Dear mrmoderate,
About Provisioning on CDMA
Older cellular technology transmits subscriber identity information over the air interface during registration and call set-up in a format that can be easily detected and read by radio scanner devices, making it susceptible to fraudulent activities such as cloning and tumbling. CDMA avoids these issues by using a 64-bit authentication key (A-key) and the Electronic Serial Number (ESN) of the mobile. The A-key is used to generate sub-keys that provide voice privacy and message encryption. CDMA allows several distribution methods of A-keys to valid users for acquiring subscription-related information to communicate with the network providing service. For all distribution methods, security data is provided electronically in an encrypted format. The most secured distribution method uses handsets that are pre-programmed with the A-key and ESN by the mobile vendor, and then the wireless provider or dealer assigns ESN with Mobile Identification Number (MIN). This approach ensures that neither the equipment manufacturer nor the dealer has all three pieces of security information.
About Subscriber Authentication in CDMA
Subscriber authentication is a key control mechanism to protect the infrastructure and to prevent unauthorized access to network resources. CDMA 1X access authentication is accomplished by means of an 18-bit authentication signature that is verified by the network�s databases of user information, the
Home Location Register and Authentication Center. 1xEV-DO also uses the same 512-bit algorithm in OTASP to exchange keys between the mobile device and the Access Node-Authentication Authorization Accounting (AN-AAA) server. Both technologies utilize strong authentication key exchange protocols to ensure identity. For CDMA2000 1X data sessions and EV-DO, users are authenticated using the Challenge Handshake Authentication Protocol (CHAP) by the Packet Data Serving Node-Authentication Authorization Accounting (PDSN-AAA) server. CHAP is a proven Internet authentication protocol that is leveraged in the wireless network to verify identity.
About Packet Core
In CDMA2000 architecture, the wireless packet core network is leveraged for both 1X and 1xEV-DO. The wireless packet core is the ideal place for applying IP services, especially security services, common across the CDMA2000 access network. CDMA Operator Packet Data Network must support :
- Subscriber stateful firewall � protects both subscriber and/or operator�s infrastructure traffic
- Ingress Anti-spoofing � Prevents subscribers from launching attacks based on forged source IP
addresses
- Traffic Steering to off-board services such as content filters or virus protection severs.
- Deep packet filtering & inspection from TCP/IP layer to Application Layer
- On-board Lawful intercept meeting regulatory security requirements
Mobile IP Foreign Agent (FA) to Home Agent (HA) and HA outbound connections must also be protected. These connections can be protected via IP Security (IPSec) encrypted Virtual Private Routed Network (VPRN) capabilities on FAs and HAs.
Keep in mind on one thing......about implemented security in CDMA Operator network (Your Operator CDMA Network) i dont thing that enyone will disclose the details around, unless you probe...wow not advice from me. Answer is can be secure and non-secure.
Do you want to test security there?
All the best!
