 |
|
|
Authentication is now being promoted as the ultimate solution to cloning fraud, yet this technology is not new. It has been available on paper for several years, and its use in some mobiles is for almost as long. Why has it taken so long to reach the point of actual implementation, and will it actually put a stop to cloning fraud?
Authentication, as defined for AMPS cellular and PCS standards (digital and analog) works using secret keys, encryption algorithms and the concept of “challenges”. The secret key should only be known by the mobile and the “Authentication Center,” and it can be used in conjunction with other data (such as the MIN and ESN of the mobile and a randomly selected number) to initiate the Telecommunications Industry Association CAVE (Cellular Authentication and Voice Encryption) algorithm. When the cellular or PCS systems initiates a challenge, it selects a random number and sends it to all mobiles within a cell (for a global challenge) or to a single mobile (for a unique challenge). The mobile now has all the information required to execute the CAVE algorithm and produce the same response as the system has already calculated. A wannabe clone mobile without the secret key will be unable to produce the correct response to the challenge and will be denied service . This system is infinitely more secure than MIN/ESN or PIN validation because the secret key is never transmitted over the radio interface. To make the CAVE algorithm even more secure in situations where a secret key is compromised, two secret keys are used, one which is known only by the mobile and the AC (known as the “A-Key”), and one that is generated by the AC and mobile and used for most operations (known as Shared Secret Data or SSD). This second key can safely be transmitted around the IS-41 inter-system operations network, and can be automatically changed at any time.
If a potential cloner has the A-Key, and not the SSD, they will not be able to respond to challenges. Having the SSD and not the A-Key will allow calls only until the SSD is regenerated. Even if a cloner has both keys, an automatic SSD update (with manual verification) can eliminate them or, in the most severe cases, a new A-Key can be programmed into the phone.
If authentication is so great, why has it not been universally implemented by now? When authentication was first developed, it was for the IS-54 dual mode analog/TDMA digital cellular standard. At the time of this standard’s development (1989-1992), it was believed that the introduction of digital would spell the end of analog in short order. However, due to confusion over two competing digital technologies (TDMA and CDMA), concerns over voice quality and lack of an impelling reason for consumers to demand digital, this has not proved to be the case. It was not until 1994 that the first analog standard supported authentication, and about another year passed before significant numbers of new analog phones were manufactured with authentication in them.
Another delaying factor has been the requirement for IS-41 interconnection to make authentication work. Authenticating a roamer requires the ability to perform IS-41 transactions with the Authentication Center in the home system. This requires not Revision A of IS-41, nor Revision B, but the implementation of TSB-51, an addendum to IS-41 Revision B. Some carriers with IS-41 Revision A implemented, not seeing much added value in Revision B, held out for Revision C of IS-41. Unfortunately, IS-41 Revision C was significantly delayed, not being published in 1995. However, now most infrastructure vendors are offering an authentication solution, based either on TSB-51 or a subset of IS-41 Revision C.
Apart from the real difficulties of implementing a new technology, there have been several mental blocks regarding authentication on the part of some people. Some have fatalistically felt that authentication cannot work because nothing else has yet proved to be the silver bullet. However, authentication is something different, and is dramatically more secure than any other available technology.
Another concern has been that there are so many non-authenticating mobiles in the field, there is just no point in implementing authentication to protect a small fraction of the mobile population. Cloners, after all, will just continue to attack the majority of non-authenticating mobiles. This argument was first advanced when there were about 5 million mobiles in the US. If authentication had been rushed into service then, about 90% of mobiles would now be authenticating! Even if the change-over to manufacturing all mobiles with authentication capabilities starts this year (as recommended by the CTIA), our back-of-the-envelope calculation (using conservative assumptions) shows that it would only take 2 years for the number of authenticating mobiles to equal the number that are non-authenticating, and 6 years before the 90%-authenticating level was achieved.
Carriers can speed up the implementation of authentication by targeting their high-usage customers, focusing on protecting minutes of air-time and not on the number of subscribers. Carriers should offer incentives to their customers who switch to authenticating phones, with the cost of the program subsidized by reductions in cloning losses. Even the PIN, the tarnished silver bullet of recent times, is being used as a tool to encourage the purchase of authentication-capable phones, by promising customers that the use of PIN will no longer be required if they obtain an authenticating phone. The implementation of authentication for a fraction of subscribers will force cloners to attack a diminishing number of mobiles, making their actions more easily detected by other anti-fraud technologies, such as profiling and RF-fingerprinting.
While many challenges remain to the universal application of authentication, the curtain is finally rising on this powerful technology. If all goes well, the curtain will finally start to fall on cloning fraud. And nobody will be calling for an encore!
© – Copyright