 |
|
|
Wireless carriers are playing a dangerous game. They set up cellsites broadcasting on standard frequencies that can be used by anybody in that area, yet they will get paid for services if they can ensure that only legitimate subscribers are given access. There is obviously no way to physically ensure that a legitimate phone is being used by a legitimate subscriber. Any method for determining authenticity can only be through messages exchanged over the radio interface. This process, known as validation and authentication, is made more challenging because any process using radio waves can be overheard by others. Not only can the bad guys attempt to pass themselves off as legitimate, but they can see the validation and authentication transactions of the legitimate mobiles as well.
Validation was the first method used in wireless systems for combating technical fraud. It simply consists of checking that the identifiers transmitted by a mobile match, and belong to a valid subscription. Well, perhaps the word ‘simply’ does not apply – at least not for roamers. The MIN or IMSI transmitted by a mobile has to be used to identify the home system, and then the home system has to find a record that contains that MIN or IMSI and hopefully the same ESN that was transmitted by the mobile.
Validation was thought to be secure because the FCC demanded that the ESN in cellular phones be unchangeable. However, that is impossible to ensure, because even if the ESN is stored in a secure chip on the phone, there is nothing to stop fraudulent users (cloners) from ignoring the stored ESN and transmitting a phony ESN from another memory location in the phone.
The designers of digital systems (GSM, TDMA and CDMA) recognized that a more sophisticated technique than validation was needed – one that would not just ask the question “Who are you?”, but the more complicated question “Are you who you claim you are?”.
This type of question is also important to prevent subscription fraud. A number of personal questions may be asked for no other reason than to try to establish whether the person on the other end of the phone is legitimate, or perhaps whether they just have a stolen driver’s license. Asking only for information that can be found on one or two pieces of identification is asking for trouble.
One approach to authentication would be to ask the mobile to provide a secret piece of information, just as banks may ask a customer for their mother’s maiden name to indirectly verify their identity. This would work – once – but then, in a radio environment, others would know the secret, and the technique would be useless. What is needed is a method with millions of potential questions, each with a unique answer.
Imagine trying to apply the old technique of asking for a customer’s mother’s maiden name in a public place. Soon everyone would know the answer for everyone else’s mother. What if, instead, you could ask for the customer’s second cousin’s mother’s sister’s maiden name? Or their aunt’s husband’s daughter? While humans could never get all this information straight, it would mean that even if the answer to a question was overheard, the information would be of no value, because the question might never be repeated again. Computers can remember vast quantities of data, and this approach, called “Challenge-Response” is the basis of authentication for analog, TDMA, CDMA and GSM systems.
Challenge-Response authentication is based on one device (usually the base station) asking another (usually the mobile) a question, and getting an answer. The question is just a large random number, and the answer is another number that is generated from a calculation based on the question and some secret information. Only a device with the secret information can always generate the right answer.
Authentication relies on what is known as a “one-way function”. This is like a fruit juicer. While it is easy to put fruit in the top and have juice come out the bottom, it is impossible to put juice in the bottom and have whole fruits pop out the top. At a minimum, a one-way function used for authentication has to accept the random number (the question) and a secret key as input, producing the answer as an output. Even if the answer is known, it is virtually impossible to determine what were the random number and the secret key used as inputs.
GSM and ANSI-41 (i.e. AMPS, TDMA and CDMA) use quite different implementations of authentication. While the basic concept is the same, GSM has the challenge-response pairs calculated in the home system, meaning that each home system could, if desired, use a different one-way function. The serving system merely has to send the challenge and ensure that the response matches the precalculated answer. ANSI-41, in contrast, has a concept known as Shared Secret Data (SSD), that is basically a key that can be used by the serving system to generate an almost endless stream of challenge-response pairs.
Differences in authentication are one of the major incompatibilities between GSM and ANSI-41 networks. Two completely different sets of authentication data have to be provisioned and managed for each dual-mode phone. Standards committees are currently working on a new authentication method known as AKA (Authentication and Key Agreement) for 3G systems, based on the current GSM method of authentication, with some major enhancements. The same method will probably be used by 3GPP systems with a GSM heritage and 3GPP2 systems with an ANSI-41 heritage. There is some dispute over whether this is the best course of action. Lucent, for example, has proposed that 3G systems be based on enhanced SSD concepts. And, indeed, this has some advantages, particularly regarding air interface and network efficiency. Currently, standards committees are trying to identify a set of requirements that will allow all future systems to use compatible authentication systems, incorporating some GSM concepts, some ANSI-41 concepts and some new concepts. While different radio interfaces may use the information in different ways, only one set of authentication information will need to be stored in the phone (or Smart Card) and in the Authentication Center, and only one set of algorithms will have to be implemented.
Authentication is now one of the most important aspects of modern public wireless networks. Carriers with authentication know that when a mobile phone requests service, it is authentically who it claims to be, as well as knowing that who it claims to be is valid for service. A single method of authentication for future wireless systems may in the long run prove to be more important to the wireless industry than high speed data. After all, if you cannot guarantee that you will be paid for a call, why bother providing service?
© – Copyright