Back to index

Security Issues in a CDPD Wireless Network

Yair Frankel et al.

One-line summary: CDPD security weak point is unauthenticated, unencrypted traffic from MSF to MHF (BS to HLR), and lack of authentication in initial mobile/BS key exchange. Proposed solution is challenge-response protocol ("breaking symmetry") with nonces, with extensions described for dealing with faults, anonymity. C/R protocol embeds its messages within existing CDPD messages, so no need to add more messages.

Overview/Main Points

Current protocol:

  1. Diffie-Hellman key exchange to get session key between MES & MSF (mobile to BS);
  2. mobile authenticates to its home by transmitting its encrypted NEI (permanent identifier) and SHR (shared history record, like a call counter) to BS;
  3. BS forwards this stuff to MHF in the clear.
  4. MHF accepts by sending (SHR+1) in clear to BS, which passes it (encrypted) to MES.

Proposed improved protocol:

  1. MH sends nonce and tuple (random number, SHR, NEI) "signed" by MH. Signed can mean encrypted with shared session key in this case. Insight: Since message contains the SHR, can think of this message as a response to the challenge posed by MHF to mobile in step 3 of the previous instantiation of the protocol.
  2. BS relays this message plus a new nonce to MHF, "signing" the tuple with BS-to-MHF key. This message is also BS's challenge to MHF.
    At this point MH and BS have authenticated themselves to MHF.
  3. MHF responds to challenge with new share state (SHR+1), and signed tuple containing new nonce, SHR+1, and MES's NEI. This message will serve as the "challenge" to the mobile in the next instnatiation of the protocol, since it includes SHR+1.
  4. BS relays this to MH, encrypted in BS/MH session key.
    At this point, BS and MHF have authenticated themselves to MH.

Relevance


How to do link-level security, given assumption that end-to-end will be too intrusive to integrate seamlessly with existing networks. (My view: end-to-end will ultimately be necessary anyway for other reasons, but these techniques can be applied there as well.)

Flaws


Back to index