extension of authentication protocol for gsm
DESCRIPTION
Extension of authentication protocol for GSM. 報告者 : 廖翊均. Outline. 1. Overview of authentication protocol for GSM 2. Lee, C.-C. ’s authentication protocol for GSM 3. Improve scheme (1) & (2) 4. Compare. 1. Overview of authentication protocol for GSM ( con’t ). Request(TMSI, LAI). IMSI. - PowerPoint PPT PresentationTRANSCRIPT
Extension of authentication protocol for GSM
報告者 : 廖翊均
Outline
1. Overview of authentication protocol for GSM
2. Lee, C.-C. ’s authentication protocol for GSM
3. Improve scheme (1) & (2)4. Compare
1. Overview of authentication protocol for GSM ( con’t )
Ki
A8 A3
Ki
A3 A8
RAND
SRESSRES equalyes
no
reject
acceptKc
KcKcFrame number
deciphering
ciphering
A5
deciphering
A5cipheringdata
data*
data
data*
MS Home System
Visited System
AuthenticationEncryption
Ciphered informationdeciphering
1. Overview of authentication protocol for GSM
MS VLR HLR
Request(TMSI, LAI)
IMSI
n sets{RANDi,SRESi,KC} i
RANDi
SRESj
Fig. Authentication protocol for GSM
2. Lee, C.-C. ’s authentication protocol for GSM
A3
Ki
RAND
A3
Ki
TKi Auth_VLRm TKi Auth_VLRh
equal
RANDj
A5
SRES
A5
SRESm
equal
T T
TKi
MS HLR
VLR
yes
yes
No
No
accept
accept
reject
reject
2. Lee, C.-C. ’s authentication protocol for GSM ( con’t )
MS VLR HLR
Request(TMSI ,LAI,T)
VLR_ID, IMSI, T
Auth_VLRh , RAND , TKi
RAND , RAND1 , Auth_VLRh , T
SRESm
VLR
3. Improve scheme (1)
在第一次做完 VLR 和 MS 的認證後,兩者同時擁有 temporary key TKi
VLR 再利用 TKi 和 timestamp T 產生 Auth_VLRh = A3( Tj , TKi )
VLR send Auth_VLRh 和 RANDj to MS
MS: Auth_VLRm=A3( Tj , TKi ) 做 VLR 認證 SRESm = A5(RANDj , TKi) send to
VLR 做 MS 認證
3. Improve scheme (1)
MS VLR
Request(TMSI, Tj)
Auth_VLRh, RANDj, Tj
SRESm
3. Improve scheme (2)
MS 驗證 : VLR 利用 Tj-1,Tj and TKi 來產生
SRES = A5( Tj-1||Tj ,TKi )
=>VLR 不必每次 generate random number
VLR 驗證 :
Auth_VLRh = A3( Tj , TKi )
3. Improve scheme (2) phase-1
MS VLR HLR
Request(TMSI ,LAI,T)
VLR_ID, IMSI, T
Auth_VLRh , RAND , TKi
RAND , Auth_VLRh , T
SRESm
VLR
3. Improve scheme (2) phase-2
MS VLR
Request(TMSI, SRES j, T j)
Auth_VLRh, T j
4. Compare
只有第一次對 VLR 做認證而已
=> 利用在第一次做完 VLR 和 MS 的認證後,兩者同時擁有的 temporary key TKi 來產生產生 Auth_VLRh = A3( Tj , TKi ) , 用以完成每次都有同時對 VLR 和 MS 做認證
Improve MS 驗證 :
VLR 利用 Tj-1,Tj and TKi 來產生 SRES = A5( Tj-1||Tj ,TKi
) => VLR 不必每次 generate random number