Вы находитесь на странице: 1из 30

Technical Training 2009 (Session 4: RUIM Introduction)

SMART CARD SMART CARD SMART CARD SMART CARD

Trainer: Melvin LEE

Presentation Outline
-Telecom- Finance -ID & Security-

What is CDMA? CDMA Standards Types of CDMA Networks CDMA Migration path Roaming in CDMA

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 2

What is CDMA?
-Telecom- Finance -ID & Security-

CDMA stands for Code Division Multiple Access CDMA is a "spread spectrum" technology, allowing many users to occupy the same time and frequency allocations in a given band/space. It assigns unique codes to each communication to differentiate it from others in the same spectrum. It enables many more people to share the airwaves at the same time than other alternative technologies
2009120 Confidential page 3

SMART CARD SOLUTIONS FOR EVERYONE

CDMA Architecture
-Telecom- Finance -ID & Security-

BSC BSC BSC

The core network AC HLR VLR EIR CDMA MC

GMSC OMC Gateway to


PLMN roaming PSTN

BSC BSC

MSC

VLR

others

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 4

CDMA Key Standards


-Telecom- Finance -ID & Security-

TIA//EIA/IS-808 (Stage 1: Network requirements) TIA//EIA/IS-820 (Stage 2 & 3: ME-R-UIM) TIA/EIA/IS-820-1 (Addendum) TIA/EIA/IS-683-A (OTASP / OTAPA) TIA.AHAG (Authentication Algorithm CAVE) TIA//EIA/IS-95A & B (CDMA Air Interface) TIA/EIA/IS-637 (SMS) TIA/EIA/TSB-58 (CDMA Numbering Schema) ANSI--41 (CDMA Network Protocols)
2009120 Confidential page 5

SMART CARD SOLUTIONS FOR EVERYONE

Standards Development
-Telecom- Finance -ID & Security-

CDMA2000 standards development

CDG

Source : Ericsson
SMART CARD SOLUTIONS FOR EVERYONE 2009120 Confidential page 6

Types of CDMA networks


-Telecom- Finance -ID & Security-

cdmaOne: The Family of IS-95 CDMA Technologies IS-95A : The first CDMA cellular standard IS-95B : 2.5G (TIA/EIA IS-95 : Telecommunications Industry Association / Electronic Industries Association Interim Standard - 95) CDMA2000: Leads the 3G revolution CDMA 1x RTT (One Carrier Radio Transmission Technology ) CDMA 1xEVDO 1x = single 1.25 MHz spaced carrier EV = EVolution DO = Data Optimized (no voice traffic) CDMA 1xEVDV 1x = single 1.25 MHz spaced carrier EV = EVolution DV = Data and Voice
SMART CARD SOLUTIONS FOR EVERYONE 2009120 Confidential page 7

CDMA Migration Path


-Telecom- Finance -ID & Security-

Network Generation 2G 2.5G 3G Evolved 3G Enhanced 3G

Type of Network cdmaOne IS-95A cdmaOne IS-95B CDMA2000 1x RTT CDMA2000 1x EV-DO CDMA2000 1x EV-DV

Channel Bandwidth 1.25 Mhz 1.25 Mhz 1.25 Mhz 1.25 Mhz 3.75 Mhz

Peak Data Rate 14.4 kbps 115kbps 384 kbps 2.4 Mbps 4 Mbps

Actual Data Rate 9.6kbps 64Kbps 144 kbps 621 kbps 1117 kbps

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 8

CDMA/GSM Roaming
-Telecom- Finance -ID & Security-

Different Protocol Difficulty in obtaining network parameters across networks Different Authentication methods GSM subscribers uses the A3A8 algorithm CDMA subscribers uses the CAVE algorithm GSM Handsets does not support CDMA networks and vice versa The GSM SIM is different from the CDMA RUIM smart cards
2009120 Confidential page 9

SMART CARD SOLUTIONS FOR EVERYONE

RUIM cards
-Telecom- Finance -ID & Security-

Outline of presentation
Objectives of RUIM RUIM standards RUIM Status RUIM File Structure Coding RUIM Files RUIM Security Features Roaming with RUIM (Plastic Roaming)

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 10

RUIM Objectives
-Telecom- Finance

-ID & Security-

RUIM stands for Removable User Identity Module Removable - Phonebook/Number portability Puts operator in control of subscriber relationship Customizable post issuance Facilitate roaming (Plastic roaming)

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 11

RUIM Status
-Telecom- Finance -ID & Security-

Standardized by TIA 820 Memory range from 32K to 128K (Can support large PRLs) Java or native CCAT (Application Toolkit) Standardized in 3GPP2 OTASP/OTAPA

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 12

RUIM Standards
-Telecom- Finance -ID & Security-

Document Title Removable User Identity Module for Spread Spectrum Systems IMSI REMOVABLE USER IDENTITY MODULE (R-UIM) / MOBILE EQUIPMENT (ME) INTERFACE TESTING CDMA Card Application Toolkit (CCAT) Over-the-Air Service Provisioning of Mobile Stations in Spread Spectrum Standards Short Message Service for Spread Spectrum Systems OTASP and OTAP Over-the-Air Service Provisioning of Mobile Stations in Spread 3 Spectrum Systems. 4
SMART CARD SOLUTIONS FOR EVERYONE

Doc. No. 3GPP2 C.S0023-A 3GPP2 N.S0009-0 3GPP2 S.R0060 3GPP2 C.S0035-0 3GPP2 C.S0016-B 3GPP2 C.S0015 3GPP2 N.S0011-0 TIA/EIA/ IS-683-A

2009120

Confidential

page 13

RUIM Files
-Telecom- Finance -ID & Security-

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 14

RUIM Files
-Telecom- Finance -ID & Security-

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 15

RUIM Files
-Telecom- Finance -ID & Security-

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 16

RUIM Files
-Telecom- Finance -ID & Security-

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 17

RUIM Files
-Telecom- Finance -ID & Security-

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 18

RUIM Files
-Telecom- Finance -ID & Security-

Mandatory Files from GSM 11.11


1. Contents of the EFs at the MF level a. EF_ICCID 2. DFs at the GSM application level 3. Contents of files at the telecom level a. EF_ADN b. EF_FDN c. EF_LND d. EF_SDN e. EF_EXT1 f. EF_EXT2 g. EF_EXT3 4. DFs at the telecom level 5. Contents of files at the telecom graphics level a. EF_IMG b. Image Instance Data Files
SMART CARD SOLUTIONS FOR EVERYONE 2009120 Confidential page 19

RUIM functions
-Telecom- Finance -ID & Security-

3 main security functions of the RUIM


Managing Shared Secret Data (SSD) Performing Authentication Calculations and generating Encryption Keys Managing the Call History Parameter

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 20

RUIM Security
-Telecom- Finance -ID & Security-

Commands used:

Update SSD Base Station Challenge Confirm SSD Run CAVE Generate Key/VPM Store ESN_ME

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 21

RUIM authentication
-Telecom- Finance -ID & Security-

The algorithm used by the R-UIM for authentication and key generation is CAVE CAVE stands for Cellular Authentication and Voice Encryption This is performed by the Run CAVE function. Provides encryption for Voice, Data and Signaling

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 22

RUIM update SSD


-Telecom- Finance -ID & Security-

UIM
Temp Storage

ME

Network
Rand SSD

Rand BS

Rand BS
Random number enhancer
Random Number Generator

Rand SEED

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 23

RUIM update SSD


-Telecom- Finance -ID & Security-

UIM
Select A Key CAVE SSD(new) IMSI_M IMSI_T CAVE
RANDBS AUTHBS

ME
ESN Rand SSD

Network

UIMID

Select

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 24

RUIM update SSD


-Telecom- Finance -ID & Security-

UIM
CAVE AUTH BS

ME

Network

Compare

AUTH BS

If equal SSD = SSD (new)

Update SSD OK?

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 25

GSM SIM authentication


-Telecom- Finance -ID & Security-

RAND

Ki

RAND

Ki

RAND

A3

A8

A3 SRES SRES

Kc
SMART CARD SOLUTIONS FOR EVERYONE 2009120 Confidential page 26

RUIM functions Call History


-Telecom- Finance -ID & Security-

CALL COUNT is used as a simple clone detector. During network access protocols, the R-UIM reports its value of CALL COUNT to the network. If the value is consistent with the networks value of CALL COUNT, the network will grant access If value of CALL COUNT is out of sequence, the network may choose to investigate the possibility that the R-UIM has been cloned and take action. Both the mobile and the network track the Call History Count
2009120 Confidential page 27

SMART CARD SOLUTIONS FOR EVERYONE

Plastic Roaming
-Telecom- Finance -ID & Security-

RUIM can facilitate Plastic Roaming between CDMA and GSM networks using a DUAL mode card. A smart card that supports both the RUIM and SIM functionality is known as a DUAL mode card. Roaming 2 methods First method: Two phones 1 CDMA, 1 GSM 1 dual mode card with both CDMA and GSM files populated
SMART CARD SOLUTIONS FOR EVERYONE 2009120 Confidential page 28

Plastic Roaming
-Telecom- Finance -ID & Security-

Second method: 1 dual mode phone with 1 dual mode card with both CDMA and GSM files populated

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 29

-Telecom-

- Finance

-ID & Security-

Thank you!

SMART CARD SOLUTIONS FOR EVERYONE

2009120

Confidential

page 30