Mobile Phone Technology

Slides:



Advertisements
Similar presentations
Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
Advertisements

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Security of Mobile Banking
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Information Security for Managers (Master MIS)
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Chapter 4 Application Level Security in Cellular Networks.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
EVALUATING SECURITY OF SMART PHONE MESSAGING APPLICATIONS PRESENTED BY SUDHEER AKURATHI.
4.1 Security in GSM Security services – access control/authentication user  SIM (Subscriber Identity Module): secret PIN (personal identification number)
CIS 325: Data Communications1 Chapter Seventeen Network Security.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
10. Mobile Device Forensics Part 2. Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)
Digital Payments STEP BY STEP INSTRUCTIONS FOR VARIOUS MODES OF PAYMENT: Cards, USSD, AEPS, UPI, Wallets.
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Mobile communication methods
Web Applications Security Cryptography 1
Wireless Network PMIT- By-
GSM SECURITY AND ENCRYPTION
Cryptography and Network Security
Cryptography Why Cryptography Symmetric Encryption
Computer Communication & Networks
Secure Sockets Layer (SSL)
Information Security message M one-way hash fingerprint f = H(M)
Cryptographic Hash Function
SECURITY FEATURES OF ATM
Radius, LDAP, Radius used in Authenticating Users
PPP – Point to Point Protocol
Chapter 8 Network Security.
Mobile communication methods
Information and Network Security
Presented by: Dr. Munam Ali Shah
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
By Theodora Kontogianni
Information Security message M one-way hash fingerprint f = H(M)
Using SSL – Secure Socket Layer
GSM location updating procedure
WAP.
Cryptography and Network Security
Pooja programmer,cse department
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
Network Security – Kerberos
Information Security message M one-way hash fingerprint f = H(M)
CS Introduction to Operating Systems
Digital Certificates and X.509
Certificates An increasingly popular form of authentication
The Secure Sockets Layer (SSL) Protocol
GSM location updating procedure
Section 2: Cryptography
Outline Using cryptography in networks IPSec SSL and TLS.
University of Washington, Autumn 2018
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Communications Infrastructure
COEN 351 Authentication.
Cryptography and Network Security
One-way Hash Function Network Security.
Security in Wide Area Networks
Lecture 36.
Lecture 36.
Presentation transcript:

Mobile Phone Technology Lecture 8: CSE 490c 10/12/2018 University of Washington, Autumn 2018

University of Washington, Autumn 2018 Announcements Sign up to demo programming assignment one 10/12/2018 University of Washington, Autumn 2018

Mobile Money Technology Financial accounts associated with mobile phone Over the counter (OTC) agents are available for Cash In, Cash Out 10/12/2018 University of Washington, Autumn 2018

University of Washington, Autumn 2018 Documentation for MTN Uganda 10/12/2018 University of Washington, Autumn 2018

University of Washington, Autumn 2018 Currency: Uganda Shilling (Ush) 10/12/2018 University of Washington, Autumn 2018

University of Washington, Autumn 2018 10/12/2018 University of Washington, Autumn 2018

Implementation using SMS Does SMS work for mobile money? Send as a text message: TO: 2065431695 AMT: 1000.00 PIN: 1234 Multiple issues, some are partially addressable Usability Spoofing Message interception Multiple rounds may be needed for confirmation 10/12/2018 University of Washington, Autumn 2018

University of Washington, Autumn 2018 USSD Protocol Networking: Post cards vs. phone calls Session opened between mobile operator and handset Can be opened in either directions Fixed size messages with header and text payload Phone number (short code) can trigger USSD app Timeouts on operations Session time out 10/12/2018 University of Washington, Autumn 2018

University of Washington, Autumn 2018 USSD Protocol 10/12/2018 University of Washington, Autumn 2018

Security of Mobile Money Connection between handset and tower Encrypted transport to MNO Servers Secure banking operations As secure as the GSM System 10/12/2018 University of Washington, Autumn 2018

University of Washington, Autumn 2018 Subscriber Identity Module Sim Card Smart Card Integrated Circuit on card form File system, programs, operating system, parameters Sim Card Smart Card for handset to communicate with base station Power and communication provided by handset Issued by mobile operator Each Sim Card is unique 10/12/2018 University of Washington, Autumn 2018

University of Washington, Autumn 2018 Sim Card Data ICCID, Integrated Circuit Card Identifier Identifier of the SIM card itself IMSI, International Mobile Subscriber Identity Identify Subscriber and Network Authentication Key (Ki) Unique, 128 bit key for authentication Secret, not readable Location area identity SMS Messages and Contacts 10/12/2018 University of Washington, Autumn 2018

Tower validating a phone 10/12/2018 University of Washington, Autumn 2018

Establishing a connection Handset (Sim Card) and tower must share a secret to prove identity and allow a connection to be established A session key is then created for secret communication Sim Card has the Authentication Key, and Tower can look it up from the subscriber data base However the handset can’t send the key, since someone could be listening 10/12/2018 University of Washington, Autumn 2018

Challenge Response Algorithm Simcard sends IMSI (subscriber identity) Tower looks up secret key, Kt Tower generates random 128 bit number X Tower sends X to handset Tower computes Ft = A(Kt, X) Handset computes Fh = A(Kh, X) Handset sends Fh to Tower If Tower confirms that Fh = Ft communication is established 10/12/2018 University of Washington, Autumn 2018

University of Washington, Autumn 2018 Cryptography Function A is a non-invertable hash function If you know x, you can compute A(x) If you know A(x), you can’t figure out x To the eavesdropper, both X and F look random 128 bits is big enough that brute force probably won’t work Different ciphers A have been used in the GSM standard Many studies have been done on extracting secrets from Sim cards and attempting to clone Sim cards 10/12/2018 University of Washington, Autumn 2018

Mobile Money in a SimCard Since the SimCard can have programs, Mobile Money can implemented on the Sim Card Similar Menu Based operations to USSD But more flexibility in interface, or response Can implement cryptography for encoding Can use encrypted SMS or USSD as a communications mechanism Will generally rely on SMS receipts to acknowledge transaction 10/12/2018 University of Washington, Autumn 2018

Thin Sims

Thin Sims: What Field installable Contains all the functionality of a sim card Allows third party apps Free from carrier restrictions Can read and modify all communication between the phone and the sim card

Communication between Person and SIM

Communication between Person and Thin SIM

Checking mobile money balance Misleading (pass vs receive, read, forward)

Thin Sims: WHY Cell phone unlocking Distribution of apps Equity Bank, Mobile Money, Kenya Community Health Worker application, Medic Mobile Malicious Installation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.