140 likes | 313 Vues
Analysis of 2G and 3G Mobile Security. Roy Campbell Dennis Mickunas Jalal Al-Muhtadi Sarosh Havewala. http://choices.cs.uiuc.edu/MobilSec/. Goals. Exploring existing and proposed authentication and encryption mechanisms for mobile communications.
E N D
Analysis of 2G and 3G Mobile Security Roy Campbell Dennis Mickunas Jalal Al-Muhtadi Sarosh Havewala http://choices.cs.uiuc.edu/MobilSec/
Goals • Exploring existing and proposed authentication and encryption mechanisms for mobile communications. • Analyzing the impact upon performance imposed by the deployment of these mechanisms under different • quality of protection, • traffic scenarios, • Studying tradeoffs between performance and security.
Technique • Modeling mobile phone communications by the use of a network simulation package (OPNET Modeler). • Plugging-in different encryption and authentication mechanisms. • Evaluating performance and analyzing security under different: • traffic scenarios, • quality of protection, • bandwidth restrictions, • and error rates.
Performance Issues The security process must NOT: • significantly add to the delay of initial call set up or subsequent communications • increase the bandwidth requirements of the channel • result in increased error rates or error propagation • add excessive complexity to the rest of the system • make the system cost ineffective How to balance all thiswith sufficient security?
Accomplishments • Research in existing and proposed security for mobile devices, particularly GSM’s authentication and encryption techniques. • Evaluation of different network simulation tools. • OPNET Modeler is most suitable. • Assessment of OPNET Modeler’s capabilities in simulating wireless and cellular communications. • Interaction with other mobile security research groups. • Preliminary design for the mobile phone network simulator.
Accomplishments(continued) • Implementation of a model simulating GSM authentication algorithm. • Modeling GSM encryption algorithms [in progress]. • Modeling other security mechanisms [in progress].
Proposed Modelsfor Evaluation • GSM Security algorithms as detailed in GSM Recommendations 02.09, using “speculated” versions of algorithms A3, A5 and A8. • Common Symmetric encryption algorithms (e.g. DES) • Common Asymmetric encryption algorithms (e.g. RSA) with only mobile user authentication
Proposed Models for Evaluation (continued) • Asymmetric Cryptosystems with mobile user and base station authentication. • Hybrid Cryptosystems with Asymmetric Cryptography for authentication and symmetric key exchange and Symmetric Cryptography for data encryption. • Testing with different key lengths.
RAND (128-bit random number) SRES (32-bit signed response) Is = ? SRES SRES 1.1 Authentication in GSM SRES = A3Ki[RAND] SRES = A3Ki[RAND] • Ki is never transmitted over the radio channel • Calculation of the signed response is processed within the SIM • Ki is never released from the SIM during the authentication process
RAND (128-bit random number) Kc = A8Ki[RAND] Kc = A8Ki[RAND] Kc(64-bit ciphering key) Kc(64-bit ciphering key) A5 Algorithm Data A5 Algorithm Data Encrypted Data 1.2 Signaling and Data Confidentiality in GSM • Computation of Kc takes place internally within the SIM • Ki is never released from the SIM during the process
Preliminary GSM Modelusing A3/A8 Authentication Base stations Mobile stations High-traffic scenario OPNET models simulating GSMauthentication & communications
Preliminary GSM Modelusing A3/A8 Authentication (Seconds) 0.15 0.20 0.15 0.10 0.10 0.05 0.05 0.00 0.00 Average overhead for Mobile call setup in a low-traffic wireless network. Average overhead for Mobile call setup in a high-traffic wireless network. No authentication A3/A8 authentication
Conclusion • Security by obscurity is no security at all. • Need for better security in mobile systems. • Complex security schemes may degrade performance. • Need to identify suitable balance between performance and security.