1 / 13

Analysis of 2G and 3G Mobile Security

Analysis of 2G and 3G Mobile Security. Roy Campbell Dennis Mickunas Jalal Al-Muhtadi Sarosh Havewala. http://choices.cs.uiuc.edu/MobilSec/. Goals. Exploring existing and proposed authentication and encryption mechanisms for mobile communications.

thuy
Télécharger la présentation

Analysis of 2G and 3G Mobile Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Analysis of 2G and 3G Mobile Security Roy Campbell Dennis Mickunas Jalal Al-Muhtadi Sarosh Havewala http://choices.cs.uiuc.edu/MobilSec/

  2. Goals • Exploring existing and proposed authentication and encryption mechanisms for mobile communications. • Analyzing the impact upon performance imposed by the deployment of these mechanisms under different • quality of protection, • traffic scenarios, • Studying tradeoffs between performance and security.

  3. Technique • Modeling mobile phone communications by the use of a network simulation package (OPNET Modeler). • Plugging-in different encryption and authentication mechanisms. • Evaluating performance and analyzing security under different: • traffic scenarios, • quality of protection, • bandwidth restrictions, • and error rates.

  4. Performance Issues The security process must NOT: • significantly add to the delay of initial call set up or subsequent communications • increase the bandwidth requirements of the channel • result in increased error rates or error propagation • add excessive complexity to the rest of the system • make the system cost ineffective How to balance all thiswith sufficient security?

  5. Accomplishments • Research in existing and proposed security for mobile devices, particularly GSM’s authentication and encryption techniques. • Evaluation of different network simulation tools. • OPNET Modeler is most suitable. • Assessment of OPNET Modeler’s capabilities in simulating wireless and cellular communications. • Interaction with other mobile security research groups. • Preliminary design for the mobile phone network simulator.

  6. Accomplishments(continued) • Implementation of a model simulating GSM authentication algorithm. • Modeling GSM encryption algorithms [in progress]. • Modeling other security mechanisms [in progress].

  7. Proposed Modelsfor Evaluation • GSM Security algorithms as detailed in GSM Recommendations 02.09, using “speculated” versions of algorithms A3, A5 and A8. • Common Symmetric encryption algorithms (e.g. DES) • Common Asymmetric encryption algorithms (e.g. RSA) with only mobile user authentication

  8. Proposed Models for Evaluation (continued) • Asymmetric Cryptosystems with mobile user and base station authentication. • Hybrid Cryptosystems with Asymmetric Cryptography for authentication and symmetric key exchange and Symmetric Cryptography for data encryption. • Testing with different key lengths.

  9. RAND (128-bit random number) SRES (32-bit signed response) Is = ? SRES SRES 1.1 Authentication in GSM SRES = A3Ki[RAND] SRES = A3Ki[RAND] • Ki is never transmitted over the radio channel • Calculation of the signed response is processed within the SIM • Ki is never released from the SIM during the authentication process

  10. RAND (128-bit random number) Kc = A8Ki[RAND] Kc = A8Ki[RAND] Kc(64-bit ciphering key) Kc(64-bit ciphering key) A5 Algorithm Data A5 Algorithm Data Encrypted Data 1.2 Signaling and Data Confidentiality in GSM • Computation of Kc takes place internally within the SIM • Ki is never released from the SIM during the process

  11. Preliminary GSM Modelusing A3/A8 Authentication Base stations Mobile stations High-traffic scenario OPNET models simulating GSMauthentication & communications

  12. Preliminary GSM Modelusing A3/A8 Authentication (Seconds) 0.15 0.20 0.15 0.10 0.10 0.05 0.05 0.00 0.00 Average overhead for Mobile call setup in a low-traffic wireless network. Average overhead for Mobile call setup in a high-traffic wireless network. No authentication A3/A8 authentication

  13. Conclusion • Security by obscurity is no security at all. • Need for better security in mobile systems. • Complex security schemes may degrade performance. • Need to identify suitable balance between performance and security.

More Related