Presentation is loading. Please wait.

Presentation is loading. Please wait.

NATO Command, Control & Consultation Agency

Published byRoss McBride Modified over 6 years ago

Similar presentations

Presentation on theme: "NATO Command, Control & Consultation Agency"— Presentation transcript:

1 NATO Command, Control & Consultation Agency
NATO UNCLASSIFIED Secure GSM: Introduction and NC3A Experiences CIS Division NATO Command, Control & Consultation Agency NATO UNCLASSIFIED NATO UNCLASSIFIED 20 November 2018

2 Why GSM ? GSM is global GSM is a standard GSM supports data services
Some GSM data services: Data Synch. 9600bps - MO Data Synch. 9600bps - MT SMS Cell Broadcast Transparent Data Automatic Facsimile Grp 3 - MO SMS - MT SMS - MO Data Asynch. 9600bps - MT Data Asynch. 9600bps - MO Automatic Facsimile Grp 3 - MT PAD Access 9600 bps - MO PAD Access 9600 bps - MT GSM is global Networks in 140+ countries GSM is a standard Should be interoperable GSM supports data services Many data services Can be used for any type of communications

3 GSM services for Military Users
GSM “Piconode” Deployable - 20 kg, 0.6 m3 Standalone GSM infrastructure BTS, BSC, MSC, NMS Can be connected to other networks GSM, PSTN, PABX Satellite backhaul Tactical Military GSM & GPS GSM data services support useful services for Emergency Operations Position reporting Status monitoring via SMS GSM is useful, but no security But not just GSM, any digital mobile radio

4 Pictures courtesy of DERA / Qinetiq (UK)
Deployable GSM NATO UNCLASSIFIED Pictures courtesy of DERA / Qinetiq (UK) NATO UNCLASSIFIED 20 November 2018

5 … GSM deployed for the military in the US
Picture courtesy of Charley McMurray, REDCOM Labs

6 Reasons against “deployed” GSM
Frequency allocation GSM bands usually licensed to commercial operators Services don’t always match requirements GSM not designed for Command & Control use but other Professional Mobile Radio systems were So, GSM is not necessarily the best choice if deploying own infrastructure. But it is VERY good if you want to use existing infrastructure

7 Secure GSM: End-to-end encryption
How Secure GSM equipment works and why it has to be this way NATO UNCLASSIFIED

8 Overview - Standard GSM Security
NATO UNCLASSIFIED AIE A5 AIE A5 GSM GSM Security within GSM Standards (network is trusted) protected vulnerable Air interface encryption The standard security mechanisms described in ETS are all concerned with protecting the vulnerable air interface. From the operator’s perspective they are there to prevent fraudulent use of the system. A strong authentication mechanism ensures that only genuine subscribers may connect to the system, and the air interface encryption mechanism provides on-going implicit authentication of the MSs. The SwMi-MS signalling is also protected by the encryption to prevent more sophisticated types of attack such as the hijacking of existing connections or the manipulation of the signalling to gain system access. From the user’s perspective nobody equipped with a suitable receiver and decoder can eavesdrop on their traffic unless they are also able to obtain the correct encryption key. However the user traffic passes in clear within the system infrastructure in a similar way to the normal telephone network and theoretically can be accessed by an attacker if they have sufficient motivation. To those users passing highly sensitive information regard the residual risk to their data as significant and require additional steps to protect it. By encrypting the traffic at source (the transmitting MS) and only decrypting it at the destination (the receiving MS) their concerns are met as their data is no longer exposed in the SwMi. Traffic at the air interface is protected by encrypting with the A5 algorithm, Figure courtesy of D Parkinson, BT Exact (UK) NATO UNCLASSIFIED 20 November 2018

9 Concerns over GSM AIE (but don’t believe what you read on the web)
(and yes I do appreciate the irony of that statement in a web based presentation) A5 - The GSM Encryption Algorithm From sci.crypt Fri Jun 17 17:11: From: (Ross Anderson) Date: 17 Jun :43:28 GMT Newsgroups: sci.crypt,alt.security,uk.telecom Subject: A5 (Was: HACKING DIGITAL PHONES) The GSM encryption algorithm, A5, is not much good. Its effective key length is at most five bytes; and anyone with the time and energy to look for faster attacks can find source code for it at the bottom of this post. EUROCRYPT '97 May 11-15, 1997, Konstanz, Germany Session 8: Stream Ciphers 12:00-12:30 Cryptanalysis of Alleged A5 Stream Cipher Jovan Dj. Goli (Queensland University of Technology, Australia) The Eurocrypt '97 page The information at this site is Copyright by the International Association for Cryptologic Research.

10 Should we worry about strength of A5 ?
GSM was developed by ETSI European Telecommunications Standards Institute GSM algorithms developed by ETSI SAGE Security Algorithms Group of Experts ETSI SAGE Developed Algorithms for many civil telecom standards e.g. GSM, TETRA, DECT, 3G etc SAGE developed the A5 algorithm for GSM Air Interface Encryption A5 provides greater protection than analogue cellular mobiles A5 fit for purpose

11 Air Interface Encryption is optional
NATO UNCLASSIFIED GSM GSM Security within GSM Standards (network is trusted) protected vulnerable Air interface encryption Security within GSM Standards (transmitting OTA in clear) vulnerable Air interface encryption is optional AIE is optional. Users have no control and usually no knowledge of whether AIE is being used Some phones will indicate if AIE is in use - most do not The standard security mechanisms described in ETS are all concerned with protecting the vulnerable air interface. From the operator’s perspective they are there to prevent fraudulent use of the system. A strong authentication mechanism ensures that only genuine subscribers may connect to the system, and the air interface encryption mechanism provides on-going implicit authentication of the MSs. The SwMi-MS signalling is also protected by the encryption to prevent more sophisticated types of attack such as the hijacking of existing connections or the manipulation of the signalling to gain system access. From the user’s perspective nobody equipped with a suitable receiver and decoder can eavesdrop on their traffic unless they are also able to obtain the correct encryption key. However the user traffic passes in clear within the system infrastructure in a similar way to the normal telephone network and theoretically can be accessed by an attacker if they have sufficient motivation. To those users passing highly sensitive information regard the residual risk to their data as significant and require additional steps to protect it. By encrypting the traffic at source (the transmitting MS) and only decrypting it at the destination (the receiving MS) their concerns are met as their data is no longer exposed in the SwMi. NATO UNCLASSIFIED 20 November 2018

12 End to End Encryption protected vulnerable Air interface encryption
NATO UNCLASSIFIED GSM GSM Security within GSM Standards (network is trusted) protected vulnerable Air interface encryption Security within GSM Standards (transmitting OTA in clear) vulnerable Air interface encryption is optional End to End Encryption over GSM (network is untrusted) protected End-to-end encryption The standard security mechanisms described in ETS are all concerned with protecting the vulnerable air interface. From the operator’s perspective they are there to prevent fraudulent use of the system. A strong authentication mechanism ensures that only genuine subscribers may connect to the system, and the air interface encryption mechanism provides on-going implicit authentication of the MSs. The SwMi-MS signalling is also protected by the encryption to prevent more sophisticated types of attack such as the hijacking of existing connections or the manipulation of the signalling to gain system access. From the user’s perspective nobody equipped with a suitable receiver and decoder can eavesdrop on their traffic unless they are also able to obtain the correct encryption key. However the user traffic passes in clear within the system infrastructure in a similar way to the normal telephone network and theoretically can be accessed by an attacker if they have sufficient motivation. To those users passing highly sensitive information regard the residual risk to their data as significant and require additional steps to protect it. By encrypting the traffic at source (the transmitting MS) and only decrypting it at the destination (the receiving MS) their concerns are met as their data is no longer exposed in the SwMi. NATO UNCLASSIFIED 20 November 2018

13 Standard GSM Security Standard GSM encryption (A5)
optional over air-interface only (clear within network) There is a need for end to end encryption Voice calls in GSM can be transcoded within the network Transcoding errors are small have a negligible effect on quality of analogue voice Cannot encrypt ordinary GSM voice calls as transcoding errors would prevent decryption

14 Secure GSM Secure GSM send encrypted voice over a GSM data connection
GSM data connections are not transcoded Separate phone number for data connections tells the GSM network not to transcode Secure GSM uses the transparent data service Bearer service 26 (9.6 kbps) or 25 (4.8 kbps) Circuit switched data connection Fixed delays (required for speech) No error correction Initially: GSM used a 13 kbps voice coder (RPE-LPC) Data services limited to 9.6 kbps So using the data service to send encrypted speech required the use of a different voice coder

15 End to end encrypted GSM
End to end secure GSM Voice Coder Error Protection GSM data Crypto GSM data Encrypted speech is transmitted over GSM data connection End to end encrypted GSM Uses the GSM data connection Provides its own Voice Coder Error Protection Error Protection Transparent data service provides no error correction Crypto Encoded speech is encrypted Voice Coder Speech must be encoded (digitised)

16 Introduction to STANAG 4591 The new NATO Voice Coder
NC3A Workshop October 18th 2002 At TNO-FEL, The Hague, The Netherlands Organised by the NATO C3 Agency and the NATO Ad-Hoc Working Group on Narrow Band Voice Coding For more details please Topics Include: Need for a new NATO voice coder Tests to select Stanag 4591 Language independence testing Source Code & IPR Performance VoIP with S4591 Stanag 4591 in civil telecom standards Voice Coders End to end secure GSM doesn’t use ‘standard’ GSM voice coder For Secure GSM the choice of voice coder is independent NATO Post-2000 Narrow Band Voice Coder (2400& 1200 bps) Outperforms CELP k CVSD k LPC10e k Widely used by other secure users Can be used over GSM data services

17 Plain and secure speech in GSM
Voice Number Speech Normal voice call sent through network User calls GSM voice number Transcoder GSM /\ PCM \/ Transcoding in network is possible Data Number Secure Speech Secure speech sent as data call through network User calls GSM data number No transcoding GSM Inter-network connection GSM Network GSM Secure speech sent between GSM networks Relies on inter-network connection supporting GSM transparent data service correctly GSM Network GSM

18 Secure GSM / PSTN interworking
V.110 like Protocol PSTN GSM Network Analogue mode V.32 Modem GSM Interworking Unit The interworking unit provides the interface for data calls between GSM and PSTN Data Number Deskset Crypto Unit PSTN Standard PSTN ‘phone

19 Results with existing Secure GSM equipment 1999 - 2002
NC3A Experiences Results with existing Secure GSM equipment NATO UNCLASSIFIED

20 Crypto AG Secure GSM (NC3A Trials 1999)
GSM - PSTN interworking via deskset Manual key management Crypto applique on conventional GSM Call set up time approx 40 seconds Encrypted speech only Reliability good on home network variable when roamed variable between GSM and PSTN Voice quality good when strong signal deteriorated when GSM signal was weak

21 Sagem Secure GSM (NC3A Trials 2000)
Crypto applique on conventional GSM Approved to FR Confidential GSM - PSTN interworking via deskset Key Management System Encrypted speech only Call set up time approx 20 seconds Reliability good on home network variable when roamed variable between GSM and PSTN Voice quality Generally good Deteriorated when GSM signal was weak

22 More Secure GSMs Rhode & Schwarz “TopSec” Half rate GSM Voice coder
GE RESTRICTED Released to NATO General Dynamics “Sectera” Includes STANAG k voice coder US TYPE 1 Being released to NATO Tests of both requested by NC3A during

23 Sectra Secure GSM (NC3A Trials 2000-2001)
Military development Swedish/Norwegian Project Crypto integral to terminal Integrated GSM / DECT unit DECT gives PSTN connection Encrypted Voice + Data Key Management System Good voice quality Improved reliability when roamed when GSM signal was low

24 NSK 200 Secure GSM (NC3A Trials 2001-2002)
Norwegian military development Crypto integral to terminal Authentication required Approved to NATO SECRET Tested over GSM, DECT and via Inmarsat Features and operation described in other presentations

25 Summary of Trials (Things to think about)
Support for data calls requires transparent data bearer services 25 & 26 varies with network operator Inter-network connectivity Secure calls between some countries never succeeded Roaming agreements Not always in place in some areas

26 More on Secure GSM and Secure 3G
Symposium on End to End Security in Mobile Cellular Networks London, December 2002 Call for papers Contributions are invited on the subjects of: Secure GSM 3G security End to end security via satellite services Network operators viewpoints Interoperability issues for end to end security Market differences: Commercial vs military users For details and submission of abstract (200 words) please contact: ACT Branch, NC3A, The Hague, The Netherlands. Tel: or . This event will be unclassified and attendance open to all More on Secure GSM and Secure 3G Interested ? When ? Where ? Just GSM or 3G ?

Download ppt "NATO Command, Control & Consultation Agency"

Similar presentations

Brian Murgatroyd UK Home Office

Brian Murgatroyd UK Home Office
NATO UNCLASSIFIED 1 Secure GSM: Introduction and NC3A Experiences CIS Division NATO Command, Control & Consultation Agency

NATO UNCLASSIFIED 1 Secure GSM: Introduction and NC3A Experiences CIS Division NATO Command, Control & Consultation Agency
GSM (GLOBAL SYSTEM FOR MOBILE COMMUNICATION) Submitted to :-> MR. Ajmer Submitted by :-> HIMANI, POOJA (11 A) IP PROJECT WORK III Term SESSION – 2013 -14.

GSM (GLOBAL SYSTEM FOR MOBILE COMMUNICATION) Submitted to :-> MR. Ajmer Submitted by :-> HIMANI, POOJA (11 A) IP PROJECT WORK III Term SESSION –
TWC 2005 Frankfurt 1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization.

TWC 2005 Frankfurt 1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization.
Your Service The Security mechanisms designed into TETRA – a refresher

Your Service The Security mechanisms designed into TETRA – a refresher
TETRA Security meeting needs of Military

TETRA Security meeting needs of Military
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.

GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
 Global System for Mobile Communications (GSM) is a second generation (2G) cellular standard developed to cater voice services and data delivery using.

 Global System for Mobile Communications (GSM) is a second generation (2G) cellular standard developed to cater voice services and data delivery using.
GSM: The European Standard for Mobile Telephony Presented by Rattan Muradia Requirement for course CSI 5171 Presented by Rattan Muradia Requirement for.

GSM: The European Standard for Mobile Telephony Presented by Rattan Muradia Requirement for course CSI 5171 Presented by Rattan Muradia Requirement for.
TETRA Congress Warsaw, 13.-14.6.2006 Military use of TETRA Dr Michael Street Chair, Working Group 5 (Voice Coding), ETSI TC TETRA Principal Scientist,

TETRA Congress Warsaw, Military use of TETRA Dr Michael Street Chair, Working Group 5 (Voice Coding), ETSI TC TETRA Principal Scientist,
NATO UNCLASSIFIED – Releasable to internet 1 Future NATO Secure Multimedia Standard Dr Michael Street CIS Division NATO C3 Agency Dr Michael Street CIS.

NATO UNCLASSIFIED – Releasable to internet 1 Future NATO Secure Multimedia Standard Dr Michael Street CIS Division NATO C3 Agency Dr Michael Street CIS.
GSM TOWARDS LTE NETWORKS Lecture # 2. CELLULAR GENERATIONS First Generation Wireless : Analog Second Generation Wireless (2G): Digital Second Generation.

GSM TOWARDS LTE NETWORKS Lecture # 2. CELLULAR GENERATIONS First Generation Wireless : Analog Second Generation Wireless (2G): Digital Second Generation.
Mobile Telephone System And GSM Security. The Mobile Telephone System First-Generation Mobile Phones First-Generation Mobile Phones Analog Voice Analog.

Mobile Telephone System And GSM Security. The Mobile Telephone System First-Generation Mobile Phones First-Generation Mobile Phones Analog Voice Analog.
PLMN Network Intelligence 2 © Manzur Ashraf. Switching.

PLMN Network Intelligence 2 © Manzur Ashraf. Switching.
GSM – formerly: Groupe Spéciale Mobile (founded 1982) – now: Global System for Mobile Communication – Pan-European standard (ETSI, European Telecommunications.

GSM – formerly: Groupe Spéciale Mobile (founded 1982) – now: Global System for Mobile Communication – Pan-European standard (ETSI, European Telecommunications.
Overview of cellular system

Overview of cellular system
Update on ETSI Security work Charles Brookson OCG Security Chairman DOCUMENT #:GSC13-PLEN-57 FOR:Information SOURCE:Charles Brookson AGENDA ITEM:6.3

Update on ETSI Security work Charles Brookson OCG Security Chairman DOCUMENT #:GSC13-PLEN-57 FOR:Information SOURCE:Charles Brookson AGENDA ITEM:6.3
NATO UNCLASSIFIED 1 TETRA Applications for Military Communications Radio Branch NATO Command, Control & Consultation Agency Radio Branch NATO Command,

NATO UNCLASSIFIED 1 TETRA Applications for Military Communications Radio Branch NATO Command, Control & Consultation Agency Radio Branch NATO Command,
1 Lecture 19 EEE 441 Wireless And Mobile Communications.

1 Lecture 19 EEE 441 Wireless And Mobile Communications.
GLOBAL SYSTEM FOR MOBILE COMMUNICATION

GLOBAL SYSTEM FOR MOBILE COMMUNICATION

Similar presentations

Ads by Google