Beruflich Dokumente
Kultur Dokumente
INDEX
1. Glossary of Technical Terms
2. References
3. Introduction
4. Authentication
5. NAM Programming the A-Key
6. Encryption
7. When to do Encryption?
8. Voice Privacy
9. Something about Algorithms
DTMF tones:
DTMF stands for Dual Tone Multiple Frequency. The key pressed digits are represented by two
frequencies.
ORYX:
ORYX is the algorithm used to encrypt data sent over digital cellular phones. It is a stream cipher based on
three 32-bit LFSRs. It is distinct from CMEA, which is a block cipher used to encrypt the cellular data
control channel.
CAVE:
CAVE expands to Cellular Authentication Voice and Encryption Algorithm.
CMEA:
CMEA is the encryption algorithm developed by the Telecommunications Industry Association to encrypt
digital cellular phone data. It uses a 64-bit key and features a variable block length. CMEA is used to
encrypt the control channel of cellular phones. It is distinct from ORYX, an also insecure stream cipher that
is used to encrypt data transmitted over digital cellular phones.
A Key:
A 64-bit cryptographic key variable stored in the semi-permanent memory of the mobile station and also
known to the Authentication Center (AC or HLR/AC) of the wireless system. It is entered when the mobile
station is first put into service with a particular subscriber, and usually will remain unchanged unless the
operator determines that its value has been compromised. The A-key is used in the SSD generation
procedure.
SSD:
SSD is an abbreviation for Shared Secret Data. It consists of two quantities, SSD_A and SSD_B.
1
SSD_A:
The SSD_A is a 64-bit binary quantity in the semi-permanent memory of the mobile station and also
known to the Authentication Center. It may be shared with the serving MSC.
SSD_B:
The SSD_B is used in the computation of the authentication response. A 64-bit binary quantity in the semi-
permanent memory of the mobile station and also known to the authentication Center. It may be shared
with the serving MSC. It is used in the computation of the CMEA key, VPM (Voice Privacy Mask) and
DataKey(for data services).
UCRP:
UCRP expands to Unique Challenge Response Procedure. This procedure is carried out when
Authentication fails.
IMSI
IMSI is International Mobile Subscriber Identity. It is a 34-bit quantity. The first 24 LSB“s form the
IMSI_S1 and the first 10 MSB“s form IMSI_S2.
ESN:
The 32-bit electronic serial number of the mobile station. It is unique for a mobile station.
VPM:
Voice Privacy Mask. This name describes a 520-bit entity that may be used for voice privacy functions as
specified in wireless system standards.
NAM
NAM stands for Number Assignment Module. Certain important values are entered through keypad. These
values are NAM parameters. The procedure to enter them into the mobile is called NAM Programming.
PACA:
PACA stands for Priority Access and Channel Assignment. A priority mobile station originated call for
which no traffic channel or voice channel was immediately available, and which has been queued for a
priority access channel assignment. This is called a PACA Call.
2 References
Standards documents for TIA/EIA-95-A, TIA/EIA-95-B, Common Cryptographic Algorithms.
.
2
3 Introduction
The Cellular communications industry is booming, so it is necessary to prevent unauthorized access to
cellular network, to increase security to as to maintain privacy and prevent fraud attacks. Something, which
today“s computer networks are susceptible to.
Cellphones identify themselves by sending identification information over the air and anyone can
misappropriate others identity information to make calls or get PIN numbers sent as DTMF tones. To fight
the menace of phone cloning, Authentication is must.
Cellular communications are sent over a radio link and anyone with a appropriate receiver can eavesdrop
over the transmission. So to make the security robust we go in for cryptography methods. That explains the
need for Encryption and Voice Privacy.
Hence we go in for Authentication, Encryption and Voice Privacy. In the document we are going to see
how these are achieved in the CDMA system.
4 Authentication
Now we are ready to define Authentication.
Authentication is the process by which information is exchanged between a mobile station and base station
for the purpose of confirming the identity of the mobile station. A successful outcome of the authentication
process occurs only when it can be demonstrated that the mobile station and base station possess identical
sets of shared secret data.
Note:
Authentication procedures 7 and 8 are not there in IS-95A, since these TMSI mode of addressing and
PACA call are not supported by IS-95A.These procedures are supported in IS-95B and IS-2000.
3
4.4 Auth_Signature Input Parameters
RAND_CHALLENGE ESN AUTH_DATA SSD_AUTH
32bits 32 bits 24 bits 64bits
Auth_Signature Procedure
(CAVE Algorithm)
Auth_Signature
18 bits
Figure 1: The Figure shows the input,s and outputs for computation of
signature variable.
The table below gives the inputs to the Auth_Signature procedure for different Authentication procedures.
The parameters used will also be explained shortly.
Table 1: Auth_Signature Parameters
Procedure RAND_CHALLENGE ESN AUTH_DATA SSD_AUTH
4
4.5 Authentication Procedures
4.5.1 Registration
Authentication is performed when the mobile attempts to send a Registration Message on the access
channel. The Auth_Signature procedure is filled with the parameters as shown in the Table 1 (RAND,
ESN,IMSI_S1,SSD_A). The mobile station shall then execute the Auth_Signature procedure. The 18-bit
output Auth_Signature shall be used to fill the AUTHR field of the Registration Message. The RANDC
(eight most significant bits of RAND) and COUNT fields of the message shall be filled with the current
values stored in the mobile station. The base station shall execute the same procedure and compare
AUTHR, RANDC and COUNT.
If the comparison fails meaning authentication was not successful, the base station may start a Unique
Challenge Response Procedure (UCRP) or carry out a SSD update.
5
current values stored in the mobile station. The base station shall execute the same procedure and compare
AUTHR, RANDC and COUNT.
6
Figure 2: SSD Update Procedure
MOBILE STATION BASE STATION
SSD_Genaration Procedure
SSD_Genaration Procedure (CAVE Process)
(CAVE Process)
(RANDBS)
Inputs to Auth_Signature Procedure:
RANDBS, ESN, IMSI_S1, SSD_A_NEW
AUTHR AUTHR
Base Station Challenge Confirmation Order
(AUTHR the Auth_Signature generated)
AUTHRmobilestation
=
AUTHRbasestation?
The MS and BS will than update the values of SSD on receiving the confirmation order
7
5 NAM Programming the A Key
From the Authentication procedures it is clear that Authentication will be successful if same copies of SSD
is maintained at both the mobile station and base station. For the generation of SSD one of the input
parameters is the A key. This A key is maintained at the mobile associated Authentication Center (AuC).
The same copy of the A Key is entered manually (via keypad called as NAM Programming).
For security, algorithms we can keep the algorithm open source and algorithm“s input secret or keep the
inputs known and the algorithm secret. The standards body has gone for the former method to maintain
security. We understand from Figure 2 that the inputs for SSD Generation are A Key, ESN (this number is
printed on the mobile case) and RANDSSD (which is a number). For the above reasons we maintain the
Akey secret and see that the value of A Key is not compromised.
The standards body also prevents the manufacturer of the mobile to give any interface to view A Key and
SSD.
Note:
Generation of the A Key checksum is external to mobile, it is generated on a system.
Note:
When the A key is changed the SSD becomes zero. When the mobile is shipped the A key stored is a string
of zeros.
6 Encryption
In an effort to enhance the authentication process and to protect sensitive information (example PIN“s sent
as DTMF tones), certain fields which carry these sensitive information in Traffic Channel messages are
encrypted.
All type specific fields in traffic channel messages will be encrypted using the CMEA process. For
encryption to be carried to the mobile should be in standard authentication mode.
8
6.1 When to do Encryption?
The encryption capacity supported by the mobile software of the mobile is known in the Origination
Message (MO call) and Page Response Message (MT call). The ENCRYPTION_SUPPORTED in these
messages tell the encryption capacity of the mobile.
The base station by sending the Channel Assignment Message turns on the initial mode. The
ENCRYPT_MODE field in this message tells the mode of encryption to be used on traffic channel. If the
field value is 0H than no encryption of type specific fields is to be done. If the value is 1H or 2H than
CMEA or Enhanced CMEA as the case maybe, is used for encrypting the type specific fields.
Encryption can be turned ON (if not done in Channel Assignment Message) or OFF after this message
when on a traffic channel. Sending the General Handoff Direction Message or Extended Handoff Direction
Message does this by the setting the value of the field ENCRYPT_MODE in theses messages to 1H or 0H
as the case may be.
Take for example the Alert with Information Message (AWI) which is sent on the forward traffic channel.
The use of this message during call setup is to give a ring back tone to the calling mobile and a CLI (Caller
Line Identification) to the called mobile. So AWI has different uses as the case may be. The record fields
that are for ring back tone, CLI are included as the case maybe, these fields are called type specific fields.
Such fields are there in all traffic channel messages like Flash with Information, Data Burst Message,
DTMF etc. These type specific fields may contain DTMF tones (which can be PIN numbers), or some SMS
message sent in Data Burst Message. These fields are encrypted.
7 Voice Privacy
Users claim an interest in being able to communicate among them, using Cellphones, without routine
monitoring of their communications by other persons or organizations. This is Voice privacy. Voice
privacy is provided in the CDMA system by means of the private long code mask used for PN spreading.
Transition to this private long code mask is done only when a mobile is in the standard authentication mode
and is on a traffic channel.
All calls are initiated using the public long code mask for PN spreading. The mobile station user may
request voice privacy during call setup using the Origination Message or Page Response Message, and
during Traffic Channel operation using the Long Code Transition Request Order.
To initiate a transition to the private or public long code mask, either the base station or the mobile station
sends a Long Code Transition Request Order on the Traffic Channel. The mobile station or the base station
responds to this with a Long Code Transition Completion Order.
The base station can also cause a transition to the private or public long code mask by sending the Extended
Handoff Direction Message or the General Handoff Direction Message with the PRIVATE_LCM bit set
appropriately.
8 Something on Algorithms
As I said earlier, we use cryptography methods to increase the robustness of the system. The TIA standard
describes four cryptographic methods for use in digital cellular systems.
1. CAVE (Cellular Authentication Voice Privacy and Encryption) algorithm. It is intended for
performing authentication and key generation.
2. XOR mask for voice privacy. CDMA uses SS technique for security.
3. ORYX a stream cipher for wireless data services.
4. CMEA (Cellular Message Encryption Algorithm), a block cipher used to encrypt type specific fields
on traffic channel.
9
We will be looking into these shortly.
10
Figure 3: The Flow Diagram below shows the flow to generate the CMEA Key and VPM.
11
8.4.1 Specification of CMEA
The algorithm encrypts a n-byte message P0.._1 to a cipher text C0 _1 under the key K0..7 as follows:
Step 1 à
Step 2 à
Step 3 à
Here all operations are byte-wide arithmetic: + and - are addition and subtraction modulo 256, ⊕ stands for
a logical bitwise exclusive or, ∨ represents a logical bitwise or, and the keyed T function is as described
previously.
12