Cryptographic Applications - Everyday Cryptography

Cryptography Reference

In-Depth Information

There are currently no known practical attacks against these cryptographic

algorithms.

12.3.5 GSM and UMTS key management

Key management in GSM and UMTS is fairly straightforward.

KEY MANAGEMENT SYSTEM

GSM and UMTS have an entirely symmetric key management system, facilitated

by the fact that a mobile operator is completely in control of all keying material

relating to their users. We can think of the underlying key management system as

a very simple key hierarchy (see Section 10.4.1) with the user keys K i

acting

as individual user 'master keys' and the encryption keys K c

acting as data

(session) keys.

KEY GENERATION

The user keys K i are randomly generated, normally by the SIMmanufacturer (on

behalf of the mobile operator) using a technique of their choice. The encryption

keys K c are derived from the user keys K i , using the mobile operator's chosen

cryptographic algorithm.

KEY ESTABLISHMENT

The establishment of user key K i is under the control of the SIM manufacturer

(on behalf of the mobile operator) who installs K i on the user's SIM card before

it is issued to the user. The significant key management advantage that is being

exploited here is that a mobile service has no utility until a customer obtains a

physical object from the mobile operator (in this case a SIM card), hence key

establishment can be tied to this process. The keys K c are established during the

AKE protocol used for entity authentication. It is clearly very important that the

SIM manufacturer transfers all the keys K i to the mobile operator using highly

secure means, perhaps in the form of an encrypted database.

KEY STORAGE

The critical user keys K i are stored in the hardware of the user's SIM card, which

offers a reasonable degree of tamper-resistance. Only the encryption key K c , and

in UMTS a MAC key derived from K i , leave the SIM card. These are session keys

that are discarded after use.

KEY USAGE

Both GSM and UMTS enforce a degree of key separation by making sure that

the long-term user key K i is only ever indirectly 'exposed' to an attacker through

its use to compute the short responses to the mobile operator's challenges. The

key K c that is used for bulk data encryption, and is thus most 'exposed' to an

attacker, is a derived key that is not used more than once. In UMTS, separate keys

Search WWH ::

Custom Search

Home