Presentation is loading. Please wait.

Presentation is loading. Please wait.

NATO UNCLASSIFIED 1 Secure GSM: Introduction and NC3A Experiences CIS Division NATO Command, Control & Consultation Agency

Published byLea Loomer Modified over 10 years ago

Similar presentations

Presentation on theme: "NATO UNCLASSIFIED 1 Secure GSM: Introduction and NC3A Experiences CIS Division NATO Command, Control & Consultation Agency"— Presentation transcript:

1 NATO UNCLASSIFIED 1 Secure GSM: Introduction and NC3A Experiences CIS Division NATO Command, Control & Consultation Agency pcs@nc3a.info

2 NATO UNCLASSIFIED 2 Why GSM ? GSM is globalGSM is global –Networks in 140+ countries GSM is a standardGSM is a standard –Should be interoperable GSM supports data servicesGSM supports data services –Many data services –Can be used for any type of communications GSM is globalGSM is global –Networks in 140+ countries GSM is a standardGSM is a standard –Should be interoperable GSM supports data servicesGSM supports data services –Many data services –Can be used for any type of communications Some GSM data services: Data Synch. 9600bps - MO Data Synch. 9600bps - MT SMS Cell Broadcast Transparent Data Automatic Facsimile Grp 3 - MO SMS - MT SMS - MO Data Asynch. 9600bps - MT Data Asynch. 9600bps - MO Automatic Facsimile Grp 3 - MT PAD Access 9600 bps - MO PAD Access 9600 bps - MT

3 NATO UNCLASSIFIED 3 GSM “Piconode” Deployable - 20 kg, 0.6 m 3Deployable - 20 kg, 0.6 m 3 Standalone GSM infrastructureStandalone GSM infrastructure BTS, BSC, MSC, NMSBTS, BSC, MSC, NMS Can be connected to other networksCan be connected to other networks GSM, PSTN, PABXGSM, PSTN, PABX Satellite backhaulSatellite backhaul Tactical MilitaryTactical Military GSM “Piconode” Deployable - 20 kg, 0.6 m 3Deployable - 20 kg, 0.6 m 3 Standalone GSM infrastructureStandalone GSM infrastructure BTS, BSC, MSC, NMSBTS, BSC, MSC, NMS Can be connected to other networksCan be connected to other networks GSM, PSTN, PABXGSM, PSTN, PABX Satellite backhaulSatellite backhaul Tactical MilitaryTactical Military GSM services for Military Users GSM is useful, but no security But not just GSM, any digital mobile radio GSM is useful, but no security But not just GSM, any digital mobile radio GSM & GPS GSM data services support useful services for Emergency OperationsGSM data services support useful services for Emergency Operations Position reportingPosition reporting Status monitoring via SMSStatus monitoring via SMS GSM & GPS GSM data services support useful services for Emergency OperationsGSM data services support useful services for Emergency Operations Position reportingPosition reporting Status monitoring via SMSStatus monitoring via SMS

4 NATO UNCLASSIFIED 4 Pictures courtesy of DERA / Qinetiq (UK) Deployable GSM

5 NATO UNCLASSIFIED 5 … GSM deployed for the military in the US Picture courtesy of Charley McMurray, REDCOM Labs

6 NATO UNCLASSIFIED 6 Reasons against “deployed” GSM Frequency allocationFrequency allocation GSM bands usually licensed to commercial operatorsGSM bands usually licensed to commercial operators Services don’t always match requirementsServices don’t always match requirements GSM not designed for Command & Control useGSM not designed for Command & Control use but other Professional Mobile Radio systems werebut other Professional Mobile Radio systems were So, GSM is not necessarily the best choice if deploying own infrastructure.So, GSM is not necessarily the best choice if deploying own infrastructure. But it is VERY good if you want to use existing infrastructureBut it is VERY good if you want to use existing infrastructure Frequency allocationFrequency allocation GSM bands usually licensed to commercial operatorsGSM bands usually licensed to commercial operators Services don’t always match requirementsServices don’t always match requirements GSM not designed for Command & Control useGSM not designed for Command & Control use but other Professional Mobile Radio systems werebut other Professional Mobile Radio systems were So, GSM is not necessarily the best choice if deploying own infrastructure.So, GSM is not necessarily the best choice if deploying own infrastructure. But it is VERY good if you want to use existing infrastructureBut it is VERY good if you want to use existing infrastructure

7 NATO UNCLASSIFIED 7 Secure GSM: End-to-end encryption How Secure GSM equipment works - and why it has to be this way

8 NATO UNCLASSIFIED 8 Overview - Standard GSM Security Security within GSM Standards (network is trusted) protected vulnerable Air interface encryption Figure courtesy of D Parkinson, BT Exact (UK) AIE A5 AIE A5 Traffic at the air interface is protected by encrypting with the A5 algorithm, GSM

9 NATO UNCLASSIFIED 9 Concerns over GSM AIE (but don’t believe what you read on the web) A5 - The GSM Encryption Algorithm From sci.crypt Fri Jun 17 17:11:49 1994 From: rja14@cl.cam.ac.uk (Ross Anderson) Date: 17 Jun 1994 13:43:28 GMT Newsgroups: sci.crypt,alt.security,uk.telecom Subject: A5 (Was: HACKING DIGITAL PHONES) The GSM encryption algorithm, A5, is not much good. Its effective key length is at most five bytes; and anyone with the time and energy to look for faster attacks can find source code for it at the bottom of this post. EUROCRYPT '97 May 11-15, 1997, Konstanz, Germany Session 8: Stream Ciphers 12:00-12:30 Cryptanalysis of Alleged A5 Stream Cipher Jovan Dj. Goli (Queensland University of Technology, Australia) The Eurocrypt '97 page The information at this site is Copyright by the International Association for Cryptologic Research.Copyright International Association for Cryptologic Research http://www.chem.leeds.ac.uk/ICAMS/people/jon/a5.htmlhttp://www.iacr.org/conferences/ec97/programf.html (and yes I do appreciate the irony of that statement in a web based presentation)

10 NATO UNCLASSIFIED 10 Should we worry about strength of A5 ? GSM was developed by ETSIGSM was developed by ETSI European Telecommunications Standards InstituteEuropean Telecommunications Standards Institute GSM algorithms developed by ETSI SAGEGSM algorithms developed by ETSI SAGE Security Algorithms Group of ExpertsSecurity Algorithms Group of Experts ETSI SAGEETSI SAGE Developed Algorithms for many civil telecom standards e.g. GSM, TETRA, DECT, 3G etcDeveloped Algorithms for many civil telecom standards e.g. GSM, TETRA, DECT, 3G etc SAGE developed the A5 algorithm for GSM Air Interface EncryptionSAGE developed the A5 algorithm for GSM Air Interface Encryption A5 provides greater protection than analogue cellular mobilesA5 provides greater protection than analogue cellular mobiles A5 fit for purposeA5 fit for purpose GSM was developed by ETSIGSM was developed by ETSI European Telecommunications Standards InstituteEuropean Telecommunications Standards Institute GSM algorithms developed by ETSI SAGEGSM algorithms developed by ETSI SAGE Security Algorithms Group of ExpertsSecurity Algorithms Group of Experts ETSI SAGEETSI SAGE Developed Algorithms for many civil telecom standards e.g. GSM, TETRA, DECT, 3G etcDeveloped Algorithms for many civil telecom standards e.g. GSM, TETRA, DECT, 3G etc SAGE developed the A5 algorithm for GSM Air Interface EncryptionSAGE developed the A5 algorithm for GSM Air Interface Encryption A5 provides greater protection than analogue cellular mobilesA5 provides greater protection than analogue cellular mobiles A5 fit for purposeA5 fit for purpose

11 NATO UNCLASSIFIED 11 Air Interface Encryption is optional Security within GSM Standards (network is trusted) protected vulnerable Air interface encryption Security within GSM Standards (transmitting OTA in clear) vulnerable Air interface encryption is optional AIE is optional. Users have no control and usually no knowledge of whether AIE is being used Some phones will indicate if AIE is in use - most do not GSM

12 NATO UNCLASSIFIED 12 End to End Encryption Security within GSM Standards (network is trusted) protected vulnerable Air interface encryption Security within GSM Standards (transmitting OTA in clear) vulnerable Air interface encryption is optional End to End Encryption over GSM (network is untrusted) protected End-to-end encryption GSM

13 NATO UNCLASSIFIED 13 Standard GSM Security Standard GSM encryption (A5)Standard GSM encryption (A5) optionaloptional over air-interface only (clear within network)over air-interface only (clear within network) There is a need for end to end encryptionThere is a need for end to end encryption Voice calls in GSM can be transcoded within the networkVoice calls in GSM can be transcoded within the network Transcoding errors are smallTranscoding errors are small –have a negligible effect on quality of analogue voice Cannot encrypt ordinary GSM voice calls as transcoding errors would prevent decryptionCannot encrypt ordinary GSM voice calls as transcoding errors would prevent decryption Standard GSM encryption (A5)Standard GSM encryption (A5) optionaloptional over air-interface only (clear within network)over air-interface only (clear within network) There is a need for end to end encryptionThere is a need for end to end encryption Voice calls in GSM can be transcoded within the networkVoice calls in GSM can be transcoded within the network Transcoding errors are smallTranscoding errors are small –have a negligible effect on quality of analogue voice Cannot encrypt ordinary GSM voice calls as transcoding errors would prevent decryptionCannot encrypt ordinary GSM voice calls as transcoding errors would prevent decryption

14 NATO UNCLASSIFIED 14 Secure GSM Secure GSM send encrypted voice over a GSM data connectionSecure GSM send encrypted voice over a GSM data connection GSM data connections are not transcodedGSM data connections are not transcoded –Separate phone number for data connections tells the GSM network not to transcode Secure GSM uses the transparent data serviceSecure GSM uses the transparent data service Bearer service 26 (9.6 kbps) or 25 (4.8 kbps)Bearer service 26 (9.6 kbps) or 25 (4.8 kbps) Circuit switched data connectionCircuit switched data connection –Fixed delays (required for speech) –No error correction Initially:Initially: GSM used a 13 kbps voice coder (RPE-LPC)GSM used a 13 kbps voice coder (RPE-LPC) Data services limited to 9.6 kbpsData services limited to 9.6 kbps So using the data service to send encrypted speech required the use of a different voice coderSo using the data service to send encrypted speech required the use of a different voice coder Secure GSM send encrypted voice over a GSM data connectionSecure GSM send encrypted voice over a GSM data connection GSM data connections are not transcodedGSM data connections are not transcoded –Separate phone number for data connections tells the GSM network not to transcode Secure GSM uses the transparent data serviceSecure GSM uses the transparent data service Bearer service 26 (9.6 kbps) or 25 (4.8 kbps)Bearer service 26 (9.6 kbps) or 25 (4.8 kbps) Circuit switched data connectionCircuit switched data connection –Fixed delays (required for speech) –No error correction Initially:Initially: GSM used a 13 kbps voice coder (RPE-LPC)GSM used a 13 kbps voice coder (RPE-LPC) Data services limited to 9.6 kbpsData services limited to 9.6 kbps So using the data service to send encrypted speech required the use of a different voice coderSo using the data service to send encrypted speech required the use of a different voice coder

15 NATO UNCLASSIFIED 15 End to end secure GSM Voice Coder Speech must be encoded (digitised) Crypto Encoded speech is encrypted GSM data Encrypted speech is transmitted over GSM data connection Error Protection Transparent data service provides no error correction Voice Coder Error Protection GSM data Crypto End to end encrypted GSM End to end encrypted GSM Uses the GSMUses the GSM data connectiondata connection Provides its ownProvides its own Voice CoderVoice Coder Error ProtectionError Protection End to end encrypted GSM End to end encrypted GSM Uses the GSMUses the GSM data connectiondata connection Provides its ownProvides its own Voice CoderVoice Coder Error ProtectionError Protection

16 NATO UNCLASSIFIED 16 Voice Coders Introduction to STANAG 4591 The new NATO Voice Coder NC3A Workshop October 18th 2002 At TNO-FEL, The Hague, The Netherlands Organised by the NATO C3 Agency and the NATO Ad-Hoc Working Group on Narrow Band Voice Coding For more details please email: voice@nc3a.info Topics Include: Need for a new NATO voice coder Tests to select Stanag 4591 Language independence testing Source Code & IPR Performance VoIP with S4591 Stanag 4591 in civil telecom standards End to end secure GSM doesn’t use ‘standard’ GSM voice coderEnd to end secure GSM doesn’t use ‘standard’ GSM voice coder For Secure GSM the choice of voice coder is independentFor Secure GSM the choice of voice coder is independent NATO Post-2000 Narrow Band Voice Coder (2400& 1200 bps)NATO Post-2000 Narrow Band Voice Coder (2400& 1200 bps) OutperformsOutperforms –CELP - 4.8k –CVSD - 16k –LPC10e - 2.4k Widely used by other secure usersWidely used by other secure users Can be used over GSM data servicesCan be used over GSM data services End to end secure GSM doesn’t use ‘standard’ GSM voice coderEnd to end secure GSM doesn’t use ‘standard’ GSM voice coder For Secure GSM the choice of voice coder is independentFor Secure GSM the choice of voice coder is independent NATO Post-2000 Narrow Band Voice Coder (2400& 1200 bps)NATO Post-2000 Narrow Band Voice Coder (2400& 1200 bps) OutperformsOutperforms –CELP - 4.8k –CVSD - 16k –LPC10e - 2.4k Widely used by other secure usersWidely used by other secure users Can be used over GSM data servicesCan be used over GSM data services

17 NATO UNCLASSIFIED 17 Plain and secure speech in GSM GSM GSM Network Inter-network connection GSM Network GSM Secure speech sent between GSM networksSecure speech sent between GSM networks Relies on inter-network connection supporting GSM transparent data service correctlyRelies on inter-network connection supporting GSM transparent data service correctly Secure speech sent between GSM networksSecure speech sent between GSM networks Relies on inter-network connection supporting GSM transparent data service correctlyRelies on inter-network connection supporting GSM transparent data service correctly Voice Number Speech Normal voice call sent through networkNormal voice call sent through network User calls GSM voice numberUser calls GSM voice number Normal voice call sent through networkNormal voice call sent through network User calls GSM voice numberUser calls GSM voice number Data Number Secure Speech Secure speech sent as data call through networkSecure speech sent as data call through network User calls GSM data numberUser calls GSM data number No transcodingNo transcoding Secure speech sent as data call through networkSecure speech sent as data call through network User calls GSM data numberUser calls GSM data number No transcodingNo transcoding Transcoder GSM /\ PCM GSM \/ PCM Transcoding in network is possible

18 NATO UNCLASSIFIED 18 Secure GSM / PSTN interworking PSTN Interworking Unit The interworking unit provides the interface for data calls between GSM and PSTN Data Number V.32 Modem V.110 like Protocol GSM Network Analogue mode GSM PSTN Deskset Crypto Unit Standard PSTN ‘phone

19 NATO UNCLASSIFIED 19 NC3A Experiences Results with existing Secure GSM equipment 1999 - 2002 Results with existing Secure GSM equipment 1999 - 2002

20 NATO UNCLASSIFIED 20 Crypto AG Secure GSM (NC3A Trials 1999) GSM - PSTN interworking via desksetGSM - PSTN interworking via deskset Manual key managementManual key management Crypto applique on conventional GSMCrypto applique on conventional GSM Call set up time approx 40 secondsCall set up time approx 40 seconds Encrypted speech onlyEncrypted speech only ReliabilityReliability –good on home network –variable when roamed –variable between GSM and PSTN Voice qualityVoice quality –good when strong signal –deteriorated when GSM signal was weak

21 NATO UNCLASSIFIED 21 Sagem Secure GSM (NC3A Trials 2000) Crypto applique on conventional GSMCrypto applique on conventional GSM Approved to FR ConfidentialApproved to FR Confidential GSM - PSTN interworking via desksetGSM - PSTN interworking via deskset Key Management SystemKey Management System Encrypted speech onlyEncrypted speech only Call set up time approx 20 secondsCall set up time approx 20 seconds ReliabilityReliability –good on home network –variable when roamed –variable between GSM and PSTN Voice qualityVoice quality –Generally good –Deteriorated when GSM signal was weak

22 NATO UNCLASSIFIED 22 More Secure GSMs Rhode & Schwarz “TopSec” Half rate GSM Voice coder GE RESTRICTED Released to NATO General Dynamics “Sectera” Includes STANAG 4591 2.4k voice coder US TYPE 1 Being released to NATO Tests of both requested by NC3A during 2000-2

23 NATO UNCLASSIFIED 23 Sectra Secure GSM (NC3A Trials 2000-2001) Military developmentMilitary development Swedish/Norwegian ProjectSwedish/Norwegian Project Crypto integral to terminalCrypto integral to terminal Integrated GSM / DECT unitIntegrated GSM / DECT unit DECT gives PSTN connectionDECT gives PSTN connection Encrypted Voice + DataEncrypted Voice + Data Key Management SystemKey Management System Good voice qualityGood voice quality Improved reliabilityImproved reliability when roamedwhen roamed when GSM signal was lowwhen GSM signal was low

24 NATO UNCLASSIFIED 24 NSK 200 Secure GSM (NC3A Trials 2001-2002) Norwegian military developmentNorwegian military development Crypto integral to terminalCrypto integral to terminal Authentication requiredAuthentication required Approved to NATO SECRETApproved to NATO SECRET Tested over GSM, DECT and via InmarsatTested over GSM, DECT and via Inmarsat Features and operation described in other presentationsFeatures and operation described in other presentations

25 NATO UNCLASSIFIED 25 Summary of Trials (Things to think about) Support for data callsSupport for data calls requires transparent data bearer services 25 & 26requires transparent data bearer services 25 & 26 varies with network operatorvaries with network operator Inter-network connectivityInter-network connectivity Secure calls between some countries never succeededSecure calls between some countries never succeeded Roaming agreementsRoaming agreements Not always in place in some areasNot always in place in some areas Support for data callsSupport for data calls requires transparent data bearer services 25 & 26requires transparent data bearer services 25 & 26 varies with network operatorvaries with network operator Inter-network connectivityInter-network connectivity Secure calls between some countries never succeededSecure calls between some countries never succeeded Roaming agreementsRoaming agreements Not always in place in some areasNot always in place in some areas

26 NATO UNCLASSIFIED 26 More on Secure GSM and Secure 3G Interested ?Interested ? When ?When ? Where ?Where ? Just GSM or 3G ?Just GSM or 3G ? Interested ?Interested ? When ?When ? Where ?Where ? Just GSM or 3G ?Just GSM or 3G ? Symposium on End to End Security in Mobile Cellular Networks London, December 2002 Call for papers Contributions are invited on the subjects of: Secure GSM 3G security End to end security via satellite services Network operators viewpoints Interoperability issues for end to end security Market differences: Commercial vs military users For details and submission of abstract (200 words) please contact: ACT Branch, NC3A, The Hague, The Netherlands. Tel: +31 70 374 3444 or Email. pcs@nc3a.info This event will be unclassified and attendance open to all

Download ppt "NATO UNCLASSIFIED 1 Secure GSM: Introduction and NC3A Experiences CIS Division NATO Command, Control & Consultation Agency"

Similar presentations

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA www.in-arg.com MESH VOIP.

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA MESH VOIP.
There are many types of WAN technologies that can be used to solve the problems of users who need network access from remote locations. We will go through.

There are many types of WAN technologies that can be used to solve the problems of users who need network access from remote locations. We will go through.
NSK 200 GSM Secure Telephone, NSK 201 DECT Single Base Station and NSK 250 Secure Management Centre (NDLO/CIS)

NSK 200 GSM Secure Telephone, NSK 201 DECT Single Base Station and NSK 250 Secure Management Centre (NDLO/CIS)
ARSITEKTUR DASAR SISTEM SELULER

ARSITEKTUR DASAR SISTEM SELULER
Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
BY, ARITRA GAUTAM (05-275) & G.PAVANI (05-272).. OVERVIEW OF GSM GSM (group special mobile or general system for mobile communications) is the Pan-European.

BY, ARITRA GAUTAM (05-275) & G.PAVANI (05-272).. OVERVIEW OF GSM GSM (group special mobile or general system for mobile communications) is the Pan-European.
GSM Network. GSM-Introduction Architecture Technical Specifications Frame Structure Channels Security Characteristics and features Applications Contents.

GSM Network. GSM-Introduction Architecture Technical Specifications Frame Structure Channels Security Characteristics and features Applications Contents.
GSM Global System for Mobile Communications

GSM Global System for Mobile Communications
Secure Communications in Civil Aviation Paul Wells A presentation to ATN 2002 25 September 2002.

Secure Communications in Civil Aviation Paul Wells A presentation to ATN September 2002.
GSM Adapted from www.mobinet.gr Acoe 422. History of GSM  During the 80s, analog cellular systems experienced rapid growth in Europe, yet they were incompatible.

GSM Adapted from Acoe 422. History of GSM  During the 80s, analog cellular systems experienced rapid growth in Europe, yet they were incompatible.
GSM (GLOBAL SYSTEM FOR MOBILE COMMUNICATION) Submitted to :-> MR. Ajmer Submitted by :-> HIMANI, POOJA (11 A) IP PROJECT WORK III Term SESSION – 2013 -14.

GSM (GLOBAL SYSTEM FOR MOBILE COMMUNICATION) Submitted to :-> MR. Ajmer Submitted by :-> HIMANI, POOJA (11 A) IP PROJECT WORK III Term SESSION –
The European Wireless Data Market Mark Holden Wireless Data Service Director Strategy Analytics October 1998.

The European Wireless Data Market Mark Holden Wireless Data Service Director Strategy Analytics October 1998.
Presentation On Study Of GSM BTS Guided by :- Mr. Suresh Dhruwey JTO(CMTS), Bhilai. Submitted By:- Amit Kumar Singh Priya Rajput Soumya Vaishnava Amit.

Presentation On Study Of GSM BTS Guided by :- Mr. Suresh Dhruwey JTO(CMTS), Bhilai. Submitted By:- Amit Kumar Singh Priya Rajput Soumya Vaishnava Amit.
By Neha choudhary Asst.Professor CSE/IT LHST-A.  GSM-Introduction  Architecture  Technical Specifications  Characteristics and features  Applications.

By Neha choudhary Asst.Professor CSE/IT LHST-A.  GSM-Introduction  Architecture  Technical Specifications  Characteristics and features  Applications.
IMT 2000, CDMA 2000 1 x And Future Trends.  IMT 2000 objective.  CDMA 2000 1x.  IMT 2000 Technological Options Brief Outline  Migration Paths.

IMT 2000, CDMA x And Future Trends.  IMT 2000 objective.  CDMA x.  IMT 2000 Technological Options Brief Outline  Migration Paths.
GSM—Global System for Mobile. 2 How does GSM handle multiple users The 1G cellular systems used FDMA. The first cellular standard adopting TDMA was GSM,

GSM—Global System for Mobile. 2 How does GSM handle multiple users The 1G cellular systems used FDMA. The first cellular standard adopting TDMA was GSM,
© GPRShelp 2004 An Introduction To GPRS. © GPRShelp 2004 Contents What is GPRS? GPRS Applications GPRS Myths GPRS Services Email – the killer application.

© GPRShelp 2004 An Introduction To GPRS. © GPRShelp 2004 Contents What is GPRS? GPRS Applications GPRS Myths GPRS Services – the killer application.
Overview.  UMTS (Universal Mobile Telecommunication System) the third generation mobile communication systems.

Overview.  UMTS (Universal Mobile Telecommunication System) the third generation mobile communication systems.
Introduction to the Course Justin Champion Room C208 - Tel: 3273 www.staffs.ac.uk/personel/engineering_and_technology/jjc1.

Introduction to the Course Justin Champion Room C208 - Tel:
GSM Security Overview (Part 1)

GSM Security Overview (Part 1)

Similar presentations

Ads by Google