Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GSM Basics: Auðkenning & öryggi

GSM Basics: Auðkenning & öryggi

These slides are in Icelandic and give a decent overview of authentication and security measures in 2G and 3G GSM systems. The idea was to explain the significance of "Location update" and encryption usage when registering (location updating) in a GSM network.

The slides were a 5 minute lightning talk at the University of Iceland Computer networks & Security course (TÖL305G) in 2012.

Steinn Eldjárn Sigurðarson

November 10, 2012
Tweet

More Decks by Steinn Eldjárn Sigurðarson

Other Decks in Technology

Transcript

  1. GSM: Uppbygging,
    auðkenning
    (og öryggi)
    Steinn Eldjárn Sigurðarson

    View full-size slide

  2. (Einfölduð!) Uppbygging GSM kerfis
    HLR
    MSC
    BSS
    AuC
    BSC
    BTS1
    BTS2
    BTS3
    PSTN
    MS
    VLR

    View full-size slide

  3. GSM notandi tekur við símtali.
    Hvað þarf til þess?

    Staðsetningu notanda

    Lykla til dulkóðunar

    … Mobility Management

    View full-size slide

  4. Hvað er frábrugðið m.v. hefðbundið
    símakerfi?

    Kerfið þarf að vita hvar notandinn er

    Sterk nauðsyn fyrir dulkóðun

    Auðkenningarferlið er því notað til að:
    – Uppfæra staðsetningu notanda
    – Skiptast á leyndarmálum/lyklum til dulkóðunar

    View full-size slide

  5. Auðkenning í GSM

    Notar gögn á SIM korti (IMSI/TMSI, Ki)

    IMSI – International Mobile Subscriber Identity

    TMSI – Temporary Mobile Subscriber Identity

    Ki – Auðkennislykill notanda

    aðeins geymdur á AuC og SIM korti.

    Framkvæmd með:

    “Location Update”

    Eða

    “Location Registration”

    View full-size slide

  6. Grunn auðkenningarferli
    MS BSS/MSC VLR
    VLR HLR AuC
    Loc. Upd. Req
    Update Loc. Area
    Auth. Para. Req.
    Auth. Info. Req
    (IMSI,LAI)
    (IMSI,LAI)
    (IMSI)
    (IMSI)
    Auth. Info
    (IMSI,Kc,Rand,SRES)
    (RAND) (RAND)
    Auth. Info
    (IMSI,Kc,Rand,SRES)
    Authenticate
    Authentic. Req.
    Ki RAND
    A3 A8
    Kc SRES
    =
    Authentic. Resp Authentic Resp.
    (SRES) (SRES)
    (SRES)
    Update Location
    (IMSI,MSRN)

    View full-size slide

  7. Næstu skref

    Búið er til TMSI (ef nauðsynlegt!)

    “Subscriber data” úr HLR geymt í VLR

    TMSI sent til BSS

    Skipt í “Cipher Mode”

    Eftir það eru öll samskipti á Um (radio)
    interface dulkóðuð með Kc

    View full-size slide


  8. Skammstafanir:

    HLR – Home Location Register

    AuC – Authentication Center

    MSC – Mobile Switching Center

    BSS – Base Station Subsystem

    BSC – Base Station Controller

    BTS – Base Transceiver Station

    MS – Mobile Station

    SIM – Subscriber Identification Module

    IMSI – International Mobile Subscriber Identity

    TMSI – Temporary Mobile Subscriber Identity

    View full-size slide