Presentation is loading. Please wait.

Presentation is loading. Please wait.

GSM security: feit en fictie NLUUG Najaarsconferentie 2010 Fabian van den Broek Institute for Computing and Information Sciences (iCIS)

Published byAlban Marsh Modified over 8 years ago

Similar presentations

Presentation on theme: "GSM security: feit en fictie NLUUG Najaarsconferentie 2010 Fabian van den Broek Institute for Computing and Information Sciences (iCIS)"— Presentation transcript:

1 GSM security: feit en fictie NLUUG Najaarsconferentie 2010 Fabian van den Broek Institute for Computing and Information Sciences (iCIS)

2 Outline Introduction GSM overview Attacks Conclusion

3 GSM's history Developed during the 80's Deployed from the early 90's Main cipher reverse engineered from 1994 Attacks are found from 1996 onwards (Golic, Biryukov, Biham,...) But practical attacks remain difficult Then the tables move from theory to practice

4 In the media

5 GSM overview

6 GSM overview: Phone and SIM IMSI & TMSI secret key (Ki) Authentication(A3 & A8) Session key(Kc) IMEI Encryption

7 GSM overview: Network GSM HLR/AuC IMSI ↔ phone number IMSI ↔ customer information IMSI ↔ location IMSI ↔ Ki IMSI ↔ A3 & A8

8 GSM overview: Authentication Au C IMSI (chall,resp, session key) (ch,rsp,Kc) ch (r,A3(Ki,r), A8(Ki,r)) rsp Kc (Ki,A3,A8)

9 GSM overview: Algorithms Authentication –A3 –A8 Encryption –A5/0 –A5/1 –A5/2 –A5/3

10 Attacks

11 Attack 1: Eavesdropping 1. Capture bursts 2. Decrypt captured bursts 3. Interpret decrypted bursts

12 Attack 1: Eavesdropping USRP + GNU Radio + AirProbe Step 1: Capture bursts

13 Attack 1: Eavesdropping Step 2: Decrypt captured bursts Release the Kraken!The A5/1 cracking project

14 Attack 1: Eavesdropping Stream ciphers A5/1 Kc xx 11011011... keystream 10011100... plaintext 01000111... ciphertext

15 Attack 1: Eavesdropping Kraken Berlin set Keystream sample Kc GSM burst Known plaintext

16 Attack 1: Eavesdropping ● GSMDecode (AirProbe) ● WireShark ● OpenBTS ● OpenBSC Step 3: Interpret decrypted bursts

17 Attack 1: Eavesdropping

18 Problems ● Reception quality ● Frequency hopping

19 Attack 2: Man-In-The-Middle Authentication cipher(A5/1) Ciph. started A5/1 Encrypted communication

20 Attack 2: Man-In-The-Middle Authentication cipher(A5/1) Ciph. started A5/1 Encryption A5/2 Encryption cipher(A5/2) Break Kc Ciph. started

21 Attack 2: Man-In-The-Middle The cell tower: ● OpenBTS + USRP ● OpenBSC + Siemens BS11 ● OpenBSC + ip.access nanoBTS The Phone: ● OsmocomBB + USRP Ingredients

22 Attack 2: Man-In-The-Middle ● Again frequency hopping ● Time window ● Detectable Problems

23 Attack 3: “Simple” MITM Internet Ingredients: ● USRP ● OpenBTS ● Asterisk

24 Attack 3: “Simple” MITM Problems: ● No incoming calls ● Calling number obscured ● Detectable Upside: ● This already works!

25 Some other attacks ● IMSI catchers ● Attacks against other parts of the network ● Nokia 1100 ● Locations revealed ● DoS attacks

26 There is hope still GSM was 2G 3G uses mutual authentication 4G might use AES

27 What can we do in the mean time? Providers: ● Use A5/3 ● Avoid unnecessary known plaintext ● Provide UMTS But what can WE do? ● Use solely UMTS ● Use crypto solutions

28 Conclusion

29 ● GSM is insecure ● It will only get less secure ● Many attacks are feasible ● But eavesdropping remains hard

30 ...Besides The weakest link is probably your phone!

31 Questions?

32 References USRP www.ettus.com www.ettus.com GNU Radio http://gnuradio.org/ OpenBTS http://openbts.sourceforge.net/ OpenBSC http://openbsc.osmocom.org/trac/wiki/OpenBSC AirProbe https://svn.berlin.ccc.de/projects/airprobe/wiki A5/1, Kraken http://www.reflextor.com/trac/a51 OsmocomBB http://bb.osmocom.org/trac/

Download ppt "GSM security: feit en fictie NLUUG Najaarsconferentie 2010 Fabian van den Broek Institute for Computing and Information Sciences (iCIS)"

Similar presentations

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.
GSM Security and Encryption

GSM Security and Encryption
GSM: SRSLY?. What’s coming up Overview of GSM arch & crypto –Hacking as we go... OpenBootTS-1.0 –GSM Base Station LiveCD Demo BTS is live – feel free.

GSM: SRSLY?. What’s coming up Overview of GSM arch & crypto –Hacking as we go... OpenBootTS-1.0 –GSM Base Station LiveCD Demo BTS is live – feel free.
CELLULAR TELEPHONE NETWORK SECURITY Ari Vesanen, Department of Information Processing Sciences, University of Oulu.

CELLULAR TELEPHONE NETWORK SECURITY Ari Vesanen, Department of Information Processing Sciences, University of Oulu.
GSM cracking ● Introduction. GSM cracking Scope of this lecture ● A (very) brief tour of GSM ● The Cryptography ● How it's possible to crack it ● What's.

GSM cracking ● Introduction. GSM cracking Scope of this lecture ● A (very) brief tour of GSM ● The Cryptography ● How it's possible to crack it ● What's.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Wireless Security David Wagner University of California, Berkeley.

Wireless Security David Wagner University of California, Berkeley.
SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.

SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Introduction to Cryptography

Introduction to Cryptography
Cryptography Instructor : Dr. Yanqing Zhang Presented by : Rajapaksage Jayampthi S.

Cryptography Instructor : Dr. Yanqing Zhang Presented by : Rajapaksage Jayampthi S.

Similar presentations

Ads by Google