Mobile and Wireless Network Security Design Fundamentals ET-IDA-082 Lecture-22 Mobile and Wireless Network Security GSM, UMTS,802.11,Bluetooth 22.07.2015, v11 Prof. W. Adi

Outlines Wireless Network Security 802.11 Bluetooth Security 2G, 3G Mobile Security (see early lecture contents) Wireless Network Security 802.11 Bluetooth Security

Through Modern Communication Mobile Environment Open Global Market Through Modern Communication Global Information Short-Circuit (AAA Scenario) Light Heating Kitchen Garage Door Gates ... Remote Control Car power - line CAN-Bus Anywhere Any time Any device TV Power Station power line network Internet WLAN: 802.11 AP Wireless Network DECT Bluetooth

IEEE 802.11 security There are many different electronic devices for e-payment system. Different banks may be concerted in e-payment and the financial network is neccessary. E-payment flatform is built connecting the financial network and other open network, where the electronic devices can communicate with the flatform. PC is the most common device. Other devices include mobile devices, e.g. laptop, PDA, mobile telephone, ATM(Automatic Teller Machine), POS(Position of Sale), telephone and terminal. The electronic devices can connect the e-payment flatform using different open network.

IEEE 802.11 security Many users use no encryption/authentication Still packet-sniffing and various attacks easy! Securing 802.11 encryption, authentication first attempt at 802.11 security: Wired Equivalent Privacy (WEP): a failure current attempt: 802.11i

Wired Equivalent Privacy (WEP): authentication as in protocol ap4.0 host requests authentication from access point access point sends 128 bit nonce host encrypts nonce using shared symmetric key access point decrypts nonce, authenticates host no key distribution mechanism authentication: knowing the shared key is enough

WEP data encryption Host/AP share 40 bit symmetric key (semi-permanent) Host appends 24-bit initialization vector (IV) to create 64-bit key 64 bit key used to generate stream of keys, kiIV kiIV used to encrypt ith byte, di, in frame: ci = di XOR kiIV IV and encrypted bytes, ci sent in frame

Sender-side WEP encryption

Breaking 802.11 WEP encryption Security hole: 24-bit IV, one IV per frame, -> IV’s eventually reused IV transmitted in plaintext -> IV reuse detected Attack: Trudy causes Alice to encrypt known plaintext d1 d2 d3 d4 … Trudy sees: ci = di XOR kiIV Trudy knows ci di, so can compute kiIV Trudy knows encrypting key sequence k1IV k2IV k3IV … Next time IV is used, Trudy can decrypt!

802.11i: improved security numerous (stronger) forms of encryption possible provides key distribution uses authentication server separate from access point

802.11i: four phases of operation AP: access point STA: client station AS: Authentication server wired network 1 Discovery of security capabilities STA and AS mutually authenticate Together generate Master Key (MK). AP servers as “pass through” 2 3 STA derives Pairwise Master Key (PMK) 3 AS derives same PMK, sends to AP 4 STA, AP use PMK to derive Temporal Key (TK) used for message encryption and integrity

Bluetooth security There are many different electronic devices for e-payment system. Different banks may be concerted in e-payment and the financial network is neccessary. E-payment flatform is built connecting the financial network and other open network, where the electronic devices can communicate with the flatform. PC is the most common device. Other devices include mobile devices, e.g. laptop, PDA, mobile telephone, ATM(Automatic Teller Machine), POS(Position of Sale), telephone and terminal. The electronic devices can connect the e-payment flatform using different open network.

Bluetooth Security - Components Security is based on the SAFER+ security protocol (J. Massey) All link-level security is based on 128-bit link keys A secret PIN number (variable from 4 to 16 octets) which is common to the two devices wishing to communicate forms one of the key inputs into forming the initial link key. Authentication in Bluetooth uses a device-to-device challenge and response scheme to determine if the two devices share a common link key Encryption generates a cipher stream based on an encryption key which is generated from a common link key – encryption is symmetrical Link keys can be semi-permanent or temporary

Bluetooth Security – Link keys In order to accommodate for different types of applications, four types of link keys have been defined: the unit key KA: Semi permanent key generated in every unit only once during factory setup the combination key KAB: This is dependent on two units and is unique for a particular pair of devices – more secure than a unit key the master key Kmaster: Temporary key used for point to multipoint broadcast communications and will replace the current link key until peer-to-peer communications resume the initialization key Kinit: The is a temporary key which is used when no combination or unit keys have been exchanged yet. It is generated using a PIN code as one of its inputs In addition to these keys there is an encryption key, denoted Kc. This key is derived from the current link key.

Bluetooth Security – Generating keys Generation of Keys uses two “Basic Modes” Algorithm E22 is used to generate Initialization keys Kinit and Master keys Kmaster where PIN’ is a combination of the bluetooth address and the PIN and L’ is derived from the number of octets in the PIN Algorithm E21 is used to generate Unit keys and Combination keys where RAND is a 128-bit random number and BD_ADDR is the units bluetooth address

Bluetooth Security – key exchange Exchange of unit keys A sends the unit key KA to unit B securely by XORing with Kinit Unit B will store KA as the link key KBA. Usually the application will let the unit with restricted memory abilities send its unit key to be used as the link key since this unit only has to remember its own unit key Kinit is discarded once keys have been exchanged

Bluetooth Security – key exchange Creation and exchange of combination keys KAB , KBA Random numbers (LK_RANDA and LK_RANDB) are generated in Unit A and Unit B These are exchanged securely by XORing them with the current link key K Two new random numbers (LK_KA and LK_KB) are generated for LK_RANDA and LK_RANDB using the E21 algorithm These two random numbers are XORed together to form a new combination key KAB on unit A and KBA on unit B

Bluetooth Security – key exchange Creation and exchange of a master key Kmaster The master device generates two random numbers (RAND1 and RAND2) and uses the E22 algorithm to generate a random key Kmaster A third random number (RAND) is generated by the master and sent to the slave The slave and the master compute an overlay (OVL) using the E22 algorithm with the current key and the new random as inputs The master key (Kmaster) is sent from the master to the slave by XORing it with the overlay The slave which has the identical overlay, recalculates Kmaster

Bluetooth Security – Authentication Authentication process using secret key Challenge-Response Authentication uses a challenge response scheme to check the claimant’s knowledge of a secret key (current link key) The verifier challenges the claimant to authenticate a random number (AU_RANDA) with an authentication code, E1, and return a result, SRES, which is compared against it’s own generated code SRES’ Authentication is often mutual – Unit A verifying Unit B is followed by Unit B verifying Unit A

Bluetooth Security – Encryption Key Generating the Encryption Key The encryption key Kc is generated by E3 from a COF (Ciphering Offset Number), the current link key and a 128-bit random number The COF is either derived from the BD_ADDR of the master if the current link key is a master key otherwise it is generated from the ACO created during authentication Even though the generated key length is 128 bits this may be shortened due to export encryption laws

Bluetooth Payload Encryption Encryption process by a Running Key Generator RKG (Additive Stream Cipher)

Encryption Running-Key Generator E0 Linear Sequence Generators De-linearizing combiners

E0: Key Generation Engine Parameters Primitive LFSR Polynomials

Authentication Function E1

Authentication Function Ar Block, SAFER + (J. Massey) Based on PHT: Pseudo-Hadamard Transform PHT(x,y) = (2x+y, x+y) mod 2n Low-Complexity Arithmetic!

Wireless Security Still not adequate for today’s Network application Challenges! There are many different electronic devices for e-payment system. Different banks may be concerted in e-payment and the financial network is neccessary. E-payment flatform is built connecting the financial network and other open network, where the electronic devices can communicate with the flatform. PC is the most common device. Other devices include mobile devices, e.g. laptop, PDA, mobile telephone, ATM(Automatic Teller Machine), POS(Position of Sale), telephone and terminal. The electronic devices can connect the e-payment flatform using different open network.