1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Internet Protocol Security (IP Sec)
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
SCSC 455 Computer Security
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Slide 1 Vitaly Shmatikov CS 378 Attacks on Authentication.
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
Grid Security. Typical Grid Scenario Users Resources.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
© 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Secure Authentication System for Public WLAN Roaming Ana Sanz Merino Yasuhiko Matsunaga Manish Shah Takashi Suzuki Randy Katz.
Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
Web Services Security. Introduction Developing standards for Web Services security – XML Key Management Specification (XKMS) – XML Signature – XML Encryption.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
8/30/2010CS 686 Definition of Security/Privacy EJ Jung CS 686 Special Topics in CS Privacy and Security.
KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.
Wireless Hotspots: Current Challenges and Future Directions CNLAB at KAIST Presented by An Dong-hyeok Mobile Networks and Applications 2005.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Leveraging UICC with Open Mobile API for Secure Applications and Services.
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Wireless Network Security and Interworking
Shibboleth: An Introduction
Wireless security Wi–Fi (802.11) Security
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
KERBEROS SYSTEM Kumar Madugula.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
多媒體網路安全實驗室 A Secure Privacy-Preserving Roaming Protocol Based on Hierarchical Identity-Based Encryption for mobile Networks 作者 :Zhiguo Wan,Kui Ren,Bart.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.
General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.
Presented by Edith Ngai MPhil Term 3 Presentation
Author:YongBin Zhou, ZhenFeng Zhang, and DengGuo Feng Presenter:戴士桀
Version B.00 H7076S Module 3 Slides
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Secure Authentication System for Public WLAN Roaming
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Single Password, Multiple Accounts
LM 7. Cellular Network Security
Presentation transcript:

1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell

2 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

3 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

4 Why do we need SSO ? Current Situation: Network users interact with multiple service providers.

5 Why do we need SSO ? Problems: Usability, security, privacy…

6 What is SSO ? A mechanism that allows users to authenticate themselves to multiple service providers, using only one identity.

7 SSO – How ? Establish trust relationships, common security infrastructure (e.g. PKI), sign contractual agreements…

8 SSO – some examples Kerberos  TTP = Kerberos server  1) Authenticates user (password), issues “ticket”.  2) User shows ticket to service provider. Microsoft Passport  TTP =  1) Authenticates user (password), installs encrypted cookie.  2) Service Provider reads the cookie. Liberty Alliance  TTP = “Identity Provider”  1) Authenticates user, issues “assertion” (XML).  2) Assertion is shown to service provider.

9 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

10 Review of GSM Security

11 Review of GSM Security

12 Review of GSM Security

13 Review of GSM Security

14 Review of GSM Security

15 Review of GSM Security

16 Review of GSM Security

17 Review of GSM Security

18 Review of GSM Security

19 Review of GSM Security Encrypted under K c If the visited network can decrypt, then the SIM is authentic (IMSI matches K i )

20 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

21 Architecture - before

22 Architecture – after (1)

23 Architecture – after (2)

24 Architecture

25 Architecture Service providers form trust relationships with the home network.

26 Architecture Singe Sign-On using SIM (IMSI) !

27 SSO Protocol

28 SSO Protocol

29 SSO Protocol

30 SSO Protocol

31 SSO Protocol

32 SSO Protocol

33 SSO Protocol

34 SSO Protocol

35 SSO Protocol

36 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

37 Replay Attack Attacker could capture this message and replay it later in order to impersonate the user identified by the IMSI.

38 Replay Attack At the time of replay another RAND will be selected by the service provider and the protocol will fail. fresh ! old ! X

39 Reflection Attack The service provider SP “A” is malicious. It wants to impersonate the user to SP “B”.

40 Reflection Attack

41 Reflection Attack

42 Reflection Attack

43 Reflection Attack

44 Reflection Attack

45 Reflection Attack

46 Reflection Attack X

47 Other Attacks SIM theft / cloning SIM PIN is optional! Need two-factor user authentication. Home network server is SPoF Vulnerable to DoS attack. It is assumed that it is well-protected. Attacks on the SP-home network link Link must be integrity-protected and encrypted. SSL/TLS, VPN, IPSec, etc…

48 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

49 Advantages no user interaction is required. protocol can be repeated many times. simple single logoff. no sensitive information is sent. no major computational overheads. no changes in deployed GSM infrastructure. fraud management extends to SSO. can easily be extended to enable LBS.

50 Disadvantages works only for GSM subscribers. global identifier (IMSI). might incur costs for service providers.

51 Extension for UMTS

52 Thanks! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.