1 / 16

Implications of Unlicensed Mobile Access for GSM security

Implications of Unlicensed Mobile Access for GSM security. From : Proceeding of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005 Author : Sandro Grech, Pasi Eronen Presented by : Ying Long Chen. Outline.

alaina
Télécharger la présentation

Implications of Unlicensed Mobile Access for GSM security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implications of Unlicensed Mobile Access for GSM security From:Proceeding of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005 Author:Sandro Grech, Pasi Eronen Presented by:Ying Long Chen

  2. Outline • Overview of UMA • Introduction • Background: GSM and GPRS security • UMA overview • Security Analysis • Protecting against the attack • Conclusion

  3. Introduction • Why UMA • Indoor coverage issue for GSM • Bandwidth issue • The standardization work is continued by 3GPP

  4. GSM and GPRS Security • Authentication:avoid fraudulent access by a cloned MS • Encryption:avoid unauthorized listening • Parameters: • Ki:used to achieve authentication(128 bit) • Ki is stored in AUC and SIM • Ki is not known to the subscriber • Rand:128-bit random number by the home system • SRES:32-bit generated by Algorithm A3 • Kc:generated by Algorithm A8 for the encryption • Frame number:a TDMA frame number encoded in the data bits

  5. GSM and GPRS Security • Authentication algorithm: • A3 • Authentication function • Stored in AUC and SIM • Encryption algorithm: • A8 • To generated the encryption key • Stored in AUC and SIM • A5 • An algorithm stored in the MS (handset hardware) and the visit system • Used for data ciphering and deciphering

  6. GSM and GPRS Security

  7. UMA overview UMA security mechanisms

  8. UMA overview 1. Unlicensed Interface Security: • Outside the scope of UMA 2. Up Interface Security • Traffic between the phone and the UNC is protected by IPSec ESP tunnel, which is established and maintained using IKEv2 3. CN authentication, GPRS ciphering • The authentication between the phone and UNC does not replace the normal GSM authentication between the phone and MSC 4. Data application security • Outside the scope of UMA

  9. UMA Security Mechanisms • Authentication Mechanisms • UMA stage 2 states that mutual authentication between Mobile Station and UNC shall be accomplished using Internet Key Exchange (IKEv2) protocol and the Extensible Authentication Protocol (EAP) • Confidentiality Mechanisms • IPsec protect all signal and user traffic sent between MS and UNC-SGW over the Up interface.

  10. UMA Security Mechanisms • Integrity Mechanisms • As part of IPsec, messages could be integrity protected. IPsec use a hash with a secret key to provide integrity protection. This scheme is called an HMAC(Hashed Message Authentication Code) • User Credentials • All long-term security credentials used for subscriber and network authentication are stored on the SIM

  11. UMA overview

  12. UMA overview

  13. UMA Security Analysis • IKEv2 • IMSI not protected enough • During the initial stage of the EAP-SIM and EAP-AKA procedures, when the Mobile Station sends IKE SA INIT, it will transfer its Network Access Identifier (NAI), containing the IMSI. This message is encrypted. • But an attacker intercepting traffic to the UNC-SGW could act as a false UNC-SGW and receive the NAI of the Mobile Station before it has to authenticate itself as a valid UNC. This information could be used to locate a mobile subscriber, hence violating the subscriber identity. This identity probing is a known issue caused by the IKEv2 protocol • Dos attack: • Before the responder authenticate the initiator,the responder will compute DH agreed key (指數運算),so the attacker can make a lot of request to build IKE SA.

  14. UMA Security Analysis • Open Platform • Unauthorized access and identity spoofing • By virus or Trojan horse • Exploitation of implementation weakness • Such as buffer overflow • Denial of service • Attack from WLAN、internet • Eavesdropping • Location spoofing

  15. Protecting against the attack • Protecting non-malicious users’ terminals • Technical prevention of unapproved terminals • Legal prevention of unapproved terminals • Detecting and disabling misbehaving terminals • Increasing core network resistance to attacks

  16. Conclusion & Future Work • Since the UMA specifications have been published only recently, it is possible that they contain problems with potential security implications. • Future work is also required to determine the security impact of UMA in roaming situations, to identify better countermeasures against denial-of-service attacks, and to investigate mechanisms for detecting misbehavior and fraud

More Related