220 likes | 445 Vues
IWD2243 Wireless & Mobile Security. Chapter 2 : Security in Traditional Wireless Network. 2.1 Security in First Generation TWNs. 1G TWN – AMPS (Advanced Mobile Phone System) Designed with very little security – no encryption Can be intercept using police scanner
E N D
IWD2243Wireless & Mobile Security Chapter 2 : Security in Traditional Wireless Network Prepared by : Zuraidy Adnan, FITM UNISEL
2.1 Security in First Generation TWNs • 1G TWN – AMPS (Advanced Mobile Phone System) • Designed with very little security – no encryption • Can be intercept using police scanner • For authentication – MS send Electronic Serial Number (ESN) to the network • Net verifies valid ESN (clear text) – allows subscribers access network services. • Radio hobbyist – can eavesdrop & capture valid ESN and use it to commit fraud. • Security part been enhanced in 2G TWN Prepared by : Zuraidy Adnan, FITM UNISEL
2.2 Security in 2nd Generation TWNs • Move from analog to digital – design led to significant improvement in the security • Speech coding algorithm, Gaussian Minimum Shift Keying (GMSK), digital modulation, slow freq hopping, TDMA. • See figure 17.1 : GSM Architecture • Network beyond BTS (RBS) is controlled environment – since it was controlled by service provider • Access network (MS to BTS (RBS)) considered as hostile operating environment Prepared by : Zuraidy Adnan, FITM UNISEL
2.2 Security in 2nd Generation TWNs (cont.) • Anonymity in GSM • ME switch on – identify itself to the network & requesting services from the network. • Location management using IMSI • Eavesdropper can capture IMSI over the air, since IMSI and subscriber identity need to be submitted in location mgmt. • Considered as security threat. • Anonymity feature – protect the subscriber against someone who knows the subscriber’s IMSI & try to trace subscribers location + identify call made to or from whom. • Using TMSI – still maintained in VLR/MSC – SIM authenticated with the network, network allocate TMSI to the subscriber. • For all communication with the SIM – used TMSI Prepared by : Zuraidy Adnan, FITM UNISEL
2.2 Security in 2nd Generation TWNs (cont.) • Key establishment in GSM • Key establishment – used to establish some sort of a secret or key between two communicating parties. • GSM security model – uses a128-bit preshared secret key (Ki) for securing ME-to-BTS interface. • Each SIM is embedded with a unique Ki – information which been shared by SIM and the network. • Part of network which hold the unique Ki – AuC Prepared by : Zuraidy Adnan, FITM UNISEL
2.2 Security in 2nd Generation TWNs (cont.) • Authentication in GSM • ME switch on – search for a wireless net to connect to by listening to a certain set of freq. • Found – ME-SIM sends a sign on message to the BTS (RBS) requesting for a network. • BTS contact MSC to decide whether or not to allow the ME-SIM access to the network. • MSC ask HLR to provide it with 5 sets of security triplets. • Sec triplets – 3 numbers – RAND (128bit random number), SRES (32bit signed response to the RAND generated using presharedKi), and session key Kc (encryption key generated using Ki) Prepared by : Zuraidy Adnan, FITM UNISEL
2.2 Security in 2nd Generation TWNs (cont.) • Authentication in GSM (cont.) • MSC pick one, and use it for current session. • RAND sent to the ME via BSC & BTS as a challenge. • ME expected to generate SRES to this RAND using A3 algorithm, Ki stored in its SIM. • SRES sent back to MSC via BTS & BSC. • MSC compares SRES received from ME with SRES from HLR. • Match – MSC safely deduce the ME-SIM has valid Ki. MSC allow ME to access the network. • If SRES do not match – would not allow ME to connect to the network. • See figure 17.2, 17.3 ; page 373. Prepared by : Zuraidy Adnan, FITM UNISEL
2.2 Security in 2nd Generation TWNs (cont.) • Authentication in GSM (cont.) • GSM does not specify how BTS and BSC need to be connected & not specify how to secure it. • GSM authenticate the SIM, not the subscriber. • What happen if ME is stolen? • GSM core net maintain a database for all valid equipment (EIR). Prepared by : Zuraidy Adnan, FITM UNISEL
2.2 Security in 2nd Generation TWNs (cont.) • Confidentiality in GSM • Session key Kc been used for providing confidentiality over the wireless ME-BTS interface – A5 algorithm. • A5 – Stream chiper – generates a unique key stream for every packet by using 64bit session key (Kc) and the sequence number of the frame as the input. • What’s wrong with GSM security? • No provision for any integrity protection. • Limited encryption scope. • The GSM chiper algorithm are not published along with GSM standard. Prepared by : Zuraidy Adnan, FITM UNISEL
2.2 Security in 2nd Generation TWNs (cont.) • What’s wrong with GSM security? (cont.) • Algorithm used for encryption in ME-BTS is no longer secure. • One way authentication. • SIM cloning. Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 2.5 Generation TWNs • Explosive growth of the Internet – Upgrade net to 2.5G to provide data services. • Connecting ME to the Internet • GPRS (General Packet Radio Services) – provide ME with data connectivity to various web servers • GSM – voice call – 1 timeslot • GSM – data – multiple timeslots, because the need of more bandwidth. • Interesting implications on the security architecture. Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 2.5 Generation TWNs (cont.) • WAP • GPRS provide layer 2 connectivity • Constraint for ME for using HTTP and HTML – bandwidth, memory, CPU, screen size. • Wireless Application Protocol (WAP) come in handy. • WAP – open spec that offers standard method to access internet based content and services from ME • Designed for minimizing bandwidth requirements • Information content formatted suitably for ME’s small screen, low bandwidth, high latency environment – WAE. Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 2.5 Generation TWNs (cont.) • WAP (cont.) • See figure 17.8 : WAP programming model • Client - embedded browser in ME. Server – normal web server • New entity – WAP gateway • Embedded browser request using URL – forwarded by WAP gateway and get info using HTTP & HTML format. • WAP gateway role – reformat the content from web server suitable for WAE transmission and ME display • Language used – WML • End-to-end security required. Using WTLS in WAP stack. • WTLS modeled along the lines of Secure Socket Layer (SSL)/Transport Layer Security (TLS). Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 2.5 Generation TWNs (cont.) • WAP (cont.) • TLS – designed for reliable transport layer (ie. TCP), while WTLS – operate for unreliable datagram transport. • WTLS protocol modified to cope with long roundtrip times and limited bandwidth availability. • WTLS optimized to operate with limited processing power and limited memory of ME. Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 2.5 Generation TWNs (cont.) • Code Security • Applets can be downloaded and can be executed inside ME. • Extremely important to ensure that the applets is not a malicious piece of code that can harm ME. • Its important to have applets been signed by CA. • If the subscriber trust the CA, can execute the applets. • In otherwise they can block the execution of the applets. Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 3 Generation TWNs • Universal Mobile Telecommunications System (UMTS) • Designed using GSM security as a starting point – to ensure interoperability between both technologies. • Anonymity in UMTS • Builds on the concept of TMSI introduced by GSM. • UMTS architecture provides provisions for encrypting any signaling or subscriber data that might reveal subscriber’s identity. • TMSI located at VLR/MSC, IMSI-TMSI mapping maintain in VLR/MSC Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 3 Generation TWNs • Key establishment in UMTS • No key establishment protocol, uses 128bit preshared secret key (Ki) between USIM and AuC. • Form the basis for all security in UMTS • Authentication in UMTS • Authentication follows GSM authentication model • Net authenticate USIM and USIM authenticates the network • See figure 17.10a : UMTS authentication, page 389 • See figure 17.10b : UMTS authentication vector generation, page 390 • See figure 17.11 : UMTS response generation at USIM • Most provider used COMP128 algorithm for authentication protocol Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 3 Generation TWNs • Confidentiality in UMTS • Use KASUMI encryption algorithm, 128bit session key CK. • More secure than A5 – GSM, longer key of encryption • See figure 17.12 : UMTS encryption, page 392. • Parameters for f8 (algorithm) : • 128bit CK • 32bit Count-c – chipering sequence number • 5bit Bearer – unique identifier for bearer chanel • 1bit Direction – indicates the direction of transmission • 16bit Length – indicates the length of key-stream block Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 3 Generation TWNs • Confidentiality in UMTS (cont.) • The key stream XORed with plaintext = chipertext • At the receiving end, chipertextXORed with key stream = plaintext • UMTS security extends the encrypted interface from BTS back to the RNC Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 3 Generation TWNs • Integrity protection in UMTS • Using integrity key – IK, derived using authentication process. • See figure 17.13 : UMTS message integrity • Parameters in f9 (algorithm) : • 128bit IK • 32bit integrity sequence number • Message • Direction • 32bit Fresh – perconnection nonce • Output, chipertext MAC-I • At the receiving end, the process repeated, XMAC-I • The receiver compares XMAC-I with MAC-I, so the receiver can deduce that the message was not tampered with. Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 3 Generation TWNs • Putting the pieces together • See figure 17.14 : UMTS Security – Overview, page 396. • Network Domain Security • Mobile Application Part (MAP), MAPSEC protocol – works at the app layer to protect MAP message cryptographically. • See figure 17.15 : MAPSEC, page 399. • Key Administration Center (KAC) – establish security association (SA) with KAC network B. • Use Internet Key Exchange (IKE) protocol. • 3 mode protection :- no protection, integrity protection only, integrity with confidentiality. Prepared by : Zuraidy Adnan, FITM UNISEL
2.3 Security in 3 Generation TWNs • Network Domain Security (cont.) • Strongly influenced by IPSec protocol. • Instead having MAP in SS7 (MAPSEC), MAP over IP-based networks. • UMTS network designers model MAPSEC along IPSec lines. • See figure 17.16 : MAP over IP-based networks, page 400. • KAC replaced by Security Gateway (SEG) • Establish SA with Network B, but not distribute SA’s to its Network Elements (NE) • It maintain database of established SAs and database that specify how and when SAs is going to be used. Prepared by : Zuraidy Adnan, FITM UNISEL