Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell.

Similar presentations


Presentation on theme: "1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell."— Presentation transcript:

1 1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell

2 2 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

3 3 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

4 4 Why do we need SSO ? Current Situation: Network users interact with multiple service providers.

5 5 Why do we need SSO ? Problems: Usability, security, privacy…

6 6 What is SSO ? A mechanism that allows users to authenticate themselves to multiple service providers, using only one identity.

7 7 SSO – How ? Establish trust relationships, common security infrastructure (e.g. PKI), sign contractual agreements…

8 8 SSO – some examples Kerberos  TTP = Kerberos server  1) Authenticates user (password), issues “ticket”.  2) User shows ticket to service provider. Microsoft Passport  TTP = www.passport.com  1) Authenticates user (password), installs encrypted cookie.  2) Service Provider reads the cookie. Liberty Alliance  TTP = “Identity Provider”  1) Authenticates user, issues “assertion” (XML).  2) Assertion is shown to service provider.

9 9 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

10 10 Review of GSM Security

11 11 Review of GSM Security

12 12 Review of GSM Security

13 13 Review of GSM Security

14 14 Review of GSM Security

15 15 Review of GSM Security

16 16 Review of GSM Security

17 17 Review of GSM Security

18 18 Review of GSM Security

19 19 Review of GSM Security Encrypted under K c If the visited network can decrypt, then the SIM is authentic (IMSI matches K i )

20 20 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

21 21 Architecture - before

22 22 Architecture – after (1)

23 23 Architecture – after (2)

24 24 Architecture

25 25 Architecture Service providers form trust relationships with the home network.

26 26 Architecture Singe Sign-On using SIM (IMSI) !

27 27 SSO Protocol

28 28 SSO Protocol

29 29 SSO Protocol

30 30 SSO Protocol

31 31 SSO Protocol

32 32 SSO Protocol

33 33 SSO Protocol

34 34 SSO Protocol

35 35 SSO Protocol

36 36 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

37 37 Replay Attack Attacker could capture this message and replay it later in order to impersonate the user identified by the IMSI.

38 38 Replay Attack At the time of replay another RAND will be selected by the service provider and the protocol will fail. fresh ! old ! X

39 39 Reflection Attack The service provider SP “A” is malicious. It wants to impersonate the user to SP “B”.

40 40 Reflection Attack

41 41 Reflection Attack

42 42 Reflection Attack

43 43 Reflection Attack

44 44 Reflection Attack

45 45 Reflection Attack

46 46 Reflection Attack X

47 47 Other Attacks SIM theft / cloning SIM PIN is optional! Need two-factor user authentication. Home network server is SPoF Vulnerable to DoS attack. It is assumed that it is well-protected. Attacks on the SP-home network link Link must be integrity-protected and encrypted. SSL/TLS, VPN, IPSec, etc…

48 48 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

49 49 Advantages no user interaction is required. protocol can be repeated many times. simple single logoff. no sensitive information is sent. no major computational overheads. no changes in deployed GSM infrastructure. fraud management extends to SSO. can easily be extended to enable LBS.

50 50 Disadvantages works only for GSM subscribers. global identifier (IMSI). might incur costs for service providers.

51 51 Extension for UMTS

52 52 Thanks! Questions?


Download ppt "1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell."

Similar presentations


Ads by Google