Security in Cellular networks

3G+ Cellular Netowrk Architecture:
________ (router) ___ internet
|-------------Telephone network
[GMSC] has HLR, AUC (home location register, authenticaiton center)
|
|
multiple: [MSC] Mobile Switching Center: has a VLR (visitor location register)
|
|
multiple: [RNC]
|
|
Multiple: [BTS] (cell tower)
|
|
[USIM] (UMTS(universal mobile telecom system) subscriber identity module) UE/MS (cellphone)

Security Procedure: Connection to voice network

[USIM](cellphone) [VLR](MSC) [AuC](GMSC)
(1) -----auth request--->
(2) generate Authentication Vectors
store AVs(4)<---- send AVS--i---------------- (3)
(5) pick one AV at random
(7)<---send RAND(i) and AUTN(i)--(6)
Verify RAND(i) and AUTN(i)
(8) ------------ send XRES(i) ---------> (9) verify XRES(i)
(10) -------- exchange data using ---- (10)
CK(i) and IK(i)

Agreed upon the key without ever transmitting it.

AV, auth vector: AV1, AV2....AVn is a long binary string. Only USIM and AuC can generate the same set of AVs
AVi: [RAND(i)][CK(i)][IK(i)][AUTN(i)][XRES(i)]
[randome number][encryption key][integrity key][message digest][expected response]

Encryption of Signaling and User Data:

CK(i) and IK(i) and sequence number fed to encryption algorithm. → Key stream is generated. → XOR with plaintext to get ciphertext.

Index