1. Field of the Invention
This invention relates generally to communication systems, and, more particularly, to wireless communication systems.
2. Description of the Related Art
Security for cellular networks has evolved rapidly in recent years, in large part due to the increasing customer demand for wireless services, such as voice communication, data communication, and multimedia services like video telephony. Cryptographic digital authentication may be implemented in digital communication systems, such as Second Generation (2G) wireless communication systems, to protect service providers from the fraudulent use of their networks and to provide user privacy. For example, the Telecommunication Industry Association (TIA), the Electronics Industry Association (EIA), and others developed a 64-bit security scheme called ANSI TIA/EIA-41. The TIA/EIA-41 security scheme provides mutual authentication between a home authentication center (e.g., a Home Location Register/Authentication Center, HLR/AuC) and a user identity module (UIM), such as a removable user identity module (R-UIM), which is typically a card that can be inserted into a mobile shell, or an integrated UIM.
In the TIA/EIA-41 security scheme, a private key, such as a 64-bit random secret known as the A-KEY, is pre-provisioned to a well-protected database in the HLR/AuC and the R-UIM. The private key may be used to secure the wireless link between the HLR/AuC and the R-UIM. For example, the private key may be used to generate a temporary secondary key (known as the shared secret data, SSD, key). The system may then initiate a global challenge authentication by providing a random number (RAND) to the R-UIM, which computes a short digital signature:AUTHR=ƒ(RAND, SSD_A, ESN, AUTH_DATA),where ƒ( ) is a standardized function called CAVE, SSD_A is a selected portion of the SSD key, ESN is the electronic serial number associated with the R-UIM, and AUTH_DATA is populated based on the mobile unit's mobile identification number (MIN). The R-UIM provides the AUTHR digital signature to the system (e.g., the HLR/AuC), which may validate the R-UIM based on the AUTHR digital signature. The R-UIM and the HLR/AuC may also compute additional keys, such as a 64-bit signaling message key (SMEKEY) and a 520-bit voice privacy mask (VPM), which may be used as a seed to generate a private long code mask (PLCM), as opposed to the public long code mask that may be generated from the publicly known electronic serial number (ESN) of the mobile.
Second generation wireless communication systems and networks are being replaced by wireless communication systems and networks that operate in accordance with third generation (3G) wireless communication standards, such as the wireless communication standards for UMTS defined by the Third Generation Partnership Project (3GPP) and the wireless communication standards for CDMA defined by the Third Generation Partnership Project—2 (3GPP2). For example, the 3GPP 33.203 and the 3GPP2 S.R0086 specifications define an Internet Protocol (IP) Multimedia Subsystem (IMS) that defines standards for using a signalling protocol called the Session Initiation Protocol (SIP). The SIP may be used to support various multimedia services that are provided to a mobile unit over an air interface. Exemplary IMS services include Internet conferencing, Internet telephony, video telephony, event notification, instant messaging, and the like.
Third generation wireless communication standards require use of the mutually authenticated Authentication and Key Agreement (AKA) security protocol. For example, the 3GPP 33.203 and the 3GPP2 S.R0086 standards define an IMS security protocol that uses the AKA security protocol to establish a security association between an IP Multimedia User Entity (UE) and the first entry node of the IMS network, e.g., a Proxy Call Session Control Function (P-CSCF). The UE typically includes an IMS Subscriber Identity Module (ISIM). The network and the UE (and/or the ISIM) may then be mutually authenticated using information stored in and/or derived by a Home Subscriber Server (HSS), an Authentication, Authorization, and Accounting server (AAA), and/or a Server Call Session Control Function (S-CSCF). Once the network and the UE have been mutually authenticated, they may communicate using Internet Protocol Security (IPSec), which is a set of protocols developed by the Internet Engineering Task Force (IETF) to support secure exchange of packets at the Internet protocol layer.
Customers using second generation R-UIM cards in a CDMA 2000 network may want to access some or all of the additional services provided by the third generation technology. For example, the customer may buy a mobile unit that supports multimedia services that are provided according to the IMS protocol. However, the second generation R-UIM cards do not support the AKA security protocol and third generation networks are not able to mutually authenticate the second generation R-UIM cards. Consequently, the customer will not be able to utilize the services defined by the IMS protocol, even though the mobile unit containing the second generation R-UIM card may support IMS functionality. Customers may also be reluctant to discard their R-UIM cards and replace them with 3G-compatible cards, which may slow adoption and implementation of multimedia services allowed by the third generation technologies.
Simply providing access to the third generation IMS functionality to customers using second generation R-UIM cards may make the network and/or the second generation R-UIM cards susceptible to numerous security threats. For one example, an attacker may impersonate the identity of a user by attaching to a CDMA 2000 packet-switched network, which may then allocate an IP address to the attacker. The attacker may register with the IMS using the attacker's IMS identity and then send an SIP invite message using the attacker's source IP address but using the IMS identity of the user in the CDMA2000 network. Conventional third generation networks do not check the binding between the IP address on the bearer level and the public and/or private user identities in the SIP layer. Consequently, the impersonation attack may succeed, resulting in the attacker using IMS services that are billed to the user. For another example, the attacker may spoof a user's IP address. Conventional third generation networks do not check the binding between the IP address allocated to each UE and the source IP address subsequently used when the UE transmits packets. Consequently, the IP spoof may succeed when second-generation UEs are allowed access to third generation IMS services, resulting in the attacker receiving IMS services while the charges for IP connectivity are billed to the user in the IMS network.