 |
|
|
|
|
|
|
|
|
35 series - Cryptographic algorithms
Description
The 35 series defines the cryptographic algorithms used in network access security. There are algorithms for the following security features:
- Authentication: The home network confirms the identity of the user, to prevent unauthorised users from gaining access to the network. The mobile also confirms the identity of the network, to prevent spoof networks from communicating with the user.
- Encryption: Data and signalling messages can be encrypted on the radio link between the UE and the serving network's RNC, to prevent eavesdropping.
- Integrity protection: An integrity field is added to most of the signalling messages exchanged between the UE and the serving network's RNC, to prevent the messages from being modified in a "man-in-the-middle" attack.
The algorithms are publicly defined: their security relies on shared knowledge of a secret key K, which is stored in the mobile's USIM and the home network's authentication centre. K is used by the authentication algorithm, which also computes two additional keys CK and IK that are used for encryption and integrity protection.
The most useful introduction is the 33 series specification TS 33.105.
Abbreviations
| CK | Cipher key |
| IK | Integrity key |
| RNC | Radio network controller |
| UE | User equipment |
| USIM | Universal subscriber identity module |