1 / 22

IWD2243 Wireless & Mobile Security

IWD2243 Wireless & Mobile Security. Chapter 2 : Security in Traditional Wireless Network. 2.1 Security in First Generation TWNs. 1G TWN – AMPS (Advanced Mobile Phone System) Designed with very little security – no encryption Can be intercept using police scanner

eliana-bradley
Télécharger la présentation

IWD2243 Wireless & Mobile Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IWD2243Wireless & Mobile Security Chapter 2 : Security in Traditional Wireless Network Prepared by : Zuraidy Adnan, FITM UNISEL

  2. 2.1 Security in First Generation TWNs • 1G TWN – AMPS (Advanced Mobile Phone System) • Designed with very little security – no encryption • Can be intercept using police scanner • For authentication – MS send Electronic Serial Number (ESN) to the network • Net verifies valid ESN (clear text) – allows subscribers access network services. • Radio hobbyist – can eavesdrop & capture valid ESN and use it to commit fraud. • Security part been enhanced in 2G TWN Prepared by : Zuraidy Adnan, FITM UNISEL

  3. 2.2 Security in 2nd Generation TWNs • Move from analog to digital – design led to significant improvement in the security • Speech coding algorithm, Gaussian Minimum Shift Keying (GMSK), digital modulation, slow freq hopping, TDMA. • See figure 17.1 : GSM Architecture • Network beyond BTS (RBS) is controlled environment – since it was controlled by service provider • Access network (MS to BTS (RBS)) considered as hostile operating environment Prepared by : Zuraidy Adnan, FITM UNISEL

  4. 2.2 Security in 2nd Generation TWNs (cont.) • Anonymity in GSM • ME switch on – identify itself to the network & requesting services from the network. • Location management using IMSI • Eavesdropper can capture IMSI over the air, since IMSI and subscriber identity need to be submitted in location mgmt. • Considered as security threat. • Anonymity feature – protect the subscriber against someone who knows the subscriber’s IMSI & try to trace subscribers location + identify call made to or from whom. • Using TMSI – still maintained in VLR/MSC – SIM authenticated with the network, network allocate TMSI to the subscriber. • For all communication with the SIM – used TMSI Prepared by : Zuraidy Adnan, FITM UNISEL

  5. 2.2 Security in 2nd Generation TWNs (cont.) • Key establishment in GSM • Key establishment – used to establish some sort of a secret or key between two communicating parties. • GSM security model – uses a128-bit preshared secret key (Ki) for securing ME-to-BTS interface. • Each SIM is embedded with a unique Ki – information which been shared by SIM and the network. • Part of network which hold the unique Ki – AuC Prepared by : Zuraidy Adnan, FITM UNISEL

  6. 2.2 Security in 2nd Generation TWNs (cont.) • Authentication in GSM • ME switch on – search for a wireless net to connect to by listening to a certain set of freq. • Found – ME-SIM sends a sign on message to the BTS (RBS) requesting for a network. • BTS contact MSC to decide whether or not to allow the ME-SIM access to the network. • MSC ask HLR to provide it with 5 sets of security triplets. • Sec triplets – 3 numbers – RAND (128bit random number), SRES (32bit signed response to the RAND generated using presharedKi), and session key Kc (encryption key generated using Ki) Prepared by : Zuraidy Adnan, FITM UNISEL

  7. 2.2 Security in 2nd Generation TWNs (cont.) • Authentication in GSM (cont.) • MSC pick one, and use it for current session. • RAND sent to the ME via BSC & BTS as a challenge. • ME expected to generate SRES to this RAND using A3 algorithm, Ki stored in its SIM. • SRES sent back to MSC via BTS & BSC. • MSC compares SRES received from ME with SRES from HLR. • Match – MSC safely deduce the ME-SIM has valid Ki. MSC allow ME to access the network. • If SRES do not match – would not allow ME to connect to the network. • See figure 17.2, 17.3 ; page 373. Prepared by : Zuraidy Adnan, FITM UNISEL

  8. 2.2 Security in 2nd Generation TWNs (cont.) • Authentication in GSM (cont.) • GSM does not specify how BTS and BSC need to be connected & not specify how to secure it. • GSM authenticate the SIM, not the subscriber. • What happen if ME is stolen? • GSM core net maintain a database for all valid equipment (EIR). Prepared by : Zuraidy Adnan, FITM UNISEL

  9. 2.2 Security in 2nd Generation TWNs (cont.) • Confidentiality in GSM • Session key Kc been used for providing confidentiality over the wireless ME-BTS interface – A5 algorithm. • A5 – Stream chiper – generates a unique key stream for every packet by using 64bit session key (Kc) and the sequence number of the frame as the input. • What’s wrong with GSM security? • No provision for any integrity protection. • Limited encryption scope. • The GSM chiper algorithm are not published along with GSM standard. Prepared by : Zuraidy Adnan, FITM UNISEL

  10. 2.2 Security in 2nd Generation TWNs (cont.) • What’s wrong with GSM security? (cont.) • Algorithm used for encryption in ME-BTS is no longer secure. • One way authentication. • SIM cloning. Prepared by : Zuraidy Adnan, FITM UNISEL

  11. 2.3 Security in 2.5 Generation TWNs • Explosive growth of the Internet – Upgrade net to 2.5G to provide data services. • Connecting ME to the Internet • GPRS (General Packet Radio Services) – provide ME with data connectivity to various web servers • GSM – voice call – 1 timeslot • GSM – data – multiple timeslots, because the need of more bandwidth. • Interesting implications on the security architecture. Prepared by : Zuraidy Adnan, FITM UNISEL

  12. 2.3 Security in 2.5 Generation TWNs (cont.) • WAP • GPRS provide layer 2 connectivity • Constraint for ME for using HTTP and HTML – bandwidth, memory, CPU, screen size. • Wireless Application Protocol (WAP) come in handy. • WAP – open spec that offers standard method to access internet based content and services from ME • Designed for minimizing bandwidth requirements • Information content formatted suitably for ME’s small screen, low bandwidth, high latency environment – WAE. Prepared by : Zuraidy Adnan, FITM UNISEL

  13. 2.3 Security in 2.5 Generation TWNs (cont.) • WAP (cont.) • See figure 17.8 : WAP programming model • Client - embedded browser in ME. Server – normal web server • New entity – WAP gateway • Embedded browser request using URL – forwarded by WAP gateway and get info using HTTP & HTML format. • WAP gateway role – reformat the content from web server suitable for WAE transmission and ME display • Language used – WML • End-to-end security required. Using WTLS in WAP stack. • WTLS modeled along the lines of Secure Socket Layer (SSL)/Transport Layer Security (TLS). Prepared by : Zuraidy Adnan, FITM UNISEL

  14. 2.3 Security in 2.5 Generation TWNs (cont.) • WAP (cont.) • TLS – designed for reliable transport layer (ie. TCP), while WTLS – operate for unreliable datagram transport. • WTLS protocol modified to cope with long roundtrip times and limited bandwidth availability. • WTLS optimized to operate with limited processing power and limited memory of ME. Prepared by : Zuraidy Adnan, FITM UNISEL

  15. 2.3 Security in 2.5 Generation TWNs (cont.) • Code Security • Applets can be downloaded and can be executed inside ME. • Extremely important to ensure that the applets is not a malicious piece of code that can harm ME. • Its important to have applets been signed by CA. • If the subscriber trust the CA, can execute the applets. • In otherwise they can block the execution of the applets. Prepared by : Zuraidy Adnan, FITM UNISEL

  16. 2.3 Security in 3 Generation TWNs • Universal Mobile Telecommunications System (UMTS) • Designed using GSM security as a starting point – to ensure interoperability between both technologies. • Anonymity in UMTS • Builds on the concept of TMSI introduced by GSM. • UMTS architecture provides provisions for encrypting any signaling or subscriber data that might reveal subscriber’s identity. • TMSI located at VLR/MSC, IMSI-TMSI mapping maintain in VLR/MSC Prepared by : Zuraidy Adnan, FITM UNISEL

  17. 2.3 Security in 3 Generation TWNs • Key establishment in UMTS • No key establishment protocol, uses 128bit preshared secret key (Ki) between USIM and AuC. • Form the basis for all security in UMTS • Authentication in UMTS • Authentication follows GSM authentication model • Net authenticate USIM and USIM authenticates the network • See figure 17.10a : UMTS authentication, page 389 • See figure 17.10b : UMTS authentication vector generation, page 390 • See figure 17.11 : UMTS response generation at USIM • Most provider used COMP128 algorithm for authentication protocol Prepared by : Zuraidy Adnan, FITM UNISEL

  18. 2.3 Security in 3 Generation TWNs • Confidentiality in UMTS • Use KASUMI encryption algorithm, 128bit session key CK. • More secure than A5 – GSM, longer key of encryption • See figure 17.12 : UMTS encryption, page 392. • Parameters for f8 (algorithm) : • 128bit CK • 32bit Count-c – chipering sequence number • 5bit Bearer – unique identifier for bearer chanel • 1bit Direction – indicates the direction of transmission • 16bit Length – indicates the length of key-stream block Prepared by : Zuraidy Adnan, FITM UNISEL

  19. 2.3 Security in 3 Generation TWNs • Confidentiality in UMTS (cont.) • The key stream XORed with plaintext = chipertext • At the receiving end, chipertextXORed with key stream = plaintext • UMTS security extends the encrypted interface from BTS back to the RNC Prepared by : Zuraidy Adnan, FITM UNISEL

  20. 2.3 Security in 3 Generation TWNs • Integrity protection in UMTS • Using integrity key – IK, derived using authentication process. • See figure 17.13 : UMTS message integrity • Parameters in f9 (algorithm) : • 128bit IK • 32bit integrity sequence number • Message • Direction • 32bit Fresh – perconnection nonce • Output, chipertext MAC-I • At the receiving end, the process repeated, XMAC-I • The receiver compares XMAC-I with MAC-I, so the receiver can deduce that the message was not tampered with. Prepared by : Zuraidy Adnan, FITM UNISEL

  21. 2.3 Security in 3 Generation TWNs • Putting the pieces together • See figure 17.14 : UMTS Security – Overview, page 396. • Network Domain Security • Mobile Application Part (MAP), MAPSEC protocol – works at the app layer to protect MAP message cryptographically. • See figure 17.15 : MAPSEC, page 399. • Key Administration Center (KAC) – establish security association (SA) with KAC network B. • Use Internet Key Exchange (IKE) protocol. • 3 mode protection :- no protection, integrity protection only, integrity with confidentiality. Prepared by : Zuraidy Adnan, FITM UNISEL

  22. 2.3 Security in 3 Generation TWNs • Network Domain Security (cont.) • Strongly influenced by IPSec protocol. • Instead having MAP in SS7 (MAPSEC), MAP over IP-based networks. • UMTS network designers model MAPSEC along IPSec lines. • See figure 17.16 : MAP over IP-based networks, page 400. • KAC replaced by Security Gateway (SEG) • Establish SA with Network B, but not distribute SA’s to its Network Elements (NE) • It maintain database of established SAs and database that specify how and when SAs is going to be used. Prepared by : Zuraidy Adnan, FITM UNISEL

More Related