Вы находитесь на странице: 1из 5

Mobile usage has virtually penetrated every aspect of our daily lives from the traditional voice communication to short message services (SMS), multimedia messaging services (MMS), ring tones, camera phones, games and a vast array of applications.

In fact with the advent of 3G technologies most Service Providers are promising even more attractive features and applications. Most mobile phone manufacturers are making the mobile even more and more feature rich.

One of the key areas which has been addressed by both the Service Provider and the Mobile manufacturers is in the area of Authentication and Encryption in Mobile technology.

This White Paper is an attempt to address the concept of Authentication and Encryption in CDMA systems and the usage of this feature in today’s mobile telephony environment.

Encryption is the conversion of message from the original form to an unrecognizable form (encrypted message) while decryption is the re-conversion of the encrypted message into its original form.

The word cryptography comes from the Greek words kryptos which means hidden and graphein which means writing. Cryptography is the science of encryption and decryption.

The art or study of cryptography was a known practice in the ancient world. The first recorded use of cryptography was by the Spartan’s in 400 B.C. and one of the more famous ancient cryptography was known as “Caesar Cipher” named after Julius Caesar which was used by the Roman armies to transfer messages during war.

The modern day cryptographic techniques make use of much faster processing techniques which are embedded on advanced electronics chips and computers systems.

In a general cryptographic system a message is encrypted with the help of keys which are nothing but variables which are applied to the original message. The formula for combining the original message and the key to produce an encrypted message is known as a cryptographic algorithm.

For example an original text written as HOWAREYOU could be encrypted into KRZDUHBRX. In this example the cryptographic algorithm would read “shift key places forward” and the key could be 2 which means shift 2 places forward.

As can be seen in the above example both sides must have the same cryptographic algorithm and must know the key or variable to perform the cryptographic algorithm on the original message.

Most Cryptographic systems use either the Secret Key (Symmetric) cryptography or Public Key (Asymmetric) cryptography and sometimes even a mix of both.

This White Paper will not discuss these two models as used in various applications but would stay focused on the Authentication and Encryption as used in CDMA systems.

An Authentication model is best represented by Figure 1 shown below. As soon as the User desires some service from the Serving System a random number is thrown at it from the Serving System as a Challenge to authenticate itself. The User uses this random number and performs a cryptographic algorithm on it using a Secret Key which is known at both ends. The same process is carried out at the Serving System using the same cryptographic algorithm and Secret key. The resultant output from the User side is given to the Serving System as a Response. The Serving System compares the Response with its own computation. If the two match the User is either permitted access to Services or is denied entry.

USER

SERVING SYSTEM

Challenge Random # Cryptographic Algorithm Cryptographic Algorithm Secret Key Secret Key ? Deny Access Response
Challenge
Random #
Cryptographic Algorithm
Cryptographic Algorithm
Secret Key
Secret Key
?
Deny Access
Response

Permit Access

Figure 1 Authentication Model

In CDMA systems as we shall see in subsequent sections the process of Authentication is to identify and provide service to a genuine mobile on the network and deny access to a cloned version of it.

Before continuing our discussion further it is important to understand some CDMA terms which would be used frequently in this paper.

ESN (Electronic Serial Number) Every mobile on the system is uniquely identified by the Electronic Serial Number (ESN) which is a 32 bit number pre-programmed at factory setting by the mobile phone manufacturer. The ESN is used to identify a mobile on the network.

MIN (Mobile Identification Number) The Mobile Identification Number (MIN) is a 10 digit number that is assigned by the Service Provider to a mobile on the network. This too is unique to each mobile on the network and is used in conjunction with the ESN to identify the mobile on the network.

MDN (Mobile Directory Number) The Mobile Directory Number (MDN) is another 10 digit number which is assigned by the Service Provider to a mobile on the network. This is the number which is known to the outside world as the user’s mobile number.

Cloning is a malicious process whereby a rogue intruder in the system assigns an unauthorized pair of ESN and MIN to a mobile phone thereby pretending to be a genuine user and try and break into the network.

To prevent such malpractices most Service Providers are implementing Authentication and Encryption in their CDMA networks so that cloning of mobiles is halted. The basis of this paper is to understand this process and usages in the future.

At the heart of the Authentication model in CDMA is the Authentication key or A-key which is like a master key to the system. The A-key is a 64 bit number stored in the permanent section of the memory and is usually pre-programmed at factory settings.

The A-key as we shall see in further sections is used to generate intermediate keys and session keys within the system.

The model represented below represents the complete Authentication and Encryption systems in CDMA networks and will be the focus of our study from now.

MS BS MSC HLR/AC RANDSSD RANDSSD A-key ESN A-key ESN RAND SSD Gen. Procedure-CAVE SSD
MS
BS
MSC
HLR/AC
RANDSSD
RANDSSD
A-key
ESN
A-key
ESN
RAND
SSD Gen. Procedure-CAVE
SSD Gen. Procedure-CAVE
ESN
MIN
ESN
RAND
ESN
MIN
ESN
RAND
SSD_B
SSD_A
SSD A
SSD_B
CAVE
CAVE
? CAVE
CAVE
VPM
Authentication Signature (18 bit)
(PLCM)
CMEA Key
Long Code Generator
(PLCM) Data Key
VPM
CMEA Key
Voice
……….
SSD_B
E-CMEA
RAND
Signaling Message
Data Key Generator
CAVE: Cellular Authentication & Voice
Encryption
Data Key
Data
Forward Link
ORYX
Reverse Link

Figure 2 Authentication and Encryption in CDMA Systems

For better understanding this system can be divided into three sections namely SSD (Shared Secret Data) Generation / Updation, Authentication and finally Encryption.

The CDMA networks make use of a cryptographic algorithm known as CAVE or Cellular Authentication and Voice Encryption which is used in various stages of the procedure.

On the initiation of a SSD generation/update the Home Location Register/Authentication Centre (HLR/AC) sends out a Random number RANDSSD (56 bits) as a challenge. The mobile takes this RANDSSD value along with the ESN and A-key to generate the SSD pairs namely SSD_A and SSD_B both 64 bits long.

The above is followed by a procedure known as Global Challenge. In this process the SSD_A is further fed into the CAVE algorithm along with ESN and MIN and a random number known as RAND (32 bits) which is now generated by the MSC. The result computed as Authentication Signature (AUTHR) (18 bits) is sent back by the mobile to the network. The network too would have calculated its own version of AUTHR which it uses to compare the result.

It should be pointed out here that before an SSD Update procedure is carried out the mobile will calculate the AUTHR using a default SSD_A of zero (0), i.e. prior to generation of the new SSD_A and SSD_B which is done during the SSD Update Procedure by sending out RANDSSD as explained above.

The network Base Station permits access to the mobile if the Authentication Signatures match and denies access if they do not. In the event of a mismatch the network may also initiate a SSD update to generate a new pair of SSD_A and SSD_B and also in some cases initiate a Unique Challenge to the mobile. Here it sends out a Unique Random number RANDU (24 bits) to a particular mobile and receives a unique Authentication Signature (AUTHU) (18 bits) from that mobile.

The Authentication Procedure is invoked during Registration, Origination, Page Response or Data Burst Message.

Voice Privacy is provided by changing the characteristics of the Long PN Code which is used for spreading the Voice on the Traffic Channel.

The SSD_B is further fed into the CAVE algorithm along with the RAND and ESN to generate a 520 bit Voice Privacy Mask (VPM). The last 40 bits of this VPM is used as the Private Long Code Mask (PLCM) which changes the characteristics the Long PN Code on the mobile and the Network. This modified long code is then used to scramble the voice.

The SSD_B along with the RAND and ESN also generates a CMEA (Cellular Message Encryption Algorithm) key (64 bits) which is then used on the E-CMEA (Enhanced CMEA) algorithm to encrypt the signaling messages. The Signaling messages could be in the form of DTMF tones, dialed keypad and short messages.

In addition to the above the SSD_B is also fed into a Data Key Generator along with the RAND to generate the Data key. The Data key is used to encrypt Data messages using the ORYX (no acronym) algorithm

Mobile Commerce, Mobile Banking and other Financial transaction applications over the mobile will require high level of security which can be provided for by the CDMA networks when the CDMA message signaling encryption is enabled.

In addition the networks can check on the fraudulent use of their networks by preventing cloning of the mobile phones by enabling Authentication procedures on the network.

phones by enabling Authentication procedures on the network. Amit Balani Head – India Carrier Support Group

Amit Balani Head – India Carrier Support Group LG Soft India Private Limited Mumbai - India Email : amit.balani@lgsoftindia.com