Location Privacy for Cellular Systems; Analysis and Solution
Geir M. Køien
Telenor R&D (Norway) and Agder University College (Norway)
and
Vladimir A. Oleshchuk
Agder University College (Norway)
2005.05.30 PET 2005 2
Background and Motivation
The Principals
User Entity (UE)– The Mobile Station (MS) w/radio access– A tamper resistant security module (smartcard etc)
Serving Network (SN)– Core Network nodes
• Gateways etc• Network Access Servers
– Access Network• Radio network controllers• Access Points (AP)
Home Server (HS)– Home Location Register– Authentication Center etc
2005.05.30 PET 2005 3
Background and Motivation
The 2G/3G Solutions
3G Access Security– The UMTS Authentication and Key Agreement (AKA) protocol
• Off-line delegated protocol
• Home network distributes complete session credentials to serving network..
• Which executes the network initiated mutual entity authentication (USIM and Network)
• Authentication based on knowledge of pre-shared secret (only at USIM and HLR/AuC)
• Challenge-Response with “signed” challenge to allow a one-pass scheme
Location/Identity Privacy– Permanent identity (IMSI) only used in clear “when necessary”– After initial identity presentation with IMSI in clear
• the AKA protocol is executed
• then encryption/integrity protection started
• then the Serving Network assigns a temporary identity (TMSI)
– Subsequent identity presentation with TMSI (in clear)
2005.05.30 PET 2005 4
Background and Motivation
Mobility Management
Cellular Control Model– Users subscribe to services at mobile operator (home environment/operator)
– Infrastructure in control of a central authority (the “serving network” operator)
– Operative control is at Serving Network, while administrative (incl. charging) control at Home
– Handovers under network control (performance/QoS reasons)
2G/3G Mobility Management– Location Registration (incl. loc. updating)
• No existing UE-SN relationship IMSI transferred in clear on common channel
– Call to Mobile Station• Paging (call announcement) is in cleartext on broadcast channel (IMSI or TMSI)
– Call from Mobile Station• Access in cleartext over common channel until identity is presented (IMSI or TMSI)
– Handover (HO)• HO takes place during an active call/session (w/encryption on)
2005.05.30 PET 2005 5
UMTS Authentication and Key Agreement
RNC BSC
Tel enor
HLR(AuC)
Telenor
D u har f or li te å gj ør e!
UICC/USIM
MS
APSendAuthInfo(IMSI)
SendAuthInfo-ack(AV)
Challenge(RAND,AUTN)
Response(RES)
SGSNor
VLR/MSC
Confidentiality and Integrity
Scope of authentication (both stages)
Parametergeneration
Computeresponse andsession keys
3G Security and Privacy: Principals: USIM, SN and HE Mutual off-line (delegated) challenge-response, executed between SN and USIM Confidentiality on all user/control plane data and integrity on control plane data Limited privacy (IMSI presented in clear, but “protected” TMSI used when possible)
2005.05.30 PET 2005 6
Background and MotivationPrivacy Issues and Location Issues
3GPP Privacy Requirements
– User Identity Confidentiality• The property that the identity cannot be eavesdropped over the radio access link
– User Location Confidentiality • Presence/arrival of a user cannot be detected by eavesdropping on the radio link
– User untraceability• Protection against tracking of users
Location Issues– The Serving Network (SN) will necessarily know where the subscriber is
• During active calls/session through radio derived methods (this is a E112/E911 req.)
• During idle time through the registration (tied to a location area)
– The Home Server network will only know which SN the UE is attached to– The UE must depend on infrastructure support to determine location
• Satellite (GPS), possibly with SN support (kick-start measurements and timing)
• Location can also be provided by SN (commercial service)
2005.05.30 PET 2005 7
Background and MotivationControl and Trust Issues
Trust RelationshipsUE – HS:
UE is a subscriber with the HS. HS has security jurisdiction over UE. With current subscription models the relationships is relatively long (even for pre-paid).
SN – HS:Mutual relationship based on legally binding roaming agreements. Both parties wants to limit the trust needed to maintain the relationship.
UE – SN:No a priori relationship. Relationship created on-the-fly with the HS as the mediator.
Control Issues– Home Control
• Large no.of serving network operators• For commercial reasons the operators sign even with “bad” operators• Particularly problematic in the delegated off-line model in current cellular systems
– Remedy: On-line authentication (Home – Subscriber) – Remedy: Spatial home control may be needed for large pan-national
serving networks
2005.05.30 PET 2005 8
Enhanced Security and Privacy Requirements
Performance is King (AKA requirements)– The most critical performance aspect is temporal (real-time response)– Processing time may be significant – but Moore’s law is on our side– Message Propagation Delays – Physical laws– Important to reduce no of round-trips to a minimum
3-Way AKA– We have three principals that all should be active in the security context
Security Context Hierarchy– Long-term contexts is the basis (Roaming agreements and Subscription contacts)– Medium-term contexts needed to establish credentials for 3-way context– Short-term session contexts needed for over-the-air protection
Computational and Communication Balance– AKA computation should be possible on secure device (smartcard)– Air-interface may have severe capacity restrictions during establishment
2005.05.30 PET 2005 9
Enhanced Security and Privacy The Architectural Context
Minimizing Total Setup Execution Time– Typical 3G scenario for initial registration
UESN: Access Request (access channels are narrow; minimal message)SNUE: “Go to control channel and identify yourself”UESN: Present IMSI; Request to be registered;SNHS: Request credentials for IMSIHSSN: Reply( Authentication Vector )SNUE: Challenge( RAND,AUTN )UESN: Response ( RES ) …
– Identity Presentation, Initial Registration and AKA triggered by same event– Historic reasons that lead to sequential/serial procedure execution– Combined procedures means fewer round-trips
Location Privacy vs. Spatial Home Control– Problematic to allow spatial home control and provide location privacy– Spatial resolution important
• Coarse grained resolution may be acceptable for both purposes• Cryptographic methods may allow other acceptable compromise
2005.05.30 PET 2005 10
Enhanced Security and Privacy The Initiator-Responder Scheme
Combined Identity Presentation, AKA and Location Registration– Location Registration is invariably triggered by the UE– Combined procedure must therefore be trigger by UE
The Context Reference Identity (CRID)– To provide location privacy an anonymous identity should be used– Context Reference Identity:
• Pseduo-random value created by UE
• Valid for exactly one medium-term 3-way security context
• HS must be allowed to learn both CRID and permanent identity
• SN shall not learn permanent identity, but will know that HS acknowledges CRID
An additional Temporary Alias Identity (TAID)– Medium-term context valid for several sessions– TAID is (pseudo-random) session identity assigned by SN– SN and UE knows (TAID,CRID) association
2005.05.30 PET 2005 11
Enhanced Security and Privacy
Home Control
Secure Multi-party Computation (SMC)– HS defines a Validity Area (VA) were UE is permitted to be – UE location (x,y) should not be revealed to HS– Point-Inclusion scheme allows HS to receive privacy protected location E(x,y) and
still determine if “is (x,y) inside VA”.
Spatio-Temporal Binding of Medium-Term Security Context SN identity tied to context HS identity tied to context Context Reference Identity (CRID) tied to context Area identity (large area) tied to context Validity period tied to context
2005.05.30 PET 2005 12
Privacy Preserving 3-Way AKA
Cryptographic basis
Secure Multi-party Computation (SMC)– Homomorphic crypto
– Operation X on encrypted data is equivalent to some operation Y on cleartext data
Identity-Based Encryption (IBE)– Identity string used as public-key key (for instance [email protected])– Alice must know system parameters before she can encrypt with ID– Private Key Generator (PKG) creates corresponding private key – Bob receives private key from PKG– No authentication in basic scheme
Challenge-Response– Two-way challenge-response between UE and HS– Symmetric MAC “signed” response (based on long-term pre-shared secret)
Diffie-Hellman (DH) Exchange– DH used for generation of medium-term shared secret– DH exchange between SN and HS, but used between SN and UE
2005.05.30 PET 2005 13
Privacy Preserving 3-Way AKA Secure 2-Party Location Inclusion Protocol (S2PLIP)
The S2PLIP concept– Executed between SN and HS– SN provides UE position (x,y), HS provides polygon P– SN does not want HS to learn (x,y) and HS do not want to disclose P
The S2PLIP protocol0. Distribution of public-key pair from Bob (HS) to Alice (SN). Use same E/D.
Location z = (x,y); Polygon P = {ai,bi | i = 1,2,..n} HSSN: E(P) SNHS: “Please decrypt parameter ύ (for some i)” HSSN: D(ύ)1. SNHS: Vector of values e2. HS: Iff D(e)>0 for all e then z is inside P
HS-SN Interface is high capasityS2PLIP has few round-trips
2005.05.30 PET 2005 14
Privacy Preserving 3-Way AKA Outline of the PP3WAKA protocol
Always initiated by UE UE generates CRID IBE to provide confidentiality (UESN and UEHS) Challenge-Response (UEHS) DH over SN-HS interface SMC to protect location while allowing spatial home control
UE SN HSA-interface(unprotected)
B-interface(protected)
Message_1(A, B, PERIOD, HSID)
{ Message_2(B, C) }BKEY
{ Message_3(D, DHB, dSN, CRID) }BKEY
{ SubscriberInfo(CRID,"subscriber info") }BKEY
Message_4(D, RNDSN, E)
Message_5(RNDSNUE, F) { Message_6(CRID, RESHSUE) }BKEY
{ Message_7(CRID, "success" }BKEY
2005.05.30 PET 2005 15
Privacy Preserving 3-Way AKA
Outline of the PP3WAKA protocol
1: UE prepares PP3WAKAPrf() CRIDGenerate UEHS challenge/response data incl. keysHSK = HSID||SNID||LONG_TERM_PERIOD (HS IBE public key)ID = HSID||SNID||Hashed_Area_Code||PERIOD (SN IBE public key)EID(CRID) A
EHSK(UEID,CRID,Challenge) B
UESN: (A,B,PERIOD,HSID)
2: SN prepares to contact HSSN observes UE location (x,y) (we presume polygon E(P) present at SN)SN generates ύSN generates DH value DHAC = PERIOD||HAC|| ύ ||DHA
SNHS: {B,C}BKEY
2005.05.30 PET 2005 16
Privacy Preserving 3-Way AKA 3: HS responds
Validity of PERIOD verified. HS constructs ID and HSK, and generates corresponding private keys dID and dHSK.
Decrypt B. Associate CRID-UEID. Compute response to UE. Generate challenge to UE. Generate UE-HS shared key, and use it to protect data sent to UE.EUE-HS key(Challenge, Response,DH secret s) D
In parallel: S2PLIP continues (HS return decrypt ύ))
HSSN: {D,DHB,dID,CRID, ύ}BKEY
4: SN receives HS response and continues setup with UESN, which now has dID , decrypts A to get CRID.
Continue iff (CRIDUE = CRIDHS). Compute DH secret s. Generate pseudo-random key derivation element RNDSN.
Derive session keys: KeyGens(CRID,RNDSN) KSN
Generate TAID; protect and bind to CRID: EKsn(CRID,TAID) E
In parallel: S2PLIP continues (SN start computation of e-values)
SNUE: (D,RNDSN,E)
2005.05.30 PET 2005 17
Privacy Preserving 3-Way AKA 5: UE responds
Decrypts D. Then verify HS response, and compute own response to HS. UE accepts s, and generates session keys: KeyGens(CRID,RNDSN) KSN
KSN is used to decrypt E. UE then gets CRID,TAID.
Generate pseudo-random key derivation element RNDUE.
Derive session keys: KeyGens(CRID,RNDUE) KUE
EKue(TAID,RESHE) F
UE believes that SN has possession of s. With msg-5 the UE has demonstrated possession of s to SN. UE and SN also believe that KSN and KUE are shared session keys.
UESN: (RNDUE,F)
6: SN receives UE response and forward response to HSDerive session keys: KeyGens(CRID,RNDUE) KUE
Decrypt F. Verify TAID. Forward RESUE. SN now believes that s is a shared secret for CRID. Only outstanding is a verification that HS has authenticated CRID(and thereby UE).S2PLIP continues (SN forwards e-values)
SNHS: {CRID,RESSN,e-values}BKEY
2005.05.30 PET 2005 18
Privacy Preserving 3-Way AKA 7: HS responds to SN
HS verifies UE response. HS now considers UE to be authenticated and CRID a valid UE identity. It then completes spatial verification (of e-values).
Message 7 is sent to SN to verify that HS acknowledges CRID.
HSSN: {CRID,’success’}BKEY
8: SN receives HS acknowledge
SN now has assurance that HS acknowledges CRID. UE has not yet verification that HS accepted its response, but UE can continue without this knowledge (any subsequent SN usage of the PP3WAKA credentials will demonstrate SN belief in the credentials).
2005.05.30 PET 2005 19
Analysis of the PP3WAKA protocolComplexity
The PP3WAKA protocol is complex (by necessity)– Computation:
• feasible on advanced smartcards• Pre-computation possible for SN and HS
– Communication: • Over-the-air message sizes seems feasible • Round-trip count OK due to combined Mobility Mngt and Security procedures
Hard to convince one self of correctness
Difficult to apply formal methods – Privacy not easy to model in most formalisms– 3-Way protocols not easy to model – IBE not easy to model (easy to “assume too much”)– SMC not easy to model (again, what is correct assumptions to be made)
But formal verification is on our agenda!– Even inadequate model may be beneficial – Primary goal might be insight and not proofs per see
2005.05.30 PET 2005 20
Analysis of the PP3WAKA protocol
Privacy
Permanent UE identity is never revealed over the air or to the SN
Context Reference Identity (CRID):– Known to UE,SN,HS– Relatively short-lived – Never revealed over the air (or elsewhere)
The Temporary Alias Identity– Not know by HS– Very short lifespan– Will be revealed over the air (paging and access request)
Location information– SN knows location, but SN can only associate it with CRID/TAID– HS will only be given very coarse grained information (SN area)– Adversary:
• Can now that there is a subscriber at location (x,y)• But will not be able to deduce identity or track user when CRID/TAID changes
2005.05.30 PET 2005 21
Analysis of the PP3WAKA protocolSecurity
An informal argument– DH-exchange and Challenge-Response are well know mechanisms– We assume security of IBE (and SMC)
UE-HS authentication– By means of online challenge-response (MAC with pre-shared secret)
SN assurance of CRID– SN-HS relationship exists– HS received CRID from UE (IBE protected and tied to challenge-response) – HS assert that CRID is a valid identity (over protected channel)
Belief in DH-secret– Created online over protected channel (SN and HS believes in s) – HS has jurisdiction over UE – UE knows that CRID is fresh and so it believes that s is a valid shared secret
Belief in session keys– Session keys derived from s– Session keys are fresh since RND elements are fresh
2005.05.30 PET 2005 22
Privacy Preserving 3-Way AKA
Conclusion
PP3WAKA– Successfully provides credible subscriber location/identity privacy – Successfully provides a 3-way security context (UE,SN,HS)– Successfully provides a flexible session key scheme (UE-SN)– Successfully provides a measure of Spatial Home Control– Intelligent combination of Mobility Management and Security procedures– Efficient in terms of round-trips (total execution time)– Good balance in terms of computation requirements between principals– Good balance in terms of communication requirements over interfaces
Outstanding issues– Formalize security arguments – Formalize privacy arguments– Get some experience (pilot implementation)