WO2004010720A1 - Enhanced security for wireless data transmission systems - Google Patents

Enhanced security for wireless data transmission systems Download PDF

Info

Publication number
WO2004010720A1
WO2004010720A1 PCT/US2003/022671 US0322671W WO2004010720A1 WO 2004010720 A1 WO2004010720 A1 WO 2004010720A1 US 0322671 W US0322671 W US 0322671W WO 2004010720 A1 WO2004010720 A1 WO 2004010720A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
key
predetermined algorithm
procedure
ciphering key
Prior art date
Application number
PCT/US2003/022671
Other languages
French (fr)
Inventor
John Baker
Martin Greenwood
Yong Zhou
Original Assignee
Transat Technologies, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Transat Technologies, Inc. filed Critical Transat Technologies, Inc.
Priority to AU2003261196A priority Critical patent/AU2003261196A1/en
Publication of WO2004010720A1 publication Critical patent/WO2004010720A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present disclosure relates generally to a communications system and, more particularly, to a method and apparatus for an enhanced security mechanism for wireless data transmission systems.
  • GSM Global Systems for Mobile communications
  • security related services and functions are: subscriber identity confidentiality by using a temporary identity; subscriber identity authentication by generating a random challenge and verifying the signature response! and signaling information and data confidentiality for physical connections through a process called ciphering which disguises digital data in order to hide information content.
  • ciphering which disguises digital data in order to hide information content.
  • the present disclosure provides a method for protecting authorized users of a mobile data network from undesirable intrusion.
  • An enhanced security method and system for a wireless telecommunications network is described.
  • the method can include: determining a random number from within a wireless network; providing a key from within the wireless network; executing a first procedure in the network with the key and the random number to produce a first ciphering key! executing a second procedure in the network with the key and the random number to produce a first expected response; sending the random number, the expected response and the ciphering key to a first enhanced security procedure within the network; executing a third procedure within the first enhanced security procedure and producing a first modified expected response; sending the random number to a mobile station!
  • Figure 1 illustrates the network architecture of a mobile network!
  • Figure 2 illustrates standard security functions of a mobile network;
  • FIG. 3 illustrates a wireless access Internet node (WAIN);
  • FIG. 4 illustrates WAIN security functions
  • Figure 5 illustrates a ciphering process for mobile networks
  • Figure 6 illustrates a WAIN client with ESP and a SIM interface on a USB module!
  • Figure 7 illustrates a WAIN client with ESP, a SIM interface and Radio system on a PCMCIA module.
  • FIG. 1 shows a General Packet Radio Service (GPRS) based mobile data network architecture.
  • GPRS General Packet Radio Service
  • GPRS is a new enhancement to GSM communications for supporting packet data transfer over a mobile network.
  • the GPRS is the basis for packet data service in a 3 rd Generation (3G) mobile standard called Universal Mobile Telecommunications System (UMTS).
  • 3G 3 rd Generation
  • UMTS Universal Mobile Telecommunications System
  • UMTS is one of the major new 3G mobile communications systems being developed within the framework which has been defined by the ITU and known as IMT-2000.
  • IMT-2000 Universal Mobile Telecommunications System
  • the subject of intense worldwide efforts on research and development throughout the present decade, UMTS has the support of many major telecommunications operators and manufacturers because it represents a unique opportunity to create a mass market for highly personalized and user-friendly mobile access to tomorrow's "Information Society”.
  • UMTS delivers pictures, graphics, video communications and other wide-band information as well as voice and data, directed to people who may be on the move.
  • UMTS builds on and extends the capability of mobile technologies (like digital cellular and cordless) by providing increased capacity, data capability and a far greater range of services using an innovative radio access scheme and an enhanced, evolving core network.
  • the Base Station System (BSS) 50 is responsible for radio transmission, radio source management and access control.
  • the BSS 50 includes a Base Station antenna 47 and a Base Station Controller 49.
  • the BSS 50 serves the Mobile Station (MS) 52 in its coverage area via a radio link 54.
  • MS Mobile Station
  • One or more mobile BSSs 50 are connected to a Serving GPRS Support Node (SGSN) 56 which performs packet switching and mobility management functions.
  • the SGSN 56 also detects MSs 52 in the local area for the transmission and receipt of packets. Additionally, it locates and identifies the status of MSs 52 and gathers crucial call information, which is an essential aspect of billing.
  • other key SGSN 56 functions include ciphering, compression and interaction with GSM circuit switched services for mobile paging and Short Message Services.
  • One or more SGSNs 56 can be connected to a GGSN 58 for interworking with external Packet Data Networks (PDN) 60.
  • PDN Packet Data Networks
  • the GGSN 58 acts as a gateway between GSM networks and public data networks.
  • the GGSN 58 can connect directly to the Internet using IP over a variety of physical and tunneling protocols.
  • the GGSN 58 also functions as a fire wall, to ensure that all incoming and outgoing data is authorized adding security to enterprise network.
  • the GGSN 58 includes all standard based functionality and even more with authentication, encryption, routing, firewall filtering, bandwidth and system management.
  • HLR Home Location Register
  • a MS 52 consists of a Mobile Terminal (MT) 66 and a Subscriber Identity Module (SIM) 68.
  • the MT 66 supports the radio interface communicating with the BSS 50 and the SIM 68 card stores a subscriber's subscription and security information (however, SIM is also referred as Service Identity Module in the UMTS standard).
  • the SIM 68, the MT 66, the SGSN 56 and the AuC 64 are the only entities involved in the security procedure.
  • the SIM 68 on the mobile station side and the AuC 64 on the home network side 59 are the two authenticating entities where a unique authentication key (Ki) is stored for each mobile subscriber.
  • the authentication information is exchanged between the MT 66 and SGSN 56.
  • the SIM 68 is the key to the personalized service, security and bilhng. Before a MS 52 can use any GPRS services, it must attach itself to the network 59 through a GPRS Attach procedure.
  • the MS 52 provides the network 59 its identity which can be a unique International Mobile Subscriber Identity (IMSI), or a temporary identity previously assigned by the network. Once a valid mobile identity 80 is received, the network 59 may authenticate the identity.
  • Figure 2 shows the Authentication and Ciphering Key Setting procedure specified in the GPRS standard. With the MS's identity 80, the AuC 64 in the GPRS network 59 determines the mobile unit's authentication key, Ki 82, and generates a random challenge "RAND" 84.
  • IMSI International Mobile Subscriber Identity
  • the Ki 82 and RAND 84 are used to compute the expected Response XRES 86 using a GSM/GPRS standard authentication algorithm 88 such as an A3 algorithm and the ciphering key Kc 90 using a ciphering key setting algorithm 92 such as an A8 algorithm.
  • the authentication triplet ⁇ RAND, XRES, Kc ⁇ associated with a MS's ID 80 is sent to the SGSN 56 upon request.
  • a vector of triplets 94 can be passed altogether and stored in the SGSN 56 for subsequent authentication.
  • the SGSN 56 initiates the Authentication and Ciphering Key Setting procedure by sending the MS 52 a random challenge RAND 84 selected from an unused authentication triplet.
  • a Signature Response SRES 96 of the RAND 84 is computed using the Ki 82 and A3 algorithm 92 stored in the SIM 68.
  • the ciphering key, Kc, 90 is also computed using the RAND 84, Ki 82 and A8 algorithm 92.
  • the SRES 96 and the Kc 90 are then passed to the MT 66 from the SIM 68.
  • the SRES 96 is then sent to the SGSN 56 for comparison with the XRES 86. If the two match, the MS 52 is successfully authenticated.
  • the ciphering key Kc 90, generated on both sides 52, 59 are also used for subsequent encryption of the signahng and user data.
  • the WAIN integrates the GPRS network and security functionality with an independent high speed radio system such as IEEE 802.11.
  • the WAIN system consists of a WAIN Client (WC) 110 in the MS 52 and a WAIN Server (WS) 112 in the network 59.
  • the WAIN supports wireless Internet access and data transfer at a high speed while providing connectivity to the mobile network for mobility, security and bilhng services.
  • the WC 110 supports high layer GPRS terminal functions, interfaces 114 to the SIM card and adapts to the underlying radio system 116.
  • the WS 112 supports the GPRS network functions of the BSS/SGSN/GGSN, interfaces 118 to the HLR 62 and the AuC 64, and adapts 120 to the underlying radio system 119.
  • the radio link adaptation 116, 120 in both the WC 110 and the WS 112 allows the WAIN to support multiple radio technologies.
  • the GSM/GPRS security mechanism is more robust than the one defined for 802.11, it still has its limitation. Since the maximum length of the actual ciphering key is fixed by the GSM MoU, the A8 algorithm produces the actual ciphering key and extends it (if necessary) into a 64 bit word where the nonsignificant bits are forced to zero for the GSM/GPRS. However, in UMTS, the ciphering key is 128 bits long. Even though sophisticated intruders may be able to guess the key needed to decode the encrypted data after intercepting enough digital data over the air, the longer the key sequence and the more complicated the algorithm, the harder it is to guess the key.
  • the Enhanced Security Protocol (ESP) implemented in the WC 122 and WS 124 ensures the robustness of the WAIN security system while preserving the end-to-end open security standard between the SIM 68 and the AuC 64.
  • ESP Enhanced Security Protocol
  • the ESP 122, 124 included in the WAIN provides authentication discrimination.
  • An intruder may try to impersonate an authorized subscriber by using a manipulated MS with a known identity that may produce the standard SRES of a RAND.
  • the standard SRES is modified to SRES' 130 by the ESP 110 at the WC using a cryptographical algorithm as shown in Figure 4.
  • the XRES 86 received from the AuC 64 is modified to XRES' 132 by the ESP 124 at the WS 112 using the same algorithm. This will ensure that only those users using the WC 110 are properly validated while those using non-WAIN terminals are rejected.
  • the ciphering key, Kc 90 is modified into a new key, Kc' 134, by the ESP 122 at the WC 110 using another cryptographical algorithm.
  • This algorithm may be very different from the cryptographical algorithm mentioned above.
  • the same operation is executed by the ESP 124 at the WS 112 using the same algorithm.
  • the new ciphering key, Kc' 134 may be of the same or greater length than the original key generated using the standard A8 algorithm. In case of the same length, the same standard ciphering algorithm can still be used. If a longer key is desired, a more advanced ciphering algorithm may be used together with the key to provide a better protection.
  • the transmitter 140 across the radio interface of a mobile network will generate a ciphering sequence 142 using a known ciphering algorithm 144 with the key 134 and some input parameters 146.
  • the ciphering sequence 142 is bit-wise added (modulo 2) to the unciphered bit sequence 148 to produce a ciphered stream 150.
  • the ciphered stream 150 received at the receiver 152 is bit-wise added (modulo 2) again to the same ciphering sequence generated locally using the same algorithm 144, key 134 and input parameters 146 as the transmitting side.
  • This deciphering process recovers the original clear text 148 sent from the transmitter 140 before ciphering.
  • the encryption should be implemented on hardware to provide more processing power and a better protection.
  • a commercially available SIM card reader 160 is shown implemented on a USB module 162 that is connected to a laptop computer 164 by the USB interface 168 and the USB port 170.
  • This reader 160 is GSM/GPRS compatible.
  • the ESP 122 is shown implemented on the same USB module 162 that the SIM card reader 160 is on. The process starts by sending an authentication challenge RAND from the GPRS Signahng and Data Transfer (GSDT) subsystem 172 to the ESP 122, then a modified Signature Response SRES' is generated and returned to the GSDT subsystem 172 as the authentication response.
  • GSDT GPRS Signahng and Data Transfer
  • the ESP 122 is implemented on a PCMCIA module 180 together with the SIM interface 182 and the radio system 184 (such as 802.11) as shown in the laptop terminal 190 example in Figure 7.
  • the PCMCIA port 188 is connected to the terminal 190 via the PCMCIA port 192.
  • An authentication challenge RAND is first sent from to the GSDT subsystem 186 to the ESP 122, and a modified Signature Response SRES' is then generated and returned to the GSDT subsystem 186 as the authentication response.
  • a modified Signature Response SRES' is then generated and returned to the GSDT subsystem 186 as the authentication response.
  • the clear text is passed from the GSDT subsystem 186 to the ESP 122 for encryption with the newly generated key.
  • the encrypted sequence is then sent to the radio system 184 for transmission to the network (not shown in this figure).

Abstract

A method and system for an enhanced security method for a wireless telecommunications networks is described. The method can include determining a random number (84) from within a wireless network; providing a key from within the wireless network; executing a first procedure in the network with the key and the random number (84) to produce a first ciphering key; executing a second procedure in the network with the key and the random number (84) to produce a first expected response; sending the random number (84), the expected response and the ciphering key to a first enhanced security procedure within the network; executing a third procedure within the first enhanced security procedure and producing a first modified expected response; sending the random number (84) to a mobile station; executing the first procedure in the mobile station with the key and the random number to produce a second ciphering key; executing a second procedure in the mobile station with the key and the random number (84) to produce a second expected response; executing a third procedure within a second enhanced security procedure within the mobile station and producing a second modified expected response; and comparing the first modified response and the second modified response to determine a match.

Description

ENHANCED SECURITY FOR WIRELESS DATA TRANSMISSION SYSTEMS
RELATED APPLICATION This application relates to U.S. Application Serial No. 09/851,681, filed on May
8, 2001, which is commonly assigned and incorporated herein by reference in its entirety.
BACKGROUND OF THE INVENTION
The present disclosure relates generally to a communications system and, more particularly, to a method and apparatus for an enhanced security mechanism for wireless data transmission systems.
Due to the nature of the wireless transmission, the data exchange over a mobile communication link is particularly vulnerable to misuse and/or fraud by unauthorized mobile users. Network resources may be accessed by unauthorized persons using manipulated Mobile Stations (MS) trying to impersonate an authorized subscriber. Additionally, there is also a danger of someone eavesdropping on the radio path.
Various wireless standards including Global Systems for Mobile communications (GSM) include security related services and functions. Among those services and functions are: subscriber identity confidentiality by using a temporary identity; subscriber identity authentication by generating a random challenge and verifying the signature response! and signaling information and data confidentiality for physical connections through a process called ciphering which disguises digital data in order to hide information content. However, although these services and functions exist, no known system protects the mobile network from unauthorized third parties adequately.
Therefore, what is needed, is a security mechanism designed to protect authorized users of a mobile data network from undesirable intrusion of unauthorized parties. SUMMARY OF THE INVENTION
The present disclosure provides a method for protecting authorized users of a mobile data network from undesirable intrusion.
An enhanced security method and system for a wireless telecommunications network is described. The method can include: determining a random number from within a wireless network; providing a key from within the wireless network; executing a first procedure in the network with the key and the random number to produce a first ciphering key! executing a second procedure in the network with the key and the random number to produce a first expected response; sending the random number, the expected response and the ciphering key to a first enhanced security procedure within the network; executing a third procedure within the first enhanced security procedure and producing a first modified expected response; sending the random number to a mobile station! executing the first procedure in the mobile station with the key and the random number to produce a second ciphering key; executing a second procedure in the mobile station with the key and the random number to produce a second expected response; executing a third procedure within a second enhanced security procedure within the mobile station and producing a second modified expected response; and comparing the first modified response and the second modified response to determine a match.
Therefore, in accordance with the previous summary, objects, features and advantages of the present disclosure will become apparent to one skilled in the art from the subsequent description and the appended claims taken in conjunction with the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 illustrates the network architecture of a mobile network! Figure 2 illustrates standard security functions of a mobile network;
Figure 3 illustrates a wireless access Internet node (WAIN);
Figure 4 illustrates WAIN security functions!
Figure 5 illustrates a ciphering process for mobile networks!
Figure 6 illustrates a WAIN client with ESP and a SIM interface on a USB module! and
Figure 7 illustrates a WAIN client with ESP, a SIM interface and Radio system on a PCMCIA module. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present disclosure can be described by the embodiments given below. It is understood, however, that the embodiments below are not necessarily hmitations to the present disclosure, but are used to describe a typical implementation of the invention. A list of definitions and abbreviations will first be described and then the details of the embodiment will be described. Definitions and Abbreviations
AuC Authentication Center
BSC Base Station Controller
BSS Base Station System
BTS Base Transceiver Station
ESP Enhanced Security Protocol
GGSN Gateway GPRS Support Node
GPRS General Packet Radio Service
GSM Global System for Mobile communications
HLR Home Location Register
IMSI International Mobile Subscriber Identity
IP Internet Protocol
MS Mobile Station
MT Mobile Terminal
PDN Packet Data Network
SGSN Serving GPRS Support Node
SIM Subscriber Identity Module
UMTS Universal Mobile Telecommunications System
WAIN Wireless Access Internet Node
WC WAIN Client
WS WAIN Server
Now turning to a description of the embodiment, Figure 1 shows a General Packet Radio Service (GPRS) based mobile data network architecture. GPRS is a new enhancement to GSM communications for supporting packet data transfer over a mobile network. The GPRS is the basis for packet data service in a 3rd Generation (3G) mobile standard called Universal Mobile Telecommunications System (UMTS). UMTS is one of the major new 3G mobile communications systems being developed within the framework which has been defined by the ITU and known as IMT-2000. The subject of intense worldwide efforts on research and development throughout the present decade, UMTS has the support of many major telecommunications operators and manufacturers because it represents a unique opportunity to create a mass market for highly personalized and user-friendly mobile access to tomorrow's "Information Society". UMTS delivers pictures, graphics, video communications and other wide-band information as well as voice and data, directed to people who may be on the move. UMTS builds on and extends the capability of mobile technologies (like digital cellular and cordless) by providing increased capacity, data capability and a far greater range of services using an innovative radio access scheme and an enhanced, evolving core network.
The Base Station System (BSS) 50 is responsible for radio transmission, radio source management and access control. The BSS 50 includes a Base Station antenna 47 and a Base Station Controller 49. The BSS 50 serves the Mobile Station (MS) 52 in its coverage area via a radio link 54.
One or more mobile BSSs 50 are connected to a Serving GPRS Support Node (SGSN) 56 which performs packet switching and mobility management functions. The SGSN 56 also detects MSs 52 in the local area for the transmission and receipt of packets. Additionally, it locates and identifies the status of MSs 52 and gathers crucial call information, which is an essential aspect of billing. In addition to providing mobility management and connectivity between the BSS 50 and the Gateway GPRS Serving Node 58, other key SGSN 56 functions include ciphering, compression and interaction with GSM circuit switched services for mobile paging and Short Message Services. One or more SGSNs 56 can be connected to a GGSN 58 for interworking with external Packet Data Networks (PDN) 60. The GGSN 58 acts as a gateway between GSM networks and public data networks. The GGSN 58 can connect directly to the Internet using IP over a variety of physical and tunneling protocols. The GGSN 58 also functions as a fire wall, to ensure that all incoming and outgoing data is authorized adding security to enterprise network. In addition to providing GSM connectivity to external data networks such as the Internet, the GGSN 58 includes all standard based functionality and even more with authentication, encryption, routing, firewall filtering, bandwidth and system management.
Moreover, there is a database called Home Location Register (HLR) 62 connected to the SGSN 56 that stores subscription data for all mobile users that are subscribed in any particular home network 59. Moreover, an MS's security information is stored in an Authentication Center (AuC) 64 which communicates with the SGSN 56 via the HLR 62 for authentication purposes. In the GSM/GPRS architecture, a MS 52 consists of a Mobile Terminal (MT) 66 and a Subscriber Identity Module (SIM) 68. The MT 66 supports the radio interface communicating with the BSS 50 and the SIM 68 card stores a subscriber's subscription and security information (however, SIM is also referred as Service Identity Module in the UMTS standard).
The SIM 68, the MT 66, the SGSN 56 and the AuC 64 are the only entities involved in the security procedure. In particular, the SIM 68 on the mobile station side and the AuC 64 on the home network side 59 are the two authenticating entities where a unique authentication key (Ki) is stored for each mobile subscriber. The authentication information is exchanged between the MT 66 and SGSN 56. However, the SIM 68 is the key to the personalized service, security and bilhng. Before a MS 52 can use any GPRS services, it must attach itself to the network 59 through a GPRS Attach procedure.
Now referring to Figure 2, the MS 52 provides the network 59 its identity which can be a unique International Mobile Subscriber Identity (IMSI), or a temporary identity previously assigned by the network. Once a valid mobile identity 80 is received, the network 59 may authenticate the identity. Figure 2 shows the Authentication and Ciphering Key Setting procedure specified in the GPRS standard. With the MS's identity 80, the AuC 64 in the GPRS network 59 determines the mobile unit's authentication key, Ki 82, and generates a random challenge "RAND" 84. The Ki 82 and RAND 84 are used to compute the expected Response XRES 86 using a GSM/GPRS standard authentication algorithm 88 such as an A3 algorithm and the ciphering key Kc 90 using a ciphering key setting algorithm 92 such as an A8 algorithm. The authentication triplet {RAND, XRES, Kc} associated with a MS's ID 80 is sent to the SGSN 56 upon request. A vector of triplets 94 can be passed altogether and stored in the SGSN 56 for subsequent authentication.
In the GPRS architecture, the SGSN 56 initiates the Authentication and Ciphering Key Setting procedure by sending the MS 52 a random challenge RAND 84 selected from an unused authentication triplet. Once the RAND 84 is passed to the SIM 68 through the MT 66, a Signature Response SRES 96 of the RAND 84 is computed using the Ki 82 and A3 algorithm 92 stored in the SIM 68. In addition, the ciphering key, Kc, 90 is also computed using the RAND 84, Ki 82 and A8 algorithm 92. The SRES 96 and the Kc 90 are then passed to the MT 66 from the SIM 68. The SRES 96 is then sent to the SGSN 56 for comparison with the XRES 86. If the two match, the MS 52 is successfully authenticated. The ciphering key Kc 90, generated on both sides 52, 59 are also used for subsequent encryption of the signahng and user data.
Now turning to Figure 3, the Wireless Access Internet Node (WAIN) technology of the invention is shown. The WAIN integrates the GPRS network and security functionality with an independent high speed radio system such as IEEE 802.11. The WAIN system consists of a WAIN Client (WC) 110 in the MS 52 and a WAIN Server (WS) 112 in the network 59. The WAIN supports wireless Internet access and data transfer at a high speed while providing connectivity to the mobile network for mobility, security and bilhng services. The WC 110 supports high layer GPRS terminal functions, interfaces 114 to the SIM card and adapts to the underlying radio system 116.
The WS 112 supports the GPRS network functions of the BSS/SGSN/GGSN, interfaces 118 to the HLR 62 and the AuC 64, and adapts 120 to the underlying radio system 119. By combining the multiple network elements into one single node, all unnecessary intermediate interfaces and protocols are removed in the WS 112. Therefore, the system architecture can be greatly simplified and cost can be significantly reduced compared to the conventional mobile network architecture. More detail about the WAIN technology can be found in co-pending U.S. Application Serial No. 09/851,681, which is commonly assigned. The radio link adaptation 116, 120 in both the WC 110 and the WS 112 allows the WAIN to support multiple radio technologies.
Although the GSM/GPRS security mechanism is more robust than the one defined for 802.11, it still has its limitation. Since the maximum length of the actual ciphering key is fixed by the GSM MoU, the A8 algorithm produces the actual ciphering key and extends it (if necessary) into a 64 bit word where the nonsignificant bits are forced to zero for the GSM/GPRS. However, in UMTS, the ciphering key is 128 bits long. Even though sophisticated intruders may be able to guess the key needed to decode the encrypted data after intercepting enough digital data over the air, the longer the key sequence and the more complicated the algorithm, the harder it is to guess the key. The Enhanced Security Protocol (ESP) implemented in the WC 122 and WS 124 ensures the robustness of the WAIN security system while preserving the end-to-end open security standard between the SIM 68 and the AuC 64.
Moreover, the ESP 122, 124 included in the WAIN provides authentication discrimination. An intruder may try to impersonate an authorized subscriber by using a manipulated MS with a known identity that may produce the standard SRES of a RAND. To prevent this type of unauthorized user from accessing the mobile network through the WAIN Server, the standard SRES is modified to SRES' 130 by the ESP 110 at the WC using a cryptographical algorithm as shown in Figure 4. Similarly, the XRES 86 received from the AuC 64 is modified to XRES' 132 by the ESP 124 at the WS 112 using the same algorithm. This will ensure that only those users using the WC 110 are properly validated while those using non-WAIN terminals are rejected.
In the WAIN security system, the ciphering key, Kc 90, is modified into a new key, Kc' 134, by the ESP 122 at the WC 110 using another cryptographical algorithm. This algorithm may be very different from the cryptographical algorithm mentioned above. The same operation is executed by the ESP 124 at the WS 112 using the same algorithm. The new ciphering key, Kc' 134, may be of the same or greater length than the original key generated using the standard A8 algorithm. In case of the same length, the same standard ciphering algorithm can still be used. If a longer key is desired, a more advanced ciphering algorithm may be used together with the key to provide a better protection.
Now turning to Figure 5, once the ciphering key 134 is determined, the transmitter 140 across the radio interface of a mobile network will generate a ciphering sequence 142 using a known ciphering algorithm 144 with the key 134 and some input parameters 146. The ciphering sequence 142 is bit-wise added (modulo 2) to the unciphered bit sequence 148 to produce a ciphered stream 150. The ciphered stream 150 received at the receiver 152 is bit-wise added (modulo 2) again to the same ciphering sequence generated locally using the same algorithm 144, key 134 and input parameters 146 as the transmitting side. This deciphering process recovers the original clear text 148 sent from the transmitter 140 before ciphering. Ideally, the encryption should be implemented on hardware to provide more processing power and a better protection.
Now turning to an example of using the ESP technique in a laptop MS 164 in Figure 6, a commercially available SIM card reader 160 is shown implemented on a USB module 162 that is connected to a laptop computer 164 by the USB interface 168 and the USB port 170. This reader 160 is GSM/GPRS compatible. The ESP 122 is shown implemented on the same USB module 162 that the SIM card reader 160 is on. The process starts by sending an authentication challenge RAND from the GPRS Signahng and Data Transfer (GSDT) subsystem 172 to the ESP 122, then a modified Signature Response SRES' is generated and returned to the GSDT subsystem 172 as the authentication response. Once the ciphering key is modified in the ESP 122, clear text is passed from the GSDT subsystem 172 to the ESP 122 for encryption with the newly generated key. The encrypted sequence is then sent back to the GSDT subsystem 172 for transmission from the terminal 164 through the Radio Link adaptation 161 and radio system 163 to the network (not shown in this figure).
In another embodiment, the ESP 122 is implemented on a PCMCIA module 180 together with the SIM interface 182 and the radio system 184 (such as 802.11) as shown in the laptop terminal 190 example in Figure 7. The PCMCIA port 188 is connected to the terminal 190 via the PCMCIA port 192.
An authentication challenge RAND is first sent from to the GSDT subsystem 186 to the ESP 122, and a modified Signature Response SRES' is then generated and returned to the GSDT subsystem 186 as the authentication response. Once the ciphering key is modified in the ESP 122, the clear text is passed from the GSDT subsystem 186 to the ESP 122 for encryption with the newly generated key. The encrypted sequence is then sent to the radio system 184 for transmission to the network (not shown in this figure).
It is understood that several modifications, changes and substitutions are intended in the foregoing disclosure and in some instances some features of the invention will be employed without a corresponding use of other features. Accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the scope of the invention.

Claims

1. A enhanced security method for a wireless telecommunications network, the method comprising: determining a random number from within a wireless network! providing a key from within the wireless network! executing a first procedure in the network with the key and the random number to produce a first ciphering key! executing a second procedure in the network with the key and the random number to produce a first expected response! sending the random number, the expected response and the ciphering key to a first enhanced security procedure within the network! executing a third procedure within the first enhanced security procedure and producing a first modified expected response! sending the random number to a mobile station! executing the first procedure in the mobile station with the key and the random number to produce a second ciphering key! executing a second procedure in the mobile station with the key and the random number to produce a second expected response," executing a third procedure within a second enhanced security procedure within the mobile station and producing a second modified expected response; and comparing the first modified response and the second modified response to determine a match.
2. The method of claim 1 wherein the executing the second procedure in the mobile station includes executing the second procedure in mobile station with a USB port.
3. The method of claim 1 wherein the executing the second procedure in the mobile station includes executing the second procedure in mobile station with a PCMCIA port.
4. The method of claim 1 wherein the executing the second procedure in the mobile station includes executing the second procedure in mobile station with an infrared communications port.
5. An enhanced security method for authenticating a mobile station (MS) in a wireless telecommunications network, the method comprising: providing, by the MS, an identity number to the network; determining, by the network, an authentication key of the MS based on the provided identity number,' generating, by the network, a random challenge number! computing, by the network, an expected response number based on the challenge number and the authentication key using a first predetermined algorithm! computing, by the network, a first ciphering key based on the challenge number and the authentication key using a second predetermined algorithm! sending the MS the challenge number from the network! modifying, by the network, the expected response number according to a third predetermined algorithm! enhancing, by the network, the first ciphering key according to a fourth predetermined algorithm! generating, by the MS, a signature response number based on the received challenge number and the authentication key stored within the MS using the first predetermined algorithm; modifying, by the MS, the generated signature response by using the third predetermined algorithm,' generating, by the MS, a second ciphering key based on the received challenge number and the authentication key stored within the MS using the second predetermined algorithm; enhancing, by the MS, the second ciphering key by using the fourth predetermined algorithm,' and transmitting, by the MS, the modified signature response number to the network, wherein the modified signature response number is compared, by the network, with the modified expected response number to authenticate the MS, wherein the enhanced second ciphering key is expected to be the same as the enhanced first ciphering key and if so, it is used for subsequent encryption of data transmitted between the MS and the network.
6. An enhanced security method for authenticating a mobile station (MS) in a wireless telecommunications network, the method comprising: providing, by the MS, an identity number to the network; determining, by the network, an authentication key of the MS based on the provided identity number! generating, by the network, a random challenge number,' computing, by the network, an expected response number based on the challenge number and the authentication key using a first predetermined algorithm; sending the MS the challenge number from the network; modifying, by the network, the expected response number according to a second predetermined algorithm; generating, by the MS, a signature response number based on the received challenge number and the authentication key stored within the MS using the first predetermined algorithm! modifying, by the MS, the generated signature response by using the second predetermined algorithm! and transmitting, by the MS, the modified signature response number to the network, wherein the modified signature response number is compared, by the network, with the modified expected response number to authenticate the MS.
7. The method of claim 6 further comprising: computing, by the network, a first ciphering key based on the challenge number and the authentication key using a third predetermined algorithm! enhancing, by the network, the first ciphering key according to a fourth predetermined algorithm! generating, by the MS, a second ciphering key based on the received challenge number and the authentication key stored within the MS using the third predetermined algorithm! and enhancing, by the MS, the second ciphering key by using the fourth predetermined algorithm, wherein the enhanced second ciphering key is expected to be the same as the enhanced first ciphering key and if so, it is used for subsequent encryption of data transmitted between the MS and the network.
8. The method of claim 7 wherein the fourth algorithm extends the length of the ciphering key.
9. An enhanced security system for communications between a mobile station (MS) and its wireless telecommunications network, the system comprising: a WAIN client (WC) and a subscriber identity module (SIM) on the MS, the WC and SIM providing an identity number to the network when the MS needs to attach to the network! and a wireless access internet node (WAIN) server (WS) and an authentication center on the network side for generating a random challenge number and determining an authentication key of the MS based on the provided identity number, for computing an expected response number based on the challenge number and the authentication key using a first predetermined algorithm, for modifying, by the network, the expected response number according to a second predetermined algorithm, wherein after the WS sends the challenge number to the MS, the MS generates a signature response number based on the received challenge number and the authentication key stored within the SIM using the first predetermined algorithm, modifies the generated signature response by using the second predetermined algorithm, and transmits the modified signature response number to the network, wherein the modified signature response number is compared, by the WS, with the modified expected response number to authenticate the MS.
10. The system of claim 9 further comprising means for: computing, by the authentication center, a first ciphering key based on the challenge number and the authentication key using a third predetermined algorithm! enhancing, by the WS, the first ciphering key according to a fourth predetermined algorithm! generating, by the SIM, a second ciphering key based on the received challenge number and the authentication key stored within the SIM using the third predetermined algorithm! and enhancing, by the WC, the second ciphering key by using the fourth predetermined algorithm, wherein the enhanced second ciphering key is expected to be the same as the enhanced first ciphering key and if so, it is used for subsequent encryption of data transmitted between the MS and the network.
11. The system of claim 10 wherein the fourth algorithm extends the length of the ciphering key.
PCT/US2003/022671 2002-07-23 2003-07-21 Enhanced security for wireless data transmission systems WO2004010720A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003261196A AU2003261196A1 (en) 2002-07-23 2003-07-21 Enhanced security for wireless data transmission systems

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US20099402A 2002-07-23 2002-07-23
US10/200,994 2002-07-23

Publications (1)

Publication Number Publication Date
WO2004010720A1 true WO2004010720A1 (en) 2004-01-29

Family

ID=30769589

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/022671 WO2004010720A1 (en) 2002-07-23 2003-07-21 Enhanced security for wireless data transmission systems

Country Status (2)

Country Link
AU (1) AU2003261196A1 (en)
WO (1) WO2004010720A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10701514B2 (en) 2016-03-15 2020-06-30 Dialog Semiconductor B.V. Determining the distance between devices in a wireless data exchange protocol
US11019037B2 (en) 2016-03-15 2021-05-25 Dialog Semiconductor B.V. Security improvements in a wireless data exchange protocol
US11877218B1 (en) 2021-07-13 2024-01-16 T-Mobile Usa, Inc. Multi-factor authentication using biometric and subscriber data systems and methods

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6104928A (en) * 1997-10-07 2000-08-15 Nortel Dasa Network System Gmbh & Co. Kg Dual network integration scheme
US6230002B1 (en) * 1997-11-19 2001-05-08 Telefonaktiebolaget L M Ericsson (Publ) Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6104928A (en) * 1997-10-07 2000-08-15 Nortel Dasa Network System Gmbh & Co. Kg Dual network integration scheme
US6230002B1 (en) * 1997-11-19 2001-05-08 Telefonaktiebolaget L M Ericsson (Publ) Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10701514B2 (en) 2016-03-15 2020-06-30 Dialog Semiconductor B.V. Determining the distance between devices in a wireless data exchange protocol
US11019037B2 (en) 2016-03-15 2021-05-25 Dialog Semiconductor B.V. Security improvements in a wireless data exchange protocol
US11877218B1 (en) 2021-07-13 2024-01-16 T-Mobile Usa, Inc. Multi-factor authentication using biometric and subscriber data systems and methods

Also Published As

Publication number Publication date
AU2003261196A1 (en) 2004-02-09

Similar Documents

Publication Publication Date Title
US7444513B2 (en) Authentication in data communication
US8861730B2 (en) Arranging data ciphering in a wireless telecommunication system
CA2655721C (en) Method and apparatus for security protection of an original user identity in an initial signaling message
JP3742772B2 (en) Integrity check in communication systems
JP4615892B2 (en) Performing authentication within a communication system
AU2002304237B2 (en) Wireless radio data protective device for private/public network wireless packet data services and authentication method according to internet connection request of mobile terminals recieving the services
EP2377337B1 (en) Service-based authentication to a network
JP2002084276A (en) Improved method for authentication of user subscription identity module
JP2012110009A (en) Methods and arrangements for secure linking of entity authentication and ciphering key generation
KR100920409B1 (en) Authentication of a wireless communication using expiration marker
WO2011029388A1 (en) Method, network element and mobile station for encryption algorithm negotiation
CA2758332C (en) Method and apparatus for transmitting and receiving secure and non-secure data
US20020169958A1 (en) Authentication in data communication
Khan et al. Vulnerabilities of UMTS access domain security architecture
KR101539242B1 (en) Prevention of eavesdropping type of attack in hybrid communication system
Hall Detection of rogue devices in wireless networks
WO2004010720A1 (en) Enhanced security for wireless data transmission systems
CN114245372B (en) Authentication method, device and system
Singh et al. Cell phone cloning: a perspective on gsm security
Kaur et al. A Review of Security issues and mitigation Measures in GSM
Doukas Security Technologies for Mobile Radio Systems
Flanagan et al. Radio Access Link Security for Universal Mobile Telecommunication Systems (UMTS)
Kumar et al. Wireless Cellular Security Mechanism
Deuter GSM/3G/4G/DECT Security
Audestad Mobile Security

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP