Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell.

Published byAshlee Hart Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell."— Presentation transcript:

1 1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell

2 2 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

3 3 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

4 4 Why do we need SSO ? Current Situation: Network users interact with multiple service providers.

5 5 Why do we need SSO ? Problems: Usability, security, privacy…

6 6 What is SSO ? A mechanism that allows users to authenticate themselves to multiple service providers, using only one identity.

7 7 SSO – How ? Establish trust relationships, common security infrastructure (e.g. PKI), sign contractual agreements…

8 8 SSO – some examples Kerberos  TTP = Kerberos server  1) Authenticates user (password), issues “ticket”.  2) User shows ticket to service provider. Microsoft Passport  TTP = www.passport.com  1) Authenticates user (password), installs encrypted cookie.  2) Service Provider reads the cookie. Liberty Alliance  TTP = “Identity Provider”  1) Authenticates user, issues “assertion” (XML).  2) Assertion is shown to service provider.

9 9 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

10 10 Review of GSM Security

11 11 Review of GSM Security

12 12 Review of GSM Security

13 13 Review of GSM Security

14 14 Review of GSM Security

15 15 Review of GSM Security

16 16 Review of GSM Security

17 17 Review of GSM Security

18 18 Review of GSM Security

19 19 Review of GSM Security Encrypted under K c If the visited network can decrypt, then the SIM is authentic (IMSI matches K i )

20 20 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

21 21 Architecture - before

22 22 Architecture – after (1)

23 23 Architecture – after (2)

24 24 Architecture

25 25 Architecture Service providers form trust relationships with the home network.

26 26 Architecture Singe Sign-On using SIM (IMSI) !

27 27 SSO Protocol

28 28 SSO Protocol

29 29 SSO Protocol

30 30 SSO Protocol

31 31 SSO Protocol

32 32 SSO Protocol

33 33 SSO Protocol

34 34 SSO Protocol

35 35 SSO Protocol

36 36 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

37 37 Replay Attack Attacker could capture this message and replay it later in order to impersonate the user identified by the IMSI.

38 38 Replay Attack At the time of replay another RAND will be selected by the service provider and the protocol will fail. fresh ! old ! X

39 39 Reflection Attack The service provider SP “A” is malicious. It wants to impersonate the user to SP “B”.

40 40 Reflection Attack

41 41 Reflection Attack

42 42 Reflection Attack

43 43 Reflection Attack

44 44 Reflection Attack

45 45 Reflection Attack

46 46 Reflection Attack X

47 47 Other Attacks SIM theft / cloning SIM PIN is optional! Need two-factor user authentication. Home network server is SPoF Vulnerable to DoS attack. It is assumed that it is well-protected. Attacks on the SP-home network link Link must be integrity-protected and encrypted. SSL/TLS, VPN, IPSec, etc…

48 48 Agenda Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

49 49 Advantages no user interaction is required. protocol can be repeated many times. simple single logoff. no sensitive information is sent. no major computational overheads. no changes in deployed GSM infrastructure. fraud management extends to SSO. can easily be extended to enable LBS.

50 50 Disadvantages works only for GSM subscribers. global identifier (IMSI). might incur costs for service providers.

51 51 Extension for UMTS

52 52 Thanks! Questions?

Download ppt "1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
SCSC 455 Computer Security

SCSC 455 Computer Security
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007.

OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Slide 1 Vitaly Shmatikov CS 378 Attacks on Authentication.

Slide 1 Vitaly Shmatikov CS 378 Attacks on Authentication.
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013

1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Www.mobilevce.com © 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.

© 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.

Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Similar presentations

Ads by Google