Cryptography Reference
In-Depth Information
used to encrypt all radio path communication (both signalling information and
the message data) using the key
K
c
. Potentially, this key may be freshly generated
each time a user makes a mobile call.
Encryption is also used to protect the transfer of temporary identification
numbers, which are used instead of the IMSI to provide user anonymity.
FACILITATING GSM ROAMING
While we previously argued that authentication is a 'private' service between a
user and their mobile operator, there is one situation where this is not strictly
true. This happens when a mobile user is traveling outside the area serviced by
their mobile operator, for example, overseas (this is referred to as
roaming
).
Although different mobile operators are in some sense part of a wider 'closed'
GSM network, they are still individual businesses with their own private user
relationships. It would thus be unacceptable for one operator to share its security
critical data (particularly key
K
i
) with another for the purpose of facilitating
roaming. On the other hand, it is equally unacceptable froma practical perspective
for every authentication request from a roaming user to be referred back to the
user's mobile operator, since this might result in extensive delays.
GSM has a clever solution to this problem, through the use of
authentication
triplets
. When a roaming mobile user Alice first connects with Charlie, a local
mobile operator with whom she has no direct business relationship, the following
procedure is followed:
1. Charlie contacts Bob (Alice's mobile operator) and requests a batch of GSM
authentication triplets.
2. Bob generates a fresh batch of randomly generated challenge numbers
RAND
(1)
RAND
(
n
) and computes the matching values for
RES
and
K
c
using Alice's key
K
i
. These form the batch of triplets:
TRIP
(1)
,
RAND
(2)
,...,
=
(
RAND
(1)
,
RES
(1)
,
K
c
(1))
TRIP
(2)
=
(
RAND
(2)
,
RES
(2)
,
K
c
(2))
.
TRIP
(
n
)
=
(
RAND
(
n
)
,
RES
(
n
)
,
K
c
(
n
))
,
where
RES
(
j
)
=
A
3
K
i
(
RAND
(
j
)) and
K
c
(
j
)
=
A
8
K
i
(
RAND
(
j
)). Bob sends this batch
of triplets to Charlie.
3. Charlie sends the challenge
RAND
(1) to Alice.
4. Alice computes the response
RES
(1) using
RAND
(1) and key
K
i
and sends
RES
(1) to Charlie.
5. Charlie checks that the received
RES
(1) matches the value in the first triplet
that he received from Bob. If it does then Charlie authenticates Alice. Note that
Charlie has done this without needing to know the key
K
i
. Alice and Charlie can
now safely assume that they share the encryption key
K
c
(1).
