Chapter 3 - UMTS Flashcards
What are some key points of UMTS?
- Universal Mobile Telecommunications Standard
- Also known as 3G
- Originall 384 kbit/s, with enhancement HSPA+ 11 Mbit/s up- and 42 Mbit/s downlink
- Circuit-switched architecture for voice
- Packet-switched architecture for data
What are the components of the UMTS system architecture?
- USIM: UMTS SIM
- ME: Mobile equipment
- UE: User equipment - USIM + ME
- NodeB: Base Station
- RNC: Radio Network Controller
- UTRAN: Universal Terrestrial Radio Access Network
- SGSN: Serving GPRS Support Node
- GGSN: Gateway GPRS Support Node
- HLR, VLR, AuC, MSC
What are some differences between GSM and UMTS, regarding the architecture?
- USIM: 128 bit key Ki
- Encryption endpoint at RNC (BSC) instead nodeB (BTS)
- Packet traffic forwarded by SGSN to GGSN, then to Internet
What are the components of the UMTS authentication vector?
- RAND: 128 bit random number
- AUTN: 128 bit authentication token
- IK: 128 bit integrity key
- CK: 128 bit ciphering key
- XRS: 32-128 bit expected respons
What are the components of the UMTS authentication token and why are they used?
AUTN := SQN ⊕ AK || AMF || MAC
- SQN: Sequence Number of 48 bit - kept on AuC for each subscriber and incremented on each request
- Guarantees Freshness of AUTN
- AK: Anonymity Key of 48 bit calculated by f5(K_i, RAND)
- Hides SQN
- AMF: Authentication Management Field of 16 bit - home provider specific
- e.g. indicate a set of algorithms to be used
- MAC: Message Authentication Code of 64 bit - hash on ANF, SQN and RAND computed with f1 and K_i
- Authenticates SQN, RAND, AMF
What happens if the SQN received by the UE is out of range? (UMTS)
- UE creates an AUTS Token =SQN_MS ⨁ f5*Ki(RAND) ∥ MAC-S
- SQN_MS = Maximum sequence number on UE
- f5 = Anonymity key
How is traffic encryption handled in UMTS?
- Encryption optional
- Between UE and RNC
- Multiple encryption functions (f8 / UEA) possible
- Currently UEA0 = no encryption, UEA1 = Kasumi, UEA2 = SNOW 3G are defined
- Uses CK, COUNT-C, BEARER, DIRECTION and LENGTH as input
How is integrity protection handled in UMTS?
- Integrity protection of signalling traffic mandatory
- 16 functions (f9 / UIA) possible
- 2 defined: UIA1 = KASUMI, UIA2 = SNOW 3G
- Uses IK, COUNT-I, MESSAGE, DIRECTION, FRESH
- FRESH = 32 bit random value, set by RNC on security mode command to avoid replay attack
How is UMTS protected agains bidding-down attacks?
The RNC includes the received security capabilities in security mode command, which is integrity protected with IK. If the received capabilities differs, from the sended cap. the UE drops the connection.
How is the key usage time limited in UMTS?
Home provider specific THRESHOLD is set on USIM, to restrict key lifetime. UE uses START value = max (COUNTER-C, COUNTER-I). When START value reaches THRESHOLD, new AKA is triggered by UE.
How is security context handover handled in UMTS?
- IK and CK are propagated to the new RNC
- START value is carried on, because saved on USIM
What components are relevant for 2G/ 3G inter-working?
- USIM/ 3G Home vs. SIM/ 2G Home
- 2G BTS/BSC vs. 3G NodeB/ RNC
- 2G MSC vs. 3G MSC
How does a UE/ USIM handle an AKA with a 2G network?
- Normal 2G AKA
- Authentication Vectors are converted from 3G to 2G in home network and on UE
- Kc = CK1 xor CK2 xor IK1 xor IK2
- RES_2G = RES_3G1 xor RES_3G2 xor RES_3G3 xor RES_3G4
How does a UE/ 2G SIM handle an AKA in a 3G network?
- UE sends 3G security capabilities and initiates identification
- 2G authentication vector send from home MSC
- 2G AKA
- UE and 3G convert Kc to IK* and CK*
- CK* = Kc || Kc
- IK* = Kc1 xor Kc2 || Kc || Kc1 xor Kc2
- Proceed with 3G security context
How does a UE/ USIM handle an AKA in 2G RAN with 3G core?
- Normal 3G AKA
- On MSC and UE: Convert CK, IK to Kc
- Kc = CK1 xor CK2 xor IK1 xor IK2
- MSC sends Kc to BSC/BTS
- Proceed with with 2G security context
How does a UE/ SIM handle an AKA with 2G RAN with 3G core?
- Normal 2G AKA
How can an attack against a 3G be carried out?
- Impersonate UE to 3G network (requires IMSI) to obtain a valid RAND, AUTN token
- Impersonate 2G network to a UE and forward RES to the 3G network
- Send security mode command A5/0 to UE
- Now calls / sms can be forwarded and be eavesdropped on
