 |
|
|
Security is a two-edged sword – the sharper it is, the more likely you are to hurt yourself with it. Life is simple with no security, but your wireless business is vulnerable, and can be destroyed in an instant. With military strength security your business is safe, but potential customers will find your system too expensive and too difficult to use, and your business will die of starvation. What are the tools that wireless systems can use to find the middle ground, with ‘good enough’ security, but without imposing outrageous cost or education burdens on customers?
Security systems can be categorized as private (symmetric) key encryption or as public (asymmetric) key encryption. Private key encryption systems use a single key to lock and unlock messages (hence the name ‘symmetric’) meaning that both parties in a communication have to have possession of the same key (and hopefully no unauthorized parties). Ensuring that both parties in a communication have the same keys is complex, particularly in radio-based systems where communicating keys would defeat the purpose of having keys!
Private key encryption is like a locked bank deposit wallet (Figure 1), with both the sender and the receiver having the same key. Anybody who gets access to a key and makes a copy could open the deposit bag, although they still have to be able to intercept it. Similarly, in wireless communications, keys are held by the mobile and by the network (e.g. the Authentication Center - AC or AuC). Anybody who has access to both the communication and the key can authenticate or decrypt the communication. The security of the system is as strong as the lesser of the inherent strength of the algorithms, and the method used to distribute and protect secret keys.
Public key encryption solves the key distribution problem by allowing a public key to be known by everyone, with a private key known only by the entity that needs to decrypt the communication (Figure 2). The down side of public key encryption is that it is significantly more complex, resulting in more complex and slower equipment.
Public key encryption is like having a large number of padlocks that can be opened by one key. The bank gives out deposit wallets with already-opened padlocks. This gives anyone who has a lock the ability to make a deposit but means that nobody can open the deposit wallet except the holder of the key - not even the depositor. With this sytem there is no need for the key to ever leave the bank building, eliminating the need to distribute keys. Eliminating key distribution reduces the major vulnerability with keys. Even if the opened padlocks are stolen, they cannot be used to open deposit bags, they can merely be used to make unauthorized deposits.
In a wireless public key environment mobiles and networks would broadcast their public key, allowing any party to encrypt messages for the desired destination. Once a communication had been encrypted for the mobile, only the mobile could decrypt it, making communications secure from eavesdropping. Similarly, communications destined for the network could be encrypted with the network’s public key, and decrypted only by the network with its private key.
Wireless systems have largely made do with private key encryption for the basic needs of authentication, voice encryption and protection of signaling data. This is based on the greater simplicity of private key systems, and the belief that key distribution is a manageable problem.
Perhaps the most important aspect of wireless communications security is authentication, which, rather ironically, is only required to be half of an encryption system. While validation is used to determine whether a mobile has responded correctly to the question “Who are You?” by determining whether the identifiers transmitted by a mobile (e.g. MIN and ESN) are valid, authentication requires a mobile to answer the more important question “Are You Who You Say You Are?”. A clone is a mobile that provides a valid identity, that has been obtained fraudulently. Clones are able to validate, but unable to authenticate, unless they have somehow obtained the private key of a mobile.
Authentication is based on encryption without the ability to decrypt. It uses a challenge/response transaction. A challenge (a random number) is sent from the base station to a mobile, which encrypts it using the same algorithm as the network to produce the response. The recipient performs the same operation and merely compares the received response from the mobile with its own generated response. There is no need to take the response and decrypt it to ensure that the challenge can be recovered (although this would be an alternative method to provide authentication).
Both GSM and ANSI-41 networks use private key encryption for authentication but, beyond that they are very different, and have different characteristics. This shows that beyond the major categorization of private key versus public key, there can still be major differences.
GSM authentication allows the authentication algorithm to be unique for every home system, although normally the standard A3 algorithm is used. The home provides a ‘triplet’ composed of a random number (the challenge), an expected response, and an encryption key. The serving system simply has to transmit the challenge, wait for the response, and ensure it matches before using the encryption key and a standard algorithm (A8) to protect voice conversations. Changing the algorithm would require reprogramming the home system, plus distributing new smart cards to every user, but this is certainly simpler and cheaper than replacing phones.
The downside of this system is that it requires a new triplet for every call. While several can be delivered within one inter-system message, there is a temptation for carriers to re-use triplets. As soon as this is done, however, the door is opened for GSM cloning.
The CAVE security system used in ANSI-41 networks supporting analog, TDMA and CDMA systems is much more complex. The mobile’s private key is shared only by the mobile and the home system, but the serving system is sent SSD, a secondary key (i.e. one that is derived from the primary key), rather than just a list of challenge/response pairs. This enables the serving system to securely authenticate the mobile any number of times without the overhead of further communications with the home system. This flexibility and efficiency does, however, require the same algorithm (CAVE) be used by all systems. If a major loss of keys occurred it would be possible to update the valid mobiles with a new SSD over the radio interface, but a serious breach of the CAVE algorithm would not be easily rectified.
Public Key encryption as the basic security mechanism for wireless has always been waiting in the wings but so far, for cellular and PCS systems at least, has not found a dance partner. Even when the CAVE private key system was developed in the late 1980’s, public key encryption was an option. When 3G security systems became an issue, the GSM community (3GPP standardization) quickly adopted an enhanced private key algorithm (AKA), but 3GPP2 (largely the CDMA community) again considered public key encryption. After intense debate, this option was rejected, and the AKA private key system was also adopted.
AKA is, at its core, similar to GSM authentication. It now involves the exchange of quintuplets instead of triplets. As well as the challenge, response and encryption key, the quintuplet also contains an integrity key (used to validate each signaling message transmitted) and an authentication token used to allow a truly paranoid mobile to validate the network. Validating the network allows the mobile to protect itself against ‘false base station’ attacks.
AKA also will allow local authentication, similar to the secondary key used in CAVE systems, to reduce network traffic. Although quintuplets can be generated using a custom algorithm in the home system, local authentication and encryption of voice and data will require that a standard algorithm be used.
Wireless security has to be both robust and efficient. While public key encryption promises some advantages, and will be essential for e-commerce, for the less demanding requirements of authentication and voice encryption, private key encryption is still seen as providing adequate bang for a modest buck.
© – Copyright
