1 / 26

Analysis of 2G and 3G Mobile Security

Analysis of 2G and 3G Mobile Security. Roy Campbell. UIUC : Roy Campbell Dennis Mickunas, Jalal Al-Muhtadi Sarosh Havewala. Motorola : Bruce Briley John Wang Rong Wang Lily Chen. Participants. Contents. Motorola study of wireless security protocols Present Proposed Approach

MikeCarlo
Télécharger la présentation

Analysis of 2G and 3G Mobile Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Analysis of 2G and 3G Mobile Security Roy Campbell

  2. UIUC: Roy Campbell Dennis Mickunas, Jalal Al-Muhtadi Sarosh Havewala Motorola: Bruce Briley John Wang Rong Wang Lily Chen Participants

  3. Contents • Motorola study of wireless security protocols • Present • Proposed • Approach • Other UIUC SRG security and mobile system research

  4. GSM Security • Analysis of • existing 2nd Generation (2G) CDMA and GSM security frameworks. • 3rd Generation (3G) CDMA and GSM network security proposals. • Analyzing various aspects of 3G encryption and authentication techniques and their impact upon performance.

  5. Internet Security • IP/TCP/application layer security mechanisms effectiveness and performance over wireless networks • Comparative performance analyses of the various security mechanisms (literature versus our studies) • Security threat evaluation

  6. 2G GSM Security • Private Key • A3 Key Negotiation • A8 Key Generation • A5 Encryption • Private Key encrypts message to server • Server generates random number for session key

  7. 3G GSM Security Scenarios The effect of deploying security mechanisms under different scenarios and the impact on performance and security • Integration with Internet • Web Access • Multimedia • QoS • Network Applications • Levels of Service • Bandwidth

  8. Security Features within different Components Studying existing security features and their effectiveness under different traffic scenarios and QoP. • User • Subscriber • UMTS terminal equipment • Network operator • Service provider

  9. User Security Features • location confidentiality • identity confidentiality • traffic confidentiality • traffic integrity • non-repudiation • user events, numbering, service profile • access control

  10. Subscriber Security Features • Subscriber access to service profile • user action authorization • incontestable charging • privacy of charging data • integrity of charging data • charging limitation

  11. Terminal Equipment • Location confidentiality • Authentication of user to terminal • Access control to terminal • Terminal numbering

  12. Network Operator Security • Databases • Re-authentication • Blacklisting • Tracing of users • User action authorization • Subscription authorization • Tracing of terminal equipment

  13. User Security Features Cont. • Signaling and control data • confidentiality • origin authentication • integrity • Authentication • user to user • network operator to user • service provider to user

  14. Plan of Action • Using “Simulation” software to model wireless communications networks, protocols, mobile devices, and various security mechanisms. • Existing Simulators: OPNET, OMNET++, C++Sim (others) • Alternatively, implementing our own simulator.

  15. Evaluating Performance over Wireless Links i1000plus Internet Evaluating different authentication & encryption mechanisms Base Gateway Base

  16. Modeling Wireless Communication Security plug-ins Internet Java Virtual Cell phone Java Virtual Cell phone Simulating A wireless link over TCP/IP Gateway Java Virtual Base Java Virtual Base

  17. UIUC SRG Security and Mobile System Research:Secure Active Network • Seraphim interoperable secure active networks • Role based access control policies • Dynamic security enforcement using active capability

  18. CORBA Security Services Object Implementation Client • Standard object interfaces for accessing security services • Authentication, non-repudiation, and access control • Interoperability between different security mechanisms • Interoperability among different policy domains A B request  * interceptor ORB SecIOP ORB SESAME Use & generate security information in the IOR

  19. Security Components Application Client ApplicationServer ActiveCapability/Certificates ActiveCapability/Certificates Stub BOA ORB Dynamic Policies Security Mechanisms Network Transport

  20. 2k: Global Distributed Mobile Object System • Mobile users, resources, dynamic networks • Infrastructure for smart spaces • Network-centric user-oriented view • Components • Security • Distributed object solutions

  21. Profile Service 2K Env. Service Office 3201 Naming Service QoS Office 3234

  22. IDL Interface GSS-API TinySESAME Ñ A Light-Weight Security Mechanism: Tiny UIUC SESAME

  23. Dynamic Security Policy with Risk Values • Policy representation framework supports: • Discretionary Access Control(DAC) • Double DAC • Role Base Access Control • Assignment of Risk values to different entities and dynamically changing them • Non-Discretionary Access Control including Mandatory Access Control(MAC) • GUI for building and administrating policies

  24. Profile Server Environment Service Environment Implementation Repository 2K Camera Device Driver PalmPilot Integration in 2K System Bootstrapping 2k System Utilization 2 1 3 4 5 6 Camera 7

  25. Streaming Video to Palm Pilot MPEG Stream • Palm Pilot • lacks processing power to decode MPEG • Video proxy • transforms MPEG streams • reduces • frame rate, color depth, size • sends compressed bitmaps Video Proxy Compressed Bitmap Stream

  26. Loadable Protocols • Transparently change CORBA networking • Dynamically loadable transport protocols • Supports multi-protocol applications • IP multicast protocol module (IPM) • Multicast used for discovery/allocation TAO GIOP TCP/IIOP LDP UDP IP Multicast

More Related