《3G_Security_Overview》.pptVIP

3G Security Principles Build on GSM security Correct problems with GSM security Add new security features GSM Network Architecture GSM Security Elements, 1 Key functions: privacy, integrity and confidentiality Authentication Protect from unauthorized service access Based on the authentication algorithm A3(Ki, RAND)= SRES Problems with inadequate algorithms Encryption Scramble bit streams to protect signaling and user data Ciphering algorithm A8(Ki, RAND) = Kc A5(Kc, Data) = Encrypted Data Need stronger encryption Confidentiality Prevent intruder from identifying users by IMSI Temporary MSI Need more secure mechanism GSM Security Elements, 2 SIM A removable hardware security module Manageable by network operators Terminal independent Secure Application Layer Secure application layer channel between subscriber module and home network Transparency Security features operate without user assistance Needs greater user visibility Minimized Trust Requires minimum trust between HE and SN Problems with GSM Security, 1 Active Attacks Impersonating network elements such as false BTS is possible Key Transmission Cipher keys and authentication values are transmitted in clear within and between networks (IMSI, RAND, SRES, Kc) Limited Encryption Scope Encryption terminated too soon at edge of network to BTS Communications and signaling in the fixed network portion aren’t protected Designed to be only as secure as the fixed networks Channel Hijack Protection against radio channel hijack relies on encryption. However, encryption is not used in some networks. Problems with GSM Security, 2 Implicit Data Integrity No integrity algorithm provided Unilateral Authentication Only user authentication to the network is provided. No means to identify the network to the user. Weak Encryption Algorithms Key lengths are too short, while computation speed is