Analysis and Implementation of Security Algorithms for Wireless Communications

Abdinasir Hassan Ali

Centre for Advanced Software Engineering University Teknologi Malaysia, International Campus Kuala Lumpur, Malaysia Abdinasir.h@gmail.com

Maslin Masrom
College of Science & Technology University Teknologi Malaysia, International Campus Kuala Lumpur, Malaysia maslin@ic.utm.my generation mobile systems such as the Universal Mobile Telecommunications System (UMTS) and offering many new services that will revolutionize the way that society handles information. Security issues were not properly addressed in the first-generation analogue systems. With low-cost equipment, an intruder could eavesdropper user traffic or even change the identity of mobile phones to gain fraudulent service. Given this background, security measures were taken into account in the design of second- generation digital cellular systems. To prevent fraudulent use of wireless service, the Global System for Mobile (GSM) network authenticates the identity of a user through a challenge-response mechanism. The second-generation mobile communication standards adopt the symmetric-key cryptography between users and their home networks to establish session keys. The third generation systems such as the Universal Mobile Telecommunications System (UMTS) and the international Mobile Telecommunications-2000 (IMT 2000) take advantage of many advanced security technologies, especially public key cryptography. II. SECURITY MECHANISM FOR WIRELESS COMMUNICATIONS

AbstractWireless communication is the process of communicating information in electromagnetic media over a distance through the free space environment, rather than through traditional wired or other physical conduits The secure provision of mobile computing and telecommunication services is rapidly increasing in importance as both demand and applications in order to provide a large number of advanced services to mobile users. The first generation of cellular mobile communications systems contained few if any security measures to protect the system operator and users. The second generation generally did a lot better, and contained entity authentication and confidentiality protection. Although this was a major improvement, security protection in the second generation left a lot to be desired in terms of key management and strong security algorithms. With the advent of third generation a (3G) mobile system a serious effort has been made to create consistent security architecture based on the threats and risks a 3G system faces. The goal of this study is to propose the security mechanism of wireless communication to protect against any attack using technical approach that implements the authentication and encryption process. Keywords- authentication, wireless communication, security algorithms, encryption and key management

I.

INTRODUCTION

Security of wireless communication is extremely difficult and challenging because of facing more complicated environments compared with conventional wired networks. For instance, wireless communication could be disturbed by radio wave and thunderstorms or blocked by physical objects like mountains or skyscrapers. Even worse, high mobility coupled with a variety of explosively increased users makes existing security policies in wireless communication inefficient or even useless, meaning that wireless communication can be easily attacked by computer viruses, worms, spy wares, and similar threats. Wireless communications is taking over more and more and makes by no means difference between different application areas. Thus authentication and encryption of data are the areas like current interest, quality and security in evident focus. We are interested in vulnerabilities that come with wireless communications and mobility and how they are related to threats and risks. The advantages of wireless communications are likely to see these technologies featured in up-coming third978-1-4244-5586-7/10/$26.00 C 2010 IEEE

The core security mechanisms are confidentiality, integrity, and availability. Apart from the core security mechanism, wireless communications (as in many other networks), authentication, authorization, and access control also need to be achieved. Sometimes, availability is viewed as a quality-of-service (QoS) feature rather than a security issue. Cryptography, in some sense, is the mechanism to achieve the security goals. The topics of interest to the wireless communications are digital signature, encryption, and key management [1]. This mechanism provides two main issues: first related to authentication and authorization in the wireless communication is the robustness of the methods used in verifying an entity's identity [2]. The second issue is maintaining the confidentiality of the "wire" and connection and keeping it bulletproof. In the case wireless communication, the wire is the air, so the problem of confidentiality becomes more difficult because anybody could potentially be a passive listener to the airwaves. The relevant point is that, in the wireless local area network (WLAN) space, encryption is needed if you are to trust the authentication.

430

Volumn 2

III.

LITERATURE REVIEW

Wireless networks have become increasingly popular and many organizations seem to want to make their offices wired free, but the security issues that are attributed to wireless networks have prevented the adoption of wireless devices on a larger scale [3]. Although the data transfer rate in 3G networks is not as high as in IEEE 802.11x, 3G networks can offer the freedom of mobility and being connected to the Internet wherever you go. It has been observed that wireless networks that are based on 3G and IEEE 802.11 standards will exist together, offering Internet services to users. These technologies offer features that actually complement each other [4]. Wireless industry is going through a process of rapid innovations, increased competition and diversity in service offerings resulting in reduced prices for consumers and businesses [5]. The designers of the wireless communication want to ensure that the system should be relatively secure. Cellular fraud is extensive in analogue cellular systems since the identity of the subscriber is sent to the network without encryption in clear. The wireless system, on the other hand, has security controls that virtually eliminate cloning fraud. The designers also wanted to ensure that the users' communications on the wireless system would be private, so the wireless system also has controls ensuring users. Wireless system privacy and security is achieved using four primary mechanisms. These mechanisms are as follows: a) Each subscriber is identified using a cryptographic security mechanism. The algorithm is highly resistant to attacks by individuals attempting to make fraudulent phone calls. b) The subscriber's security information is stored in a secure computing platform called a Smart Card or a SIM Card. c) The wireless system operator maintains the secrecy of the cryptographic algorithms and the keys for authenticating the subscriber and providing voice privacy. The algorithms are stored in the SIM card and in the authentication center. d) The cryptographic keys are not shared with other wireless system administrations. A. Security Algorithms for Global System for Mobile Communication (GSM) The Global System for Mobile Communication (GSM) uses three security algorithms. Authentication Algorithm (A3) Ciphering Key Generation Algorithm (A8) Encryption Algorithm (A5). B. Authentication Algorithm (A3) Authentication is needed in a cellular system to prohibit an unauthorized user from logging into the network claiming to be a mobile subscriber. If it was possible, it would be easily possible to hijack someones account and impersonate that person or simply making that person pay for the services. In fact this was possible in some earlier cellular systems. In order to solve this problem some sort of

challenge needs to be issued by the network which the mobile phone or mobile station (MS) must respond to correctly. The A3 algorithm is the authentication algorithm for GSM networks, and resides on the SIM card of the mobile subscriber, and on the home location register or authentication centre (HLR/AuC) of the home network. The implementation of the A3 algorithm is network specific and depends on the network operator. The A3 algorithm is a non-recursive algorithm, meaning that the output generated from the input cannot be used to derive or guess the inputs. Thus, the output gives no indication about the input. The main purpose of this algorithm is to authenticate the identity of a mobile subscriber. The A3 algorithm generates the expected response (XRES) on the network side and the RES on the mobile side. Both the XRES and RES are a 32-bit long key and are generated from Ki and RAND.

MS
Figure 1. Authentication Procedure Overview (Mikko Suominen, 2003).

C. Ciphering Key Generation Algorithm (A8) A8 also uses RAND and Ki to generate a ciphering key (Kc) that is used for voice and data privacy. A8 is also unique to each GSM administration. The SIM contains the ciphering key generating algorithm (A8) which is used to produce the 64-bit ciphering key (Kc). The ciphering key is computed by applying the same random number (RAND) used in the authentication process to the ciphering key generating algorithm (A8) with the individual subscriber authentication key (Ki). The A8 algorithm is the ciphering key generation algorithm, as with the A3 algorithm it also resides on the SIM card and HLR/AuC. Its implementation is network specific and it is also a non-recursive algorithm. The A8 algorithm is used for generating the Kc, which is a session key and is used for encrypting voice and data traffic. The Kc is generated from the Ki and RAND and is 64-bits long.

431

Volumn 2

However, the algorithm is slightly complicated by controlling the clock inputs of each of the LFSRs. An LFSR is only clocked if a certain bit (the control bit) of it agrees with the majority of the control bits from each register. Let Ri denote the ith bit of shift register R (from the right, i.e. input to the shift register) Let S (the sum of the controlling bits) = A8 + B10 + C10 Let M = 1 if S >= 2 (i.e. the majority of controlling bits are 1) and 0 if S<=1 (i.e. the majority of the controlling bits are 0). Thus M represents what the majority of the control bits values. Let CLKR be the clock input to register R. CLKA = (A8 XOR M)` CLKB = (B10 XOR M)` CLKC = (C10 XOR M)` Where ` indicates the bitwise complement.

Figure 2. A8 Algorithm .

D.

Encryption Algorithm (A5) The A5 algorithm is the stream cipher used to encrypt data over-the-air transmissions. The inputs to A5 are the ciphering key (Kc) and the time division multiple access (TDMA) frame counter. The frame counter is 22 bits long and each frame is approximately 4.6 ms long. The stream cipher is initialized all over again for every frame sent. The stream cipher is initialized with the session key Kc and the number of the frame being decrypted. The same Kc is used throughout the call but the 22-bit frame number changes during the call, thus generating a unique key stream for every frame. The A5 algorithm is the ciphering/deciphering algorithm, and resides on the mobile station of a subscriber and on the BSS. The A5 algorithm is used for protecting data sent from the mobile station, and the BSS and viceversa; this provides the privacy of data and calls. The Kc ensures that all calls are encrypted between the MS and the BSS. A5 is built from three short linear feedback shift registers (LFSR) of lengths 19, 22 and 23 bits which are denoted by R1, R2 and R3 respectively. The rightmost bit in each register is labeled as bit zero. The taps of R1 are at bit positions 13, 16, 17, 18; the taps of R2 are at bit positions 20, 21; and the taps of R3 are at bit positions 7, 20, 21, 22 (see figure 3). When a register is clocked its taps are XORed together and the result is stored in the rightmost bit of the left-shifted register. The three registers are maximal length LFSR's with periods 219 -1, 222 - 1, and 223 -1 respectively. They are clocked in a stop/go fashion using the following majority rule: Each register has a single "clocking" tap (bit 8 for R1, bit 10 for R2, and bit 10 for for R3); each clock cycle, the majority function of the clocking taps is calculated and only those registers whose clocking taps agree with the majority bit are actually clocked. Note that at each step either two or three registers are clocked and that each register moves with probability 3/4 and stops with probability 1/4. The A5/1 algorithm is simply the modulo-2 addition of the output of 3 LFSRs, which are defined by the polynomials: (shift register A) X19 + X5 + X2 + X + 1 (shift register B) X22 + X + 1 (shift register C) X23 + X15 + X2 + X + 1

Figure 3. A5/1 Stream Cipher (Source: www.gsm-security.net)

This clocking mechanism makes divide-and-conquer style attacks less feasible, but not impossible. The algorithm is seeded by the 64-bit Kc (ciphering key) and 22-bit COUNT (frame number) as follows: Each bit of the 64-bit Kc is modulo-2 added to the input (bit 0) of each shift register and then the register is clocked, regardless of the majority function, thus each register is clocked 64 times in total one for each bit of the Kc (the least significant bit of the Kc is clocked first). The same procedure is repeated for the 22-bit COUNT, i.e. each bit of the count is clocked in (least significant bit first) with the majority function disabled, thus the registers are clocked 22 times each. The algorithm is then run for 100 clock cycles in the normal manner with output discarded. The algorithm is initialized for each burst, generating 114 bits of information for each direction. Thus, 228 bits are produced (except in the case of EDGE, where 2*348 = 696 bits are produced). The algorithm is run for 114 clock cycles with the output producing the cipher stream used for

432

Volumn 2

BLOCK1 for encrypting the network to MS data. The algorithm is then run for 100 clock cycles in the normal manner with output discarded. The algorithm is then run again for 114 clock cycles with the output producing the cipher stream used for BLOCK2 for encrypting the MS to network data. The A5 algorithm is a standardized algorithm, but this algorithm can only be obtained with a specific license from the GSM Association. Although the A5 algorithm is standardized, its specification remains undisclosed.

on both the network and USIM side. The f5 function is the AK derivation function for normal operation. The AK is generated using the f5 function on both the network and USIM side. The f5* function is the AK derivation function for resynchronization and is used for resynchronization purposes.

Figure 5. Authentication Vector Generation. (Muslim Abid et al)

Figure 4. Logical description of A5 Algorithm (Mathew Varghese, 2001)

E. Security Algorithms of Universal Mobile Telecommunication Systems (UMTS) The main algorithms in UMTS networks concerned with authentication are the f1, f1*, f2, f3, f4, f5 and f5* functions. These functions are operator-specific and only reside on the AuC of the home network and the Universal Subscriber Identity Module (USIM) of the user equipment (UE). Each of these functions is a one-way function. The functions are used for computing the authentication vector. The importance of these functions lies in that the output of one function cannot reveal any information about the other functions. The f1 function is the network authentication function and is responsible for the generation of the MAC key on the network side and the XMAC key on the USIM side. The f1* function is the resynchronization message authentication function and is used for resynchronization purposes. The f2 function is the user authentication function and is responsible for the generation of the XRES key on the network side and Define abbreviations and acronyms the first time they are used in the text, even after they have been defined in the abstract. Abbreviations such as IEEE, SI, MKS, CGS, sc, dc, the RES key on the USIM side. The f3 function is the CK derivation function. It generates the CK on both the network and USIM side. The f4 function is the IK derivation function. It generates the IK

The key concept in the authentication vector computation is a one-way function. This is a mathematical function, which is relatively easy to compute but practically impossible to invert. In other words, given the input parameters there exists a fast algorithm to compute the output parameters but, on the other hand, if the output is known there exist no efficient algorithm to deduce any input that would produce the output. Five one-way functions are used to compute the authentication vector. These functions are denoted f1, f2, f3, f4 and f5. The functions f1 differ from the other four in the number of input parameters. It takes four input parameters: master key K, random number RAND, sequence number SQN and an administrative authentication management field AMF. All other functions from f2 to f5 take only K and RAND as inputs. The requirement of the one-way property is common to all functions f1-f5 and all of them can be built around the same core functions. IV. CONCLUSION Wireless communications security is an area of crucial importance to telecommunications industry, where authentication and data encryption are the major concern. With the demand, wireless communications also become a major source of new vulnerabilities. Related security solutions are being developed to address the new vulnerabilities. Wireless communication weaknesses are on the increase due to emergence of advanced services, because of need of proper authentication, and the large deployment of mobile technologies. This has created challenging issues in the security of wireless systems and applications operating in wireless environments. This paper issue is to seek for the development of new techniques, models and theories that help for a better protection of the mobile and wireless communication systems; assess and enhance the level of security of the current wireless communication systems, services and networks.

433

Volumn 2

Future 4G mobile communication networks are expected to provide all IP-based services for heterogeneous wireless access technologies, assisted by mobile IP to provide seamless internet access for mobile users. Two major challenges in developing such heterogeneous network infrastructure are quality of service (QoS) provisioning and security services for mobile users communication flows. The ultimate goal of Mobile Personal Communication Systems is to bring ubiquitous access to telecommunication services into widespread use. To realize this goal, the designers of these systems must overcome a lot of challenges that come across their way. One of the most significant challenges to the system designer is the protection of Network and Subscriber assets from unauthorized use. We think the best way to develop the security infrastructure for such networks is to discuss its security measures on the open forums of the researchers. This not only involves all of the best minds to give the ideas but also strength of the Algorithms could be tested in a much better way. REFERENCES
[1] C. Huang, and Li, J. Authentication Mechanism over the Integrated UMTS Network and WLAN Platform using the Cross-layer bootstrap Communications, IET. Vol. 1,pp, 866-874. 2007 M .Zivkovic, M. Buddhikot, and K.. Lagerberg, (Authentication Across Heterogeneous Networks: Bell Labs technical journal. Vol. 10, pp, 39-56.2005 Schmidt, and Townsend. Why Wi-Fi wants to be free: Wireless Networking Security. Vol. 46, pp, 47 52. 2003. C. Buddhikot, , L.M. Han, and G. Salgarelli. World of Wireless Communications: IEEE transactions for wireless communications. Vol. 34, pp, 587-598. 2003. Muller. Algorithm based Synchronization for Wavelet Packet: Modulation. International Conference on Communications And Mobile Computing. Vol. 23, pp, 1195 1200. 2003. S. Krishna. Cisco Wireless LAN Security. (6th ed.). New York: McGraw-Hill. 2005.

[7]

[8]

[9]

[10]

[11]

[12]

[13] [14] [15]

[2]

[16]

[3] [4]

[17]

[18]

[5]

X. Qin, M. Alghamdi, and M. Nijim. Improving security of realTime Wireless Network through Packet Scheduling: IEEE transactions Wireless Communications. Vol. 7, pp, 3273-3279. 2008. G. Rose, and G. M. Koien. Access Security in CDMA2000, including Comparison with UMTS Access Security: IEEE Wireless Communication. Vol. 11, pp, 19-25. 2004. A. Boukerche. Secure Localization Algorithms for wireless sensor Networks: IEEE Communication Magazine. Vol. 46, pp, 96-101. 2008. D. Z. Sun, J. P. Huai, and J. Z. Sun. A new Design of Wearable token System for Mobile device Security: IEEE Transactions on Consumer Electronics. Vol. 54, pp, 1784-1789. 2008. C. M Tang. An Efficient mobile Authentication scheme for Wireless Networks: IEEE transaction on wireless communications. Vol. 7, pp, 1408-1416. 2008. K. Boman, G. Horn, P. Howard, and V. Niem. UMTS Security: Electronics & Communication Engineering Journal. Vol. 14, pp, 191204. 2002 G. Koien. An Introduction to Access Security in UMTS:Wireless Communications, IEEE. Vol. 11, pp, 8-18. 2004. C. Sankaran. Network Access Security in Next-Generation 3GPP Systems: IEEE Communication magazine. Vol. 47, pp, 84-91.2009 P. Alberto. Privacy and Authentication Protocol providing Anonymous Channels in GSM: Computer Communications. Vol. 27, pp, 17091715. 2004 Chandramenon. Implementation issues impacting system designer utilization of wireless technologies: Aerospace and Electronic Systems Magazine, IEEE. Vol. 11, pp, 11 14. 2003. M. Khan, A. Ahmed, and A. Cheema. Vulnerabilities of UMTS Access Domain Security Architecture: Software Engineering, Artificial Intelligence,Networking, and Parallel/Distributed Computing. Vol. 3, pp, 350- 355. 2008. F. Grecas, I. Sotirios, V. Maniatis, and S. Iakovos S. Introduction of The Asymmetric Cryptography in GSM, GPRS, UMTS, and its PublicKey Infrastructure Integration : Mobile Networks and Applications. Vol. 8, pp, 245-305. 2003

[6]

434

Volumn 2