8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
1/19
2G/3G Authentication withSIM cards:usage & roaming basics for
the Internet challenged
Michael HaberlerInternet Foundation Austria
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
2/19
outline a SIM card mini-tutorial
features, protocol flow, usage, production, addressing UMTS authentication and key agreement
principles and protocol flow
the universal integrated circuit card (UICC) USIM app
how 2G, 3G roaming works
over the air (OTA) loading of UICC apps example: X.509 certificate download
(U)SIMs and Internet access authentication
how SIMs and RADIUS roaming works
(U)SIMs and SIP authentication
what the SIP server does
How the parameter logistics works
a bonus business model thrown in
summary
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
3/19
whats a 2G SIM card crypto smart card as per ISO 7816
access protected by a PIN code(s) (card holder verification)
fixed storage of subscriber identityIMSI (international mobilesubscriber identity)GSM MAC address
E.164 number to IMSI mapping at the operator only safe storage for shared secret - accessible only through CHAP
operation not broken as of today except for most stupid CHAP algorithm known
CHAP algorithm in hardware
operator chooses algorithm tree structured filesystem
stream, record, cyclic record files
can be readonly, read/write or none at all (for the key)
some permission hierarchy
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
4/19
how are SIM cards produced unprogrammed chips are personalized and closed
(parameters written & sealed)
mass product - $5-$7 apiece at 1000+ GEMplus, Giesecke & Devrient ....
everybody can have SIMs made even Mom&Pop ISP
not everybody may roam with other cellular operators
use the GSM algorithm A3/A8 you wouldnt want it anyway
must be member of GSM association for that
having your own algorithm in a chip mask is a circa$50K+ affair
for testing & development unprogrammed castratedchips used (XOR algorithm for CHAP...)
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
5/19
how are (U)SIM cards accessed
2G, 3G use builtin reader in the mobile handset
for Internet use: maybe builtin in PDA, PC (e.g.DELL)
external USB token20$ apiece
re-use a mobile SIM card via Bluetooth SIG SIM AccessProfile (only if roaming against 2G/3G operator)
read 3G (U)SIM Security Reuse by PeripheralDecices on local interfaces contains some threatanalysis
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
6/19
SIM usage in 2G authentication
2G GSM
handset
keys
access requestpresent IMSI
present challenge (RAND)
send RESP (challenge response)
Authentication
Center
shared secret
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
7/19
IMSI structureMCC MNC MSIN
IMSI
MCC MobileCountryCode
Three
digits
Twotothree
digits
Maximumof ten
digits
Maximumof fifteendigits
MCC/MNC uniquely designates an operator and his authentication center
when roaming, MCC/MNC tells the visiting network where to route theauthentication request
this is done via SS7 MAP (mobile application part)
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
8/19
what is OTA (over the air) loading?
SIM cards are writable by mobile equipment if authenticated to network
if instructed by operator over the air
if file/directory is writable
example: ISIM X.509 certificate bootstrap AKA authenticated:
let user visit PKI portal
download certificates through HTTP/Digest mechanism
certificates are stored in record structured files, as ar CA certifcates
The Air can also be an IP connection
download of executable applets possible
SIM Toolkit, USAT (USIM Application toolkit) bytecode instructions sent encrypted by 3DES, stored on card
regularly used in 2G networks todayfor functionality upgrades& parameter download
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
9/19
UMTS authentication and key
agreement (AKA)
substantially improved over 2G SIM
protection against replay, MITM attacks sports also network-to-user authentication
more complex algorithm
compatibility functions 2G network/3Gcard, 3G network/2G card
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
10/19
3G AKA authentication flow
3G UMTS
handset
keys
access requestpresent IMSI
challenge RAND || AUTN token
send RESP (challenge response)
Authentication
Center
shared secret,Sequence numbersresult:
Cipher keyIntegrity key
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
11/19
whats the universal integrated
circuit card (UICC) about generic support mechanism for multiple
applications on one card
2G,3G authentication become applicationsselected as needed USIM application implements AKA
2G SIM app implements 2G CHAP
additional apps possible (ISIM, PKI certificatestorage etc)
ISIM is pretty close to SIP client needs!!
mobile equipment chooses application
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
12/19
using (U)SIMs for Internet
access authentication embed flow in EAP and tunnel in RADIUS
between 802.1x supplicant in client and RADIUS
EAP backend using EAP-SIM or EAP-AKA RADIUS server MAY gateway to SS7 MAP androam WiFi network looks like a GSM roaming partner
example: WiFi roaming through www.togewanet.com OR RADIUS server access an ISP-style database
for keys ISP is the SIM card issuer!
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
13/19
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
14/19
how 2G roaming works
mobile equipment presents IMSI
visited network looks at MCC,MNC part of IMSI if no roaming agreement, drop him
otherwise send access request thru SS7 MAP to homenetwork
the home network verifies IMSI and sends a triplet:(challenge, expected response, cipher key) authenticationvector
visited network presents challenge, reads response if (response == expected response), service user
the triplet is essentially an access ticket note no replay detectionthese fellows seem to trust each
other
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
15/19
how 3G roaming works
not much different from 3G, just moreparameters needed for AKA
triplets become quintets
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
16/19
how the 2G/3G user ids (IMSIs) are
mapped to RADIUS authentication:
take mobile country code, mobile network code
use them to create a realm
Example IMSI = 232011234567890
means mcc=232 (Austria) mnc=01 (Mobilkom) resulting realm
mnc01.mcc232.owlan.org
resulting RADIUS [email protected]
routing to Radius servers decided by subdomain
convention established by Nokia Nokia owns owlan.orgdomain pro-bono
from thereon this is vanilla RADIUS roaming
but its just fine if we call it mnc01.mcc232.visionNG.org if thatsounds better, realms just gotta be unique
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
17/19
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
18/19
a bonus business model thrown in:
combine a SIP-based iTSP with a Mobile VirtualNetwork Operator (MVNO) an MVNO has authentication, billing, customers, numbers,
but the radio network is outsourced from somewhere else
issue (U)SIM cards which work both in a 2/3Ghandset AND as WiFi/SIP auth tokensnote thesame card authenticates both uses!
leave choice to user how to connectInternet orcellularusing the same E.164 number
8/12/2019 03_ 2G-3G Authentication With SIM Cards_2003
19/19
Summary
2G/3G has a strong/very strong authentication architecture
it is almost copy & paste for iTSP use at WiFi access, WiFiroaming acces, SIP and other levels (TBD!)
it can serve to solve the X.509 certificate distribution problem operator model (2G/3G home network, ISP home network) has
no impact on Internet-side terminals
numbering & addressing resources are compatible and available(maybe not obviously so)
the Internet could become the biggest (U)SIM authenticatedmobile network ever to roam with 2G/3G land
Top Related