Mario Čagalj University of Split 2013/2014. Security of Cellular Networks: Man-in-the Middle Attacks ‘Security in the GSM system’ by Jeremy Quirke, 2004.

Slides:



Advertisements
Similar presentations
GSM Security and Encryption
Advertisements

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
Mario Čagalj University of Split 2013/2014. Security of Cellular Networks: Man-in-the Middle Attacks ‘Security in the GSM system’ by Jeremy Quirke, 2004.
GSM Network. GSM-Introduction Architecture Technical Specifications Frame Structure Channels Security Characteristics and features Applications Contents.
By Neha choudhary Asst.Professor CSE/IT LHST-A.  GSM-Introduction  Architecture  Technical Specifications  Characteristics and features  Applications.
GSM standard (continued)
Modes Mobile Station ( MS )
Network Technology CSE3020 Week 12
GSM Security Overview (Part 1)
Wireless Telecommunication Systems Lec 04 14/03/2010 ECOM 6320.
Cellular Mobile Communication Systems Lecture 7
Mobile Handset Cellular Network Basics + GSM. Cellular Network Basics There are many types of cellular services; before delving into details, focus on.
MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.
TEL 355: Communication and Information Systems in Organizations
 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.
GSM: Overview Formerly: Groupe Spéciale Mobile (founded 1982) Now: Global System for Mobile Communication Pan-European standard (ETSI, European Telecommunications.
Evolution from GMS to UMTS
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
 Global System for Mobile Communications (GSM) is a second generation (2G) cellular standard developed to cater voice services and data delivery using.
GSM: The European Standard for Mobile Telephony Presented by Rattan Muradia Requirement for course CSI 5171 Presented by Rattan Muradia Requirement for.
Members of our Presentation  (Bsts09-08) Hafiz Umer Ejaz  (Bsts09-09) Rai-Habib Ullah  (Bsts09-31) M.Arsalan Qureshi  (Bsts09-32) Shoaib Ansari 
GSM Network Structure Lance Westberg.
GSM TOWARDS LTE NETWORKS Lecture # 2. CELLULAR GENERATIONS First Generation Wireless : Analog Second Generation Wireless (2G): Digital Second Generation.
Cellular Mobile Communication Systems Lecture 8
Mobile Telephone System And GSM Security. The Mobile Telephone System First-Generation Mobile Phones First-Generation Mobile Phones Analog Voice Analog.
GSM NETWORK ARCHITECTURE CH 2. In this chapter we will see : In this chapter we will see : 1.GSM NETWORK ARCHITECTURE 2.The Radio Subsystem 3.The Network.
4.1 Security in GSM Security services – access control/authentication user  SIM (Subscriber Identity Module): secret PIN (personal identification number)
GLOBAL SYSTEM FOR MOBILE (GSM)
WIRELESS COMMUNICATION GSM NETWORK OVERVIEW LECTURE 4 Tanvir Ahmad Niazi Air University, Islamabad 1.
4.1 Architecture of the GSM system GSM is a PLMN (Public Land Mobile Network) – several providers setup mobile networks following the GSM standard within.
GSM Network Architecture
Overview of cellular system
04/2009. Overview 1. INTRODUCTION TO GSM 2. GSM ARCHITECTURE 3. GEOGRAPHICAL NETWORK ORGANIZATION 4. GSM NUMBERING 5. GSM CALLING (MOC, MTC)
(Global System for Mobile Communication)
C OMMUNICATION S ECURITY L ECTURE 4: I NTRODUCTION T O GSM Dr. Shahriar Bijani Shahed University Spring 2016.
Cellular Networks 1. Overview 1G Analog Cellular 2G TDMA - GSM 2G CDMA - IS G 3G 4G and Beyond Cellular Engineering Issues 2.
1 Wireless Networks Lecture 16 GSM: Global System for Mobile Communication Dr. Ghalib A. Shah.
1 Lecture 19 EEE 441 Wireless And Mobile Communications.
Presentation on GSM Network. By. P. Victer Paul Dear, We planned to share our eBooks and project/seminar contents for free to all needed friends like.
Cellular Network Base stations transmit to and receive from mobiles at the assigned spectrum Multiple base stations use the same spectrum The service area.
Mobile Telephone System And GSM Security. The Mobile Telephone System First-Generation Mobile Phones First-Generation Mobile Phones Analog Voice Analog.
Mobile Communications: Wireless Telecommunication Systems  Market  GSM  Overview  Services  Sub-systems  Components.
Bitwali1 Wireless Communication Introduction to Mobile Communication and Cellular System Lecture 3-4.
9 Transmission and Switching Mohamed Ashour, German University in Cairo Mohamed Ashour Lecture Fall 2011 AC = authentication center BSS = base station.
Overview of the GSM for Cellular System
GSM Network GLOBAL SYSTEM FOR MOBILE COMMUNICATION
Communication Security Lecture 4: Introduction To GSM
Wireless Network PMIT- By-
GLOBAL SYSTEM FOR MOBILE COMMUNICATION
Cellular Networks Wireless Transmission Cellular Concept
GSM Training for Professionals
GPS.
GSM.
Global System for Mobile Communications
GSM SECURITY AND ENCRYPTION
GSM,GPRS & CDMA Technology
GSM.
Mobile Computing Chapter 3 : Telecommunication Systems (Part I)
Wireless Communications MOBILE COMMUNICATIONS Lecture:7
Unit II Mobile Communication Systems
Name:Shivalila A H,Shima
GSM (GLOBAL SYSTEM FOR MOBILE COMMUNICATION). It all started like this First telephone (photophone) – Alexander Bell, 1880 First telephone (photophone)
Subject Name: GSM Subject Code: 10EC843
Subject Name : Wireless Communication Subject Code:10EC81
Global system for Mobile Communications
GLOBAL SYSTEM FOR MOBILE COMMUNICATION (GSM) ARCHITECTURE Vivek E.B.
Dept. of Business Administration
Special Topic: Wireless Security
Security in Wide Area Networks
GSM Architecture.
Presentation transcript:

Mario Čagalj University of Split 2013/2014. Security of Cellular Networks: Man-in-the Middle Attacks ‘Security in the GSM system’ by Jeremy Quirke, 2004

Introduction Nowadays, mobile phones are used by 80-90% of the world’s population (billion of users) Evolution 1G: analog cellular networks 2G: digital cellular networks with GSM (Global System for Mobile Communications) beign the most popular and the most widely used standard (circuit switching) other 2G: technologies IS-95 – CDMA based (US), PDC (Japan), etc. 2.5G: GPRS (General Packet Radio Service) – packet switching 2.75G: EDGE – faster data service 3G: UMTS (CDMA based), HSPA for data traffic (e.g., 5-10 Mbps) other 3G: CDMA2000 (US, S. Korea) 4G: LTE (OFDM based), peak data rates of 100Mbps 2 GSM security specifications

Cellular Network Architecture A high level view 3 External Network Cellular Network Mobile Station Base Station Mobile Switching Center Databases (e.g., Home Location Register) EPFL, JPH

Cellular Network Architecture Registration Process 4 Tune on the strongest signal Nr: 079/ EPFL, JPH

Cellular Network Architecture Service Request 5 079/ / / / EPFL, JPH

Cellular Network Architecture Paging Broadcast (locating a particular mobile station in case of mobile terminated call) 6 079/ ? Note: paging makes sense only over a small area EPFL, JPH

Cellular Network Architecture Response 7 079/ EPFL, JPH

Cellular Network Architecture Channel Assignement 8 Channel 47 Channel 47 Channel 68 Channel 68 EPFL, JPH

Cellular Network Architecture Conversation 9 EPFL, JPH

Cellular Network Architecture Handover (or Handoff) 10 EPFL, JPH

Cellular Network Architecture Message Sequence Chart 11 Caller Base Station Switch Base Station Callee Periodic registration Service request Ring indication Page request Paging broadcast Paging response Assign Ch. 47 Tune to Ch.47 Assign Ch. 68 Tune to Ch. 68 Alert tone User response Stop ring indication EPFL, JPH

GSM System Architecture Based on ‘Mobile Communications: Wireless Telecommunication Systems’

Architecture of the GSM system GSM is a PLMN (Public Land Mobile Network) several providers setup mobile networks following the GSM standard within each country components MS (mobile station) BS (base station) MSC (mobile switching center) LR (location register) subsystems RSS (radio subsystem): covers all radio aspects NSS (network and switching subsystem): call forwarding, handover, switching OSS (operation subsystem): management of the network 13

GSM: overview fixed network BSC MSC GMSC OMC, EIR, AUC VLR HLR NSS with OSS RSS VLR 14 Please check

BSS radio subsystem MS BTS BSC BTS BSC BTS network and switching subsystem MSC fixed networks IWF ISDN PSTN PSPDN CSPDN SS7 EIR HLR VLR ISDN PSTN GSM: system architecture 15

System architecture: radio subsystem Components MS (Mobile Station) BSS (Base Station Subsystem): consisting of BTS (Base Transceiver Station): sender and receiver BSC (Base Station Controller): controlling several transceivers BSS radio subsystem network and switching subsystem MS BTS BSC MSC BTS BSC BTS MSC 16

Radio subsystem The Radio Subsystem (RSS) comprises the cellular mobile network up to the switching centers  Components Base Station Subsystem (BSS): Base Transceiver Station (BTS): radio components including sender, receiver, antenna - if directed antennas are used one BTS can cover several cells Base Station Controller (BSC): switching between BTSs, controlling BTSs, managing of network resources, mapping of radio channels onto terrestrial channels Mobile Stations (MS) 17

possible radio coverage of the cell idealized shape of the cell cell segmentation of the area into cells GSM: cellular network use of several carrier frequencies not the same frequency in adjoining cells cell sizes vary from some 100 m up to 35 km depending on user density, geography, transceiver power etc. hexagonal shape of cells is idealized (cells overlap, shapes depend on geography) if a mobile user changes cells handover of the connection to the neighbor cell 18

System architecture: network and switching subsystem Components o MSC (Mobile Services Switching Center) o IWF (Interworking Functions) o ISDN (Integrated Services Digital Network) o PSTN (Public Switched Telephone Network) o PSPDN (Packet Switched Public Data Net.) o CSPDN (Circuit Switched Public Data Net.) Databases o HLR (Home Location Register) o VLR (Visitor Location Register) o EIR (Equipment Identity Register) network subsystem MSC fixed partner networks IWF ISDN PSTN PSPDN CSPDN SS7 EIR HLR VLR ISDN PSTN 19

Network and switching subsystem NSS is the main component of the public mobile network GSM switching, mobility management, interconnection to other networks, system control Components Mobile Services Switching Center (MSC) controls all connections via a separated network to/from a mobile terminal within the domain of the MSC - several BSC can belong to a MSC Databases (important: scalability, high capacity, low delay) Home Location Register (HLR) central master database containing user data, permanent and semi-permanent data of all subscribers assigned to the HLR (one provider can have several HLRs) Visitor Location Register (VLR) local database for a subset of user data, including data about all user currently in the domain of the VLR 20

Mobile Services Switching Center The MSC (mobile switching center) plays a central role in GSM switching functions additional functions for mobility support management of network resources interworking functions via Gateway MSC (GMSC) integration of several databases 21

Operation subsystem The OSS (Operation Subsystem) enables centralized operation, management, and maintenance of all GSM subsystems Components Authentication Center (AUC) generates user specific authentication parameters on request of a VLR authentication parameters used for authentication of mobile terminals and encryption of user data on the air interface within the GSM system Equipment Identity Register (EIR) registers GSM mobile stations and user rights stolen or malfunctioning mobile stations can be locked and sometimes even localized Operation and Maintenance Center (OMC) different control capabilities for the radio subsystem and the network subsystem 22

Mobile Terminated Call PSTN calling station GMSC HLR VLR BSS MSC MS : calling a GSM subscriber 2: forwarding call to GMSC 3: signal call setup to HLR 4, 5: request MSRN (roaming number) from VLR 6: forward responsible MSC to GMSC 7: forward call to current MSC 8, 9: get current status of MS 10, 11: paging of MS 12, 13: MS answers 14, 15: security checks 16, 17: set up connection 23 Please check

Mobile Originated Call PSTN GMSC VLR BSS MSC MS , 2: connection request 3, 4: security check 5-8: check resources (free circuit) 9-10: set up call 24

Mobile Terminated and Mobile Originated Calls BTSMS paging request channel request immediate assignment paging response authentication request authentication response ciphering command ciphering complete setup call confirmed assignment command assignment complete alerting connect connect acknowledge data/speech exchange BTSMS channel request immediate assignment service request authentication request authentication response ciphering command ciphering complete setup call confirmed assignment command assignment complete alerting connect connect acknowledge data/speech exchange MTCMOC 25

Security in GSM Based on: ‘Security in the GSM system’ by Jeremy Quirke ‘The GSM Standard (An overview of its security)’ by SANS Institute InfoSec Reading Room ‘Mobile Communications: Wireless Telecommunication Systems’

Security Services in GSM Access control/authentication user <-- x -- SIM (Subscriber Identity Module): secret PIN (personal identification number) SIM <-- x -- network: challenge response method Confidentiality voice and signaling encrypted on the wireless link (after successful authentication) Anonymity temporary identity TMSI (Temporary Mobile Subscriber Identity) newly assigned at each new location update (LUP) encrypted transmission 27

Security Services in GSM Authentication SIM (Subscriber Identity Module) card smartcard inserted into a mobiel phone contains all necessary details to obtain access to an account unique IMSI (International Mobile Subscriber Identity) K i - the individual subscriber authentication key (128bit, used to generate all other encryption and authentication keying GSM material) highly protected – the mobile phone never learns this key, mobile only forwards any required material to the SIM known only to the SIM and network AUC (Authentication Center) SIM unlocked using a PIN or PUK authentication (A3 algorithm) and key generation (A8 algorithm) is performed in the SIM SIM contains a microprocessor 28

Security Services in GSM Authentication A3 RANDKiKi 128 bit SRES* 32 bit A3 RANDKiKi 128 bit SRES 32 bit SRES* =? SRES SRES RAND SRES 32 bit mobile network SIM AC MSC SIM K i : individual subscriber authentication keySRES: signed response 29

Security Services in GSM Authentication K c : Session encryption key generated together with SRES 30

Security Services in GSM Encryption A8 RANDKiKi 128 bit K c 64 bit A8 RANDKiKi 128 bit SRES RAND encrypted data mobile network (BTS) MS with SIM AC BTS SIM A5 K c 64 bit A5 MS data cipher key 31

Security Services in GSM Authentication and Encryption A3 and A8 algorithms are both run in SIM at the same time on the same input (RAND, K i ) A3A8 = COMP128v1, COMP128v2, COMP123v3 (serious weaknesses known) not used in UMTS Encryption algorithm A5 symmetric encryption algorithm voice/data encryption performed by a phone using generated encryption key K c 32

Security Services in GSM Encryption A5 algorithms A5/0 – no encryption used A5/1 and A5/2 developed far from public domain and later found flawed stream ciphers based on linear feedback shift registers A5/2 completely broken (not used anymore in GSM) A5/1 is a bit stronger but also broken by many researchers A5/3 – is a block cipher based on Kasumi encryption algorithm used in UMTS, GSM, and GPRS mobile communications systems public and reasonably secure (at least at the moment) 33

Security Services in GSM Summary 34

Security Weaknesess in GSM A mobile phone does not authenticate the base station! only mobile authenticate to BS (one-way authentication) fake BS and man-in-the middle attacks possible attacker does not have to know authentication key K i A5/0 - No Encryption algorithm is a valid choice in GSM for voice, SMS, GPRS, EDGE services Many weaknesses in A5 family of encryption algorithms 35

Security Weaknesess in GSM 36

Security Services in GSM Anonymity Preventing eavesdropper (listening attacker) from determining if a particular subscriber is/was in the given area location privacy thanks to long ranges a very powerful attack attacker uses IMSI (International Mobile Subscriber Identity) IMSI Catchers To preserve location privacy GSM defines TMSI (Temporary Mobile Subscriber Identity) when a phone turned on, IMSI from SIM transmitted in clear to the AUC after this TMSI is assigned to this user for location privacy after each location update or a predefined time out, a new TMSI is assigned to the mobile phone a new TMSI is sent encrypted (whenever possible) VLR database contains mapping TMSI to IMSI 37

Security Services in GSM Anonymity 38

Security Services in GSM Anonymity 39

Security Weaknesess in GSM Attack Against the Anonymity Service GSM provisions for situation when the network somhow loses track of a particular TMSI in this case the network must ask the subscriber its IMSI over the radio link using the IDENTITY REQUEST and IDENTITY RESPONSE mechanism however, the connection cannot be encrypted if the network does not know the IMSI and so the IMSI is sent in plain text the attacker can use this to map known TMSI and unknown and user-specific IMSI 40

Countermeasures: UMTS UMTS defines 2-way authentication and mandates the use of stronger encryption and authentication primitives prevents MITM attacks by a fake BS, but be cautious... Still many reasons to worry about most mobiles support < 3G standards (GPRS, EDGE) when signal is bad, hard to supprot UMTS rates mobile providers already invested a lot of money and do not give up upon ‘old’ BSS equippment femtocells 41

Many Reason to Worry About Your Privacy bile_tracking/ (check also bile_tracking/ hat.com%2Fbh-dc-11%2FPerez-Pico%2FBlackHat_DC_2011_Perez- Pico_Mobile_Attacks-Slides.pdf hat.com%2Fbh-dc-11%2FPerez-Pico%2FBlackHat_DC_2011_Perez- Pico_Mobile_Attacks-Slides.pdf labs.tu-berlin.de%2Fbh2011.pdf labs.tu-berlin.de%2Fbh2011.pdf 42