Académique Documents
Professionnel Documents
Culture Documents
outline
a SIM card mini-tutorial
features, protocol flow, usage, production, addressing
how 2G, 3G roaming works over the air (OTA) loading of UICC apps
example: X.509 certificate download
How the parameter logistics works a bonus business model thrown in summary
safe storage for shared secret - accessible only through CHAP operation
not broken as of today except for most stupid CHAP algorithm known
everybody can have SIMs made even Mom&Pop ISP not everybody may
roam with other cellular operators use the GSM algorithm A3/A8 you wouldnt want it anyway must be member of GSM association for that
having your own algorithm in a chip mask is a circa $50K+ affair for testing & development unprogrammed castrated chips used (XOR algorithm for CHAP...)
read 3G (U)SIM Security Reuse by Peripheral Decices on local interfaces contains some threat analysis
present IMSI
Authentication Center
shared secret
IMSI structure
MCC MNC MSIN Three digits Two to three digits Maximum of ten digits
IM SI Maximum of fifteen digits MCC MNC MSIN IMSI Mobile Country Code Mobile Network Code Mobile Subscriber Identification Number International Mobile Subscriber Identity
T0207420-98
MCC/MNC uniquely designates an operator and his authentication center when roaming, MCC/MNC tells the visiting network where to route the authentication request this is done via SS7 MAP (mobile application part)
regularly used in 2G networks today for functionality upgrades & parameter download
present IMSI
Authentication Center
send RESP (challenge response) keys result: Cipher key Integrity key shared secret, Sequence numbers
how the 2G/3G user ids (IMSIs) are mapped to RADIUS authentication:
take mobile country code, mobile network code use them to create a realm Example
IMSI = 232011234567890
means mcc=232 (Austria) mnc=01 (Mobilkom)
resulting realm
mnc01.mcc232.owlan.org
convention established by Nokia Nokia owns owlan.org domain pro-bono from thereon this is vanilla RADIUS roaming but its just fine if we call it mnc01.mcc232.visionNG.org if that sounds better, realms just gotta be unique
issue (U)SIM cards which work both in a 2/3G handset AND as WiFi/SIP auth tokens note the same card authenticates both uses! leave choice to user how to connect Internet or cellular using the same E.164 number
Summary
2G/3G has a strong/very strong authentication architecture it is almost copy & paste for iTSP use at WiFi access, WiFi roaming acces, SIP and other levels (TBD!) it can serve to solve the X.509 certificate distribution problem operator model (2G/3G home network, ISP home network) has no impact on Internet-side terminals numbering & addressing resources are compatible and available (maybe not obviously so) the Internet could become the biggest (U)SIM authenticated mobile network ever to roam with 2G/3G land