Presentation is loading. Please wait.

Presentation is loading. Please wait.

GSM Global System for Mobile Communications, 1992

Published byΚλωθώ Μελετόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "GSM Global System for Mobile Communications, 1992"— Presentation transcript:

1 GSM Global System for Mobile Communications, 1992
Security in mobile phones System used all over the world 5. april 2019 Sikkerhed04, Aften Trusler

2 GSM: Threat Model What Who Why How Cloning Eavesdropping Tracking
Criminals Secret Services Why Break Confidentiality Free phone calls Reveal whereabouts How Break Crypto Exploit bad design Beskriv trusler separat? 5. april 2019 Sikkerhed04, Aften Trusler

3 GSM: Security Policy Security Objectives Strategy Authentication
No tracking Confidential Calls Strategy Crypto SIM PIN codes 5. april 2019 Sikkerhed04, Aften Trusler

4 GSM-system SIM Base station HLR VLR PIN IMSI Ki 5. april 2019
Sikkerhed04, Aften Trusler

5 GSM: mechanisms authentication
PIN VLR SIM (phone) Comp128 SRES||Kc = EKi(RAND) IMSI IMSI RAND SRES Kc RAND IMSI SRES RAND SRES Kc Base station HLR 5. april 2019 Sikkerhed04, Aften Trusler

6 GSM: mechanisms No tracking
When SIM registers on network TMSI – temporary/anonymous IMSI But IMSI must still be sent initially 5. april 2019 Sikkerhed04, Aften Trusler

7 GSM: mechanisms Confidentiality
All conversation encrypted Key: Kc Algoritme: among others, A5 (was secret, like Comp128) 5. april 2019 Sikkerhed04, Aften Trusler

8 GSM: attack1 on authentication
VLR SIM (phone) SRES||Kc = EKi(RAND) cleartext! IMSI IMSI RAND SRES Kc RAND IMSI SRES RAND SRES Kc Base station HLR 5. april 2019 Sikkerhed04, Aften Trusler

9 GSM: attack2 on authentication
Access to SIM well chosen challenges Exploit weaknesses in Comp128 Find Ki 5. april 2019 Sikkerhed04, Aften Trusler

10 GSM: attack/tracking When SIM registers on network
TMSI – temporary/anonymous IMSI But IMSI sent initially IMSI-catcher Strong signal Pretend not to understand ”forstå” TMSI SIM sends IMSI 5. april 2019 Sikkerhed04, Aften Trusler

11 GSM: attack on Confidentiality
All conversation encrypted Key: Kc Algorithm: A5 and others(originally secret, like Comp128) A5 and the way it is used has weaknesses Attack can be done within minutes 5. april 2019 Sikkerhed04, Aften Trusler

12 GSM: what can we learn? Krypto the weakest link?!
Kerchhoffs principle (Comp128 og A5 secret) Misunderstanding of architecture Transmission of keys in cleartext  Was GSM security a succes or a failure? for who? 5. april 2019 Sikkerhed04, Aften Trusler

13 Buffer overflows Very ”popular” securitybreach
Microsoft estimates internal expense of $ pr. patch Problem caused by bad code and languages that do not protect against it C, C++ Change to Java, C#, …,? Does’t always help, many OS’s are written in C 5. april 2019 Sikkerhed04, Aften Trusler

14 Stack overruns void foo(char* input){ char buf[3]; strcpy(buf, input);
Compiled program Addr Code 0001 main: 0002 push argv[0] 0003 goto foo 0004 pop 0005 goto exit 0006 foo: 0007 allocate buf 0008 push buf 0009 push input 0010 goto strcpy 0011 return 0012 bar: 0013 push ”Gotcha!” 0014 goto printf 0015 pop 0016 return void foo(char* input){ char buf[3]; strcpy(buf, input); } void bar(void){ printf(”Gotcha!”); int main(int argc, char* argv[]) { foo(argv[1]) return 0; 5. april 2019 Sikkerhed04, Aften Trusler

15 Program.exe ”baz” Addr Code 0001 main: 0002 push argv[0] 0003 goto foo
0004 pop 0005 goto exit 0006 foo: 0007 allocate buf 0008 push buf 0009 push input 0010 goto strcpy 0011 return 0012 bar: 0013 push ”Gotcha!” 0014 goto printf 0015 pop 0016 return Stack Addr Data 5601 5604 b buf a z ret adr foo 5608 b 5610 z Stack Addr Data 5601 5602 5607 5608 5610 Stack Addr Data 5601 5604 buf - ret adr foo 5608 b a 5610 z 5. april 2019 Sikkerhed04, Aften Trusler

16 Program.exe ”baz12” Addr Code 0001 main: 0002 push argv[0]
0003 goto foo 0004 pop 0005 goto exit 0006 foo: 0007 allocate buf 0008 push buf 0009 push input 0010 goto strcpy 0011 return 0012 bar: 0013 push ”Gotcha!” 0014 goto printf 0015 pop 0016 return Stack Addr Data 5601 5604 b buf a z ret adr foo 5608 b 5610 z Stack Addr Data 5601 5602 5607 5608 5610 5611 Stack Addr Data 5601 5604 buf - ret adr foo 5608 b a 5610 z 5. april 2019 Sikkerhed04, Aften Trusler

17 What was wrong? We copied into buf and did not check if we had room
Values outside were changed=> program behavior changed! 5. april 2019 Sikkerhed04, Aften Trusler

18 Solution? Change Language :) Write better code!!!
Not (always) an option :( Write better code!!! Education ”Secure” libraries 5. april 2019 Sikkerhed04, Aften Trusler

19 Buffer overflows: morale
Attacks that directly target the Trusted Computing Base Serious! Undermines most security policies Solution primarily to write robust code. 5. april 2019 Sikkerhed04, Aften Trusler

Download ppt "GSM Global System for Mobile Communications, 1992"

Similar presentations

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.
GSM Security and Encryption

GSM Security and Encryption
Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit

Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit
Secure Programming Lai Zit Seng November 2012. A Simple Program int main() { char name[100]; printf(What is your name?\n); gets(name); printf(Hello,

Secure Programming Lai Zit Seng November A Simple Program int main() { char name[100]; printf("What is your name?\n"); gets(name); printf("Hello,
Myagmar, Gupta UIUC 2001 1 3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.

SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Stack buffer overflow.

Stack buffer overflow.
Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Stack buffer overflow
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.

Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Computer Security Buffer Overflow lab Eu-Jin Goh.

Computer Security Buffer Overflow lab Eu-Jin Goh.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.

GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.

Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.

Similar presentations

Ads by Google