Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

CDMA

advertisement 
m
CDMA
Introduction for CDMA
Authentication
By Du Guangzheng, Motorola Co.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Contents
• Authentication Basics Concepts
• Authentication implementation in RUIM-support
mobile phone
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics Concepts
• Authentication Basics Concepts
– A-key
– Shared Secret Data(SSD)
– Enable/Disable Authentication
– Global Challenge
– SSD Update Procedure
– Unique Challenge
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics Concept(Cont.)
• Authentication Basics Concepts
– Voice Privacy
– Signaling Message Encryption
 These two are not included in this presentation
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Implementation in RUIM-Phone
• Implementation in RUIM-Phone
– Parameter Storage
– Parameter Exchange Procedures
– Authentication Procedures
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics
• Features that are used to prevent fraud and
increase the security in Cellular system:
– Authentication
– Voice Privacy
– Signaling Encryption
• The three calculations are based on a set of
algorithms, known as CAVE(Cellular
Authentication and Voice Encryption)
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics(Cont.)
• ? What is authentication
– Authentication is a process by which the
information is exchanged between a mobile and
the network for the purpose of verifying the
identity of the mobile. Authentication is needed
to prevent fraudulent use of the network by
mobiles programmed counterfeit MIN and
ESN.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics (Cont.)
• Signaling Encryption:
– Feature that provides an enhanced degree of
privacy by encrypting selected parameters that
are send on an analog voice channel or CDMA
traffic channel.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics (Cont.)
• Voice privacy
– Feature that provides an another degree of
enhanced privacy by encrypting subscriber’s
conversation and signaling using a PrivateLong-Code Mask.
– Only applicable for digital mode.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics (Cont.)
• Applicable Standards:
– TIA/EIA-95A
– TIA/EIA-95B
– JSTD-008
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics (Cont.)
• A successful outcome of authentication occurs
when the mobile and the networks possess
identical results of independent calculation
performed by the mobile and the network.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics (Cont.)
• The authentication process can be invoked by
many events. All accesses to the base station are
authenticated when authentication is required by
the base station. The accesses are: :
– Registration( various type)
– Mobile-originated calls
– Mobile-terminated calls
– Mobile-Originated Data burst Messages
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Basics (Cont.)
• Authentication is based on two secrete numbers:
– Authentication Key(A-key)
– Shared secret Data(SSD)
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
A-Key
• A-Key:
– A 64-bit secret number which is permanent
– Used to generate the Shared secret Data
– Stored securely in the mobile, which is not sent
over the air( ** exclude OTASP)
– Generally provisioned into the phone during
subscription
– Known only to the mobile and its associated
HLR/AC
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Shared Secret Data
• SSD is a secret number that is semi-permanent. It
is used in the calculation of authentication
signatures, the Signaling Message Encryption Key
(CMEA), and the Voice Privacy Mask (VPM)
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Enable/Disable Authentication
• The base station has the primary responsibility of
enable and disabling authentication on the mobile
by setting and unsetting the AUTH and RAND
parameters in the Access Parameters Message.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Global Challenge
• Global Challenge encompasses the process by
which the base station presents a numeric
challenge RAND to all of the mobiles. Mobiles
use the 32-bit RAND number for calculation an
18-bit authentication signature AUTHR.
• If authentication is enabled AUTHR will be included in
every Registration, Origination, Page Response and Data
Burst message
• AUTHR will be calculated differently depends on the type
of system access.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
AUTHR calculation
• For Registration:
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
AUTHR calculation (Cont.)
• For Origination:
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
AUTHR calculation (Cont.)
For Termination:
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
AUTHR calculation (Cont.)
• For Data Burst:
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
AUTHR calculation (Cont.)
• For Unique Challenge
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
AUTHR calculation (Cont.)
• In addition to AUTHR, the mobile will include
RANDC(8 MSB of RAND) and COUNT value as
parameters in every System Access Message.
• COUNT is a modulo-64 count for call history that
is held in the mobile and updated by the mobile
when a Parameter Update order is received.
• When success(AUTHR both in mobile and base
station matches), the mobile is considered
authentic, and the system access is allowed.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
AUTHR calculation (Cont.)
• If authentication fails, the network could take any
of the following step:
– Allow the access
– Deny the access
– Unique-challenge the mobile, and then decide
to allow or deny the system access
– Update the SSD of the mobile, and then decide
to allow or deny the system access
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
AUTHR calculation (Cont.)
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
SSD Update Procedure
• The SSD update procedure is always initiated by
the base station
– When the mobile first provisioned (The most
initial value of SSD is set to zero)
– The mobile station may decide to initiate the
SSD update procedure whenever it deems
necessary (Timed/AUTHR mismatch/Operator)
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
SSD Update Procedure (Cont.)
• This procedure is performed as follows:
1 To start SSD update, the base station sends a
SSD Update Order Message to the mobile with
a 56-bit random number RANDSSD.
2 Upon receiving the Order message, the mobile
calculates the new SSD_A and SSD_B values
using A-Key, ESN and RANDSSD.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
SSD Update Procedure (Cont.)
3 The mobile then challenges the base station to
verify the newly generated SSD and sends a
Base Station Challenge Order Message with a
32-bit random RANDBS.
4 The base station then calculates the authentication signature AUTHBS.
5 The mobile compares the locally generated
AUTHBS with that received from the base
station
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
SSD Update Procedure (Cont.)
6 If the signature match, the mobile updates its
SSD and forwards a confirmation order to the
base station
If the signature do not match, the mobile
forwards a failure order to the base station. It is
up to the base station to decide how to proceed
when this occurs.
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
SSD Update Procedure (Cont.)
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Voice Privacy and Message Encryption
• Omitted
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication with RUIM
• Parameter Storage
• Parameter Exchange Procedures
• Authentication Procedures
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Parameter Storage
• Main Parameters stored in RUIM
– A-Key
– CAVE algorithm
– Shared Secret Data (SSD)
– COUNT
– RUIM_ID
– Others (including OTASP/OTAPA related)
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Parameters Storage(Cont.)
• Main Parameters stored in ME
– All algorithms used for the encryption of voice,
user data, and signaling messages
– Key-processing for ECMEA and ECMEA_NF
functions
– ESN_ME
– Others (Control mechanism for OTASP)
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Parameters Exchange
• From the ME to the R-UIM
– RAND, RANDU, RANDSeed(for RANDBS),
RANDSSD
– Last Dialed Digits, use for AUTH_DATA
composition
– AUTHBS
– ESN_ME
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Parameters Exchange(Cont.)
• From the R-UIM to ME
– AUTHR
– Keys, as needed, for use with encryption
– AUTHU
– RANDBS
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Procedures
• Managing Shared Secret Data
• Authentication Calculations
• Managing the Call History Parameter
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Managing Shared Secret Data
• Base Station Challenge Function:
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Managing Shared Secret Data(Cont.)
• Update SSD, AUTHBS Calculation:
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Managing Shared Secret Data(Cont.)
• Confirm SSD
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Authentication Calculations
• RUN CAVE:
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Managing the Call History Parameter
• CALL COUNT
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Reference
• TIA/EIA-95B, spec on CDMA Protocol.
• IS-820, spec on RUIM
• Application Note: Authentication and Call
Processing, Qualcomm spec(CL93-V1622-1).
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
m
CDMA
Questions?
PCS Asia Beijing Design Center
Motorola Confidential Proprietary
Version 1.0
Related documents
Provider Data - HealtheConnections
Provider Data - HealtheConnections
Health Exchange Subsidy Calculator
Health Exchange Subsidy Calculator
Qliance
Qliance
DynCorp International
DynCorp International
NtregaBusinessPlanExpress 1.1 MB
NtregaBusinessPlanExpress 1.1 MB
UN Women PowerPoint
UN Women PowerPoint
The Cast of Characters
The Cast of Characters
NOCLAR Presentation April 2014
NOCLAR Presentation April 2014
News from IFAC
News from IFAC
Download
advertisement