Magic WAND: The DLC Implementation

UMTS benefiting from public-key authentication

Geneviève Vanneste, Nigel Jefferies, Eric Johnson

Siemens Atea, Belgium (genevieve.vanneste@vnet.atea.be)
Vodafone Ltd, England (Nigel.Jefferies@vf.vodafone.co.uk)

Giesecke & Devrient, Germany (Eric.Johnson@gdm.de)

Abstract: In this paper we report the results of the ASPeCT project relating to the authentication of UMTS users. The results of demonstrations and trials of the proposed solutions are described. In particular, we analyse the advantages of using a public-key based authentication mechanism for UMTS. In addition, a potential evolution strategy for security features from GSM to UMTS is discussed.

Introduction

The characteristics of UMTS that distinguish it from second-generation systems give an indication of the new and enhanced security features that will be required. UMTS will be a mobile communications system that can deliver high-quality multimedia services via a convergent network of fixed, cellular and satellite components. It will deliver information directly to people and provide them with access to new and innovative services and applications. It will offer mobile personalised communications to a mass market regardless of location, network or terminal.

The need for enhanced security features in UMTS has led to the definition of specific security objectives within ETSI SMG10. These objectives have been translated into security requirements, resulting in a classification of security features [33.20]. Both secret key-based and public key-based mechanisms have been proposed for UMTS to provide mutual authentication, cipher key agreement for confidentiality, anonymity and non-repudiation.

The work done on UMTS authentication as part of the ACTS project AC095 ASPeCT has led to the following technical results.

To demonstrate migration from GSM to UMTS, a multi-application card has been defined and implemented [D17], containing a GSM SIM application and a preliminary UMTS USIM application, offering the security mechanisms proposed in ASPeCT for user authentication.

To achieve flexible introduction of new authentication mechanisms and algorithms, a framework for authentication has been introduced [D17], with the ability to negotiate on which authentication protocol shall be used.

In order to facilitate roaming in a network with a large number of Network Operators and Service Providers, the need has been identified for roaming agreements to be set-up dynamically, as and when they are required.

The ASPeCT UMTS authentication demonstration

Demonstration set-up

A demonstrator, on a PC base, has been developed [D17], demonstrating the authentication framework with both public key and secret key based authentication mechanisms for UMTS. On the user’s side a smart card is available, providing the authentication functionality. The demonstrator shows the feasibility of a multi-application card for GSM and UMTS. The card contains both a GSM SIM application and a preliminary UMTS application. Various problems arise in supporting multiple applications on a single card, such as application selection and independence of applications. A careful approach is required to ensure both adequate security and sufficient interoperability. The functionality of the terminal is put on a PC. At the network’s side an Authentication centre (AuC) has been developed. This AuC can function in a visited network (with the NO) or in a home network (with the SP).

A second demonstration smart card has also been developed to demonstrate the advantages of using public key based mechanisms in UMTS. This card features the same UMTS application described above and also a public key based Visa Cash Reloadable Stored Value Card. This application provides the user with an electronic purse which is intended for low to medium value payments and is being introduced by one of the major payment organisations. (Note that this implementation has not been certified by Visa and is only intended to demonstrate the feasibility of such a multi-application card). If appropriate software was developed for the handset then it would be possible to use such a purse to make payments for services and to remotely load the card with more money – alternatively the card must be removed from the phone and inserted in the merchant’s conventional card reader.

By providing the user with a smart card which supports the public key mechanism needed for the UMTS authentication it is possible, at minimal extra cost, to add extra applications to the card which make use of its public key capability. Such applications will substantially enhance the user’s perception of the value of UMTS and, indeed, could provide the payment mechanism for the services which UMTS makes possible.

Results of the UMTS authentication demonstration

The authentication framework has been evaluated as a basis for a UMTS scenario in which the evolution of security functionality is possible. The principle objective of the authentication framework: ‘to provide a flexible procedure for user-network authentication allowing a number of different mechanisms and algorithms to be incorporated, with the ability to migrate smoothly from one mechanism to another’ is fulfilled.

The authentication framework is compliant with the majority of UMTS requirements as laid out in [33.20]. Both public and secret key approaches are supported, permitting different service providers to use different mechanisms. The UMTS modular approach is supported. User anonymity is preserved throughout the authentication process. Finally, the cost of additional information transfer is minimal, compared to the extensive flexibility in selecting the authentication mechanism which will be imperative in the UMTS environment.

Further work required

During the evaluation, a number of topics were encountered where further work is required:

Within the UMTS society, more value is now given to the ‘support for electronic commerce’ and ‘incontestable charging’ than was originally envisaged by ASPeCT. The security implications of having a UMTS network supporting electronic commerce have not yet been fully studied, nor has there been any work to integrate incontestable charging protocols into the basic UMTS security mechanisms. However, within the secure billing work package in ASPeCT, a micropayment protocol providing incontestable charging has been developed, although this protocol is integrated into mechanisms implemented at the application level and has not been integrated into basic UMTS security mechanisms.

It is now clear that for UMTS more use will be made of packet-based services. It is not clear whether the authentication framework can fulfil the requirements of packet-based services. Further work is required into the development of appropriate security mechanisms for packet-based services in UMTS. Furthermore, mechanisms to support the security of network data (signalling and management data) have not been fully considered.

Since the authentication framework was developed by ASPeCT, there has been an evolution of the proposed UMTS architecture. The most recent version of ETS 23.01 [23.01] describes a different physical model of the UMTS architecture compared with the one originally assumed by ASPeCT. An evolution towards the current domain/strata model was not envisaged by ASPeCT. Furthermore, the network operator is now split into two roles: an access network operator and a serving network operator. In addition, the present domain/strata model lacks a security architecture. Further work is required in order to position the authentication framework within the appropriate domain/strata of the UMTS architecture.

ASPeCT has not studied the integration of the authentication framework within the UMTS signalling procedures. At the start of the project these procedures were not available, and even now much work is still to be done.

The USECA project

To address the issues discussed in the previous section, work has started as part of a new ACTS project, AC336 USECA. Its objective is to define a complete security architecture for UMTS, and to present it for standardization. USECA partners are already working closely with ETSI SMG10 WPC, to ensure that the project results are timely and appropriate to their work.

Benefits of Public key authentication mechanisms

Introducing public key authentication for UMTS, rather than a secret-key mechanism of the type used in GSM, has a number of potential benefits.

No on-line connection to the home network (i.e., the service provider) is required. In GSM the triplets used for authentication are generated within the home network (i.e., HLR/AuC) and must be retrieved from there.

The user's identity need not be transmitted in plaintext over the air-interface. The protocol starts anonymously and the identity is sent encrypted. In GSM, ‘IMSI catching’ is theoretically possible and the network can always ask the mobile to send the user’s identity in plaintext.

The user is unable to deny that he or she actually used the network. This is known as non-repudiation, and may save network operators from losing revenue when a user claims that the calls were never made. Non-repudiation also ensures that the network operator cannot deny receiving particular information from the user.

It is possible to provide mutual authentication between the user and the visiting network in a dynamically changing environment, without the need to change authentication data in the USIM or the network.

The public key infrastructure is then available for use in conjunction with other value added services where public key mechanisms are essential, an obvious example being electronic payment.

Of course, it should be noted that both public and secret key mechanisms are able to provide the mutual authentication required for UMTS.

The ASPeCT authentication trial

A trial is currently taking place of authentication in an experimental UMTS environment with real users, provided by ACTS project AC013 EXODUS [EXO]

The set-up of the authentication trial

The UMTS authentication trial uses an ASPeCT mutual authentication protocol between smart cards (or UIMs) attached to EXODUS terminals, and an ASPeCT AuC attached to an EXODUS SCP. In the trial, ASPeCT security services are integrated into the EXODUS signalling system. The experimental UMTS platform provided by EXODUS is enhanced by the authentication functionality provided by ASPeCT. The main objective of the trial is to show the feasibility of the implementation on a real network.

Communication between the ASPeCT terminal and the network will be provided by DECT and fixed broadband access. The terminal itself will be enhanced with the necessary ASPeCT software to interface with a smart card-based UIM connected to the terminal. The user part of the authentication protocol will run on the ASPeCT UIM.

The UMTS network functionality will be provided by the EXODUS core network. The security mechanisms will be incorporated into the EXODUS core network using an ASPeCT AuC connected to the EXODUS SCP. Authentication is conducted over INAP, using the Authentication-req operation. Interrogation of the service provider is realised using the INAP HandleInformationRequest operation.

The trial configuration is available across two UMTS Islands in Basel and Milan. Within this configuration the distinction between the network operator and the service provider can not be made. Each SCP has home subscribers and visiting subscribers. The AuC connected to the SCP will fulfil two roles, home-AuC and visited-AuC. As home-AuC, its only functionality is the translation of the authentication capability class into authentication mechanisms. As visited-AuC, it has to run the full protocol.

Figure 1: ASPeCT - EXODUS trial configuration

Evaluating the results of the authentication trial

To evaluate the trial, two assessment criteria are used, namely quality and performance. Neither criterion on its own is sufficient to evaluate the system, as a successful system must both be of a usable quality and adequate performance.

The quality of the system is more related to the users’ view of the system, whilst the performance of the system is more related to the network providers' view. However, it is clear that there is some degree of overlap in these definitions. To assess the technical feasibility of the trialled system, the performance of the system is measured directly from the system’s log files. To assess the quality of the system, the response of the users to various actions is recorded and assessed.

Technical feasibility

Data for performance measurements is obtained in the form of log files produced by the AuC, SCP and Terminal.

This data is recorded using a simple tag system, which makes it a fairly straightforward matter to deduce the various timings for each part of the call setup process.

These timings can then be compared against the gross timings defined within the GSM network to assess whether an adequate performance is achieved, and to determine what overhead is added by the authentication framework.

In addition to these performance measurements, the use of the authentication framework will be assessed to see whether it provides the functionality to satisfy the requirements of an authentication process.

User Acceptability

The trial assesses the quality and hence the user acceptability of the system in three ways, each representing a separate section of the user trial documentation.

The first section is used to determine the user’s perceived response of the system to a series of individual actions, and the user records these using a five-level scale of satisfaction: {Bad, Poor, Fair, Good, Excellent}. Once these are averaged for all users, an average level of response is attained for each action.

The second section records the overall assessment of the system by each user and contains a group of more general questions at the end of the list of actions. These use the same scale of satisfaction, and ask questions about the overall usability and quality of the system. Once these are averaged for all users, an overall level of satisfaction will be recorded.

Finally, a third comments section allows feedback on issues not covered specifically under the previous two sections, and allows the users to input more individual views. These are analysed to see whether there are any common responses, which are then recorded.

A GSM-UMTS evolution strategy

To enable evolution from the GSM architecture to a UMTS architecture, security features have to be prioritised and grouped into viable work items. The following strategy could be followed:

GSM authentication can evolve towards user-home network mutual authentication, with the existing secret-based mechanism using a PLMN/SP specific algorithm being maintained. Evolution towards other mechanisms would then be enabled, by providing the necessary negotiation phase.

Public key authentication can be introduced to achieve mutual authentication between the user and the access network. Minimising the different authentication procedures is very important on this interface, but by means of an authentication framework, negotiation can certainly be added.

Terminal authentication can be added as an optional feature to protect against terminal theft and cloning.

The placing of the security functionality within the UMTS architecture can be done as follows:

in the HN the security control function realises the user - home network mutual authentication, this can take place in the HN itself or delegated to the SN.

In the RNC the security control function will do the mutual authentication between the user and the access network, in combination with setting up the cipher key and the ciphering function. It is important that, for UMTS, ciphering for circuit switched and packet data is harmonized and can take place at the same level.

In the USIM the user security control function is present, controlling the user - home network mutual authentication and the user - access network mutual authentication.

The terminal must continue to support the ciphering functionality, as the interface between the smartcard and the terminal cannot support the data rates needed for multimedia services.

Figure 2: UMTS evolution architecture

Conclusion

The results achieved within ASPeCT build a firm basis for integration of new and advanced security mechanisms into the UMTS architecture. Public-key authentication mechanisms are clear contenders for use in UMTS, and the adoption of a flexible authentication framework will allow the evolution of security features, including a future upgrade path.

This paper is based on the work carried out as part of the ACTS project AC095, ASPeCT (Advanced Security for Personal Communications Technologies) [ASP].

References

[ASP] http://www.esat.kuleuven.ac.be/cosic/aspect/aspect.html

[23.01] ETSI ETS Draft UMTS 23.01. Special Mobile Group (SMG): Universal Mobile Telecommunications System (UMTS); General UMTS Architecture. Version 0.2.0, November 1997.

[33.20] ETSI Technical Report UMTS 33.20. Special Mobile Group (SMG): Universal Mobile Telecommunications System (UMTS); Security Principles. Version 0.5.0, April 1998.

[D17] ACTS AC095 ASPeCT Deliverable 17. Migration Scenarios: Final Version. AC095/ATEA/W21/DS/P/17/1. October 1997.

[D19] ACTS AC095 ASPeCT Deliverable 19. Report on Final Trial and Demonstration. AC095/PFN/W12/DS/P/19/1. April 1998.

[EXO] ACTS AC013 EXODUS Deliverable 32. Planning of Phase 2 Trials. AC013/SWISS/WP5.1/DS/P/032/b1. August 1997.