Common NAI/Password Fraud Issue 7/27/2005 Bryan Cook

Slides:

Advertisements

Similar presentations

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Advertisements

Encrypting Wireless Data with VPN Techniques

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

KDDI Confidential Proprietary Slide 1 IP Address Management Issue and Data Survey in Reference Doc# /03/02 KDDI Masaru Umekawa.

Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu Qualcomm Inc. Notice: QUALCOMM Incorporated grants a free, irrevocable license.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.

Source Avi Lior, Bridgewater Jun Wang and George Cherian, Qualcomm Incorporated Dec 07, 2009 Page 1 IPv4 Exhaustion and IPv4-IPv6 Transition in 3GPP2 Notice.

User Plane Roaming DNS Solution Page 1 DNS Solution User Plane Roaming LBS Roaming Meeting, San Francisco November 28, 2006 DNS Solution User Plane Roaming.

Problem Statement: Packet Data Roaming Architecture Compatibility November 11, 2005.

IPv6 over xDSL: The DIODOS Proposal Athanassios Liakopoulos Greek Research & Technology Network International IPv6 Workshop, Kopaonik,

Module 5: Configuring Access for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

Visibility Services CRX & Interstandard Roaming June 15, 2007 Presented By: Linda Pennot Product Manager ®

Doc.: IEEE /0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

General Packet Radio System (GPRS) Overview. Introduction General Packet Radio Service (GRPS) today “Packet overlay” network on top of the existing GSM.

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Internet Protocol Security (IPSec)

Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.

Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.

Guoliang YANG Problem Statement of China Telecom.

1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb

July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das

Configuring Routing and Remote Access(RRAS) and Wireless Networking

Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.

Lectured By: Vivek Dimri Asst Professor CSE Deptt. Sharda University, Gr. Noida.

NAT (Network Address Translation) Natting means "Translation of private IP address into public IP address ". In order to communicate with internet we must.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Packet Data Roaming Common Architecture Richard Xu Chief Architect +1(408) Aicent, Inc. November 11, 2005.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

Understanding Networking Joe Cicero Northeast Wisconsin Technical College.

Module 5: Configuring Access for Remote Clients and Networks.

3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.

1 Motorola PMIPv4 Call Flows: Bearer Setup with Dual Anchoring Parviz YeganiVojislav VuceticAlmon Tang (408) (732) (847)

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

February 20, 2007 LBS Roaming Settlement Conference Call May 7th, 2007.

Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.

PDSN 課程講議課程內容 : 1.EV-DO overview 2.PDSN/FA & HA overview 3.Understanding Simple IP & Mobile IP 4.Mobility 5.Understanding the service operation of Starent.

Page 1 Settlement for LBS User Plane Roaming LBS Roaming Meeting, Denver January 18, 2007 Settlement for LBS User Plane Roaming LBS Roaming Meeting, Denver.

Lucent Technologies Bell Labs Innovations Slide 1 2GPP2: Jan 06-07, 2000, Walnut Creek, CA cdma2000 3GPP2 All IP Network Reference Model Chung Liu

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

MS Resident User Plane LBS Roaming Summary LBS Roaming Summit – Denver Jan Export of this technology may be controlled by the United States Government.

1 SAMSUNG BCMCS Security Architecture and Key Management JUNHYUK SONG SAMSUNG Incorporated grants a free, irrevocable license to 3GPP2 and its Organization.

: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.

Chapter 5. An IP address is simply a series of binary bits (ones and zeros). How many binary bits are used? 32.

Signaling Packet Routing for Layer 3 approach in UMB-HRPD/1x interworking KDDI Corporation, Tsunehiko Chiba, Osamu.

VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,

Page 1 Inter Working Between Trusted and Non-Trusted Models LBS Roaming Meeting, Macau March 22, 2007 Inter Working Between Trusted and Non-Trusted Models.

Network Troubleshooting CT NWT NameTP No. Gan Pei ShanTP Tan Ming FattTP Elamparithi A/L ThuraisamyTP Tan Ken SingTP

Lecture 14 Mobile IP. Mobile IP (or MIP) is an Internet Engineering Task Force (IETF) standard communications protocol that is designed to allow mobile.

Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 

MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.

WholeSale Model 10. WholeSale Model This feature enables the Nomadix device to act as an L2TP Access Concentrator (LAC) and initiate single or multiple.

Introducing To Networking

Wireless Communication CDMA EVDO Systems

Net 431: ADVANCED COMPUTER NETWORKS

Master in progettista di servizi radiomobili Web Based Overview

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

Common NAI/Password Fraud Issue 7/27/2005 Bryan Cook

Common User Name/Password Issue July 27, Operator A uses common NAI/passwords NAI = Password = bobjam Operator A and Operator B both have a roaming relationships with Operator C Internet Internet Operator A AAA RAN PDSN PCF Operator C AAA RAN PDSN PCF Operator B AAA RAN PDSN PCF NAI = Password = bobjam MS from Operator B roams on Operator C network Operator A’s common NAI/password is well-known MS from Operator B uses Operator A’s well-known NAI/password to access Operator C’s network NAI realm = jamobile.com Therefore, Operator C sends Access-Request to Operator A Operator A authenticates the common NAI/password Roaming MS from Operator B can use Operator C’s network (for free!) “ I authenticated some Bozo I don’t know…and I got a bill for it” “My customer got service for free and I didn’t make any $” “This guy fraudulently used my network and I won’t get $ for it” “I received free packet data roaming service!”

Thank You

Common User Name/Password Issue July 27, Backup Slides

Common User Name/Password Issue July 27, Authentication, Authorization, Accounting (AAA) –These functions are done by the AAA server using RADIUS –AAA Servers should be allowed to communicate with outside networks for data exchange –AAA servers are to the data world, what HLRs are to the cellular world

Common User Name/Password Issue July 27, Simple IP Roaming Pros/Cons Advantages: The roaming MS may directly access the public Internet without tunneling to the home operator’s network. The roaming MS may directly access application servers in the visited network without tunneling to the home operator’s network. Disadvantages: The visited operator must assign the roaming MS its IP address The roaming MS may not be assigned a static IP address If the MS is provisioned with private, hard coded DNS server addresses, it will not be able to access DNS services while roaming If the MS is assigned a private IP address by the visited operator, NAT must be employed for the MS to access applications servers in the home network The IP addresses of application servers must be made visible to the visited network Security is compromised since other inbound roamers in the visited operator’s network will be able to access the home operator’s network. To avoid this, the visited operator may need to maintain separate IP address pools for each roaming partner.

Common User Name/Password Issue July 27, Implementing Roaming with Mobile IP –Home operator HA assigns roaming MS its IP address. Visited operator provides COA. Mobile IP tunnel created between visited PDSN/FA and HA. –Must tunnel back to home network to access public Internet –Can directly access application servers in home network without NAT Internet Internet Home Operator AAA RAN PDSN PCF Visited Operator AAA RAN PDSN FA PCF Application Server HA COA

Common User Name/Password Issue July 27, Mobile IP Roaming Pros/Con Advantages: The home operator assigns the roaming MS its IP address The home operator may assign a static IP address to the roaming MS The home operator may assign a private IP address to the roaming MS without the need to employing NAT for home network access. The roaming MS may transparently access servers in the home network.. Security is improved since other inbound roamers in the visited operator’s network will not be able to access the home operator’s network. The use of Mobile IP allows for network layer mobility across PDSNs. Disadvantages: There is a performance overhead for Mobile IP When the roaming MS is accessing the public Internet, tunneling back to the home network is not efficient If the roaming MS requires access to an application server in the visited network, it will be required to tunnel back to the home operator and then route back to the visited operator

Common User Name/Password Issue July 27, Implementing Roaming with L2TP –Home operator LNS assigns roaming MS its IP address. L2TP tunnel is created between visited PDSN/LAC and LNS. –Must tunnel back to home network to access public Internet –Can directly access application servers in home network without NAT Internet Internet Home Operator AAA RAN PDSN PCF Visited Operator AAA RAN PDSN FA PCF Application Server LNS