Presentation is loading. Please wait.

Presentation is loading. Please wait.

GSM, UTMS, Wi-Fi and some Bluetooth

Published byBenjamin Craig Modified over 6 years ago

Similar presentations

Presentation on theme: "GSM, UTMS, Wi-Fi and some Bluetooth"— Presentation transcript:

1 GSM, UTMS, Wi-Fi and some Bluetooth
G53SEC Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth 1

2 Security in the mobile world GSM 3GPP / UTMS Mobile IPv6 Wi-Fi
G53SEC Today’s Lecture: Security in the mobile world GSM 3GPP / UTMS Mobile IPv6 Wi-Fi Bluetooth 2 2

3 Mobile computing one of the fastest growing segments of the PC market
G53SEC Introduction: Mobile computing one of the fastest growing segments of the PC market What is a mobile network? Changing physical / geographical location Changing network topology Attached somewhere to a fixed network Wireless communication 3 3

4 What is different about mobile networks?
G53SEC Introduction: What is different about mobile networks? Low bandwidth – minimise message size and volume Increased risk of eavesdropping Security issues Authentication Privacy Charging 4 4

5 Mobile services pose new challenges Some derive from technology
G53SEC Introduction: Mobile services pose new challenges Some derive from technology Some from applications Physical access – no longer a barrier to network - Wi-Fi access to corporate networks Technology – easier eavesdropping Wifi – e.g. attacker in car park 5 5

6 Current most active mobile technologies GSM 3GPP/UTMS Mobile IP
G53SEC Introduction: Current most active mobile technologies GSM 3GPP/UTMS Mobile IP IEEE Bluetooth Mbile IP – allow mobile devices to move from one network to another while maintaining a permanent IP address 6 6

7 Other areas of mobile networks with security implications
G53SEC Introduction: Other areas of mobile networks with security implications WAP – Wireless Application Protocol Malicious scripting, Infrastructure issues SMS – Short Messaging Service Spam, spoofing, viruses MANETs – Mobile Ad-hoc Networks - Rogue nodes, Security only at academic stage Wap (wireless application protocol) – tried to be internet of wireless – failed Sms – short messaging service Mobile adhoc network – self-configuring network of mobile devices 7 7

8 G53SEC GSM – Cell Towers: 8 8

9 1st Generation Cell Phones Charge fraud – simple authentication
G53SEC GSM: 1st Generation Cell Phones Charge fraud – simple authentication Alibi creation – call forwarding GSM – Improvement from 1st generation Good voice quality Cheap end-systems Low running costs etc.. 9 9

10 Creation affected by political influences
G53SEC GSM: Creation affected by political influences Differing national regulations and attitudes towards cryptography Law enforcement requested ability to wiretap GSM security goals Protection against charge fraud Protection of voice and signal traffic Phone theft tracking Phone theft tracking not always implemented 10 10

11 GSM user – subscriber in home network
G53SEC GSM: Components GSM user – subscriber in home network Where service requested – serving network Mobile station comprises Mobile equipment Subscriber Identity Module (SIM) SIM card – smart card chip Performs cryptographic operations Stores keys Stores personal data 11 11

12 IMSI – International Mobile Subscriber Identity
G53SEC GSM: IMSI – International Mobile Subscriber Identity Unique subscriber identification TMSI – Temporary Mobile Subscriber Identity Used to avoid location tracking Served when device joins a new subnet IMSI catchers Device authenticates to network but not vice versa Catcher masquerades as a base station Collects IMSI numbers TMSI – used to avoid location tracking Catcher – used by law enforcement and intelligence agencies to eavesdrop Catcher – a type of man-in-the middle attack 12 12

13 Uses symmetric cryptography 3 algorithms
G53SEC GSM: Cryptography Uses symmetric cryptography 3 algorithms A3 – authentication (Provider specific) A5 – encryption (Standardised) A8 – key generation (Provider specific) No official publication of algorithms exists Cryptanalytic attacks do exist 13 13

14 Location Based Services
G53SEC GSM: Location Based Services GSM network records location information of mobile equipment Used for various services (e.g. traffic info) Used for emergencies (Medical, Police, etc…) Obligatory in some countries (e.g. the US) Privacy implications 14 14

15 GSM does not transmit secrets in the clear
G53SEC GSM Summary: GSM does not transmit secrets in the clear Voice traffic encrypted over radio but not after base station Some privacy protection through TMSI but IMSI catchers exist to avoid TMSI Law enforcement has access to recorded location data TMSI – Temporary Mobile Subscriber Identity 15 15

16 Cryptographic algorithms not made public Unilateral authentication
G53SEC GSM Summary: Criticism: Cryptographic algorithms not made public Unilateral authentication Only mobile equipment authenticates to the network Fraud: Revenue flow attacked Roaming fraud Premium rate fraud TMSI – Temporary Mobile Subscriber Identity 16 16

17 Universal Mobile Telecommunications System Next generation of GSM
G53SEC 3GPP/UTMS: Universal Mobile Telecommunications System Next generation of GSM Besides technical advancements, contains some security enhancements Security architecture similar to GSM Avoids IMSI Catchers - Due to mutual authentication of mobile equipment to the network and vice versa 17 17

18 Support for mutual authentication Privacy Increased key sizes
G53SEC 3GPP/UTMS: Authentication Support for mutual authentication Privacy Increased key sizes Support for securing core network signalling data Enhanced user identity confidentiality Other Integrity of signalling Cryptographic algorithms made public 18 18

19 In IP if nodes move around:
G53SEC Mobile IPv6: GSM & UTMS have problems with access control due to lack of pre-established relationship In IP if nodes move around: - When IP address kept, data will not reach node at new location - When IP address changes, communication has to be terminated and restarted Mobile IP deals with these issues 19 19

20 Mobile node has two addresses permanent Home Address
G53SEC Mobile IPv6: Mobile node has two addresses permanent Home Address Care of Address – associated with network the node is visiting Addresses consist of location as well as interface identification 20 20

21 Home agent – nodes with permanent address within agent's network
G53SEC Mobile IPv6: Home agent – nodes with permanent address within agent's network Foreign agent – nodes visiting network When a node wants to communicate with another node, it uses its home address Packets sent are intercepted by Home agent Home agent uses care-of address advertised by Foreign Agent to communicate with destination node 21 21

22 A number of security protocols proposed WEP WPA WPA2
G53SEC Wi-Fi: Wireless technology generally based on a set of standards called IEEE A number of standards (a,b,g,n) exist depending on speed and technological improvements A number of security protocols proposed WEP WPA WPA2 22 22

23 G53SEC WiFi: 23 23

24 Wi-Fi Increasingly used at home and as part of businesses
G53SEC Wi-Fi: Wi-Fi Increasingly used at home and as part of businesses New uses emerge frequently City wide Wi-Fi BT FON 24 24

25 Incorrectly setup Access Points Encryption Access control
G53SEC Wi-Fi: Many Issues: Incorrectly setup Access Points Encryption Access control Wi-Fi not included in security policies in many institutions - Weak encryption standards used - Rogue Access Points - War-driving 25 25

26 Key size a major security limitation
G53SEC Wi-Fi: WEP Key size a major security limitation Algorithm is susceptible to a cryptanalysis attack It uses the RC4 stream cipher algorithm WEP allows certain packet parts to be reused This allows attacker to obtain some known text The rest is only a matter of statistical analysis 26 26

27 2007 – WEP cracked under 60 seconds by researchers from Germany
G53SEC Wi-Fi: WEP Original attack required hours of collected data to successfully find encryption key 2007 – WEP cracked under 60 seconds by researchers from Germany WPA A quick preliminary solution to WEP issues However vulnerable to a password guessing attack 27 27

28 A complete redesign of WLAN security mechanisms
G53SEC Wi-Fi: WPA2 A complete redesign of WLAN security mechanisms Stream cipher RC4 replaced by AES but WPA2 requires new hardware To Remember: For Wi-Fi access points only use WPA2 or in worst case WPA WEP is totally broken! 28 28

29 Technology for wireless ad-hoc networks For short range communications
G53SEC Bluetooth: Technology for wireless ad-hoc networks For short range communications e.g. for keyboards, headsets, etc.. Contains cryptographic mechanism for traffic protection between devices Application level attacks exist Bluesnarf exploits flawed implementations of access control – retrieves personal information Viruses are beginning to appear 29 29

30 Security in the Mobile environment Current mobile technologies
G53SEC Summary: Security in the Mobile environment Current mobile technologies 30 30

Download ppt "GSM, UTMS, Wi-Fi and some Bluetooth"

Similar presentations

Wi-Fi Technology.

Wi-Fi Technology.
Myagmar, Gupta UIUC 2001 1 3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.

G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
802.11 Networks Olga Agnew Bryant Likes Daewon Seo.

Networks Olga Agnew Bryant Likes Daewon Seo.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a mobile node (MN) to change its point.

Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a "mobile node" (MN) to change its point.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.

Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.
Wireless Network Security By Patrick Yount and CIS 4360 Fall 2009 CIS 4360 Fall 2009.

Wireless Network Security By Patrick Yount and CIS 4360 Fall 2009 CIS 4360 Fall 2009.
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.

GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.

Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.

Similar presentations

Ads by Google