Download presentation
Presentation is loading. Please wait.
Published bySuzan Abigail Kelly Modified over 6 years ago
1
Mobile Communications Mobile Security Fundamentals-3
– v4 W. Adi Lecture-8 Mobile Security Fundamentals-3
2
Advanced Encryption Standard
AES Advanced Encryption Standard Proposed for 3G Mobile Authentication Functions International Standard competition managed by NIST: US National Institute of Science and Technology AES Winner Algorithm: The Rijndael Block Cipher, Decision Oct. 2000
3
AES Round-3 Finalist Algorithms
(finalized in 2001) MARS : IBM (USA) RC : R. Rivest (MIT), creator of the widely used RC4 (USA) Twofish : Counterpane Internet Security, Inc. (USA) Serpent : Ross Anderson, Eli Biham and Lars Knudsen (USA) Rijndael: Designed by J. Daemen and V. Rijmen (Belgium) Joan Daemen (of Proton World International) Vincent Rijmen (of Katholieke Universiteit Leuven).
4
Rijndael: Basic concept
Key Key Expansion Round Keys K1 K2 ... K9 K10 X ... R1 R2 R9 R10 Y 10 Encryption Rounds R1 … R10
5
Rijndael: Basic Encryption Round Functions
Byte sub a3 .. a16 a1 a2 b16 b3 b2 b1 / 8 bits b = [M] a C The only non-linear mapping ! A is 4x32 bits Transposition B Mix column Linear mapping B = [C] A Round-Key Ki= 128 bits +
6
Security of AES/ Rijndael
Published to the scientific community 1998 Is still not broken !! - No proof that Rijndael can not be broken !!
7
Important Lessons in Security Business
2nd Generation security lessons Experts learned over the years that the only way to assure security is: follow an open design process encourage public scientific review Nobody is better than the rest of the research community.
8
New 3G Security Features 1/2
Network Authentication The user can provably identify the network Network Security Mechanisms to support security within and between networks Switch Based Security More secrecy switch based rather than only to base station IMEI Integrity Integrity mechanisms for IMEI provided from login Secure Services Protect against misuse of services provided by Service Network and Home Environment
9
New 3G Security Features 2/2
Secure Applications Provide security for applications resident on USIM Fraud Detection Mechanisms to combating fraud in roaming situations Flexibility Security features can be extended and enhanced as required by new threats and services Visibility and Configurability Users are notified whether security is on and what level of security is available. Users can configure security features for individual services Lawful Interception Mechanisms to provide authorized agencies with certain information about subscribers
10
3G User Confidentiality
Permanent user identity IMSI, user location, and user services cannot be determined by eavesdropping Achieved by use of temporary identity (TMSI) which is assigned by VLR (IMSI is sent in clear text when establishing TMSI) Network Mobile Visiting Location Register
11
Mutual Authentication Mechanism 1/2
During Authentication and Key Agreement (AKA) the user and network authenticate each other, and also they agree on cipher and integrity key (CK, IK). CK and IK are used until their time expires. Assumption: trusted HE and SN, and trusted links between them. After AKA, security mode must be negotiated to agree on encryption and integrity algorithm.
12
3G Mutual Authentication Mechanism 2/2
Generation of authentication data at “Mobile” site Generation of authentication data at “Home Network” site : Authentication Token AES K: subscriber seret key SQN: Seuence Number AK:Authentication Key CK:Cipher Key IK:Integrity Key MAC: Message Authentication Code
13
3G Data Integrity Mechanism
Integrity of data and source authentication of signaling data must be provided. The user and network agree on integrity key IK and algorithm during AKA and security mode set-up KASUMI Message authentic if equal
14
3G Data Encryption Mechanism
Data Confidentiality Signaling and user data should be protected from eavesdropping. The user and network agree on cipher key CK and algorithm during AKA and security mode set-up KASUMI
15
Problems with 3G Security
IMSI is sent in clear text when allocating TMSI to the user The transmission of IMEI is not protected; Equipment identity is still not secured A user can be brought to camp on a false BS. Once the user camps on the radio channels of a false BS, the user is out of reach of the paging signals of the network Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The intruder poses as a man-in-the-middle and drops the user once the call is set-up
16
Public Key Cryptography
Fundamentals of Public Key Cryptography Published 1976 by (Diffie &Hellman) at Stanford University Breakthrough: Proved for the first time that it is possible to share secrets without secret agreement Many 3G mobile security applications in user layer are expected to employ public key cryptography (Mobile Commerce, mobile IP applications ...)
17
Secret Key Cryptography
(Symmetric System) K-open = K-close - Open and close with the same key !! - Secret Key Agreement required
18
Public-Key Secrecy Systems
K-open K-secret - Open and close with different keys!! - No Secret Key Agreement required Two Major Schemes in Public Key Cryptography: Diffie-Hellman Public Key exchange scheme RSA public Key secrecy system
19
A B Public-Key Cryptography Breakthrough 1976
(Diffie-Hellman) Shared Secret without exchange of secrets “Mechanical Scenario” Open Register A B Secret key-A Secret key-B injection injection SHIELD ! Same thing ! Shared Secret
20
How to “publicly” hide (shield) a secret ?
shielded secret SHIELD = One Way Function ( commutative ! ) 6 9 How: 2 6 mod 11 = 9 log2 9 (mod 11) = 6 Discrete logarithm : no formula is known to compute log2 modulo 11 !
21
( ) ( ) A B Example for Diffie-Hellman key exchange scheme 1976
Widely use in internet and banking ... Open Agreement and Register Shielding function is: y = (5 x) mod 7 A B Secret key-A= 3 K-open-A= 6 5 3 = 6 K-open-B= 3 5 5 = 3 Secret key-B= 5 ( ) 5 ( ) 3 5 3 5 5 5 5 3 Shield 5 3 6 5 5.3 5 3.5 ! same thing ! Z = 6
22
Basic Public Key Secrecy System (RSA system)
(Mechanical simulation: user B wants secured message from A) User A User B Public register Ko= Kc-1 close open ( )Kc (mod m) Kc M MKc.Ko = M (MKc)Ko Ko MKc
23
Mathematical Model of a Public-Key Crypto-system
(using asymmetric keys) Sender Receiver Y = E (Zp,X) X X Message Message E ( Zp,X ) D ( Zs,Y ) Channel Secret-Key Zs Public-Key Zp Public Directory Z.. Zp Z... Zs
24
Cryptographic Protocols No Key Cryptography : Shamir 3-Pass Protocol
User A User B A Pass 1 A B A A B A A A B Pass 2 A B A B B B A B Pass 3 B B
25
( ) ( ) ( ) Omura-Massey Lock* for: Shamir’s 3-Pass Protocol User A
Secrecy without Authenticity User A User B p = large prime All computations modulo p Eb = secret key Db = Eb-1 Ea = secret key Da = Ea-1 Ea M ( ) Eb 1 = M Ea M Ea Eb M 2 Da ( ) Ea Eb Db ( ) 3 M Eb Eb M = M M * J.L. Massey & J. K. Omura, US Patent, 1986
26
Non-Perfect Secret Sharing
Secret 10100 10010 Part A Part B 10100 10010 Secret
27
Perfect Secret Sharing
Example: share the secret between users A and B 11101 Random BSS 10100 Secret 01001 User B + 11101 User A 10100 + 10100 + Common Secret
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.