SIM cards service elements _ business models by wuxiangyu


									2G/3G Authentication with
         SIM cards:
usage & roaming basics for
  the Internet challenged

        Michael Haberler
   Internet Foundation Austria
• a SIM card mini-tutorial
        • features, protocol flow, usage, production, addressing
• UMTS authentication and key agreement
        • principles and protocol flow
• the universal integrated circuit card (UICC)
        • USIM app
• how 2G, 3G roaming works
• „over the air“ (OTA) loading of UICC apps
        • example: X.509 certificate download
• (U)SIM‘s and Internet access authentication
    – how SIMs and RADIUS roaming works
• (U)SIM‘s and SIP authentication
    – what the SIP server does
• How the parameter logistics works
• a bonus business model thrown in
• summary
              what‘s a 2G SIM card
• crypto smart card as per ISO 7816
• access protected by a PIN code(s) („card holder verification“)
• fixed storage of subscriber identity – IMSI (international mobile
  subscriber identity) – „GSM MAC address“
    – E.164 number to IMSI mapping at the operator only
• safe storage for shared secret - accessible only through CHAP
    – not broken as of today except for most stupid CHAP algorithm known
• CHAP algorithm in hardware
    – operator chooses algorithm
• tree structured filesystem
    – stream, record, cyclic record files
    – can be readonly, read/write or none at all (for the key)
    – some permission hierarchy
 how are SIM cards produced
• unprogrammed chips are „personalized“ and „closed“
  (parameters written & sealed)
• mass product - $5-$7 apiece at 1000+
   – GEMplus, Giesecke & Devrient ....
• everybody can have SIM‘s made – even Mom&Pop ISP
• not everybody may
   – roam with other cellular operators
   – use the GSM algorithm „A3/A8“ – you wouldnt want it anyway
   – must be member of GSM association for that
• having your own algorithm in a chip mask is a circa
  $50K+ affair
• for testing & development unprogrammed castrated
  chips used (XOR algorithm for CHAP...)
 how are (U)SIM cards accessed
• 2G, 3G use
   – builtin reader in the mobile handset
• for Internet use:
   – maybe builtin in PDA, PC (e.g.DELL)
   – external USB token – 20$ apiece
   – re-use a mobile SIM card via Bluetooth SIG SIM Access
     Profile (only if roaming against 2G/3G operator)
• read 3G „(U)SIM Security Reuse by Peripheral
  Decices on local interfaces“ – contains some threat
          SIM usage in 2G authentication

                access request – present IMSI
2G GSM                                              Center
handset          present challenge („RAND“)

                send RESP (challenge response)


                       shared secret
                          IMSI structure
            MC              N
                           MC                        SI

            T e          w ohe
                        T ot t r                   M i um t
                                                    x     e
            di i           di i
                            gts                        gts
                                                      di i

                                         I SI

                                   M i um f di i
                                          e gt
                                          i    s
     MC        obi
                 e     y ode
              M l ount C
     MC        obi t
                 e w k ode
              M l e or C
     MN        obi
              M le
                 Subs e e t nN
                    i d f
                    c r nic
                          a     be
                              um r
     I SI
     M        ne t
                no l
              I t a na obi
                     M l Subs e e t
                         e  i d y
                            c r ni

• MCC/MNC uniquely designates an operator and his authentication center
• when roaming, MCC/MNC tells the visiting network where to route the
authentication request
• this is done via SS7 MAP (mobile application part)
 what is „OTA“ (over the air) loading?
• SIM cards are writable by mobile equipment
    – if authenticated to network
    – if instructed by operator „over the air“
    – if file/directory is writable
• example: ISIM X.509 certificate „bootstrap“
    – AKA authenticated:
        • let user visit PKI portal
        • download certificates through HTTP/Digest mechanism
        • certificates are stored in record structured files, as ar CA certifcates
• „The Air“ can also be an IP connection
• download of executable applets possible
    – SIM Toolkit, USAT (USIM Application toolkit)
    – bytecode instructions sent encrypted by 3DES, stored on card
• regularly used in 2G networks today – for functionality upgrades
  & parameter download
     UMTS authentication and key
         agreement (AKA)
•   substantially improved over 2G SIM
•   protection against replay, MITM attacks
•   sports also network-to-user authentication
•   more complex algorithm
•   compatibility functions 2G network/3G
    card, 3G network/2G card
                 3G AKA authentication flow

                     access request – present IMSI
3G UMTS                                                  Center
 handset               challenge RAND || AUTN token

                     send RESP (challenge response)


                               shared secret,
 result:                     Sequence numbers
 Cipher key
 Integrity key
what‘s the universal integrated
  circuit card (UICC) about
• generic support mechanism for multiple
  applications on one card
• 2G,3G authentication become „applications“
  selected as needed
  – USIM application implements AKA
  – 2G SIM app implements 2G CHAP
  – additional apps possible (ISIM, PKI certificate
    storage etc)
  – ISIM is pretty close to SIP client needs!!
• mobile equipment chooses application
      using (U)SIMs for Internet
        access authentication
• embed flow in EAP and tunnel in RADIUS
• between 802.1x „supplicant“ in client and RADIUS
  EAP backend using EAP-SIM or EAP-AKA
• RADIUS server MAY gateway to SS7 MAP and
  – WiFi network looks like a GSM roaming partner
  – example: WiFi roaming through
• OR RADIUS server access an ISP-style database
  for keys
  – ISP is the SIM card issuer!
using (U)SIM for SIP authentication
• speak HTTP/AKA (RFC3310) between SIP UA and proxy
• proxy translates into EAP-AKA-in-RADIUS
• RFC specified only for AKA (3G auth)
• no mapping of EAP-SIM onto HTTP/SIM for 2G auth
• bad – almost all networks today use 2G auth – which
  breaks SIP authentication through GSM/UMTS operators
• we need to address this and spec HTTP/SIM
         how 2G roaming works
• mobile equipment presents IMSI
• visited network looks at MCC,MNC part of IMSI
   – if no roaming agreement, drop him
   – otherwise send access request thru SS7 MAP to home
   – the home network verifies IMSI and sends a „triplet“:
     (challenge, expected response, cipher key) authentication
   – visited network presents challenge, reads response
   – if (response == expected response), service user
• the triplet is essentially an access ticket
   – note no replay detection – these fellows seem to trust each
       how 3G roaming works
• not much different from 3G, just more
  parameters needed for AKA
• „triplets“ become „quintets“
   how the 2G/3G user ids (IMSI‘s) are
   mapped to RADIUS authentication:

• take mobile country code, mobile network code
• use them to create a realm
• Example
    – IMSI = 232011234567890
        • means mcc=232 (Austria) mnc=01 (Mobilkom)
    – resulting realm
    – resulting RADIUS user
        • routing to Radius servers decided by „subdomain“
• convention established by Nokia
• Nokia owns domain pro-bono
  from thereon this is vanilla RADIUS roaming
• but its just fine if we call it if that
  sounds better, realms just gotta be unique
     how does 2G/3G address
          logistics work
• if you are a service provider and have E.164
  ranges, get a MNC from your MCC
  administrator (FCC, regulator...)
• the E.164 range might also be, for example,
  from visionNG (+87810 ff) MCC = 901
• this doesnt mean you‘re part of 2G/3G
  roaming yet – contracts & regulatory
  prerequisites needed
• but the addressing is all set to go!!
a bonus business model thrown in:

• combine a SIP-based iTSP with a Mobile Virtual
  Network Operator (MVNO)
   – an MVNO has authentication, billing, customers, numbers,
     but the radio network is outsourced from somewhere else
• issue (U)SIM cards which work both in a 2/3G
  handset AND as WiFi/SIP auth tokens – note the
  same card authenticates both uses!
• leave choice to user how to connect – Internet or
  cellular – using the same E.164 number

• 2G/3G has a strong/very strong authentication architecture
• it is almost copy & paste for iTSP use at WiFi access, WiFi
  roaming acces, SIP and other levels (TBD!)
• it can serve to solve the X.509 certificate distribution problem
• operator model (2G/3G home network, ISP home network) has
  no impact on Internet-side terminals
• numbering & addressing resources are compatible and available
  (maybe not obviously so)
• the Internet could become the biggest (U)SIM authenticated
  mobile network ever to roam with 2G/3G land

To top