8 Security Aspects
Requisitos de finalización
8.3 Enhancements in UMTS
The
3GPP security tries to reuse the 2G security principles. The SIM is substituted
by a USIM, encryption still concentrates on the radio interface, and the user
identity is protected. But it also aims to overcome the weaknesses of 2G: the
network is not authenticated, data integrity is not provided, the encryption is
weak, and keys may be reused.
Security mechanisms in UMTS are published and not kept secret. The encryption with a 64 bits Kc in GSM was not sufficient. Also the operator in GSM can set the intervals between consecutive authentication procedures. In UMTS this is overcome: First an authentication token AUTN is introduced being a sequence number with which the actuality of the authentication vector can be proved. That prevents usage of older, probably stolen vectors. AUTN is also used to authenticate the network so that a mutual authentication of network and SIM takes place.
UMTS also has two separate keys, CK (similar to Kc in GSM) for encryption and IK for integrity protection. Both keys have 128 bits and are much longer than the GSM key.
Figure 8-4: Authentication before encryption in UMTS, green: changes compared to GSM.
The frequency of authentication in addition depends on the number of packets encrypted with the same key. The operator cannot set a longer interval between consecutive authentication. The AUTN check consists decrypting the included message authentication code and verifying the AUTN freshness. If the check is passed RES is calculated in parallel to CK and IK. The authentication is similar to that in GSM, but in UMTS it is mutual. The MS checks the AUTN and with this information it can authenticate the network. Then the MS is authenticated by the network as in GSM.
Security mechanisms in UMTS are published and not kept secret. The encryption with a 64 bits Kc in GSM was not sufficient. Also the operator in GSM can set the intervals between consecutive authentication procedures. In UMTS this is overcome: First an authentication token AUTN is introduced being a sequence number with which the actuality of the authentication vector can be proved. That prevents usage of older, probably stolen vectors. AUTN is also used to authenticate the network so that a mutual authentication of network and SIM takes place.
UMTS also has two separate keys, CK (similar to Kc in GSM) for encryption and IK for integrity protection. Both keys have 128 bits and are much longer than the GSM key.
Figure 8-4: Authentication before encryption in UMTS, green: changes compared to GSM.
The frequency of authentication in addition depends on the number of packets encrypted with the same key. The operator cannot set a longer interval between consecutive authentication. The AUTN check consists decrypting the included message authentication code and verifying the AUTN freshness. If the check is passed RES is calculated in parallel to CK and IK. The authentication is similar to that in GSM, but in UMTS it is mutual. The MS checks the AUTN and with this information it can authenticate the network. Then the MS is authenticated by the network as in GSM.
During handover using a GSM-MSC the keys
are converted for compatibility reasons. This weakens them. The conversion
formulas are:
\( CK=c4(K_c)=K_c||K_c \) (8-1)
\( IK=c5(K_c)=K_c \,1 \oplus K_c\,2||K_c||K_c \,1 \oplus K_c\,2 \) (8-2)
\( K_c=c3(CK,IK)=CK\,1 \oplus CK\,2 \oplus IK\, \oplus IK\,2 \). (8-3)