Cryptography Reference
In-Depth Information
6. The next time Alice contacts Charlie to request a new authentication, Charlie
uses the second triplet received from Bob and sends the challenge
RAND
(2).
Thus although Bob has to be involved in the first authentication attempt, there
is no need to contact Bob again until the current batch of triplets have all been
used up.
SECURITY OF GSM ALGORITHMS
Despite the justification that we made for the use of proprietary algorithms in
GSM, the general concerns about the use of proprietary algorithms that we
outlined in Section 1.5.3 have come to the fore since the initial development
of GSM.
Apopularly implemented early instantiation of the algorithms A3 andA8 was a
proprietary algorithm called COMP128. The details of this algorithmwere leaked
in 1997 and weaknesses in COMP128 were subsequently found. New versions of
this algorithm have since been introduced.
The initial design of A5/1 was also secret but the algorithm was subsequently
reverse-engineered and some powerful attacks against it have now been demon-
strated. We will see shortly that a different approach has been taken over UMTS
algorithm selection.
Nonetheless, GSM has proved to be a successful security standard. GSM effec-
tively solved the problemof cloningmobiles to gain unauthorised access tomobile
telecommunications networks. GSM addressed the problem of eavesdropping
on the radio path. It is interesting to note that GSM was also one of the first
applications to demonstrate the advantages of basing security of consumer devices
on smart cards.
12.3.4
UMTS
The main reason for developing a new standard for mobile telecommunications
was not so much GSM security concerns, but rather to provide additional features
and functionality, such as the ability to access internet services. However, the
opportunitywas taken during the development of UMTS to build on the successful
aspects of GSM security, and further strengthen it where appropriate. The main
cryptographic improvements over GSM are as follows:
Mutual entity authentication
. GSM offers entity authentication only of the
mobile user. Since the development of GSM, so-called
false base station attacks
have become much more feasible due to reductions in the costs of suitable
equipment. In one example of such an attack, a mobile user connects to the
false base station, which immediately suggests to the user that encryption is
turned off. By additionally requiring the user to authenticate to the mobile
base station, such attacks are prevented.
Prevention of triplet reuse
. A GSM triplet can, in theory, be reused many times
for the particular mobile that it was generated for. In UMTS this is prevented
