CDMA Security

Introduction
 There is a single master key called the A-key which is
used for authentication procedures
 The A-Key is programmed into the mobile and is
stored in the Authentication Center (AC) of the
network.
 In addition to authentication, the A-Key is used to
generate the sub-keys for voice privacy and message
encryption.
 A-key known only by the Service Provider and the MS
 CDMA network security protocols rely on a 64-bit
authentication key (A-Key) and the Electronic Serial
Number (ESN) of the mobile.
Introduction contd..,
 Some of the terms frequently used in CDMA systems
are
 ESN
 MIN
 MDN

ESN (Elect roni c Seri al N umb er)

 Every mobile on the system is uniquely identified by
the Electronic Serial Number (ESN) which is a 32 bit
number pre-programmed at factory setting by the
mobile phone manufacturer.
Introduction contd..,
 The ESN is used to identify a mobile on the network.

MIN (M obi le Id ent ificati on Numb er )

 The Mobile Identification Number (MIN) is a 10 digit
number that is assigned by the Service Provider to a
mobile on the network.
 This too is unique to each mobile on the network and
is used in conjunction with the ESN to identify the
mobile on the network.
 Similar to IMSI in GSM network.
Introduction contd..,
MDN (Mob il e D ir ect ory Numb er)
 The Mobile Directory Number (MDN) is
another 10 digit number which is assigned by
the Service Provider to a mobile on the
network.
 This is the number which is known to the
outside world as the user’s mobile number.
 Similar to MSISDN in GSM.
Authentication in CDMA
systems
 At the heart of the Authentication model in
CDMA is the Authentication key or A-key
which is like a master key to the system.
 The A-key is a 64 bit number stored in the
mobile station and is usually pre-programmed
at factory settings.
 The CDMA networks make use of a
cryptographic algorithm known as CAVE or
Cel lul ar Aut henti cat ion a nd Voice
Encryp ti on which is used in various stages
of the procedure.
 This algorithm is used to generate a 128-bit
sub-key called the “Shared Secret Data”
(SSD).
 On the initiation of a SSD generation the
Home Location Register/Authentication
Centre (HLR/AC) sends out a Random
number RA NDSSD (56 bits) as a challenge.
 The A-Key, the ESN and the network-supplied
RANDSSD are the inputs to the CAVE that
generates SSD.
 The generated SSD is a 128 bit pattern,
which is a concatenation of two 64-bit
subkeys: SSD_A and SSD_B.
 The above steps are followed by a procedure
known as Gl oba l Ch al leng e.
 In this process the SSD_A is further fed into
the CAVE algorithm along with ESN and MIN
and a random number known as RAND (32
bits) which is now generated by the MSC.
SSD generation
 The result computed as Auth ent ica ti on
Si gna tur e (AU THR) (1 8 bit s) is sent back
by the mobile to the network.
 The network too would have calculated its
own version of AUTHR which it uses to
compare the result.
 The network Base Station permits access to
the mobile if the Authentication Signatures
match and denies access if they do not.
Voi ce, S ign alin g a nd D ata
Pr ivac y
 The mobile uses the SSD_B and the CAVE algorithm
to generate
a Private Long Code Mask
a Cellular Message Encryption Algorithm (CMEA)
key (64 bits)
a Data Key (32bits).
 Voice Privacy is provided by changing the
characteristics of the Long PN Code which is used for
spreading the Voice on the Traffic Channel.
 The SSD_B is fed into the CAVE algorithm along with
the RAND and ESN to generate a 52 0 bit Vo ice
Pr iva cy Mask (VPM ).
 The last 40 bits of this VPM is used as Private
Long Code Mask (PLCM) in both the mobile
and the network to change the characteristics
of a PN Long code.
 This modified Long code is used for voice
scrambling, which adds an extra level of
privacy over the CDMA air interface.
 The SSD_B along with the RAND and ESN generates
a CMEA (Cel lu la r Mess ag e En crypt ion
Al gorit hm) key (64 bit s) which is then used on
the E- CM EA (Enh an ced CMEA) algorithm to
encrypt the signaling messages sent over the air and
to decrypt the information received.
 SSD_B is also fed into a Data Key Generator along
with the RAND to generate the Data key.
 The Data key is used to encrypt and decrypt Data
messages using the OR YX algorithm