Download
chapter 4 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 4 PowerPoint Presentation

Chapter 4

128 Vues Download Presentation
Télécharger la présentation

Chapter 4

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Chapter 4 Application Level Security in Cellular Networks

  2. Generations of Cellular Networks (1) • 1G • 2G and 2.5G • High-Speed Circuit-Switched Data (HSCSD) • General Packet Radio Service (GPRS) • Enhanced Data Rates for GSM Evolution (EDGE) • Cellular Digital Packet Data (CDPD) • 3G

  3. Generations of Cellular Networks (2) • 4G • Push and Pull Services • Location-based Services • Entertainment Services

  4. Security Issues and Attacks in Cellular Networks (1) • Cellular Network limitations • Open wireless medium • Limited bandwidth • System Complexity • Limited Power • Limited Processing Power • Relativity Unreliable Network Connection

  5. Security Issues and Attacks in Cellular Networks (2) • Security Issues in Cellular network • Authentication • Integrity • Confidentiality • Access Control • OS in Mobile Devices • Location Detection • Viruses and Malware

  6. Security Issues and Attacks in Cellular Networks (3) • Downloaded Contents • Device Security • Attacks on Cellular Networks • Denial of Service (DoS) • Distributed Denial of Service (DDoS) • Channel Jamming • Unauthorized Access • Eavesdropping

  7. Security Issues and Attacks in Cellular Networks (4) • Message Forgery • Message Replay • Man-in-the-Middle Attack • Session Hijacking

  8. GSM Security for Applications (1) • GSM Architecture • GSM Security Features • Anonymity or Subscriber Identity Confidentiality • Subscriber Identity Authentication • Encryption of User Traffic and User Control Data • Use of SIM as Security Module

  9. GSM Security for Applications (2) • GSM Security Attacks • SIM/MS Interface Tapping • Attacks on the Algorithm A3/8 • Flaws in A5/1 and A5/2 Algorithms • Attacks on the SIM Card • False Base Station

  10. GSM Security for Applications (3) • GSM Security Solutions • GSM – Newer A3/A8 Implementation • GSM – A5/3 Ciphering • Public Key Infrastructure in Mobile Systems • Secure Browsing • Access to Enterprise Networks • Mobile Payment Authentication • Access Control

  11. GSM Security for Applications (4) • Digital Signatures on Mobile Transactions • Messaging • Content Authentication • Digital ID

  12. GPRS Security for Applications (1) • Security Issues in GPRS • Related to ME and SIM card • Between ME and SGSN • Between SGSN and GGSN • Among different operators • Between GGSN and external connected networks (Internet)

  13. GPRS Security for Applications (2) • Security Threats to the GPRS • Unauthorized Access to the data • Threats to Integrity • DoS • Attack from valid network • Randomly Changing Source Address • Unauthorized Access to Services

  14. GPRS Security for Applications (3) • GPRS Security Solutions • Ciphering based on KASUMI added to GPRS called GEA3 • Performed in higher layer LLC (Logical Link Control) • MAC messages are not ciphered • UMTS ciphering occurs at MAC layer

  15. UMTS Security for Applications (1) • 5 different sets of security features • Network Access Security • Network Domain Security • User Domain Security • Application Security • Visibility and Configurability of security

  16. UMTS Security for Applications (2) • UMTS AKA Security Mechanism • UMTS Authentication and Key Agreement (UMTS AKA) • Authentication and Key Agreement using challenge/response mechanism • See figure 4.9 UMTS AKA Protocol • UMTS Network Authentication to Phone

  17. 3G Security for Applications (1) • 3G Attacks • DoS • Overbilling Attack • Spoofed PDP Context • Signaling-level attacks • Some Security Solutions for 3G • A new authentication scheme with anonymity for wireless networks

  18. 3G Security for Applications (2) • Manual authentication for wireless devices • Elliptic Curve Cryptography for Wireless Security • Channel Surfing and Spatial Retreats

  19. Some of Security and Authentication Solutions • Protocol of Gong et al. • GSM User Authentication Protocol (GUAP) • One-time Password Schemes • Mobile ATP • ATP using GSM • OTP using GPRS • Web/Mobile Authentication System with OTP • Location-based Encryption • BioPasswords