1 / 10

Infrastructure for a Secure Interface between Wireless and Wired Networks

Infrastructure for a Secure Interface between Wireless and Wired Networks. Chen-Nee Chuah & Mark D. Spiller CS 261, Dec. 4, 1998. Mobile Services & Issues. Envisioned Service Types: How does one integrate the security of the wireless system and the (wire-based) services?

joann
Download Presentation

Infrastructure for a Secure Interface between Wireless and Wired Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Infrastructure for a Secure Interface between Wireless and Wired Networks Chen-Nee Chuah & Mark D. Spiller CS 261, Dec. 4, 1998

  2. Mobile Services & Issues • Envisioned Service Types: • How does one integrate the security of the wireless system and the (wire-based) services? • What levels of trust are possible, and with whom?

  3. GSM Overview AS: {Ki, IMSI} • Phone company authenticates and sets up encrypted connection before any data transfer. • Shared secret between SIM and AS allows the setup of a secure link between the BS and the mobile unit. • BS is trusted per session by handset and AS. • GSM’s security assumed sufficient. GSM Network AS 2.{Rand, SRES,Kc} 1.{IMSI/TMSI} BS Encrypted with Kc 4.{SRES} 3.{Rand} SIM: {Ki, IMSI}

  4. Ideal GSM Service Interface AS: {Ki1, SRES1,Kc} • Ideal Case: Separate secret and encrypted link to SG • AS/BS provide connection, but not trusted • Not feasible with current GSM infrastructure GSM Network AS SG: {Ki1, SRES1,Kc} SG BS S S Components: • Handsets/SIM • Base Station (BS) • Authentication Station (AS) • Service Gateway (SG) • Intermediate proxies? • Services (S) Encrypted with Ks Encrypted with Kc SIM: {{Ki1,SRES1,Kc}, {Ki2, SRES2,Ks}}

  5. Service Interfaces for GSM AS: {Ki, SRES, Kc} • Design variables, given GSM authentication, secure air channel, and existing deployed base: • Who connects to the SG (AS,BS)? • The security along that link • SG entrusted with Ki, re-authenticates user via some sort of re-challenge, or • Shared secret between phone company (AS) and SG. • Lack of ability to change phone forces some trust of BS GSM Network AS SG BS S S Encrypted with Kc SIM: {Ki,SRES,Kc}

  6. Service Gateway (SG) Issues • What is provided on the service side to • Authenticate the user? • Provide security & trust in the BS-SG and SG-S links? • Design variables: • How much do we trust SG versus the phone company? • What are the costs involved (e.g. backward compatibility)? • What are the inherent limitations (SIM cards, handsets, base stations, services)?

  7. Service Gateway Trade-Offs Security

  8. Implementation of Infrastructure Uses existing Iceberg test-bed - Changes required: • Additional intelligence in UPSIM (PLUS) that controls BS • Recognize service request and forward to IP-PAD • IPPAD sub-module and SG interfaces • Authenticate user via BS, and get ticket/key to set up encrypted channel from BS to services (Models 2 & 3). IPPAD BS SG S UPSIM S Ethernet

  9. Conclusions & Future Work • It would have been nice if service support had been designed into the GSM spec from the start. • We explored some solutions for secure service access, but: • The existing technology infrastructure & protocols are limited (e.g.double encryption (hardware/software)) • Too much trust in the BS and phone company • Best case uses time-stamped session key/ticket to avoid replay attack, and password changes to revoke BS trust • The means of choosing and interacting with services from a phone are limited (some standard way/number/etc is needed). • Future Issues: • Compatibility between different systems. • How do proxies fit into the security model?

  10. Header? GSM Services...

More Related