28-06-2012, 11:14 AM
CDMA 1xRTT Security
[attachment=25866]
Executive Summary
Since the birth of the cellular industry, security has been a major concern for both service
providers and subscribers. Service providers are primarily concerned with security to prevent
fraudulent operations such as cloning or subscription fraud, while subscribers are mainly
concerned with privacy issues. In 1996, fraudulent activities through cloning and other means cost
operators some US$750 million in lost revenues in the United States alone. Fraud is still a
problem today, and IDC estimates that in 2000, operators lost more than US$180M in revenues
from fraud. Technical fraud, such as cloning, is decreasing in the United States, while subscription
fraud is on the rise1. In this paper, we will limit our discussions to technical fraud only. With the
advent of second-generation digital technology platforms like TDMA/CDMA-IS-41, operators
were able to enhance their network security by using improved encryption algorithms and other
means. The noise-like signature of a CDMA signal over the air interface makes eavesdropping
very difficult. This is due to the CDMA “Long Code,” a 42-bit PN (Pseudo-Random Noise of
length 242-1) sequence, which is used to scramble voice and data transmissions.
Security – CDMA Networks
The security protocols with CDMA-IS-41 networks are among the best in the industry. By
design, CDMA technology makes eavesdropping very difficult, whether intentional or accidental.
Unique to CDMA systems, is the 42-bit PN (Pseudo-Random Noise) Sequence called “Long
Code” to scramble voice and data. On the forward link (network to mobile), data is scrambled at a
rate of 19.2 Kilo symbols per second (Ksps) and on the reverse link, data is scrambled at a rate of
1.2288 Mega chips per second (Mcps).
CDMA network security protocols rely on a 64-bit authentication key (A-Key) and the
Electronic Serial Number (ESN) of the mobile. A random binary number called RANDSSD,
which is generated in the HLR/AC, also plays a role in the authentication procedures. The A-Key
is programmed into the mobile and is stored in the Authentication Center (AC) of the network. In
addition to authentication, the A-Key is used to generate the sub-keys for voice privacy and
message encryption.
Authentication
In CDMA networks, the mobile uses the SSD_A and the broadcast RAND* as inputs to the
CAVE algorithm to generate an 18-bit authentication signature (AUTH_SIGNATURE), and sends
it to the base station. This signature is then used by the base station to verify that the subscriber is
legitimate. Both Global Challenge (where all mobiles are challenged with same random number)
and Unique Challenge (where a specific RAND is used for each requesting mobile) procedures are
available to the operators for authentication. The Global Challenge method allows very rapid
authentication. Also, both the mobile and the network track the Call History Count (a 6-bit
counter).
Voice, Signaling, and Data Privacy
The mobile uses the SSD_B and the CAVE algorithm to generate a Private Long Code Mask
(derived from an intermediate value called Voice Privacy Mask, which was used in legacy TDMA
systems), a Cellular Message Encryption Algorithm (CMEA) key (64 bits), and a Data Key (32
bits). The Private Long Code Mask is utilized in both the mobile and the network to change the
characteristics of a Long code. This modified Long code is used for voice scrambling, which adds
an extra level of privacy over the CDMA air interface. The Private Long Code Mask doesn’t
encrypt information, it simply replaces the well-known value used in the encoding of a CDMA
signal with a private value known only to both the mobile and the network. It is therefore
extremely difficult to eavesdrop on conversations without knowing the Private Long Code Mask.
[attachment=25866]
Executive Summary
Since the birth of the cellular industry, security has been a major concern for both service
providers and subscribers. Service providers are primarily concerned with security to prevent
fraudulent operations such as cloning or subscription fraud, while subscribers are mainly
concerned with privacy issues. In 1996, fraudulent activities through cloning and other means cost
operators some US$750 million in lost revenues in the United States alone. Fraud is still a
problem today, and IDC estimates that in 2000, operators lost more than US$180M in revenues
from fraud. Technical fraud, such as cloning, is decreasing in the United States, while subscription
fraud is on the rise1. In this paper, we will limit our discussions to technical fraud only. With the
advent of second-generation digital technology platforms like TDMA/CDMA-IS-41, operators
were able to enhance their network security by using improved encryption algorithms and other
means. The noise-like signature of a CDMA signal over the air interface makes eavesdropping
very difficult. This is due to the CDMA “Long Code,” a 42-bit PN (Pseudo-Random Noise of
length 242-1) sequence, which is used to scramble voice and data transmissions.
Security – CDMA Networks
The security protocols with CDMA-IS-41 networks are among the best in the industry. By
design, CDMA technology makes eavesdropping very difficult, whether intentional or accidental.
Unique to CDMA systems, is the 42-bit PN (Pseudo-Random Noise) Sequence called “Long
Code” to scramble voice and data. On the forward link (network to mobile), data is scrambled at a
rate of 19.2 Kilo symbols per second (Ksps) and on the reverse link, data is scrambled at a rate of
1.2288 Mega chips per second (Mcps).
CDMA network security protocols rely on a 64-bit authentication key (A-Key) and the
Electronic Serial Number (ESN) of the mobile. A random binary number called RANDSSD,
which is generated in the HLR/AC, also plays a role in the authentication procedures. The A-Key
is programmed into the mobile and is stored in the Authentication Center (AC) of the network. In
addition to authentication, the A-Key is used to generate the sub-keys for voice privacy and
message encryption.
Authentication
In CDMA networks, the mobile uses the SSD_A and the broadcast RAND* as inputs to the
CAVE algorithm to generate an 18-bit authentication signature (AUTH_SIGNATURE), and sends
it to the base station. This signature is then used by the base station to verify that the subscriber is
legitimate. Both Global Challenge (where all mobiles are challenged with same random number)
and Unique Challenge (where a specific RAND is used for each requesting mobile) procedures are
available to the operators for authentication. The Global Challenge method allows very rapid
authentication. Also, both the mobile and the network track the Call History Count (a 6-bit
counter).
Voice, Signaling, and Data Privacy
The mobile uses the SSD_B and the CAVE algorithm to generate a Private Long Code Mask
(derived from an intermediate value called Voice Privacy Mask, which was used in legacy TDMA
systems), a Cellular Message Encryption Algorithm (CMEA) key (64 bits), and a Data Key (32
bits). The Private Long Code Mask is utilized in both the mobile and the network to change the
characteristics of a Long code. This modified Long code is used for voice scrambling, which adds
an extra level of privacy over the CDMA air interface. The Private Long Code Mask doesn’t
encrypt information, it simply replaces the well-known value used in the encoding of a CDMA
signal with a private value known only to both the mobile and the network. It is therefore
extremely difficult to eavesdrop on conversations without knowing the Private Long Code Mask.