GSM Global System for Mobile Communications, 1992

Slides:



Advertisements
Similar presentations
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
Advertisements

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.
GSM Security and Encryption
Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit
Secure Programming Lai Zit Seng November A Simple Program int main() { char name[100]; printf("What is your name?\n"); gets(name); printf("Hello,
Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Stack buffer overflow.
Stack buffer overflow
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Computer Security Buffer Overflow lab Eu-Jin Goh.
Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Cellular Mobile Communication Systems Lecture 8
Mobile Telephone System And GSM Security. The Mobile Telephone System First-Generation Mobile Phones First-Generation Mobile Phones Analog Voice Analog.
4.1 Security in GSM Security services – access control/authentication user  SIM (Subscriber Identity Module): secret PIN (personal identification number)
Overflow Examples 01/13/2012. ACKNOWLEDGEMENTS These slides where compiled from the Malware and Software Vulnerabilities class taught by Dr Cliff Zou.
Stack-based buffer overflows Yves Younan DistriNet, Department of Computer Science Katholieke Universiteit Leuven Belgium
MOBILITY Beyond Third Generation Cellular Feb
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
Overview of cellular system
JMU GenCyber Boot Camp Summer, Introduction to Penetration Testing Elevating privileges – Getting code run in a privileged context Exploiting misconfigurations.
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
WIRELESS FRAUD Detection & Prevention. Method of Fraud CLONING of SIM Card.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
Mobile Telephone System And GSM Security. The Mobile Telephone System First-Generation Mobile Phones First-Generation Mobile Phones Analog Voice Analog.
GSM security: feit en fictie NLUUG Najaarsconferentie 2010 Fabian van den Broek Institute for Computing and Information Sciences (iCIS)
Overflows Mark Shtern.
Refs: rootshell, antionline, your favorite hacker site…
Buffer Overflow By Collin Donaldson.
Mitigation against Buffer Overflow Attacks
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Sabrina Wilkes-Morris CSCE 548 Student Presentation
Wireless Network PMIT- By-
Overview 4 major memory segments Key differences from Java stack
GSM SECURITY AND ENCRYPTION
3G Security Principles Build on GSM security
Recitation: Attack Lab
By Theodora Kontogianni
GSM location updating procedure
Subject Name: GSM Subject Code: 10EC843
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Overview 4 major memory segments Key differences from Java stack
Defending against Stack Smashing attacks
Stack buffer overflow.
Software Security Lesson Introduction
GSM location updating procedure
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.
Dept. of Business Administration
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
Chapter 14: Protection.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
Special Topic: Wireless Security
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2010.
LM 7. Cellular Network Security
Security in Wide Area Networks
Presentation transcript:

GSM Global System for Mobile Communications, 1992 Security in mobile phones System used all over the world 5. april 2019 Sikkerhed04, Aften Trusler

GSM: Threat Model What Who Why How Cloning Eavesdropping Tracking Criminals Secret Services Why Break Confidentiality Free phone calls Reveal whereabouts How Break Crypto Exploit bad design Beskriv trusler separat? 5. april 2019 Sikkerhed04, Aften Trusler

GSM: Security Policy Security Objectives Strategy Authentication No tracking Confidential Calls Strategy Crypto SIM PIN codes 5. april 2019 Sikkerhed04, Aften Trusler

GSM-system SIM Base station HLR VLR PIN IMSI Ki 5. april 2019 Sikkerhed04, Aften Trusler

GSM: mechanisms authentication PIN VLR SIM (phone) Comp128 SRES||Kc = EKi(RAND) IMSI IMSI RAND SRES Kc RAND IMSI SRES RAND SRES Kc Base station HLR 5. april 2019 Sikkerhed04, Aften Trusler

GSM: mechanisms No tracking When SIM registers on network TMSI – temporary/anonymous IMSI But IMSI must still be sent initially 5. april 2019 Sikkerhed04, Aften Trusler

GSM: mechanisms Confidentiality All conversation encrypted Key: Kc Algoritme: among others, A5 (was secret, like Comp128) 5. april 2019 Sikkerhed04, Aften Trusler

GSM: attack1 on authentication VLR SIM (phone) SRES||Kc = EKi(RAND) cleartext! IMSI IMSI RAND SRES Kc RAND IMSI SRES RAND SRES Kc Base station HLR 5. april 2019 Sikkerhed04, Aften Trusler

GSM: attack2 on authentication Access to SIM 150.000 well chosen challenges Exploit weaknesses in Comp128 Find Ki 5. april 2019 Sikkerhed04, Aften Trusler

GSM: attack/tracking When SIM registers on network TMSI – temporary/anonymous IMSI But IMSI sent initially IMSI-catcher Strong signal Pretend not to understand ”forstå” TMSI SIM sends IMSI 5. april 2019 Sikkerhed04, Aften Trusler

GSM: attack on Confidentiality All conversation encrypted Key: Kc Algorithm: A5 and others(originally secret, like Comp128) A5 and the way it is used has weaknesses Attack can be done within minutes 5. april 2019 Sikkerhed04, Aften Trusler

GSM: what can we learn? Krypto the weakest link?! Kerchhoffs principle (Comp128 og A5 secret) Misunderstanding of architecture Transmission of keys in cleartext  Was GSM security a succes or a failure? for who? 5. april 2019 Sikkerhed04, Aften Trusler

Buffer overflows Very ”popular” securitybreach Microsoft estimates internal expense of $100.000 pr. patch Problem caused by bad code and languages that do not protect against it C, C++ Change to Java, C#, …,? Does’t always help, many OS’s are written in C 5. april 2019 Sikkerhed04, Aften Trusler

Stack overruns void foo(char* input){ char buf[3]; strcpy(buf, input); Compiled program Addr Code 0001 main: 0002 push argv[0] 0003 goto foo 0004 pop 0005 goto exit 0006 foo: 0007 allocate buf 0008 push buf 0009 push input 0010 goto strcpy 0011 return 0012 bar: 0013 push ”Gotcha!” 0014 goto printf 0015 pop 0016 return void foo(char* input){ char buf[3]; strcpy(buf, input); } void bar(void){ printf(”Gotcha!”); int main(int argc, char* argv[]) { foo(argv[1]) return 0; 5. april 2019 Sikkerhed04, Aften Trusler

Program.exe ”baz” Addr Code 0001 main: 0002 push argv[0] 0003 goto foo 0004 pop 0005 goto exit 0006 foo: 0007 allocate buf 0008 push buf 0009 push input 0010 goto strcpy 0011 return 0012 bar: 0013 push ”Gotcha!” 0014 goto printf 0015 pop 0016 return Stack Addr Data 5601 5602 5610 5604 b buf a z 0004 ret adr foo 5608 b 5610 z Stack Addr Data 5601 5602 5607 5608 5610 Stack Addr Data 5601 5602 5610 5604 - buf - 0004 ret adr foo 5608 b a 5610 z 5. april 2019 Sikkerhed04, Aften Trusler

Program.exe ”baz12” Addr Code 0001 main: 0002 push argv[0] 0003 goto foo 0004 pop 0005 goto exit 0006 foo: 0007 allocate buf 0008 push buf 0009 push input 0010 goto strcpy 0011 return 0012 bar: 0013 push ”Gotcha!” 0014 goto printf 0015 pop 0016 return Stack Addr Data 5601 5602 5610 5604 b buf a z 0012 ret adr foo 5608 b 5610 z 5611 12 Stack Addr Data 5601 5602 5607 5608 5610 5611 Stack Addr Data 5601 5602 5610 5604 - buf - 0004 ret adr foo 5608 b a 5610 z 5611 12 5. april 2019 Sikkerhed04, Aften Trusler

What was wrong? We copied into buf and did not check if we had room Values outside were changed=> program behavior changed! 5. april 2019 Sikkerhed04, Aften Trusler

Solution? Change Language :) Write better code!!! Not (always) an option :( Write better code!!! Education ”Secure” libraries 5. april 2019 Sikkerhed04, Aften Trusler

Buffer overflows: morale Attacks that directly target the Trusted Computing Base Serious! Undermines most security policies Solution primarily to write robust code. 5. april 2019 Sikkerhed04, Aften Trusler

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.