by only being accessible through SS7 signaling networks which are not publicly accessible.

AWS also maintains firewalls that restrict unauthorized traffic in its connections to other networks, such as customer networks, the Internet, and other carriers. Any customer traffic directed at GPRS network elements is discarded.

Although the network employs various means of protecting against unauthorized traffic and eavesdropping, customers with sensitive applications should employ security measures of their own.

5.2. Intercarrier Interface

Inter-service provider (i.e., Intercarrier) security is of concern when an MS travels to a different carrier's GPRS network and attempts to access the AWS GPRS service. What are the security implications of an MS operating in this fashion and of the wide-area connection between carriers? First, GPRS carriers must have roaming agreements in place for data service. Second, GPRS carriers must have their networks interconnected, either through direct links or via an interconnecting network sometimes referred to as a GPRS Roaming Exchange (GRX). See Figure 2. The node that interfaces to the GRX or other carriers is called the Border Gateway, whose principal function is to block unauthorized traffic. The type of traffic that is allowed includes user data communications (carried by the GTP Tunnel Protocol), domain name service queries, routing protocols (e.g. Border Gateway Protocol) and signaling protocols. However,



customers should not make any security assumptions about the privacy of their data when intercarrier connections are involved as multiple entities are involved, and this portion of the network is likely to change over time.

When an MS is operating in a visited carrier’s GPRS network, the SGSN in the visited carrier’s network serving area authenticates the MS using the same mechanisms as discussed in the section, “Mobile Station to Network Interface”. The difference is that the visited carrier’s HLR does not contain the subscription information, and so the SGSN obtains this information from the HLR in the subscriber’s home network. This process is similar to when a voice subscriber roams into a different carrier’s network.. Once authenticated, communications is encrypted between the MS and the SGSN as previously discussed.

In the situation where an AWS GPRS service customer is operating in another carrier’s area, the PDP context that is activated is between the MS and the home network GGSN. In other words, the customer uses their existing access point names (APNs). The result is that the IP address allocated to the customer will be from the same pool as if they were in their home carrier’s network. All data to and from the MS will be routed via the home network GGSN, and any security provisions (e.g. whether or not data can be routed to/from the Internet) will apply. In addition, all of the customer’s services (e.g. NAPT, NAT, Optimization Server, WAP Gateway, Portal) will remain accessible. The advantage of this approach is that a user has a consistent experience with the same security provisions regardless of where they obtain GPRS service.

In the future, it might be possible to access other APNs (such as direct Internet service via the visited carrier). This may have implications on security that customers will need to consider.

Customers should also be aware that to obtain GPRS service from a carrier in a different area (e.g. overseas), they can obtain service directly from that carrier. This will involve getting a SIM card from that carrier for their equipment. Once using that SIM card, all security functions will be handled by that carrier and their subscription to the A&T Mobile Internet Service (along with any of their security provisions and fixed-end connections) will not be in effect.



6. External Network Interface

This section describes the security aspects of the interface between the AWS GPRS service and external data networks. It is through the external network interface that customers connect their networks to the AWS GPRS service. The three principal types of connections include frame relay connections, managed Internet connections and normal Internet connections. See Figure 2 and Figure 5. The difference between the two types of Internet connections is that with the managed Internet connection, AWS provides a virtual private network service to secure communications between the AWS GPRS service and the customer network. This service is called the Wireless Connectivity Option Managed Internet Service (WCO Managed Internet Service). With normal Internet connections, user data is routed across the Internet and any additional security is the customer’s responsibility.

AT&T GPRSNetwork Internet

AT&T Frame RelayNetwork

Customer CNetwork

Customer ANetwork

VPN Tunnel Customer BNetwork

Figure 5: Different types of External Network Connections

Frame relay connections can be obtained directly from AT&T Wireless Services or from other frame-relay service providers. The AT&T service is called Wireless Connectivity Option Frame Relay (WCO Frame Relay). The following sections discuss the security aspects of the three types of connections, including a general discussion of VPN technology. First we briefly discuss naming and routing.



6.1. Naming (APNs) and Routing

Within a GPRS network, an external network with which the MS can communicate is referred to by an Access Point Name (APN). When establishing a data session (Packet Data Protocol context), the MS specifies an APN. The APNs available to an MS are part of the subscription profile. The APN also determines certain routing options.

One option, if the customer is using either a frame relay connection or WCO Managed Internet connection, is whether or not the MS can communicate with the Internet. If Internet communication is not allowed, then packets addressed from the Internet addressed to the MS or sent to the Internet from the MS are discarded at the GGSN. The only exception are packets associated with the managed Internet connection itself (a VPN tunnel). A customer specifies this security option at the time they order service.

Customers should also be aware that any MS operating in the AWS GPRS network can send IP packets to any customer site connected via frame relay or a managed Internet connection. Finally, routing rules in the AWS GPRS service prevent an MS from communicating with another MS.

6.2. Frame Relay Connections

Frame relay connections are considered the most secure external network connection as they employ links (called permanent virtual circuits or PVCs) that are relatively private.

The AWS GPRS service connects to a variety of external networks, including those operated by frame relay network providers, as shown in Figure 5. Frame relay is a packet-oriented communication method used to connect computer systems. The frame relay network is often called a fast-packet switching network. Tasks such as error checking, packet sequencing, and packet acknowledgment are handled by the end systems involved in transmission rather than by the network itself. This allows the frame relay network to operate at much higher speeds than older packet-switched networks such as X.25.

Frame relay provides an increased level of security when compared to the public Internet. Frame relay PVCs are almost like leased lines



between the customer’s premises and AWS. Frame relay networks are operated by service providers in such a way that there is neither any open access to individual PVCs, nor is there access between one PVC and another even if they share the same physical circuit.

Firewalls in the AWS GPRS service prevent data communications between the Internet and any customer frame-relay PVC. Firewalls and physically separate networks also prevent any MS or customer’s frame relay connection from reaching GPRS infrastructure equipment.

Customers can obtain frame-relay connections from a variety of providers, including AT&T Wireless. The AT&T Wireless frame-relay service is called AT&T Wireless Connectivity Option - Frame Relay and is discussed in more detail in the next section.

6.3. AT&T Wireless Connectivity Option - Frame Relay

Customers can purchase frame relay service from AWS for their fixed-end connection. There are many advantages to obtaining service from AWS, including a single service provider for both wireless and fixed-end connections, faster time to provision, faster time to resolve any problems and a highly dependable network.

A frame-relay connection requires a private line from a customer’s router to the AT&T Frame Relay Network. A local exchange carrier usually provides this line. See Figure 6.



F RS w itc h

F RS w itc hP V C

A T & TF ra m e R e la y N e tw o rk

C u s to m e r F ra m e R e la y P o rt

D L C I

A W S F ra m e R e la yT 1 P o rt

D L C I = 1 0 0R o u te r

L A N

A T & T P r iv a te L in e(L E C P ro v id e d )

1 . N e tw o r k A c c e s s :A d ig ita l “ lo c a l lo o p ”L E C c o n n e c tio n toth e A T & T F ra m eR e la y s w itc h . E ith e ra 5 6 k b p s o r T 1c o n n e c tio n

2 . P o r t :A p h y s ic a l c o n n e c tio nto a s w itc h in th e A T & TF ra m e R e la y n e tw o rk .F u lly s u b s c r ib e d s p e e d so f 5 6 k b p s to 1 .5 4 4 M b p s

3 . P V C :A lo g ic a l c o n n e c tio nb e tw e e n p o r ts w ith a g u a ra n te e dm in im u m p e r fo rm a n c e , o r C IR

N e tw o rk A c c e s s

C S U /D S U

R o u te r

A W S M D -IS

C S U /D S U

B o th e ll W A A N D /O R A l le n T XW ire le s s C u s to m e r C o n n e c t iv i ty

D e m a rc a t io nP o in t

Figure 6: WCO Frame Relay Connection

6.4. Internet Interface

The AWS GPRS service has a routed connection to the Internet, as shown Figure 2. One can think of the GPRS network as a wireless extension of the Internet. As such, the AWS GPRS service can route traffic between a MS and an Internet host. An Internet host can be any Internet reachable system, whether Internet Web server, File Transfer Protocol (FTP) site, or private corporate system.

6.5. Virtual Private Network (VPN) Discussion

A virtual private network is a method to ensure private transmissions over public networks. A VPN establishes a secure tunnel between its endpoints. Each endpoint authenticates the other endpoint, forwards traffic to authorized services, and encrypts and decrypts communications. A VPN typically encrypts the IP packet (or other network layer protocol), adds a special header and encapsulates all this information in a new IP packet. There are a number of “off-the-shelf” solutions that allow an organization to implement a VPN. A VPN approach is particularly effective when connecting to a fixed-end system via the Internet. With a frame relay fixed-end connection, there is less need to employ VPN technology.



In looking at VPN technology, realize that there are two typical scenarios in which a VPN is used, as shown in Figure 7. In one scenario an organization links two separate networks over the Internet (e.g. remote office to central office) or links its network to a strategic customer’s or partner's network. This is commonly called a “server-to-server” or “network-to-network” approach. The VPN software which makes this possible needs to be installed at both locations, either as part of the firewall, part of the router, or behind the firewall, in a separate security server.

Internet

Server-to-server private communications

Client-to-server private communications

Figure 7: Examples of two types of virtual private networks

The other scenario is for remote workers who want to access their organization’s network using their mobile computer. Here the VPN software still resides at the organization's point of connection to the Internet as in the case of a server-to-server VPN. What is different is that a mobile computer runs client software that implements the VPN protocols. This is a client-to-server VPN or remote access VPN.

The distinction between a server-to-server VPN and remote access is important because some VPN products emphasize server-to-server communications while other VPN products emphasize remote access.



Many major firewall products now provide VPN support. In addition, a variety of other companies now have VPN offerings. Not only are companies offering VPNs, but also the standards underlying VPNs are beginning to mature, (e.g. IPSec, Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP) and SOCKS). Some VPN products today are implemented in separate servers behind the router but once standards are finalized, expect to see VPN capabilities as yet another router or firewall feature.

There are two fundamental ways of applying VPN technology to the AWS GPRS service. One way is to use a VPN service from AWS called Wireless Connectivity Option Managed Internet Service. The other way is to independently implement a VPN solution. These two approaches are shown in Figure 8.

Internet CustomerNetwork

AT&T GPRSNetwork

Customer VPNSolution

AT&T VPNSolution

Figure 8: AT&T VPN solution vs. customer VPN solution

Implementing a customer-installed VPN solution provides security all the way from the MS to the F-ES, including authentication, encryption and data integrity, and it provides complete control of the connection. But additional system development is required and there is communications overhead via the wireless connection. In contrast, using the AWS VPN solution provides a secure tunnel through the Internet between the AWS GPRS service and an organization’s network with much less system development. In the future, AWS may also offer a client VPN solution to customers.

A discussion of each approach is presented in the following two sections.



6.6. Managed Internet Connection

AWS provides a service called the Wireless Connectivity Option Managed Internet Connection. This connection is for communications between the customer MS and their fixed-end systems across the Internet, secured using virtual private networking technology.

There are two scenarios. In one, the customer provides their own Internet connection. In the other, AWS provides the Internet connection using a digital subscriber line (DSL).

In both scenarios, AWS installs a VPN Server at the customer location which is preloaded with a shared key. An identical shared key is preloaded on a VPN server within the AWS GPRS service. Authentication of the shared key by both the customer VPN server and the AWS VPN server allow for a secure tunnel to be created between the two servers, based on the IPSec family of protocols. The triple DES (Triple Data Encryption Standard) algorithm encrypts the data. DES is classified as a 56-bit encryption algorithm. 3DES adds even more security to the DES algorithm by performing the encryption function three times with different subkeys. Figure 9.

In te rn e t

C u s to m e r S ite

R o u te r

L A N

2 . M a n a g e d IP S e c T u n n e lA s e c u re tu n n e l b e tw e e nc u s to m e r s ite ro u te r a n d A W Sro u te r in A lle n T e x a s

C S U /D S U

R o u te r

C S U /D S U

G P R S N a tio n a l D a ta C e n te r

W ire le s s C u s to m e r C o n n e c tiv ity

V P N S e rv e r

B a c k U pV P N S e rv e r

V P N S e rv e r

A lle n T e x a s

M a n a g e d IP S e c T u n n e l

1 . V P N S e rv e rA h a rd w a re V P N s e rv e r s p e c ific a llyd e s ig n e d fo r a n IP S e c T u n n e l. A nu n iq u e s h a re d k e y w ill b e p re lo a d e dw h ic h w ill e s ta b lis h a n e n c ry p te d tu n n e lw ith th e A W S n e tw o rk

Figure 9: Managed Internet connection provided by AWS

A WCO Managed Internet connection can also serve as a redundant connection to the WCO Frame Relay connection. The customer’s router will be configured to automatically fail-over to the redundant



connection should the primary frame-relay connection fail, and to switch back to the primary connection when the frame-relay connection is restored.

6.7. Client VPN Solution

The most secure architecture is one that spans from the user to their network, since this will provide the greatest number of options for authentication, authorization, data integrity, and encryption. It also ensures secure communication all the way from the MS to the fixed-end system. This is possible by implementing a VPN solution that includes VPN-client software on the mobile computer and VPN-server software on a security gateway, which may be part of or separate from existing firewalls or routers. See Figure 10. With this approach, a customer is not dependent on any security mechanisms within the AWS GPRS service. This approach allows a customer to use the Internet for secure fixed-end connections.

Wireless IP, Internet, companyfirewall

Secure tunnel or channel

Corporatenetwork

Securitygateway

Host orServer

Securityclient

Figure 10: Secure tunnels or channels for end-to-end security

For this approach to work, it may be necessary to configure existing firewalls to pass VPN traffic. Customers should realize that this approach does add overhead to communications, which can reduce throughput. With this approach, data over the radio interface is encrypted both by the VPN and again by the GPRS network, which some customers may find desirable, and others may find redundant. This approach also requires that customers administer the VPN client software on the mobile station.



A customer-implemented VPN is worth considering especially if an organization is already using a particular VPN product to support remote employees. In such a case, the same VPN product may be an option for AWS Mobile Internet users. In the future, AWS itself may provide specialized support for particular client VPNs. Contact AWS for current information.

7. GSM/GPRS Mobile Internet Phone

The Wireless Application Protocol (WAP) is an industry standard developed by the Wireless Application Protocol Forum (http://www.wapform.com), with the objective of bringing Internet content and data services to digital wireless terminals such as mobile telephones. GSM/GPRS Mobile Internet phones from AWS include WAP microbrowsers that allow customers to interact with Internet content, or to access applications and data on their private intranets.

This AWS service is currently based on version 1.2 of the WAP standard. This service is similar to the prior AWS PocketNet service which used CDPD wireless technology and communications protocols developed by OpenWave.

Because the GPRS WAP phones transmit information via the GPRS network, security native to GPRS technology protects users, including authentication of the GPRS phone and encryption of the radio link.

WAP consists of a set of protocols between the client and a gateway, and a separate set of protocols between the gateway and what is called the origin server, as shown in Figure 11. The gateway is owned and operated by AWS. The communication between the WAP client and the gateway is optimized for the wireless medium while communication between the gateway and the origin server is based on standard Internet protocols.



CLIENT

WirelessApplication

EnvironmentUserAgent

GATEWAY

ContentEncoder

andDecoder

ORIGINSERVER

CGI scriptsetc.

Encodedrequest

Database

Content

Request

Encodedcontent

Figure 11: WAP architecture

WAP provides a flexible security infrastructure. The key element of WAP security is a security protocol called Wireless Transport Layer Security (WTLS), which operates between the WAP client and the WAP gateway. WTLS is based on the industry-standard Transport Layer Security protocol, which is the Internet Engineering Task Force (IETF) adaptation of Secure Sockets Layer (SSL), a security protocol developed by Netscape to secure communications between web browsers and web servers. See “Appendix A: Data Security Technologies” for more details about SSL.

WTLS, which operates above the transport protocol layer, is optimized for wireless connections. It offers the following features: data integrity, privacy through encryption, and mutual authentication between the terminal and origin server. WTLS also offers protection against denial-of-service attacks. See Figure 12.



GPRSNetwork Internet

WAP Gateway

Secure connectionusing WTLS

Origin (Application) Server

Secure connectionusing SSL

Figure 12: WAP Security Architecture

WTLS supports public key certificates for authentication. Encryption algorithms include RC5 with 40, 56 or 128 bit keys, DES with 40 and 56 bit keys, triple DES, and IDEA with 50, 56 and 128 bit keys. To ensure messages have not been tampered with, WTLS supports message integrity algorithms such as SHA and MD5.

Between the gateway and origin server, SSL can be used to secure communications. The gateway acts as a proxy on behalf of the WAP phone, relaying messages to and from the phone. SSL includes both authentication and encryption mechanisms. Encryption methods over SSL include DES, Triple-DES and RC4 . SSL version 3 and TLS provides support for authentication of both client (which is the WAP gateway in the case of WAP applications) and the server using public keys and X.509 digital certificates.

At the gateway, data is decrypted from WTLS and re-encrypted using SSL. AWS protects this portion of the communications at the gateway with physical security. In addition, firewalls limit access to the WAP gateway. The net result is a secure connection all the way from the WAP phone to the Web server, as shown in Figure 13. Customers can also install a WAP gateway within their own network, though this requires additional arrangements.



RadioInterface

IP

WDP

WTLS

WSP

WAE

Mobile Station WAP Gateway

Layer 1, 2

IP

WDP

WTLS

Layer 1, 2

IP

TCP

SSL/TLS

Origin Server

Layer 1, 2

IP

TCP

SSL/TLS

HTTP

GPRSNetwork

HTTP: Hypertext Transport ProtocolSSL: Secure Sockets LayerTLS: Transport Layer SecurityWAE: Wireless Application Environment

WTP WTP

WAE

WSPRelay

HTTP

WDP: Wireless Datagram ProtocolWSP: Wireless Session ProtocolWTLS: Wireless Transport Layer SecurityWTP: Wireless Transport Protocol

Figure 13: WAP Protocols

Additional security may be required, depending upon the type of data a customer transmits with a WAP-capable phone. For example, if the transmission contains sensitive financial information, a dedicated, frame relay link to the AWS GPRS service might be appropriate.

The customer firewall needs to be configured so the WAP gateway can communicate with the web server hosting the WAP application, which will typically resides behind the corporate firewall or in a demilitarized zone.

8. Enhanced Data Rates for GSM Evolution (EDGE)

EDGE is a new radio technology that will significantly enhance the data throughputs of GPRS networks. It consists both of a new modulation method and new ways of encoding data at the physical layer to maximize performance. It also includes a method of dynamically adapting the modulation and encoding to respond to radio conditions that may vary moment by moment due to interference and



varying signal strength. The net result is peak raw throughputs in excess of 384 Kbps and average user throughputs of 80 Kbps.

From a security standpoint, EDGE networks will employ all the same mechanisms of GPRS networks. EDGE is a physical layer technology only, and since security methods are implemented at higher protocol layers, the security of an EDGE network will be identical to a GPRS network. Customers can architect their security solutions today using GPRS, and easily migrate to EDGE in the future.



Appendix A: Data-Security Technologies and Standards

This section provides a brief overview of some of the security technologies, protocols and standards in use today that are relevant to wireless-data networks.

A3, A5, A8 Algorithms

These algorithms are specific to GSM and GPRS networks, and their functions are described above in the section “Mobile Station to Network Interface”. A3 is used to authenticate a mobile station, A8 to derive an encryption key, and A5 to encrypt communications. Details of these algorithms is deliberately restricted.

Authentication

Authentication is a process to confirm the identity of an entity. It often entails a private key (secret number) and calculations performed against this value. With a private key system, both parties would share the same private key. With public key systems, there are both private and public keys.

A digital signature can be encrypted in a message to provide authentication of the sender's identity. For example, with public key cryptography, Alice signs a message by doing a computation that involves both her private key and the message itself. The output of this computation, the digital signature, is attached to the message. To verify the signature, Bob does another computation that involves the message, the purported signature, and Alice's public key. If the results properly hold up in a simple mathematical relationship, the signature is verified as authentic; otherwise, the signature may be fraudulent or the



message may be altered, and they are discarded. Messages can also be authenticated using a session key that was created from a shared secret key.

Certificates

Certificates are digital documents that associate an individual or other entity with a public key. This allows other parties to verify with a high degree of confidence that the individual or entity is who they claim to be. This can be important when providing access to particular computing resources or information, or for e-commerce transactions. The most commonly used format for certificates is defined by the International Telecommunications Union (ITU) X.509 standard. Certificates are validated at the time they are used by sending messages to trusted certificate authorities. Certificate authorities are either private or public systems, and must be able to authenticate themselves before their responses can be trusted.

The AWS GPRS service does not use certificates, but since it is an IP network, digital certificates can be readily employed over the network for purposes of authenticating both mobile users as well as fixed-end services.

DES and AES

DES is the Data Encryption Standard, an encryption block cipher defined and endorsed by the U.S. government in 1977 as an official standard. Since then, DES has become the most well known and widely used encryption system in the world.

DES is a secret-key system; when used for communication, both the sender and receiver must know the same secret key. This secret-key is used to both encrypt and decrypt the message. DES is designed to be implemented in system hardware, is relatively fast, and works well for bulk encryption of large amounts of data. DES and Triple-DES are two cryptographic methods available for SSL.



DES uses a 56-bit key. This size key is suitable for much of business communications, but is becoming vulnerable. Triple-DES is a method that improves the strength of DES. Triple-DES can be implemented in several different ways, one way is to encrypt the data three times using three different keys. The U.S. government is now using Triple-DES.

The National Institute of Standards (NIST) is in the process of establishing an encryption standard called Advanced Encryption Standard (AES) to replace DES . AES will be more secure than DES, and is intended to be the U.S. encryption standard for the next several decades.

Diffie-Hellman Key Exchange

The Diffie-Hellman key agreement protocol allows two users to exchange a secret key over an insecure medium without requiring either user to know a prior secret-key. It is different than public-key cryptography. This method is used within CDPD networks between the mobile-end system and the mobile-data intermediate system to create a session key that is used for encrypting data communications. This method is not used in GPRS networks.

Encryption and Key Management

Encryption is the first step in the process of cryptography and involves transformation of data into a form that is unreadable by anyone without a secret decryption key. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended, even those who can actually see or capture the encrypted data.

In a multi-user environment, encryption allows secure communications over an insecure channel. In a simple example, Alice wishes to send a message for Bob's eyes only. To keep the message secure, Alice encrypts the message (called plaintext) with an encryption key, and the encrypted message (called ciphertext) is sent to Bob. Bob, who knows the secret key, decrypts the ciphertext and reads the message. An



eavesdropper may either try to obtain the secret key or to recover the plaintext without using the key. Traditional cryptography is based on the sender and receiver of a message knowing and using the same secret key. The main problem with this method is getting the secret key to both the sender and receiver without diversion to an intruder. GSM/GPRS, which use a shared secret key approach, solves this problem by the distribution of secret keys in the subscriber identity module. The session key is calculated from this secret key.

In 1975, public-key cryptography was invented by Whitfield Diffie and Martin Hellman to solve the key management problem. This method of encryption uses the concept of a pair of keys, one public and one private key. The public key is made public by distributing it widely; the private key is never distributed and is always kept secret. The need for each person to share secret information is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared. Now, when Alice wants to send a private message to Bob, she looks up Bob's public key in a directory, uses it to encrypt the message, and sends it off. Bob then uses his private key to decrypt the message and read it. No one can decrypt the message without Bob’s private key, thus eliminating the requirement for complex key management schemes with private key systems. However, public-key cryptography does require a public-key infrastructure (PKI) so that users can securely and reliably obtain public key information. Such infrastructure is not yet broadly available.

Firewalls

A firewall is a system or a group of systems that enforces an access control policy between multiple interconnected networks. A firewall protects the network from unauthorized access while its connected to other networks. This is especially true for public networks, such as the Internet. All traffic in and out of the network goes through the firewall. Only the authorized traffic defined by the security policy can pass. The firewall itself must be highly resistant to penetration.

The importance of a firewall becomes apparent when one considers that the AWS GPRS service can connect to many other networks, including other GPRS networks, customer networks, value-added



service networks, online information services, and the Internet. If a data device (for example, a F-ES) in a corporate network is connected to the AWS GPRS service, all or part of the corporate network is effectively connected to the AWS GPRS service and, indirectly, to these other networks.

Internal firewalls are one of the built-in protections used by the AWS GPRS service to restrict customer traffic that is not legitimate. For example, the AWS GPRS service is designed to prevent traffic that originates on the Internet from reaching the F-ES on the customer's network. While these measures do offer some degree of protection, the customer's firewall design should not rely on them solely.

Firewall Design and Implementation Issues

A firewall represents a trade-off between cost, convenience for network users, and the degree of security offered. There is no single, standard firewall security solution. Firewall security can be compared with the physical security provided for buildings and property. Just as there are many types of physical security systems, including locks, barricades, fences, alarm systems, and security guards, there are many options when developing network security.

A firewall can be custom-built or purchased off-the-shelf from any number of companies specializing in this technology. There are two types of firewalls:

• Router-Based Filter: This is the most common type of firewall. It consists of a router that filters traffic based on an IP address. While effective in many instances, it is difficult for such a router-based filter to eliminate all unwanted traffic.

• Bastion Host Gateway: This is the most powerful type of firewall. This gateway restricts network traffic based on application type. This approach allows a company to configure their firewall so that only specific applications can communicate across the firewall.

One potential component of firewall design is reverse Domain Name Service (DNS). In its more standard implementation, DNS is used to translate between convenient Internet user names (e.g.,



[email protected] ) and Internet addresses. Reverse DNS may be employed as an added security measure to act as a simple form of authentication for addresses that have passed the firewall filter. If the filtered address does not resolve via reverse DNS to that of the expected name, the session may be aborted.

Internet Key Exchange (IKE)

IKE was formerly known as Internet Secure Association Key Management Protocol (ISAKMP). IKE is a key management standard that has been selected for IPSec.

Intrusion Detection Systems

To implement a comprehensive security policy, it is not sufficient to simply secure specific interfaces and connections. It is also important to monitor network traffic to detect whether there are attempts to break into the network and whether these are successful. This is the purpose of Intrusion Detection Systems. These systems compare network traffic against predefined attack patterns, a process analogous to virus detection systems comparing code against malicious virus code.

Generally, an organization would implement a detection system only after it has addressed audit, policy and architectural issues. The detection systems then become a powerful complement to the existing firewall deployment.

Layer 2 Tunneling Protocol (L2TP) and Point to Point Tunneling Protocol (PPTP)

L2TP is a standard being developed that allows PPP connections to flow over the Internet rather than over direct dial-up connections. These connections can carry a variety of networking protocols, including IP, Microsoft’s NetBEUI and Novell’s IPX/SPX. L2TP allows a dial-up connection to an Internet Service Provider, with the remainder of the connection occurring across the Internet. Clients



connect to an L2TP server at a corporate network, which allows the L2TP network server to authenticate the user rather than the ISP.

L2TP is an effort that combines work done by Microsoft with PPTP and Cisco’s Layer 2 Forwarding (L2F). It should ultimately result in one industry standard. L2TP is currently available in draft form. Microsoft currently offers PPTP with Windows NT 4.0 and will probably continue making it available until L2TP becomes firmly established.

L2TP supports uses Challenge Authentication Protocol (CHAP) for authentication, but does not itself provide encryption. If operated over an IP network, the underlying IP communications can be encrypted using IPSec.

Encryption and user authentication for PPTP use Microsoft's Point-to-Point Encryption (MPPE) which uses RSA RC4 encryption. Authentication is based on MS-CHAP. Support for PPTP is included in Windows NT 4 and Windows 98. Support for L2TP is expected in Windows 2000.

Public-Key versus Secret-Key Cryptography

Secret-key cryptography uses a single key for encrypting and decrypting communications. The advantages are that it is simple and computationally efficient. The disadvantage is that it can be difficult to distribute the keys securely.

By contrast, with public-key cryptography private keys are never transmitted or revealed to anyone except the user. Another advantage is that public-key cryptography allows irrefutable authentication of the sender’s identity.

A disadvantage of using public-key cryptography is speed; currently popular secret-key methods are significantly faster than any public-key method. The best solution is often to combine public-key and secret-key systems to get both the security advantages of public-key systems and the speed advantages of secret-key systems.



For example, the public-key system can be used to encrypt a secret key, which is then used to encrypt the bulk of a file or message to gain the speed advantage. Public-key encryption is not meant to replace secret-key cryptography, but rather to supplement it, to make it even more secure. The first use of public-key techniques was for secure key exchange in an otherwise secret-key system, and this is still one of its primary functions.

RC4

RC4 is the encryption method used to secure communications over the AWS GPRS airlink. It is a stream cipher developed by RSA Data Security Inc. The variable key-size cipher can be implemented efficiently in software. According to RSA, independent analysts who have scrutinized the algorithm consider it secure. It is also one of the encryption methods available for Secure Sockets Layer (SSL) protocol, the protocol used to secure communications between Web clients and Web servers.

Secure IP (IPSec)

IPSec is the result of fifteen years of security research, and provides a comprehensive set of standards and protocols for secure communications, including key management, encryption, authentication, methods for negotiating authentication and encryption and tunneling. It consists of seventeen RFCs, the most important of which are RFC 1825 to RFC 1829. IPSec is not yet complete, but is far enough along that products are becoming available that implement it. IPSec is required for IPv6 implementations. IPsec’s underlying philosophy is that it is better to secure communications at the network layer than at the application layer.

Two standards in particular, Authenticating Header (AH) Specification and Encapsulated Security Payload (ESP) are considered key for future VPN implementations. IPSec can interoperate with L2TP, or it might eventually replace it. IPSec is described fully in a set of IETF documents located at http://www.ietf.org/ids.by.wg/ipsec.html .



IPSec does not address access rights, namely the authorized services available to particular users on particular networks.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

SSL, now at version 3.0, is a protocol developed by Netscape Communications and is commonly used to secure communications between Web clients and Web servers. But SSL can be used with any application. It resides above the transport layer of communications protocols stacks (e.g. TCP/IP) and below applications. SSL provides algorithms to authenticate both client and server to each other. The SSL protocol negotiates the type of encryption to be used, including RC2, RC4 , IDEA, DES, and Triple-DES. These are all symmetric encryption methods. This means both sender and receiver use the same key. To prevent tampering of messages, the MD-5 Message Digest Algorithm can be used.

The SSL Handshake Protocol is used at the beginning of a session and consists of two phases. In the first phase, the server authenticates itself to the client using its public key, and a master key is created for subsequent communications. In the second phase, which is optional, the client authenticates itself with the server using its public key.

The IETF has a working group called Transport Layer Security (TLS) to evolve the standard from a de facto standard to an Internet rfc standard.

Within the AWS GPRS service, SSL is used to secure communications between the PocketNet gateway and the PocketNet application servers.

SOCKS

SOCKS is an Internet security standard, and is used in some VPN systems. The latest version, SOCKS version 5 specified in RFC 1928, is a circuit-level (session layer) proxy protocol that provides access control, monitoring, and logging. Circuit-level proxies establish a



proxy connection between an internal user and an external host or between an external user and an internal host. The proxy uses a virtual circuit between the client and the host for the duration of a session.

In the case of an external client, all communication is between the external client and a SOCKS server. The SOCKS server relays packets to the end host, but before doing so performs security functions such as decrypting packets and determining whether the client is authorized to access the particular service.

SOCKS 5 supports two types of authentication: Username/password (RFC 1929) and GSS-API-based authentication (RFC 1961). SOCKS also includes support for both private-key and public-key encryption.



Appendix B: Acronym List

AH – Authentication Header ARN – Authentication Random Number ASN – Authentication Sequence Number AWS – AT&T Wireless Services AMPS – Advanced Mobile Phone System CA – Certificate Authority GPRS – Cellular Digital Packet Data GTP - GPRS Tunneling Protocol CHAP – Challenge Authentication Protocol DES – Data Encryption Standard DNS – Domain Name Service EDGE – Enhanced Data Rates for Evolution EKE – Electronic Key Exchange ESH – END SYSTEM HELLO message ESP – Encapsulated Security Payload ETSI – European Telecommunications Standard Institute F-ES – Fixed-End System FTP – File Transfer Protocol GGSN – GPRS Gateway Support Node GMID – Group Member Identifier GPRS – General Packet Radio Service GSM – Global System for Mobile Communication HDML – Handheld Device Markup Language HDTP – Handheld Device Transport Protocol HTTP – Hypertext Transport Protocol IANA – Internet Assigned Numbers Authority IETF – Internet Engineering Task Force IKE – Internet Key Exchange IKMP – Internet Key Management Protocol IMSI - International Mobile Subscriber Identity IP – Internet Protocol IPSec – Secure IP IS – Intermediate System ISAKMP – Internet Secure Association Key Management Protocol



ISC – Intermediate System Confirmation ISP – Internet Service Provider ITU – International Telecommunications Union L2F – Layer 2 Forwarding L2TP – Layer 2 Tunneling Protocol LAN – Local Area Network MD – Message Digest MDBS – Mobile Data Base Station MS – Mobile End System MD-IS – Mobile Data Intermediate System MME – Mobile Management Entity MNLP – Mobile Network Location Protocol MNRP – Mobile Network Registration Protocol MPPE – Microsoft Point-to-Point Encryption MS-CHAP – Microsoft Challenge-Handshake Authentication Protocol NAPT - Network Address and Port Translation NAS – Network Access Service NAT - Network Address Translation NDIS – Network Device Interface Specification NEI – Network Entity Identifier NIST – National Institute of Standards NLPI – Network Layer Protocol Identifier OSI – Open System Interconnection PAP – Password Authentication Protocol PDP - Packet Data Protocol PDU – Protocol Data Unit PKI – Public Key Infrastructure PPP – Point-to-Point Protocol PPTP – Point-to-Point Tunneling Protocol PSTN – Public Switched Telephone Network PVC – Private Virtual Circuit RADIUS – Remote Authentication Dial-In User Service RDC – REDIRECT CONFIRM message RDQ – REDIRECT QUERY message RFC – Request for Comment SAGE – Security Algorithms Group of Experts SGSN – Serving GPRS Support Node SIM – Subscriber Identity Module SKIP – Simple Key Management for IP SLIP – Serial Line IP SME – Security Management Entity



SNDCP – Sub-Network Dependent Convergence Protocol SOCKS – not an acronym SSL – Secure Sockets Layer TLS – Transport Layer Security UDP – User Data Protocol VPN – Virtual Private Network WAN – Wide Area Network WAP – Wireless Application Protocol WTLS – Wireless Transport Layer Security

GPRS Network Security

Documents

Transcript of GPRS Network Security