Delta Telecom has implemented SIS.

Delta Telecom has implemented SIS.

«Delta Telecom» has implemented SIS

Delta Telecom began its operations in Russia in 1991 and was the first to offer cellular services. The company's operations currently cover more than 35% of the entire territory of St. Petersburg and the region, serving over 16,500 subscribers. Data for the last three months have shown that the number of the company's subscribers is growing by approximately 10% monthly and is expected to reach 21,000 by the end of 1996.

Such a significant increase in the number of subscribers entailed an increase in the scale of falsified telephone calls. The conducted analysis of international traffic showed that more than half of the load on telephone lines was formed due to fraudulent use of telephones. A similar situation began to be observed in urban and intercity traffic.

The lack of a legal framework to combat «pirates» and the desire to ensure high quality of service to subscribers, as well as tougher competitive conditions (two more cellular companies operate according to the AMPS and GSM standards) — all this led to Delta Telecom starting work on creating a new database and replacing mobile stations with new ones that support the SIS function. In October 1994, Delta Telecom became one of the first cellular companies in the world to introduce SIS — subscriber protection from unauthorized use of their numbers. This made it possible to completely eliminate falsified phone calls and protect subscribers from many troubles.

In early 1994, Delta Telecom began to enter into contracts with suppliers of equipment for the implementation of SIS. An agreement was reached to supply the control computer (LA) with CMG, and a contract was concluded with Nokia for the purchase of the authentication register (AR).

After the contracts were signed, the construction and preparation of the security room began. In the first stage, it was decided to include only SIS mobile phones. In June 1994, the SIS equipment was received, which was put into operation a month later. In parallel, the company connected new customers — owners of telephone sets with the SIS function and subsidized the exchange of «unprotected» mobile phones without the SIS function for devices with this function for the company's customers. At the same time, the advantages of phones with the SIS function were advertised. Then, in October 1994, Delta purchased the SIS control function for incoming calls from Nokia. Thus, the complete replacement of phones with mobile stations with the SIS function was completed in March 1995.

As a result of the implementation of the SIS concept, all mobile stations were equipped with reliable means of protection against subscriber ID falsification.

After releasing the next batch of mobile phones, the manufacturer sends the input station a SIM/SAK (security module for identification/secret authentication key) package for these phones.

Systems involved in SIS

The buyer receives a SIM package from the manufacturer together with the telephones. After the telephones are delivered, the mobile operator loads the package table into the control computer in accordance with the current SIM numbers. The table is loaded into the international gateway via the input station — either a SIM/SAK bundle file or a SIM/SAK pair for one telephone is entered from the keyboard of the communication interface computer (C1C).

The second method of loading the bundles of this package into the control computer is to enter the corresponding commands into the information and billing system. The software developed by CMG is used for communication between the information system and the control computer (the software version for OS VAX/VMS is called AP1COM+).

When a new subscriber is connected, the information system sends a command to the control computer to enable the SIM/SAK connection for the corresponding radio identifier (RID). The computer sends this command to the authentication registry. When this operation is completed, the information system sends a command to enable the radio identifier with the SIS=Yes parameter to the mobile telephone switch (MTS).

Triad

For each radio identifier/security module for identification/secret key (RID/SIM/SAK) bundle, the registry (AR) creates triads. The triad consists of a random task (RAND), a signed response (SRES), and the encryption key of subscriber B (BKEY). The triads are sent to the MTX switch. Each call is serviced using its own triad. If necessary, the registry generates new triads sent by the MTX.

At the beginning of each call, the mobile station sends its radio identifier to the switch. The switch sends a random task to this mobile station (MS). It in turn calculates a signed response and the subscriber's encryption key using the same algorithm as the switch. The station then sends a response back to the switch. It compares the response received from the station with its own, and if both response values ​​are equal, the call will be continued and the key is used to encrypt the subscriber's number. Otherwise, the call will be terminated.

Call organization procedure

From the description of the system operation, it can be understood that the secret key (SAK) is a necessary element that ensures protection against call falsification.

When connecting a new subscriber and disconnecting subscribers, the following sequence of operations must be observed: — the cellular company receives a batch of phones and a SIM module package or manually accepts a SIM file;
— the operator loads this package into the control computer and receives the SIM/SAK bundle from the international interface (IG);
— the presence of SIM/SAK bundles in the control computer is checked — if they are missing, a request is required to the manufacturer or to the international interface;
— the subscriber is connected after the operator enters the subscriber data and the RID/SIM bundle into the information system. The information system (IS) sends activation commands (ACTIVATE) to the control computer and to the MTX switch;
— the last step is that the operator enters a command into the information system to terminate communication with the subscriber (disconnect). In this case, the system sends a cancellation command (CANCEL) to the switch and turns off the secret key in the control computer.

In order to ensure the security of the cellular system, certain measures are taken. Thus, in order to make changes, two keys must be used (two-key concept); strict separation of functions is observed. Separate duplication of data (SAK database) is performed when separating protected data. Special rules for user authorization are implemented. All events are necessarily recorded in a verification file (LOG file). And finally, there are different suppliers of equipment, as well as a secure room for its storage,

Like any other system, the Cellular Authentication System is not perfect. It has not only advantages, but also disadvantages. The disadvantages are caused mainly by the lack of funds: high purchase prices of SIS equipment and the cost of constructing a secret room, the cost of replacing telephone sets (for already operating companies) and the operational costs of supporting the SIS, as well as additional personnel and additional security measures.

There are also some difficulties in operating SIS. First, the secret key may be missing from the international interface (approximately 100 out of 10,000 are not loaded into it). Second, there were similar SIM modules for different cell phones (14 copies in 2 years of operation). Third, there are communication errors between the control computer and the authentication registry. Fourth, there is a random absence of communication with the international interface (up to 40 hours), which depends on the X.25 supplier.

The main advantage of SIS is, first of all, reliable protection against counterfeiting. Stolen equipment equipped with the SIS function cannot be switched on in other networks. All this provides an advantage in sales.

New technologies for loading data into the National Registry eliminate even the minimum possible time for «planting» and speed up the process of connecting and changing equipment with SIS.

Since July 1994 (the start of SIS operation), not a single case of counterfeiting of a mobile phone using the SIS function has been identified and not a single case of hacking of the subscriber data protection system has been registered.