Page 189 - From GMS to LTE
P. 189

Universal Mobile Telecommunications System (UMTS) and High-Speed Packet Access (HSPA)  175


                          UE                S-RNC                 SGSN

                        RRC Connection Setup (cp. Figure 3.14)
                            RRC Initial Direct Transfer                 Terminal establishes
                            (Activate PDP Context, PS)  SCCP CR
                                                      SCCP CC           connection with the
                                                  RANAP Initial UE Message  network
                                                  (Activate PDP Context)
                             GMM Authentication and Ciphering Request
                             GMM Authentication and Ciphering Response
                                                 RANAP Security Mode Command  Network starts
                             RRC Security Mode Cmd
                             RRC Security Mode Complete  RANAP Security Mode Complete  security procedures
                                                                               GGSN
                                                                      GTP Create PDP
                                                                      Context Request
               PDP                                                    GTP Create PDP
                                                                      Context Response
               Context                           RANAP RAB Assignment Req.  (returns IP address)
               establish-        Radio Resource Allocation (cp. Figure 3.36)
               ment                              RANAP RAB Assignment Cmpl.
                               GMM Activate PDP Context Accept (return IP address)
                                               Transfer of User Data


               Figure 3.37  PDP context activation.


               3.9   UMTS Security

               Like GSM, UMTS has strong security measures to prevent unauthorized use and eaves-
               dropping on user data traffic and conversations. UMTS also includes enhancements to
               overcome a number of weaknesses that have been found over the years in the way GSM
               protects networks and users. The following are the main weaknesses:

                 The GSM circuit‐switched part does not protect the link between the base station
               ●
                and the BSC. In many cases microwave links are used, which are vulnerable to third
                party monitoring.
                 GSM allows man‐in‐the‐middle attacks with equipment that masquerades as a GSM
               ●
                base station.
                 The CK length used in GSM is 64 bits. Although secure when GSM was first developed
               ●
                in the early 1990s, the length is considered insufficient today.
                 A number of weaknesses with the A5/1 stream cipher have been detected, as described
               ●
                in Chapter 1, which allow decryption of a voice conversation with the appropriate
                equipment.
                UMTS  addresses  these  weaknesses  in  a  number  of  ways.  As  in  GSM,  a  one‐pass
               authentication and key agreement (AKA) procedure is used with immediate activation
               of ciphering after successful authentication. The general principle is described in
               Chapter 1. When a mobile device attaches to the network after power‐up, it tries to
   184   185   186   187   188   189   190   191   192   193   194