Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile network vulnerabilities and countermeasures:

Published byJulie Heath Modified over 7 years ago

Similar presentations

Presentation on theme: "Mobile network vulnerabilities and countermeasures:"— Presentation transcript:

1 Mobile network vulnerabilities and countermeasures:
An opportunity for pan-European regulatory activity Vassilios Stathopoulos, ADAE Greece Co authors : Panos Trakadas Sotiris Maniatis 14th Art 13a EG Meeting in Athens Oct

2 Hellenic Authority for Communication Security and Privacy
Motivation and Goal Our motivation: In case of 2G/3G networks Subscribers submit us complaints articles regarding interception of mobile communications. In case of SS7 protocol Providers have reported us SS7 security incidents. Possible means of attack: Use of interception devices (active/passive) Exploitation of SS7-MAP vulnerabilities by attackers 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

3 Hellenic Authority for Communication Security and Privacy
Motivation and Goal Our actions We have launched a survey with the following steps: Create a questionnaire with 2G/3G & SS7 vulnerabilities Circulate the questionnaire to Providers Collect information and assess the collected data Identify the level of security that is sustained by the Provider Create strategic goals Main Strategic Goal: Strengthening security and privacy. Achieve this Goal by implementing operational objectives: Awareness related to all involved stakeholders Collaboration among relevant European authorities Issue of a 2nd level Legislation/Recommendation for mobile operators 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

4 Questionnaire to mobile operators
Mobile operators landscape 3 Mobile Operators 1 MVNO (own HLR) Exploitation of 2G/3G vulnerabilities by interception devices Authentication algorithm Encryption algorithm Signaling/SMS/TMSI SIM/USIM cards Exploitation of SS7-MAP vulnerabilities by external parties/services Internal network Inbound roaming Outbound roaming 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy (ADAE)

5 2G/3G network vulnerabilities (1/3)
Authentication algorithm vulnerabilities GSM AKA algorithm: how providers use it In 2G network: Which is the preferred algorithm? COMP128 ? Is Milenage the preferred A3/A8 algorithm? In 3G network: Is Milenage currently used ? 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

6 2G/3G network vulnerabilities (2/3)
Encryption algorithms In GSM network: Is A5/1 in use? A5/3 ?. In GSM network: Is A5/2 avoided ? In GPRS network: Which GEA1/2/3 algorithms is in use? In 3G network: Is UEA1 (Kasumi) the supported algorithm ? 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

7 2G/3G network vulnerabilities (3/3)
Signaling/SMS/TMSI Frequency of TMSI reallocation. Check SMS type 0 utilization. SIM/USIM cards Are strong configuration algorithms are used in case that OTA SIM/USIM configuration is used. USIM utilization ? 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

8 SS7/MAP vulnerabilities (1/3)
In general: Is DIAMETER in use ? Any SS7 filtering and alerting on MTP/SCCP/MAP layers ? Internal network Any messages filtering out from external networks ? What about SS7 Firewalling as a solution. 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

9 SS7/MAP vulnerabilities (2/3)
Inbound roaming All SS7 messages are accepted for roaming purposes? Any possibility to reject messages from specific countries/operators (based on IR.21). What about SS7 Firewalling as a solution. 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

10 SS7/MAP vulnerabilities (3/3)
Outbound roaming All of the SS7 messages are used for roaming purposes? Is Home Routing used (SRISM). Are Fake IMSI and VLR are sent (SRISM) ?. 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

11 Conclusions and the road ahead
GSM and SS7/MAP will be present (at least) for the next 5-10 years Measures must be put in place to strengthen security and ensure subscribers’ privacy. Where to concentrate : Information collection and exchange among Article 13a members required. Ideas always improve things. Issue regulations/recommendations, considering country and operator specificities, if any. Strong push for implementing modern protection measures. Subscriber awareness (i.e. SIM replacement). Need for logging mechanisms and regular monitoring of SS7 interrogation messages (Does the collection of SS7 logging messages create an exhaustive bulk of information ? How to assess this ?) 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

12 Conclusions and the road ahead
Is there a need for informing the subscribers for ss7 incidents ? this is not an easy task, especially when certainty is not there. 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

13 Hellenic Authority for Communication Security and Privacy
Thank You Questions? 1 21st meeting of the Art. 13a Expert Group, Lisbon, 8 March , 2017 Hellenic Authority for Communication Security and Privacy

Download ppt "Mobile network vulnerabilities and countermeasures:"

Similar presentations

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
GSM Security and Encryption

GSM Security and Encryption
BY, ARITRA GAUTAM (05-275) & G.PAVANI (05-272).. OVERVIEW OF GSM GSM (group special mobile or general system for mobile communications) is the Pan-European.

BY, ARITRA GAUTAM (05-275) & G.PAVANI (05-272).. OVERVIEW OF GSM GSM (group special mobile or general system for mobile communications) is the Pan-European.
Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.

Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.
Hacking Communication System

Hacking Communication System
Intelligent Preferred Network (IPN) Steering of Roaming (SOR) Liberalization Lets Operators Steer Traffic to Preferred Roaming Partners CANTO, 2005.

Intelligent Preferred Network (IPN) Steering of Roaming (SOR) Liberalization Lets Operators Steer Traffic to Preferred Roaming Partners CANTO, 2005.
Fraud in Short Messaging in Mobile Networks

Fraud in Short Messaging in Mobile Networks
Myagmar, Gupta UIUC 2001 1 3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.

SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.

G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut fĂĽr Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut fĂĽr Informatik und Fraunhofer.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
Information Security Update CTC 18 March 2015 Julianne Tolson.

Information Security Update CTC 18 March 2015 Julianne Tolson.
Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.

Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.

Similar presentations

Ads by Google