1 / 20

GSM

GSM. Network Security ‘s Research Project. By: Jamshid Rahimi Sisouvanh Vanthanavong. Contents. GSM Overview GSM Architecture GSM Security Architecture Anonymity Authentication Confidentiality GSM Authentication Protocol GSM Security Flaws Crypto Flaws Invalid Assumptions

azize
Télécharger la présentation

GSM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Friday, February 20, 2009 GSM Network Security ‘s Research Project By: JamshidRahimi SisouvanhVanthanavong

  2. Contents • GSM Overview • GSM Architecture • GSM Security Architecture • Anonymity • Authentication • Confidentiality • GSM Authentication Protocol • GSM Security Flaws • Crypto Flaws • Invalid Assumptions • SIM Attacks • Fake base station • GSM Conclusions 1 Friday, February 20, 2009

  3. GSM Overview GSM introduction & History • - GSM: Global System for Mobile communication • GSM frequency is used the 2G and 3G network • - 1982 Beginning of GSM (GroupeSpéciale Mobile) • - 1986 GSM radio standard • - 1987 GroupeSpéciale Mobile (in French) changed to Global System for Mobile communication • - 1989 The European Telecommunications Standards Institute accepted GSM as the digital cellular telephony standard. • - 1990 Phase 1 GSM 900 specification • - 1991 First GSM 900 demonstrated • - 1994 First GSM networks in Africa • - 1995 GSM phase 2 standardization is completed • - 1999 First GPRS network • - 2001 more than 500 million people are GSM users 1 Source: http://www.cellular.co.za/gsmhistory.htm Friday, February 20, 2009

  4. GSM Architecture • - The mobile is a cell phone • - The air interface (a wireless network that transmission from the cell phone to a base station. • - The visited network includes multiple base stations and a base station controller. 1 Friday, February 20, 2009

  5. GSM Architecture Continued… • The PSTN is also referred to as “land lines” to distinguish it from the wireless network. • The home network includes a home location registry or HLR • The authentication center or AuC maintains the crucial billing information for all mobiles for which this particular home network is home 1 Friday, February 20, 2009

  6. GSM Architecture Continued… 1 Friday, February 20, 2009

  7. GSM Architecture Continued… • GSM mobile phone contains Subscriber Identity Module or SIM. • SIM includes a International Mobile Subscriber ID or IMSI. • The SIM also contains a 128-bit key. this key is universally knows as Ki 1 Friday, February 20, 2009

  8. GSM security architecture • The primary security goals set forth by the designers of GSM were: • Make GSM as secure as ordinary telephones • Prevent cell phone cloning • GSM was not designed to resist an active attack. At the time, active attacks were considered infeasible. • The designers of GSM considered the biggest threats to be insecure billing, corruption, and similar low-tech attacks 1 Friday, February 20, 2009

  9. GSM security architecture • GSM consists of 3 security issues: • - Anonymity: • The anonymity goal for GSM is to prevent intercepted traffic from being used to identify the caller. • - Authentication: • Correct authentication is necessary for proper billing. Cloning problems is one of the failures • Confidentiality: • Calls over the air interface is important to customers and company. 1 Friday, February 20, 2009

  10. Anonymity • GSM provides a very limited form of anonymity • IMSI is used to initially identify the caller then a Temporary Mobile Subscriber ID (TMSI), is assigned to the caller • TMSI is subsequently used to identify the caller • Net effect is that if an attacker captures the initial part of the call, where the IMSI is passed • But practically filtering of IMSI not easy. 1 Friday, February 20, 2009

  11. Authentication • In GSM, the caller is authenticated to the base station, but the authentication is not mutual. • GSM authentication employs a challenge-response mechanism • Mobile -> BS -> LHR • Ki is known to LHR which corresponds to caller IMSI • HLR generate RAND and computes the “expected response,” XRES = A3(RAND, Ki) • BS sends RAND to Mobile • Mobile responses as SRES • LHR computes XRES=SRES • Ki never lease the LHR 1 Friday, February 20, 2009

  12. Confidentiality • GSM uses a stream cipher to encrypt the data. • High error rate, which is typically about 1 in 1,000 bits, in the cell phone environment. • Block cipher, each transmission error causes one or two entire plaintext blocks to be garbled (depending on the mode), while a stream cipher garbles only those plaintext bits corresponding to the specific ciphertext bits that are in error. • Encryption symbol is Kc Friday, February 20, 2009

  13. Authentication & Encryption 1 • 1 & 2.IMSI • 3. Kc = A8(RAND, Ki) (Encryption Algorithm) XRES = A3(RAND,Ki) (Authentication … ) • 5. Mobile Computes Kc and Ki to generate SRES • 6. A5(Kc) is shared symmetric key Friday, February 20, 2009

  14. GSM Security Flaws • There are cryptographic flaws • There are protocol flaws as well. • Attacks on GSM are due to invalid security assumptions made by the original designers of GSM Friday, February 20, 2009

  15. GSM Security Flaws Crypto Flaws • HashesA3 andA8 both rely on a hash function known as COMP128 can be broken by 150,000 chosen plaintexts • A seller can determine Ki before selling and clone later Friday, February 20, 2009

  16. GSM Security Flaws Invalid Assumptions • A GSM phone call is encrypted between the mobile and the base station but not from the base station to the base station controller • Nowadays link between BS and BSC is over a microwave link • Since microwave is a wireless media, it is possible for an attacker to eavesdrop on unprotected calls over this link Friday, February 20, 2009

  17. GSM Security Flaws SIM Attacks • Ki is the concern here • One known as optical fault induction, an attacker could force a SIM card to divulge its Ki by using an ordinary flashbulb [209]. • Partitioning attacks Friday, February 20, 2009

  18. GSM Security Flaws Fake Base station 1st: There is no mutual authentication 2nd: BS decides whether to encrypt voice or not. Friday, February 20, 2009

  19. GSM Conclusions • GSM is a security failure— though it is certainly a commercial success • But GSM achieved its security design goals on PSTN • First goal eliminate the cloning and secure as PSTN • 2nd goal is that GSM air interface has the fake base station problem but PSTN has wire-taping • The real problem with GSM security is that the initial design goals were too limited • The major insecurities in GSM include weak crypto, SIM issues, the fake base station attack, and a total lack of replay protection. Friday, February 20, 2009

  20. Friday, February 20, 2009 Thank You ! Comments.

More Related