3G Wireless Networks - International Islamic University Malaysia

Download Report

Transcript 3G Wireless Networks - International Islamic University Malaysia

Smartening the Environment using Wireless
Sensor Networks in a Developing Country
Wireless Network Security
3G, 4G
Wireless PAN/LAN/MAN
Al-Sakib Khan Pathan
Department of Computer Science
International Islamic University Malaysia
UTM, 23 May 2012
Guided and Unguided Media
• All types of communications need some kind of
medium.
• The information is encoded in a signal that is
carried through a medium.
– Quality depends on the characteristics of the medium.
• Two main groups of transmission media, namely
the guided medium and the wireless medium.
UTM, 23 May 2012
2
Guided and Unguided Media
• For the guided medium, there is a physical path
(such as a cable) for electromagnetic wave
propagation.
• For the wireless medium, the electromagnetic
wave is transmitted through air, water, or
vacuum (space).
• A wireless medium is also called an unguided
medium.
UTM, 23 May 2012
3
Wireless LAN
• A wireless LAN or WLAN is a wireless local area
network that uses radio waves as its carrier.
• The last link with the users is wireless, to give a
network connection to all users in a building or
campus.
• The backbone network usually uses cables.
UTM, 23 May 2012
4
Wireless Network? Security?
Source: http://www.pinellascomputers.com/wp-content/uploads/2011/07/wireless-networking-wifi-internet-setup.jpg
UTM, 23 May 2012
5
Wireless Network Features
• Wireless networks are treated as having more
vulnerabilities than wired networks because of
their
–
–
–
–
shared nature
naturally broadcasted states
unclear perimeters
invisible access
UTM, 23 May 2012
6
What other “Wireless”?
• 3G Wireless Networks
– 3G or 3rd generation mobile telecommunications is a
generation of standards for mobile phones and mobile
telecommunication services fulfilling the International
Mobile Telecommunications-2000 (IMT-2000)
specifications by the International Telecommunication
Union.
– Application services include wide-area wireless voice
telephone, mobile Internet access, video calls and
mobile TV, all in a mobile environment.
UTM, 23 May 2012
7
What other “Wireless”?
• 4G Wireless Networks
– In telecommunications, 4G is the fourth generation of
cell phone mobile communications standards. It is a
successor of the third generation (3G) standards.
– 4G system provides mobile ultra-broadband Internet
access, for example to laptops with USB wireless
modems, to smartphones, & to other mobile devices.
– Conceivable applications include amended mobile
web access, IP telephony, gaming services, highdefinition mobile TV, video conferencing, 3D
television.
UTM, 23 May 2012
8
3G Wireless
Source: http://www.topglobalusa.com/images/j041.gif
UTM, 23 May 2012
9
A Cell Tower
UTM, 23 May 2012
10
3G and WiFi
S: http://www.cryptech.com.au/wp-content/uploads/2010/03/difference-between-3g-mobile-broadband-and-wifi-wireless-network.png
UTM, 23 May 2012
11
What they have in Common?
• Wireless unguided medium.
• Potential threat from anybody within the range of
wireless coverage/communication.
• Attenuation.
• Distortion during signal propagation.
• Noises.
• Do all of these impact security?
UTM, 23 May 2012
12
Security Viewing Angles
• Viewing Angle 1
–
–
–
–
(a) Key Management
(b) Secure Routing
(c) Secure Services
(d) Intrusion Detection Systems (IDS) [outsider, insider]
• Viewing Angle 2
–
–
–
–
–
(a) Physical security
(b) Deployment security (sparse or dense, etc.)
(c) Topological security (cluster/flat, hierarchy/tree, etc.)
(d) Wireless communication security
(e) Data security
UTM, 23 May 2012
13
Security Viewing Angles
• Viewing Angle 3: Holistic Security
–
–
–
–
–
(a) Application layer security
(b) Transport layer security
(c) Network layer security
(d) Data link layer security
(e) Physical layer security
• Holistic Security? – Still open research issue!
UTM, 23 May 2012
14
Main Security Aspects
•
•
•
•
•
Authentication
Authorization
Privacy/Confidentiality
Integrity
Non-repudiation
UTM, 23 May 2012
15
3G Security: Background
• One of the aspects of GSM that has played a
significant part in its global appeal is its set of
security features
• GSM was the first public telephone system to
use integrated cryptographic mechanisms
• GSM security model has been adopted, modified
and extended for DECT, TETRA and 3GPP
UTM, 23 May 2012
16
3GPP
• The 3rd Generation Partnership Project (3GPP)
is a collaboration between groups of
telecommunications associations, known as the
Organizational Partners.
• The initial scope of 3GPP was to make a
globally applicable 3G mobile phone system
specification based on evolved Global System
for Mobile Communications (GSM) specifications
within the scope of the International Mobile
Telecommunications-2000 project of the ITU.
UTM, 23 May 2012
17
3GPP Security Principles
• Ensure that 3G security builds on the security of
GSM where features that have proved to be
needed and that are robust shall be adopted for
3G
• Ensure that 3G security improves on the security
of second generation systems by correcting real
and perceived weaknesses
• Ensure that new 3G security features are
defined as necessary to secure new services
offered by 3G
UTM, 23 May 2012
18
3G Security Objectives
• Ensure that
– information generated by or relating to a user is
adequately protected against misuse or
misappropriation.
– the resources and services provided are adequately
protected against misuse or misappropriation.
– the security features standardized are compatible with
world-wide availability.
– the security features are adequately standardized to
ensure world-wide interoperability and roaming
between different serving networks.
UTM, 23 May 2012
19
3G Security Objectives
• Ensure that
– the level of protection afforded to users and providers
of services is better than that is provided in
contemporary fixed and mobile networks (including
GSM).
– the implementation of 3GPP security features and
mechanisms can be extended and enhanced as
required by new threats and services.
UTM, 23 May 2012
20
3G Requirements Capture
• Based on the threat analysis, a comprehensive
list of security requirements were captured and
categorized
• The security requirements help identify which
security features need to be introduced in order
to counteract the threats
• The requirements capture has led to the
identification of additional security features
beyond those retained from GSM
UTM, 23 May 2012
21
3G Security Arch: Background
Source:
Peter Howard ,
Vodafone, UK
Presentation Slides
UTM, 23 May 2012
22
3G R99 Security Features
(beyond GSM)
• Protection against active attacks on the radio
interface
– New integrity mechanism added to protect critical
signaling information on the radio interface
– Enhanced authentication protocol provides mutual
authentication and freshness of cipher/integrity key
towards the user
• Enhanced encryption
– Stronger algorithm, longer key
– Encryption terminates in the radio network controller
rather than the base station
UTM, 23 May 2012
23
3G R99 Security Features
(beyond GSM)
• Core network security
– Some protection of signaling between network nodes
• Potential for secure global roaming
– Adoption of 3GPP authentication by TIA TR-45 /
3GPP2
UTM, 23 May 2012
24
3G Security Architecture
Home Environment (HE)
Serving Network (SN)
Access Network (AN)
Mobile Terminal (MT)
Terminal Equipment (TE)
User Services Identity Module (USIM)
UTM, 23 May 2012
25
3G Network Architecture
Circuit
Network
Circuit/
Signaling
Gateway
Feature
Server(s)
Circuit
Switch
IN Services
RNC
Voice
Radio
Access
Control
Mobility
Manager
Data +
Packet
Voice
Call
Agent
IP Core
Network
Packet
Gateway
Packet Network
(Internet)
IP RAN
Intelligent Network (IN)
Radio Network Controller (RNC)
IP Radio Access Network (IP RAN)
2G
2G/2.5G
UTM, 23 May 2012
3G
Source: Presentation Slides of
Myagmar, Gupta: UIUC, USA, 2001
26
Improved Security Features, 1
• Network Authentication
– The user can identify the network
• Explicit Integrity
– Data integrity is assured explicitly by use of integrity
algorithms
– Also stronger confidentiality algorithms with longer
keys
• Network Security
– Mechanisms to support security within and between
networks
UTM, 23 May 2012
27
Improved Security Features, 2
• Switch Based Security
– Security is based within the switch rather than the
base station
• IMEI Integrity
– Integrity mechanisms for IMEI (International Mobile
Equipment Identity) provided from the start
• Secure Services
– Protect against misuse of services provided by SN
and HE
UTM, 23 May 2012
28
Improved Security Features, 3
• Secure Applications
– Provide security for applications resident on USIM
• Fraud Detection
– Mechanisms to combating fraud in roaming situations
• Flexibility
– Security features can be extended and enhanced as
required by new threats and services
UTM, 23 May 2012
29
Improved Security Features, 4
• Visibility and Configurability
– Users are notified whether security is on and what
level of security is available
– Users can configure security features for individual
services
• Compatibility
– Standardized security features to ensure world-wide
interoperability and roaming
– At least one encryption algorithm exported on worldwide basis
UTM, 23 May 2012
30
Improved Security Features, 5
• Lawful Interception
– Mechanisms to provide authorized agencies with
certain information about subscribers
UTM, 23 May 2012
31
Problems of 3G Security, 1
• IMSI (International Mobile Subscriber Identity) is
sent in cleartext when allocating TMSI
(Temporary Mobile Subscriber Identity) to user.
• The transmission of IMEI (International Mobile
Equipment Identity) is not protected; IMEI is not
a security feature.
• A user can be enticed to camp on a false BS.
Once the user camps on the radio channels of a
false BS, the user is out of reach of the paging
signals of SN.
UTM, 23 May 2012
32
Problems of 3G Security, 2
• Hijacking outgoing/incoming calls in networks
with disabled encryption is possible. The intruder
poses as a man-in-the-middle and drops the
user once the call is set-up.
UTM, 23 May 2012
33
4G Security?
• Two issues are at the forefront of 4G
development:
– the verification of users and
– the limitation of network access in the heterogeneous
architecture.
• Other vulnerabilities involve providers utilizing
different systems and the basis of user-centered
design, which allows users to select their
preferred connection method.
UTM, 23 May 2012
34
Wireless PAN
• WPAN?
– A wireless personal area network (WPAN) is a
personal area network - a network for interconnecting
devices centered around an individual person's
workspace - in which the connections are wireless.
•
•
•
•
•
•
IrDA (Infrared Data Association)
Bluetooth
Wireless USB
Z-Wave
ZigBee
Body Area Network
UTM, 23 May 2012
35
Wireless LAN/MAN
• WLAN?
– Wireless connected LAN.
• WMAN?
– A metropolitan area network (MAN) is a computer
network that usually spans a city or a large campus. A
MAN usually interconnects a number of local area
networks (LANs) using a high-capacity backbone
technology, such as fiber-optical links, and provides
up-link services to wide area networks (or WAN) and
the Internet. Wireless Version!!
UTM, 23 May 2012
36
What About Security?
• Common solutions may work in each type of
network.
• Basic wireless security barriers are present but
based on characteristics and network settings,
things may be different and may demand
specific security measures.
• Based on different standards, different security
requirements are met.
UTM, 23 May 2012
37
What About Security?
Two security services are mainly emphasized:
• Authentication
– Shared Key Authentication
• Privacy/Confidentiality (Encryption)
– Wired Equivalence Privacy
• Other aspects are often requirement specific.
UTM, 23 May 2012
38
WLAN Security?
• 802.11 standard specifies the operating
parameters of wireless local area networks
(WLAN)
– History: 802.11, b, a, g, i
• Minimal security in early versions.
• Original architecture not well suited for modern
security needs.
• 802.11i attempts to address security issues with
WLANs.
UTM, 23 May 2012
39
IEEE 802.11b
• Wired Equivalent Privacy (WEP)
– Confidentiality
• Encryption
– 40-bit keys (increased to 104-bit by WEP2)
– Based on RC4 algorithm
• Access Control
– Shared key authentication + Encryption
• Data Integrity
– Integrity checksum computed for all messages
UTM, 23 May 2012
40
IEEE 802.11b
• Vulnerabilities in WEP
– Poorly implemented encryption
• Key reuse, small keys, no keyed MIC
– Weak authentication
– No key management
– No interception detection
UTM, 23 May 2012
41
IEEE 802.11b: Attacks
• Successful attacks on 802.11b
– Key recovery - AirSnort
– Man-in-the-middle
– Denial of service
– Authentication forging
– Known plaintext
– Known ciphertext
UTM, 23 May 2012
42
IEEE 802.11i
• IEEE 802.11i-2004 or 802.11i, implemented as
WPA2 (Wi-Fi Protected Access II), is an
amendment to the original IEEE 802.11.
• The draft standard was ratified on 24 June 2004
• Later amendments in 2007 and 2012!
UTM, 23 May 2012
43
Original IEEE 802.11i
• Security Specifications
– Improved Encryption
• CCMP (AES), TKIP (Temporal Key Integrity Protocol), WRAP
(Wireless Robust Authenticated Protocol)
–
–
–
–
2-way authentication
Key management
Ad-hoc network support
Improved security architecture
UTM, 23 May 2012
44
802.11i Authentication
UTM, 23 May 2012
45
802.11 Encryption
UTM, 23 May 2012
46
802.11i: Potential Weaknesses
• Hardware requirements
– Hardware upgrade needed for AES (Advanced
Encryption Standard) support
• Strength of TKIP and WRAP questionable in the long term
– AS (auth. server) needed for 2-way authentication
• Complexity
– The more complex a system is, the more likely it may
contain an undetected backdoor
• Patchwork nature of “fixing” 802.11b
UTM, 23 May 2012
47
Connecting WLAN – Control?
• Options:
– May be connected securely (WPA2, 802.11i, etc.)
– If unsecured, connect to your secure systems
securely:
• VPN – Virtual Private Network
• SSL connections to secure systems
– Be careful not to expose passwords
– Watch for direct attacks on untrusted networks
UTM, 23 May 2012
48
802.11i Improvements
• 802.11i appears to be a significant improvement
over 802.11b from a security standpoint
• Vendors are nervous about implementing
802.11i protocols due to how quickly WEP was
compromised after its release
• Time will tell how effective 802.11i actually is
• Wireless networks will not be completely secure
until the standards that specify them are
designed from the beginning with security in
mind
UTM, 23 May 2012
49
Remarks – WLAN Security
• Wireless LAN Security also could be
benefited by the advancements of security
measures for other networks.
• The main reason that WLANs are attacked
is due to their availability for long time and
the medium used, where anybody can try
to join in.
• All these apply to PAN and MAN as well!!
UTM, 23 May 2012
50
References
[1] Marius Popovici, Daniel Crisan, Zagham Abbas, "Wireless
Networks",
http://ftp.utcluj.ro/pub/users/cemil/rlc/Wireless%20Networks.ppt
[2] Peter Howard, "3G Security Overview", Presentation Slides,
Vodafone, UK
[3] http://www.3gpp.org/ftp/Specs/html-info/FeatureOrStudyItemFile60150.htm
[4] Colin Blanchard, "Security for the Third Generation (3G) Mobile
System", Network Systems & Security Technologies.
[5] Myagmar, Gupta , “3G Security Overview”, Presentation Slides of
UIUC 2001.
[6] Kim W. Tracy, "Wireless LAN Security", NEIU, University Computing
www.neiu.edu/~ncaftori/355/Wireless.ppt
UTM, 23 May 2012
51
THANK YOU
UTM, 23 May 2012
52
Questions and Answers
[email protected] , [email protected]
http://staff.iium.edu.my/sakib/
???
http://staff.iium.edu.my/sakib/ndclab
UTM, 23 May 2012
53