GSM, UTMS, Wi-Fi and some Bluetooth

Slides:

Advertisements

Similar presentations

Wi-Fi Technology.

Advertisements

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From ： Proceeding of the First International Conference on Security and Privacy for.

Networks Olga Agnew Bryant Likes Daewon Seo.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a "mobile node" (MN) to change its point.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.

Wireless Network Security By Patrick Yount and CIS 4360 Fall 2009 CIS 4360 Fall 2009.

GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.

Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.

A History of WEP The Ups and Downs of Wireless Security.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.

Lecture 24 Wireless Network Security

Focus On Bluetooth Security Presented by Kanij Fatema Sharme.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Wireless security Wi–Fi (802.11) Security

Understand Wireless Security LESSON Security Fundamentals.

1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.

History and Implementation of the IEEE 802 Security Architecture

TERMINOLOGY Define: WPAN

CompTIA Security+ Study Guide (SY0-401)

Introduction Wireless devices offering IP connectivity

Wireless Network PMIT- By-

Security Issues With Mobile IP

Instructor Materials Chapter 6 Building a Home Network

Wireless Protocols WEP, WPA & WPA2.

GSM SECURITY AND ENCRYPTION

WEP & WPA Mandy Kershishnik.

Wireless Local Area Network (WLAN)

Chapter 4: Wireless LANs

3G Security Principles Build on GSM security

GPRS GPRS stands for General Packet Radio System. GPRS provides packet radio access for mobile Global System for Mobile Communications (GSM) and time-division.

Wireless LAN Security 4.3 Wireless LAN Security.

Mobile ad hoc networking: imperatives and challenges

Global system for Mobile Communications

CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)

WLAN Security Antti Miettinen.

Mobile Phone Technology

Antti Miettinen (modified by JJ)

Security Issues with Wireless Protocols

Other Routing Protocols

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Dept. of Business Administration

WJEC GCSE Computer Science

LM 7. Cellular Network Security

IT4833/6833 WiFi Security Building Blocks (I).

Security in Wide Area Networks

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

GSM, UTMS, Wi-Fi and some Bluetooth G53SEC Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth 1

Security in the mobile world GSM 3GPP / UTMS Mobile IPv6 Wi-Fi G53SEC Today’s Lecture: Security in the mobile world GSM 3GPP / UTMS Mobile IPv6 Wi-Fi Bluetooth 2 2

Mobile computing one of the fastest growing segments of the PC market G53SEC Introduction: Mobile computing one of the fastest growing segments of the PC market What is a mobile network? Changing physical / geographical location Changing network topology Attached somewhere to a fixed network Wireless communication 3 3

What is different about mobile networks? G53SEC Introduction: What is different about mobile networks? Low bandwidth – minimise message size and volume Increased risk of eavesdropping Security issues Authentication Privacy Charging 4 4

Mobile services pose new challenges Some derive from technology G53SEC Introduction: Mobile services pose new challenges Some derive from technology Some from applications Physical access – no longer a barrier to network - Wi-Fi access to corporate networks Technology – easier eavesdropping Wifi – e.g. attacker in car park 5 5

Current most active mobile technologies GSM 3GPP/UTMS Mobile IP G53SEC Introduction: Current most active mobile technologies GSM 3GPP/UTMS Mobile IP IEEE 802.11 Bluetooth Mbile IP – allow mobile devices to move from one network to another while maintaining a permanent IP address 6 6

Other areas of mobile networks with security implications G53SEC Introduction: Other areas of mobile networks with security implications WAP – Wireless Application Protocol Malicious scripting, Infrastructure issues SMS – Short Messaging Service Spam, spoofing, viruses MANETs – Mobile Ad-hoc Networks - Rogue nodes, Security only at academic stage Wap (wireless application protocol) – tried to be internet of wireless – failed Sms – short messaging service Mobile adhoc network – self-configuring network of mobile devices 7 7

G53SEC GSM – 220 000 Cell Towers: 8 8

1st Generation Cell Phones Charge fraud – simple authentication G53SEC GSM: 1st Generation Cell Phones Charge fraud – simple authentication Alibi creation – call forwarding GSM – Improvement from 1st generation Good voice quality Cheap end-systems Low running costs etc.. 9 9

Creation affected by political influences G53SEC GSM: Creation affected by political influences Differing national regulations and attitudes towards cryptography Law enforcement requested ability to wiretap GSM security goals Protection against charge fraud Protection of voice and signal traffic Phone theft tracking Phone theft tracking not always implemented 10 10

GSM user – subscriber in home network G53SEC GSM: Components GSM user – subscriber in home network Where service requested – serving network Mobile station comprises Mobile equipment Subscriber Identity Module (SIM) SIM card – smart card chip Performs cryptographic operations Stores keys Stores personal data 11 11

IMSI – International Mobile Subscriber Identity G53SEC GSM: IMSI – International Mobile Subscriber Identity Unique subscriber identification TMSI – Temporary Mobile Subscriber Identity Used to avoid location tracking Served when device joins a new subnet IMSI catchers Device authenticates to network but not vice versa Catcher masquerades as a base station Collects IMSI numbers TMSI – used to avoid location tracking Catcher – used by law enforcement and intelligence agencies to eavesdrop Catcher – a type of man-in-the middle attack 12 12

Uses symmetric cryptography 3 algorithms G53SEC GSM: Cryptography Uses symmetric cryptography 3 algorithms A3 – authentication (Provider specific) A5 – encryption (Standardised) A8 – key generation (Provider specific) No official publication of algorithms exists Cryptanalytic attacks do exist 13 13

Location Based Services G53SEC GSM: Location Based Services GSM network records location information of mobile equipment Used for various services (e.g. traffic info) Used for emergencies (Medical, Police, etc…) Obligatory in some countries (e.g. the US) Privacy implications 14 14

GSM does not transmit secrets in the clear G53SEC GSM Summary: GSM does not transmit secrets in the clear Voice traffic encrypted over radio but not after base station Some privacy protection through TMSI but IMSI catchers exist to avoid TMSI Law enforcement has access to recorded location data TMSI – Temporary Mobile Subscriber Identity 15 15

Cryptographic algorithms not made public Unilateral authentication G53SEC GSM Summary: Criticism: Cryptographic algorithms not made public Unilateral authentication Only mobile equipment authenticates to the network Fraud: Revenue flow attacked Roaming fraud Premium rate fraud TMSI – Temporary Mobile Subscriber Identity 16 16

Universal Mobile Telecommunications System Next generation of GSM G53SEC 3GPP/UTMS: Universal Mobile Telecommunications System Next generation of GSM Besides technical advancements, contains some security enhancements Security architecture similar to GSM Avoids IMSI Catchers - Due to mutual authentication of mobile equipment to the network and vice versa 17 17

Support for mutual authentication Privacy Increased key sizes G53SEC 3GPP/UTMS: Authentication Support for mutual authentication Privacy Increased key sizes Support for securing core network signalling data Enhanced user identity confidentiality Other Integrity of signalling Cryptographic algorithms made public 18 18

In IP if nodes move around: G53SEC Mobile IPv6: GSM & UTMS have problems with access control due to lack of pre-established relationship In IP if nodes move around: - When IP address kept, data will not reach node at new location - When IP address changes, communication has to be terminated and restarted Mobile IP deals with these issues 19 19

Mobile node has two addresses permanent Home Address G53SEC Mobile IPv6: Mobile node has two addresses permanent Home Address Care of Address – associated with network the node is visiting Addresses consist of location as well as interface identification 20 20

Home agent – nodes with permanent address within agent's network G53SEC Mobile IPv6: Home agent – nodes with permanent address within agent's network Foreign agent – nodes visiting network When a node wants to communicate with another node, it uses its home address Packets sent are intercepted by Home agent Home agent uses care-of address advertised by Foreign Agent to communicate with destination node 21 21

A number of security protocols proposed WEP WPA WPA2 G53SEC Wi-Fi: Wireless technology generally based on a set of standards called IEEE 802.11 A number of standards (a,b,g,n) exist depending on speed and technological improvements A number of security protocols proposed WEP WPA WPA2 22 22

G53SEC WiFi: 23 23

Wi-Fi Increasingly used at home and as part of businesses G53SEC Wi-Fi: Wi-Fi Increasingly used at home and as part of businesses New uses emerge frequently City wide Wi-Fi BT FON 24 24

Incorrectly setup Access Points Encryption Access control G53SEC Wi-Fi: Many Issues: Incorrectly setup Access Points Encryption Access control Wi-Fi not included in security policies in many institutions - Weak encryption standards used - Rogue Access Points - War-driving 25 25

Key size a major security limitation G53SEC Wi-Fi: WEP Key size a major security limitation Algorithm is susceptible to a cryptanalysis attack It uses the RC4 stream cipher algorithm WEP allows certain packet parts to be reused This allows attacker to obtain some known text The rest is only a matter of statistical analysis 26 26

2007 – WEP cracked under 60 seconds by researchers from Germany G53SEC Wi-Fi: WEP Original attack required hours of collected data to successfully find encryption key 2007 – WEP cracked under 60 seconds by researchers from Germany WPA A quick preliminary solution to WEP issues However vulnerable to a password guessing attack 27 27

A complete redesign of WLAN security mechanisms G53SEC Wi-Fi: WPA2 A complete redesign of WLAN security mechanisms Stream cipher RC4 replaced by AES but WPA2 requires new hardware To Remember: For Wi-Fi access points only use WPA2 or in worst case WPA WEP is totally broken! 28 28

Technology for wireless ad-hoc networks For short range communications G53SEC Bluetooth: Technology for wireless ad-hoc networks For short range communications e.g. for keyboards, headsets, etc.. Contains cryptographic mechanism for traffic protection between devices Application level attacks exist Bluesnarf exploits flawed implementations of access control – retrieves personal information Viruses are beginning to appear http://www.f-secure.com/weblog/archives/archive-072007.html 29 29

Security in the Mobile environment Current mobile technologies G53SEC Summary: Security in the Mobile environment Current mobile technologies 30 30