Security Networks
- 格式:pdf
- 大小:179.30 KB
- 文档页数:10
DuD•DatenschutzundDatensicherheit25(2001)X1SecurityMechanismsinUMTSStefanPütz,RolandSchmitz,TobiasMartinThiscontributionpresentsanoverviewofthesecurityofthe3rdgenerationmobileradiosystemUMTSascurrentlystandardisedbythe3rdGenerationPartnershipProject3GPP.Wediscusstheunderlyingprinciplesandshowtowhichextentthesecurityof2ndgenera-tionsystemsasGSMisimprovedandenhancedbyUMTS.TheUMTSAuthenticationandKeyAgreementprotocol,thesecurityalgorithmsde-ployedforUMTSandtheinterworkingmechanismsbetween2ndand3rdgen-erationsystemsaredescribedindetail.1Dr.StefanPützPromotioninITSecurity,LeiterITSecurityNetworksbeiT-Mobil,Vice-chairmander3GPPSecurityGroup.Arbeitsgebiete:ITSecurity,insb.UMTSSecurity,Standardisierung.E-Mail:stefan.puetz@t-mobil.deDr.RolandSchmitzPromotioninMa-thematik,seit1995beiT-Nova,Arbeits-gebiete:SicherheitmobilerKommuni-kation,Standardisie-rungdigitalerSi-gnaturen.E-Mail:roland.schmitz@t-systems.deDipl.Math.TobiasMartinMitarbeiterimBe-reichInforma-tionssicherheitvonT-Nova,MitgliedvonETSISAGEE-Mail:tobias.martin@t-systems.de1Thiscontributionisbasedon[VIS2001].1IntroductionDuring1998aworldwideharmonisationandglobalisationprocessforthe3G(3rdgeneration)mobileradiosystemshastakenplace.Therefore,thestandardisationproc-essforUMTS(UniversalMobileTelecom-municationsSystem)hasmovedfromETSI(EuropeanTelecommunicationsStandardsInstitute)to3GPP(3rdGenerationPartner-shipProject).3GPPwassetupbyvariousregionalstandardsorganisationsandotherrelatedbodiesfromdifferentcontinentsandcountries,e.g.Europe(ETSI),Japan(ARIB,TTC),Korea(TTA),China(CWTS)andNorthAmerica(T1),thathaveagreedtoco-operatefortheproductionofacompletesetofgloballyapplicabletechni-calspecificationsfora3GmobileradiosystembasedonevolutionoftheGSM(GlobalSystemforMobileCommunica-tions)corenetwork.3Gmobileradiosystemswillinvolvemoreplayers,e.g.contentandserviceproviders,andmoreoperators,whichwillresultincomplexsystemandroamingscenarios.3Gsystemswillexistofandinteractwithalotofdifferentnetworktypes.Also3GPPwillpromotewirelessaspreferredmeansofcommunication.ToensurethatUMTSwillworksecurelyandreliablyunderthiscondition,the3GPPsecuritygroupwasestablishedinearly1999todefinetheUMTSsecurity.ThestandardisationofUMTSsecuritywithin3GPPhasnowreachedareasonablystablestate.2Itisattemptedinthispapertopro-videafairlycompleteoverviewoftheUMTSsecuritybyhighlightingitsnewsecurityfeaturesanddescribingthemostessentialmechanisms(incl.protocolsandalgorithms)deployedtoprovidethesefeatures.23GPPfocusedonthefirstreleasetobefro-zenendofyear1999(calledRelease99).Duringtheyear2000alotofcorrectionsandfunctionalmodificationsbecamenecessary.23GSecurityPrinciplesThescopeof3Gsecurityisformedbyafewprinciples.Theseprinciplesstatewhatistobeprovidedby3Gsecurityascom-paredtothesecurityof2G(2ndgeneration)systems[TS33.120].♦ Buildonthesecurityof2GsystemsSecurityelementswithinGSMandother2Gsystemsthathaveprovedtobeneededandrobustshallbeadopted.FurthermorecompatibilitywithGSMinordertoeaseinterworkingandhandovershallbeensured.♦ Improveonthesecurityof2Gsystems3GsecuritywilladdressandcorrectrealandperceivedweaknessesinGSMandother2Gsystems.♦ Offernewsecurityfeatures3Gsecuritywillsecurenewservicesof-feredby3Gsystemsandtakeaccountofchangesinnetworkarchitecture.2.1BuildingonGSMSecurityThewellknownsecurityfeaturesofGSMaredescribedintheETSIstandards[GSM02.09,GSM03.20].Furthermore,theGSMsecurityarchitectureandmechanismsareexplainedin[DuD1996].Inthetenyearsofbeinginoperation,thesecurityarchitectureofGSMhasproventoprovidetheGSMsubscribersasufficientlevelofsecurity.ThebigcommercialsuccessofGSMisatleastpartlyowedtoitsrobustsecurityarchitecture,whichhasstruckagoodbal-ancebetweensubscriber’sneedsandcom-mercialinterests.Itwasthereforeaquitenaturaldecisionforthe3GPPsecuritygroup,toretainbasicsecurityfeaturesofGSMfor3G,namely:♦ Subscriberidentityconfidentiality♦ Subscribertonetworkauthentication♦ Radiointerfaceencryption♦ UseofaSIM(SubscriberIdentityMod-ule)cardasaterminalindependentsecu-
2DuD•DatenschutzundDatensicherheit25(2001)Xritymodule,consistingofremovablehardware♦ AuthenticationofsubscribertowardstheSIM♦ Securityoperationwithoutuserassis-tance♦ Anauthenticationprocedure,thatisperformedbytheServingNetwork(SN),butneverthelessrequiresminimaltrustintheSN,becausenopermanentuser-individualkeysaretransferredfromtheuser’sHomeEnvironment(HE)totheSN.♦ Thepossibilitytouseoperator-individualauthenticationalgorithms3AdditionalUMTSSecurityFeaturesInadditiontothewell-knownGSMsecu-rityfeaturesgivenin2.1,UMTSprovidesthefollowingsecurityfeatures[DuD2001]:
EnhancedUMTSAuthenticationandKeyAgreementMechanismTheUMTSauthenticationandkeyagree-mentmechanismprovidesthefollowingfeaturesontopofthecorrespondingGSMmechanism:♦ HEtoUSIM(UMTSSubscriberIdentityModule)3authentication(cf.4.3)♦ Sequencenumbermanagementinordertopreventresp.ensurecontrolledre-useofauthenticationvectors(cf.4.4)♦ AMF(AuthenticatedManagementField)providingasecuredchannelfromHEtoUSIMfordefiningoperator-specificop-tionsintheauthenticationprocess(cf.4.2)♦ AgreementonanIntegrityKey(IK)usedforintegrityprotectionofsignal-linginformation(cf.4.2)IntegrityProtectionofSignallingInfor-mationIntegrityprotectionofsignallinginforma-tionservestosecureconnectionestablish-mentandprovidesin-call(orlocal)authen-ticationindependentofciphering.Therebythisisonemeantoeffectivelypreventsocalledfalse-base-station-attacks.