1 / 35

Cell Phone Security

Cell Phone Security. Linden Tibbets Coen 150 5/28/2004. Introduction. Changed structure of our lives and the way we do business Hundreds of models and services Potential for major annoyance. Endless Uses. Store contact information Make task or to-do lists

kylia
Télécharger la présentation

Cell Phone Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cell Phone Security Linden Tibbets Coen 150 5/28/2004

  2. Introduction • Changed structure of our lives and the way we do business • Hundreds of models and services • Potential for major annoyance

  3. Endless Uses • Store contact information • Make task or to-do lists • Keep track of appointments and set reminders • Use the built-in calculator for simple math • Send or receive e-mail • Get news, entertainment, and stock quotes from the Internet • Browse regular Internet sites • Play simple games • Integrate other devices such as PDAs, MP3 players, and GPS receivers • Use credit cards to buy products and services • Download ring tones, games, and other programs for the specific phone

  4. Are They Secure? • Vast amounts of personal information • Personal Phone Book • Address • Credit Card Number • Email Password • Account Information

  5. A Brief History

  6. Concept Began in 1947 • Researchers improve traffic of primitive car phones by reusing freq. in smaller areas called ‘cells’ • Federal Communications Commission (FCC) hinders cell phone progress • Only enough channels for 23 conversations per cell • Not practical

  7. The Cell Phone Boom • 1967 FCC expands available frequencies • 1973 Dr. Martin Cooper at Motorola makes first cell phone call to his rival Joel Engel at Bell Labs • 1983 First cell phone network in US (Chicago) • 1987 Over a million users • 2004 If you don’t have a cell phone your in the minority

  8. How Do They Work?

  9. Inside the Cell Phone • Inner workings not much different than a personal computer • RAM • CPU • Input • Output • Power Source

  10. The Cellular Approach • At first only one tower per city (around 25 channels) • Now a provider has 832 freq. in each city • One cell uses 1/7 of these • Share freq. Between cells • Cell Phones are two way devices so they use two separate channels

  11. Frequency Breakdown • Provider has 395 total voice channels (more when it goes digital) • 42 control channels for system signals • 395 x 2(in/out) + 42 = 832 Frequencies

  12. Definitions • Electronic Serial Number (ESN) - a unique 32-bit number programmed into the phone when it is manufactured • Mobile Identification Number (MIN) - a 10-digit number derived from your phone's number • System Identification Code (SID) - a unique 5-digit number that is assigned to each carrier by the FCC

  13. When you first power up the phone, it listens for an SID on the control channel. The control channel is a special frequency that the phone and base station use to talk to one another about things like call set-up and channel changing. If the phone cannot find any control channels to listen to, it knows it is out of range and displays a "no service" message.

  14. When it receives the SID, the phone compares it to the SID programmed into the phone. If the SIDs match, the phone knows that the cell it is communicating with is part of its home system. • Along with the SID, the phone also transmits a registration request, and the MTSO (Mobile Telephone Switching Office) keeps track of your phone's location in a database -- this way, the MTSO knows which cell you are in when it wants to ring your phone.

  15. The MTSO gets the call, and it tries to find you. It looks in its database to see which cell you are in. • The MTSO picks a frequency pair that your phone will use in that cell to take the call. • The MTSO communicates with your phone over the control channel to tell it which frequencies to use, and once your phone and the tower switch on those frequencies, the call is connected.

  16. As you move toward the edge of your cell, your cell's base station notes that your signal strength is diminishing. Meanwhile, the base station in the cell you are moving toward (which is listening and measuring signal strength on all frequencies, not just its own one-seventh) sees your phone's signal strength increasing. The two base stations coordinate with each other through the MTSO, and at some point, your phone gets a signal on a control channel telling it to change frequencies. This hand off switches your phone to the new cell.

  17. Analog to Digital • Early phones were purely analog ‘radios’ • To increase security and channel use efficiency converted all calls to digital, encrypted and spread over the frequencies • Three methods to do this: FDMA, TDMA, CDMA

  18. FDMA • Frequency division multiple access • Much like analog control except now calls are digital • Insecure since a call is set to specific frequencies.

  19. TDMA • Frequency division multiple access • Splits calls up into different time slots. • Allocates only a certain amount of time on any given freq. • Introduces data encryption • Basis for GSM (Global System for Mobile Communications). Used everywhere except USA.

  20. CDMA • Code division multiple access • Uses unique code in phone to encrypt the data then break it up into packets that are sent on a broad range of freq. • Further scrambles information

  21. What Makes Cellular Insecure?

  22. Physical Problems • Small and easily lost • Most phones have a password lock but they are easy to get around and nobody uses them • Easy target for stealing personal information

  23. Common Wireless Problems • Analog and FDMA phones easy to listen in on • Needed $200 scanner and some technical skills • Overcome by CDMA and TDMA • Still possible to crack yet much harder • Cell network is much the same as a WLAN • Lack security physical wires provide, anybody can pick up the signal

  24. Common Wireless Security contd. • The level of protection is limited • Slow data rates • Availability • High error rates due to the mobility of user • Limited computational power • Limited battery power

  25. Encryption Problems • The limitations of the cell phone and its network disable the encryption and authentication process • Number of bits in the key must be low • Number of handshakes or checks the authentication scheme allowed is low as well • Despite these limitations cell phones remain more secure than most wireless networks due to the fast pace changes and the scrambling of data over multiple frequencies

  26. Attacks, Interference, Other problems

  27. Should We Still Worry • In order to listen in to a modern cell phone conversation an organization must be well funded and posses considerable technical skill • Even grabbing a credit card number would not enable you to turn a profit • Yet there remain problems with everyday cell phone usage

  28. Cloning • Early days quite simple • Figure out the ESN, MIN, SID • Program other phones with these numbers and all calls would be billed to one user’s account • Harder to do today • Still costs cellular providers over 500 million dollars a year

  29. Cloning in the Digital Age • Most phones carry all of the critical info on a SIMM card much like a smart card • Group of Berkeley researchers claimed to have cracked this encryption in 10 hours by sending a large number of challenges to the authorization module in the phone, compromising the security behind the GSM standard

  30. Cloning in the Digital Age contd. • Claim the A5 cipher that keeps conversations private was made intentionally weaker by replacing the leading 10 bits of a 64-bit key with zeros • Blame the NSA for forcing the weakness in order to monitor cell phone traffic

  31. SMS Attacks • Many phones use SMS messaging service • Can send and receive messages to phones or the internet • Programs created to bomb a specific phone with thousands of messages (DOS attack) • Jams the phone’s service • Uses up the user’s predetermined text limit

  32. They Know Where You Are • Providers can pinpoint your location to within 100 feet if your phone is on • The constant check for signal strength creates the side effect of tracking locations and movement • A huge market for more invasive advertising • Track the consumer’s location • Send tailored ads to a cell phone based on the location of the user • Consider how bad it is on the Internet and this doesn’t seem so far fetched

  33. Turn It Off in the Airplane • Signals have been proven to disrupt the workings of sensitive equipment • A single phone in a plane causes no problems, but a whole cabin full of phone users really could change the readings in some equipment • Other reports of cellular traffic having an effect on the payment systems at pay-at-the-pump gas stations

  34. Jamming • Simple device used to send a signal on all available freq. in an area causing a cell phone to show no service bars • Already in use to protect the President from cellular phone bomb calls (similar to the bomb in Spain) while he is traveling • Illegal in the USA • Restaurants and Movie theaters lobbying for such devices to keep their places of business cell phone free

  35. Conclusion • Just like secure computer networks, cell phones must make use of current data encryption schemes, authentication methods and physical security • In order for the cell phone to become a more useful tool in everyday lives it must first secure its current features and gain the trust of the millions of users who still watch what they say or do over the phone

More Related