/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/07/31/website-banner-2025-07-31-17-21-17.jpg)
Most people are unaware that the ubiquitous mobile, which we all carry around
and whose proliferation in our lives has far overtaken any other form of
communication, can potentially be misused by rogue intruders. Your mobile could
be cloned by someone else, posing a serious threat to you as well as your
service provider.
Service providers and mobile handset manufacturers are working in conjunction
to overcome this challenge by introducing authentication and encryption on the
networks.
Here is a look at authentication and encryption for CDMA networks.
- Authentication: A process by which the system identifies authorized
users for particular services within the system. It provides assurance to
the system that the user is genuine. - Cryptography: This is the science of encryption and decryption and
is based on mathematical algorithms.
With the advent of computers and faster processing
techniques, cryptography underwent major changes and most of today's
cryptographic techniques are patented with electronic security firms or have
been developed at educational institutions.
-
Encryption: This is the conversion of message from
its original form to an unrecognizable encrypted form. Decryption is the
re-conversion of encrypted message to its original form.
In principle, encryption and decryption remains the same as
practiced by our ancestors-changing the characteristics of a message so that
only the genuine receiver is able to decrypt.
/vnd/media/post_attachments/6f0085c939b8436f01182daee47ae059889aa242e8423ab3af07dccac8755b1c.gif)
Authentication Process
An authentication model can be easily represented by the diagram shown
below. As soon as a user desires some service from the serving system, a random
number is thrown at him from the serving system as a challenge to authenticate
itself. The user takes this random number and performs a cryptographic algorithm
on it using a secret key that is known at both ends and is identical. The same
process is carried out at the serving system using the same cryptographic
algorithm and the secret key. The resultant output from the user's side is given
to the serving system as a 'response'. The serving system compares the response
with its own computation. If the two match, the user is permitted access, else,
denied entry.
|
|
||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
/vnd/media/post_attachments/eadd71d275f5f5350319c07b233f330088fc81bac5b3796ebcd32f4d69a113ee.jpg)
Encryption and Decryption
For encryption, the system makes use of keys, which are nothing but
variables. When these are used in conjunction with the original message (or
unencrypted message) an encrypted message is produced. The methodology or
formula for combining the original message and the key to produce an encrypted
message are together known as the cryptographic algorithm.
At the receiver end, a reverse process of decryption takes
place using the same key and the cryptographic algorithm.
Most cryptographic systems use either secret key (symmetric)
cryptography or public key (asymmetric) cryptography, and even a mix
of both. The management of the keys and cryptographic
algorithms is a complex subject and beyond the scope of this article.
Authentication and Encryption
The principle of authentication in CDMA systems is the process of
identifying a mobile on the network. Authentication is used to prevent
fraudulent use of cloned or tumbled mobiles.
Here are certain terms that are commonly associated with CDMA
technology and will be used frequently in this article.
-
ESN (electronic serial number): A 32-bit electronic
serial number of the mobile, which is pre-programmed by the manufacturer at
the factory. ESN is unique to each mobile on the network and is used to
identify mobiles on the network. -
MIN (mobile identification number): A 10-digit number
that is assigned by the service provider to a mobile on the network. This
too is unique to each mobile. The MIN, along with the ESN, is used to
identify mobiles on a network. -
MDN (mobile directory number): Another 10-digit number
assigned by the service provider to mobiles on its network. This number is
usually known to the customers and to the outside world as the mobile
number.
The MDN and MIN may be the same and it is the prerogative of
a service provider to provision this pair of numbers. As a best practice, most
CDMA service providers maintain a different pair set associated with an ESN
number in their database.
To facilitate authentication on the network there is a
special master key, referred to as the A-key or authentication key, which is a
64-bit number stored in the permanent memory of a mobile. This is pre-programmed
at factory settings by the mobile manufacturer and should never be violated.
-
Cloning: The cloning of a mobile refers to a
malicious procedure whereby a rogue intruder programs and assigns an
unauthorized pair of MIN/ESN combination on a cloned mobile thereby fooling
the network into believing that the cloned mobile is a genuine mobile. -
Tumbling: On the other hand, tumbling is process
where the rogue intruder keeps changing the pair of MIN/ESN at regular
intervals on the mobile, to avoid detection.
To halt the above malpractices, most CDMA service providers
have built-in authentication and encryption systems that are already a part of
the CDMA 1x RTT specifications. The authentication and encryption system is
elaborated in the accompanying figure.
The authentication and encryption systems is divided into
three sections, namely: SSD generation/update, authentication, and encryption/
decryption.
At the heart of this system is CAVE cryptographic algorithm,
which is used at various stages of this system for generating sub-keys.
The SSD Generation/Update
The SSD is an intermediate key, which generates further session keys. The
initial value of the SSD by default is 0. On initiation of an SSD generation,
the network sends a RANDSSD (a 56-bit random number generated at the network
AC-authentication centre) to the mobile. The mobile and the network inputs this
RANDSSD along with the ESN and A-key to the CAVE algorithm to generate a pair of
SSD A (64 bits) and SSD B (64 bits). The SSD A is further used for
authentication and SSD B is used for generation of session keys for scrambling
and encrypting voice, data, and signaling messages.
The SSD (shared secret data) is a 128-bit number that is
stored in the semi-permanent memory of a mobile.
Even during the power off condition of a mobile, SSD pairs
are maintained and are re-used until the network performs another SSD update,
which it usually does on a periodic basis or whenever the service provider feels
that security of the network has been comprised by a particular mobile.
Remember! The ESN and A-Key are unique to a mobile and
therefore should never be comprised.
Authentication
To perform authentication, the base station sends out RAND (a 32-bit random
number) as a challenge to the mobile, which when used with the
SSD A (generated earlier), ESN, and MIN as inputs to the CAVE algorithm produces
an authentication signature (AUTHR (18 bits)) which it then sends back to the
base station.
The base station also calculates its own version of the
authentication signature and compares it with the received value.
The base station permits access to the mobile if the
authentication signatures match. Else, it denies access in case of a mismatch.
In the event of a mismatch, the network may even initiate an SSD update, as
explained above, to generate a new pair of SSD A and SSD B.
In some cases, the base station may also initiate a unique
challenge, which unlike the above procedure (known as a global challenge),
involves sending a unique random number RANDU (24-bit random number) to a
particular mobile which generates a unique authentication signature (AUTHU (18
bit number)), which is sent back to the base station for verification.
/vnd/media/post_attachments/723ccc6855a543064cac851a7f168518098b4078270857bc74c5b8f016dbe711.gif)
In the event that authentication is enabled on the network,
the authentication signature is always sent by a mobile to the base station
during registration, origination, page response, and data burst messages.
Encryption and Decryption of Voice, Data, and Signaling
Messages
The SSD B is further fed into CAVE, which generates a 520-bit voice privacy
mask (VPM). The last 40 bits of the VPM are used as private long code mask (PLCM),
which is used to change the characteristics of the long code in the mobile and
the network. This modified long code is then used to scramble the voice sent
over the air interface.
In addition to PLCM, the SSD B generates a data key (32 bits)
and CMEA (cellular message encryption algorithm) key (64 bits) for data and
signaling message encryption. The data key, along with the data, is fed into the
Oryx cryptographic algorithm to encrypt the data information.
The CMEA key, along with the signaling message, is fed into
the E-CMEA (enhanced-CMEA) algorithm for encrypting signaling data such as DTMF
tones, dialed keypad encryption, and short messages.
Conclusion
Authentication on the network would allow the service provider to detect
fraudulent usage on its network and protect the user from misuse of mobiles due
to cloning.
With next-generation networks and mobiles promising more
demanding mobile applications, such as mobile payments and mobile wallets, the
usefulness of encrypting signaling messages becomes even more important. Data
such as dialed numbers on the keypad- which may be in the form of personal
identification numbers (PIN) numbers, credit card numbers, or bank information-would
be encrypted using the E-CMEA algorithm which would protect the user's
confidential data over the air interface.
Amit Balani head (India Carrier Support Group) LG
Soft India vadmail@cybermedia.co.in