1 / 30

G53SEC

G53SEC. Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth. 1. G53SEC. Today’s Lecture: Security in the mobile world GSM 3GPP / UTMS Mobile IPv6 Wi-Fi Bluetooth. 2. G53SEC. Introduction: Mobile computing one of the fastest growing segments of the PC market

kyrene
Download Presentation

G53SEC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. G53SEC Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth 1

  2. G53SEC • Today’s Lecture: • Security in the mobile world • GSM • 3GPP / UTMS • Mobile IPv6 • Wi-Fi • Bluetooth 2

  3. G53SEC • Introduction: • Mobile computing one of the fastest growing segments of the PC market • What is a mobile network? • Changing physical / geographical location • Changing network topology • Attached somewhere to a fixed network • Wireless communication 3

  4. G53SEC • Introduction: • What is different about mobile networks? • Low bandwidth – minimise message size and volume • Increased risk of eavesdropping • Security issues • Authentication • Privacy • Charging 4

  5. G53SEC • Introduction: • Mobile services pose new challenges • Some derive from technology • Some from applications • Physical access – no longer a barrier to network • - Wi-Fi access to corporate networks 5

  6. G53SEC • Introduction: • Current most active mobile technologies • GSM • 3GPP/UTMS • Mobile IP • IEEE 802.11 • Bluetooth 6

  7. G53SEC • Introduction: • Other areas of mobile networks with security implications • WAP – Wireless Application Protocol • Malicious scripting, Infrastructure issues • SMS – Short Messaging Service • Spam, spoofing, viruses • MANETs – Mobile Ad-hoc Networks • - Rogue nodes, Security only at academic stage 7

  8. G53SEC • GSM – 220 000 Cell Towers: 8

  9. G53SEC • GSM: • 1st Generation Cell Phones • Charge fraud – simple authentication • Alibi creation – call forwarding • GSM – Improvement from 1st generation • Good voice quality • Cheap end-systems • Low running costs • etc.. 9

  10. G53SEC • GSM: • Creation affected by political influences • Differing national regulations and attitudes towards cryptography • Law enforcement requested ability to wiretap • GSM security goals • Protection against charge fraud • Protection of voice and signal traffic • Phone theft tracking 10

  11. G53SEC • GSM: • Components • GSM user – subscriber in home network • Where service requested – serving network • Mobile station comprises • Mobile equipment • Subscriber Identity Module (SIM) • SIM card – smart card chip • Performs cryptographic operations • Stores keys • Stores personal data 11

  12. G53SEC • GSM: • IMSI – International Mobile Subscriber Identity • Unique subscriber identification • TMSI – Temporary Mobile Subscriber Identity • Used to avoid location tracking • Served when device joins a new subnet • IMSI catchers • Device authenticates to network but not vice versa • Catcher masquerades as a base station • Collects IMSI numbers 12

  13. G53SEC • GSM: • Cryptography • Uses symmetric cryptography • 3 algorithms • A3 – authentication (Provider specific) • A5 – encryption (Standardised) • A8 – key generation (Provider specific) • No official publication of algorithms exists • Cryptanalytic attacks do exist 13

  14. G53SEC • GSM: • Location Based Services • GSM network records location information of mobile equipment • Used for various services (e.g. traffic info) • Used for emergencies (Medical, Police, etc…) • Obligatory in some countries (e.g. the US) • Privacy implications 14

  15. G53SEC • GSM Summary: • GSM does not transmit secrets in the clear • Voice traffic encrypted over radio but not after base station • Some privacy protection through TMSI • but IMSI catchers exist to avoid TMSI • Law enforcement has access to recorded location data 15

  16. G53SEC • GSM Summary: • Criticism: • Cryptographic algorithms not made public • Unilateral authentication • Only mobile equipment authenticates to the network • Fraud: • Revenue flow attacked • Roaming fraud • Premium rate fraud 16

  17. G53SEC • 3GPP/UTMS: • Universal Mobile Telecommunications System • Next generation of GSM • Besides technical advancements, contains some security enhancements • Security architecture similar to GSM • Avoids IMSI Catchers • - Due to mutual authentication of mobile equipment to the network and vice versa 17

  18. G53SEC • 3GPP/UTMS: • Authentication • Support for mutual authentication • Privacy • Increased key sizes • Support for securing core network signalling data • Enhanced user identity confidentiality • Other • Integrity of signalling • Cryptographic algorithms made public 18

  19. G53SEC • Mobile IPv6: • GSM & UTMS have problems with access control due to lack of pre-established relationship • In IP if nodes move around: • - When IP address kept, data will not reach node at new location • - When IP address changes, communication has to be terminated and restarted • Mobile IP deals with these issues 19

  20. G53SEC • Mobile IPv6: • Mobile node has two addresses • permanent Home Address • Care of Address – associated with network the node is visiting • Addresses consist of location as well as interface identification 20

  21. G53SEC • Mobile IPv6: • Home agent – nodes with permanent address within agent's network • Foreign agent – nodes visiting network • When a node wants to communicate with another node, it uses its home address • Packets sent are intercepted by Home agent • Home agent uses care-of address advertised by Foreign Agent to communicate with destination node 21

  22. G53SEC • Wi-Fi: • Wireless technology generally based on a set of standards called IEEE 802.11 • A number of standards (a,b,g,n) exist depending on speed and technological improvements • A number of security protocols proposed • WEP • WPA • WPA2 22

  23. G53SEC • WiFi: 23

  24. G53SEC • Wi-Fi: • Wi-Fi Increasingly used at home and as part of businesses • New uses emerge frequently • City wide Wi-Fi • BT FON 24

  25. G53SEC • Wi-Fi: • Many Issues: • Incorrectly setup Access Points • Encryption • Access control • Wi-Fi not included in security policies in many institutions • - Weak encryption standards used • - Rogue Access Points • - War-driving 25

  26. G53SEC • Wi-Fi: • WEP • Key size a major security limitation • Algorithm is susceptible to a cryptanalysis attack • It uses the RC4 stream cipher algorithm • WEP allows certain packet parts to be reused • This allows attacker to obtain some known text • The rest is only a matter of statistical analysis 26

  27. G53SEC • Wi-Fi: • WEP • Original attack required hours of collected data to successfully find encryption key • 2007 – WEP cracked under 60 seconds by researchers from Germany • WPA • A quick preliminary solution to WEP issues • However vulnerable to a password guessing attack 27

  28. G53SEC • Wi-Fi: • WPA2 • A complete redesign of WLAN security mechanisms • Stream cipher RC4 replaced by AES • but WPA2 requires new hardware • To Remember: • For Wi-Fi access points only use WPA2 or in worst case WPA • WEP is totally broken! 28

  29. G53SEC • Bluetooth: • Technology for wireless ad-hoc networks • For short range communications • e.g. for keyboards, headsets, etc.. • Contains cryptographic mechanism for traffic protection between devices • Application level attacks exist • Bluesnarf exploits flawed implementations of access control – retrieves personal information • Viruses are beginning to appear • http://www.f-secure.com/weblog/archives/archive-072007.html 29

  30. G53SEC • Summary: • Security in the Mobile environment • Current mobile technologies 30

More Related