Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Matthews Lab
Search
Search
Appearance
Log in
Personal tools
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
P2p mobile carriers
(section)
Page
Discussion
British English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= 3. A sketch for a naive protocol = The naive protocol uses the standard authentication protocol, but with a small twist: instead of authenticating directly, a third-party buyer is given authentication responses from a seller which it uses to authenticate. The following protocol defines how to sell credit to a buyer. The seller is the holder of a SIM secret key who wants to sell credit to a buyer. <span id="stage-1---carrier-authentication-via-proxy"></span> == 3.1. Stage 1 - Carrier authentication via proxy == # Every U/e/SIM contains a secret key associated with a mobile account [3gpp-auth][gsm-crypto][5g-auth][4g-auth][3g-auth][2g-auth][sim-security]. # To sell spare credit, the seller can’t give out this key because it would compromise their account. Fortunately, they don’t have to. # First, they give the buyer their IMSI number. The buyer can use this to authenticate with the mobile switching center (MsC) [gsm-l3][3gpp-l3]. # The MsC returns the name of a supported authentication function and a random challenge (which is just a large random number.) # The buyer gives this information to the seller and they use it to calculate a response by passing in the challenge and secret key into the right function. # The seller gives the response back to the buyer. '''At this stage the buyer is authenticated but has learned nothing about the secret key.''' [[File:P2p mobile carriers 2.png|thumb]] <span id="stage-2---setup-encryption-for-voice-calls"></span> == 3.2. Stage 2 - Setup encryption for voice calls == <ol start="7" style="list-style-type: decimal;"> <li>Calls must be encrypted on the mobile network [new-call]. For privacy and security reasons, a new encryption key is generated each time. To calculate the encryption keys the seller passes the random challenge and secret key into yet another function and returns the result to the buyer [gsm-crypto].</li> <li>'''At this point the buyer is both authenticated and has a ciphering key for voice call encryption, yet knows nothing about the secret key.'''</li> <li>If ever the seller wants to disconnect them, all they have to do is establish a new session with the MsC, and it will automatically disconnect the other party [sim-cloning]. Once this happens the buyer cannot reuse a response to authenticate, and the old T-IMSI and session key will become useless.</li> <li>Security can be improved by using temporary IMSI numbers. To protect customers privacy masked IMSI numbers are given out after authentication. These numbers can be used to authenticate [t-imsi][vlr-update].</li></ol> A good overview can be found at [gsm-101], [gsm-protocol-stack], and [mobile-network-overview] . The remaining sections focuses on the problems that arise from this naive protocol and how to fix them. <span id="billing-access-to-a-buyer"></span>
Summary:
Please note that all contributions to Matthews Lab may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Matthews Lab:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
