week14-WIRELESS SECURITY

Download Report

Transcript week14-WIRELESS SECURITY

Security Issues in
Wireless Network
1
There are
many types of
Wireless Media
Yes…
GSM, Bluetooth,
WCDMA, Wireless
LAN, 802.XX,
Satellite.. Wow
many ..
2
GSM Security
3
Evolution of Cellular
Networks
4
Evolution of Cellular Networks
1G
2G
Analog
Circuit-switching
2.5G
3G
4G
Digital
Packet-switching
5
1G Systems
Goal: To develop a working system that could provide
basic voice service
Time frame: 1970-1990
Technology: FDMA/FDD
Example Systems:
Advanced Mobile Phone System (AMPS-USA)
Total Access Communication System (TACS-UK)
Nordic Mobile Telephone (NMT-Europe)
Incompatible analog systems
6
2G Systems
Goal: Digital voice service with improved quality and also
provide better data services
Time Frame: 1990- 2000
Technology: TDMA/TDD, CDMA
Example Systems:
Global System for Mobile (GSM-Europe)
IS-136(TDMA)
IS-95 (CDMA)
7
2.5G Systems
Goal: To provide better data rates and wider range of
data services and also act as a transition to 3G
Time frame: 2000-2002
Systems:
IS-95B
High Speed Circuit Switched Data (HSCSD)
General Packet Radio Service (GPRS)
Enhanced Data rates for GSM Evolution (EDGE)
8
3G Systems
Goal: High speed wireless data access and unified
universal standard
Time frame: 2002Two competing standards
One based on GSM, IS-136 and PDC known as
3GPP
Other based on IS-95 named 3GPP2
Completely move from circuit switching to packet
switching
Enhanced data rates of 2-20Mbps
9
10
4G Systems
Future systems
Goal:
High mobility, High data rate, IP based network
Hybrid network that can interoperate with other
networks
11
Briefly on 1G
12
AMPS
1G system developed by Bell Labs
Analog system used FDMA/FDD
40Mhz of spectrum
842 channels
rate: 10kbps
13
AMPS: Architecture
BTS
Public
Switched
Telephone
Network
BTS
MTSO
(MSC)
BTS
BTS
MTSO: Mobile Telecommunication Switching Office
Also known as MSC (Mobile Switching Center)
BTS: Base Transceiver Station
14
AMPS: Conventional Telephone  Cell Phone
BTS
Public
Switched
Telephone
Network
BTS
MTSOPaging
(MSC)message
BTS
BTS
15
AMPS: Conventional Telephone  Cell Phone
Call arrives at MSC via the PSTN
MSC then sends out a paging message via all BTS on the FCC
(Forward Control Channel).
The paging message contains subscriber’s Mobile Identification
Number (MIN)
The mobile unit responds with an acknowledgement on the RCC
(Reverse Control Channel)
MSC directs BS to assign FVC (Forward Voice Channel) and RVC
(Reverse Voice Channel)
16
AMPS: Cell phone initializes a call
Subscriber unit transmits an origination message on the
RCC
Origination message contains
MIN
Electronic Serial Number
Station Class Mark
Destination phone number
If BTS receives it correctly then it is passed on to MSC
MSC validates the information and connects the call
17
Hello, I can’t
hear you, I
calling from
mobile
What he used??
GSM???
18
GSM: Architecture
GSM system consists of three interconnected sub-systems
Base station Subsystem
Mobile station (MS)
Base Transceiver Station (BTS)
Base Station Controllers (BSC)
Network Switching Subsystem (NSS)
Mobile Switching Center (MSC)
Home Location Register (HLR)
Visitor Location Register (VLR)
Authentication center (AUC)
Operation Support Subsystem
Operation Maintenance Centers
19
GSM: Architecture
Mobile Stations
Base Station
Subsystem
Network
Management
Subscriber and terminal
equipment databases
OMC
BTS
Exchange
System
VLR
BTS
BSC
MSC
HLR
BTS
AUC
EIR
20
GSM
BTS
BTS
BTS
BSC
BTS
BTS
BTS
BSC
BTS
BTS
Base Station Subsystem
•The BTS provides last mile connection to the MS
and communication is between the BTS and MS
•BSCs connect the MS to the NSS
•Handover between BTS within same BSC is handled by the BSC
21
GSM
Network Switching Subsystem
HLR
BTS
VLR
AUC
BTS
BTS
BSC
BTS
MSC
Public Networks
BTS
BTS
BSC
OSS
BTS
BTS
Base Station Subsystem
Operation Support Subsystem
22
GSM Security
The best way to appreciate security is by looking at how chaotic and
dangerous a mobile communications system would be without security. At
any given moment, any body could eavesdrop into your conversation. Your
bank account information, daily schedule, and any other information you
may disclose on the phone would be at risk. Besides listening in, at any
given moment, a hacker could impersonate your user information to make
calls that would later amount to thousands of dollars in service charges. The
list goes on and on.
Topics discussed in this section:
Issues
Algorithm
Correction of the problems
23
GSM Mobile Station
Mobile Station
Mobile Equipment (ME)
Physical mobile device
Identifiers
– IMEI – International Mobile Equipment Identity
Subscriber Identity Module (SIM)
Smart Card containing keys, identifiers and
algorithms
Identifiers
– Ki – Subscriber Authentication Key
– IMSI – International Mobile Subscriber Identity
– TMSI – Temporary Mobile Subscriber Identity
– MSISDN – Mobile Station International Service
Digital Network
– PIN – Personal Identity Number protecting a
SIM
24
– LAI – location area identity
GSM Security Issues
The two security goals of GSM are to provide:
an infrastructure which protects access to the mobile services
and,
to prevent any information from being disclosed. In other words,
GSM aims to prevent fraudulent phone use and to provide
privacy for both parties. The following security measures are
done to provide security:
Authentication for registered users
Secure Data Transfer
Subscriber Identity protection
Mobile phones are inoperable without SIM chip
Duplicate SIMS on network are not permitted
Keys are securely stored
25
GSM Security Issues
If all the measures listed above are met, GSM will be able to provide
anonymity, authentication, confidentiality, and integrity.
GSM divides security on three different levels.
Each level provides the mechanism for anonymity, authentication,
confidentiality, or integrity.
On the lowest level of security, GSM provides authentication and
anonymity for the user through the SIM card. The SIM chip
serves as the identification of the user. Billing and authentication
are verified through the SIM chip.
The second layer of security identifies the location of the user
and reveals the incoming callers name to the receiver so the
receiver can choose whether or not to accept the call.
The third layer encrypts any data traveling between the two
users. With the data encrypted and connection secure, integrity
and confidentiality is provided.
26
Encryption Implementation
A cell phone call placed on a GSM network goes through two steps.
Any mobile device must first be authenticated before any data
transmission can begin. Following successful authentication, a
private key, Kc, is generated for data exchange.
Authentication is done through a challenge and response
mechanism. The base station initially sends out a random 128bit number, r, to the mobile device. Using A3 encryption, with
inputs Ki from the SIM and the random number r, a 32-bit
encrypted number SRES is generated. The mobile device then
sends the SRES generated number back to the network for
validation. The network itself knows the mobile device’s Ki and
can thus compare the value it generated to the value the mobile
device generated. Authentication is successful if both numbers
27
are identical.
Security in GSM
Principles
Only authenticated users are allowed to access the network
No user data or voice communication is transmitted in “clear text”
The subscriber identity module (SIM) card is a vital part of GSM
security. It stores
International Mobile Subscriber Identity (IMSI)
Ciphering Key Generating Algorithm (A8)
Authentication Algorithm (A3)
Personal Identification Number
Individual Subscriber Authentication Key (Ki)
28
SIM Anatomy
Subscriber Identification Module (SIM)
Smart Card – a single chip computer containing OS, File
System, Applications
Protected by PIN
Owned by operator (i.e. trusted)
SIM applications can be written with SIM Toolkit
29
SIM Anatomy
30
Microprocessor Card
Typical specification
8 bit CPU
16 K ROM
256 bytes RAM
4K EEPROM
Cost: $5-50
Smart Card Technology
Based on ISO 7816 defining
Card size, contact layout, electrical characteristics
I/O Protocols: byte/block based
File Structure
31
Security in GSM
Mobile station contains
A5 algorithm and IMEI
The network stores
A3, A5, A8 algorithms
The Authentication Center stores
IMSI
Temporary Mobile Subscriber Identity (TMSI)
Individual Subscriber Authentication Key (Ki)
32
Security in GSM: Authentication
Channel Establishment
Mobile
Station
Identity (TMSI or IMSI)
Authentication Request (RAND)
Network
SIM
Run Authentication
Algorithm (RAND)
Response
(SRES,Kc)
Authentication Response (SRES)
•RAND is 128 bit random
sequence
•SRES is signed response
generated for
authentication
Authentication based on RAND
At the Network end
Transmitted to mobile
RAND (challenge)
A3 Algorithm
Ki (128 bit)
Proper authentication
completed if result is zero
At the Mobile user end in the SIM
RAND (challenge)
A3 Algorithm
Ki (128 bit)
A8 Algorithm
Transmitted
back to base
station
Kc used for encryption
of user data and34
signaling data
Security in GSM: Authentication
Ki is known only to the operator who programs the SIM card and is
tied to IMSI
IMSI should be transmitted as less as possible.
Only TMSI is used for authentication
TMSI is periodically updated
35
Security in GSM: Data Encryption
GSM uses symmetric cryptography
Data is encrypted using an algorithm which is seeded by the
ciphering key Kc
Kc is known only to base station and mobile phone and is frequently
changed
The A5 algorithm is used for ciphering the data
Along with Kc the algorithm is ‘seeded’ by the value based on the
TDMA frame
Internal state of the algorithm is flushed after a burst
36
Security in GSM: Authentication
Xor
Kc (from A8 algorithm)
A5 algorithm
Encoded
message
Count
(from TDMA frame)
User Data
37
Initial Authentication Between User and Network
USER
Ki
From SIM
r
128-Bit from Network
A3
NETWORK
Ki
Known
r
128-Bit from Network
A3
SRES
32-Bit
SRES
32-Bit
38
A8 Key Generation
If authentication is successful, a connection is made and a new key, Kc, is
generated to be shared by the user and network. The key is generated by
applying an A8 algorithm on values Ki and the random value r. By doing
this, a private key Kc will be generated for later use when transferring
information.
User and Network
Ki
From SIM
r
From network
A8
Kc
Private Key for
both user and network
39
Data Encryption & Decryption
With a private key Kc generated, information can be exchanged between
two parties. GSM voice ciphers by using the A5 algorithm with inputs Kc,
which is known by both parties, and the incoming data. At that point data
encryption and decryption is completed.
User and Network
Communication
Kc
DATA
A5
Kc
CIPHERED
DATA
A5
40
Security Issues Solved
SIM chip and PIN
One means of security that GSM provides is achieved through the use
of a PIN. The PIN prevents unauthorized users from modifying data on
another account. The PIN also prevents fraudulent use of a phone if it
is stolen. GSM specifically prevents more than one SIM chip from being
on the network at the same time. By doing this, a user who is able to
impersonate and clone a SIM chip will still have troubles getting on to
the system because the original owner of the SIM may still be on the
network
41
Security Issues Problems
COMP 128
At the current time, a lot of GSM phones apply a COMP 128 algorithm
inside of the A3 and A8 encryption schemes. The COMP 128 algorithm
has a weakness which allows an attacker to retrieve the secret key Ki
from the mobile device’s SIM chip. This is achieved by sending known
data to the mobile device and analyzing the results that are returned
from the device. With this knowledge, the attacker can clone the SIM
chip for fraudulent use. It is estimated that a hobbyist could purchase
the necessary equipment to “clone” SIM chips for less than $40,000.
The COMP 128 algorithm became a public concern after IBM
researchers demonstrated that they had discovered away to clone a
SIM chip with in a few seconds. Efforts have been made to develop
new algorithms to correct this problem.
42
Security Issues Problems
COMP 128
At the current time, a lot of GSM phones apply a COMP 128 algorithm
inside of the A3 and A8 encryption schemes. The COMP 128 algorithm
has a weakness which allows an attacker to retrieve the secret key Ki
from the mobile device’s SIM chip. This is achieved by sending known
data to the mobile device and analyzing the results that are returned
from the device. With this knowledge, the attacker can clone the SIM
chip for fraudulent use. It is estimated that a hobbyist could purchase
the necessary equipment to “clone” SIM chips for less than $40,000.
The COMP 128 algorithm became a public concern after IBM
researchers demonstrated that they had discovered away to clone a
SIM chip with in a few seconds. Efforts have been made to develop
new algorithms to correct this problem.
43
Effort to Correct the Problems
A5 Implementation and Eavesdropping
The A5 algorithm used to encrypt streaming cipher data is not a
universal standard. There are currently three implementations, A0 /0,
A5/1, and A5/2. All of them are used throughout the world, varying from
region to region. A5/1 is the strongest encryption because it has a time
complexity of 2^54. A5/2 has a time complexity of only 2^16. The
weaker A5 implementations are susceptible to eavesdropping.
Lack of Testing
The algorithms used for GSM are all hidden from the public. At first
glance this may seem reasonable but being hidden from the public eye
prevents it from being tested by the world. As more and more people
begin finding weaknesses about the network and the algorithms, more
people will begin hacking the networks. When this does happen it will
be difficult to fix the problem when the problem has already spread to
million and millions of phones. If the algorithms were open source, then
more testing could be done before the phones were all distributed to the
public.
44
Effort to Correct the Problems
Lack of Internal Encryption
GSM solved most of the security issues involved with transmission of
data through the radio channel. Currently data is only encrypted
between the mobile device and the base stations. All other
communication and signaling on the fixed telecommunications network
is done in plain text.
Short Message Service
Short message service (SMS) is a service provided through GSM that
allows users to send text messages to other mobile users. Users often
overlook the fact that SMS provides no real security. All messages sent
via SMS are sent in a predictable, clear text format. The originating
address of a SMS message can be forged. This weakness allows
anybody the ability to send messages to phones with harmful
instructions. People could be instructed to send sensitive information
back to the sender. The sender would then be in place to record the
information.
45
Effort to Correct the Problems
Physical Theft
GSM packs all the information needed to use in a phone inside a single
SIM chip. By doing that, the value of the phone itself has increased. A
new phone can be used by replacing the SIM chip. No real measures
can be taken against physical phone theft.
46
Solutions to Current Security Issues
A corrected version of the COMP 128 has been developed, however, the
cost to replace all SIM chips and include the new algorithm is too costly to
cellular phone companies. The new release of 3GSM will include a stronger
version of the COMP 128 algorithm and a new A5 algorithm implementation.
The A5/3 is expected to solve current confidentiality and integrity problems.
Fixed network transmission could be fixed by simply applying some type of
encryption to any data transferred on the fixed network.
47
Summary
GSM has many benefits over current cellular systems. The main problem
now involves the COMP 128 algorithm problem. This problem will be solved
as newer technology gets phased in. The lack of extra encryption on the
telecommunications network doesn’t pose as a major problem because any
data transfer on there will have the same security as the current public
switched telephone networks.
As GSM slowly moves towards 3GSM, more problems and security issues
will be resolved.
48
I believe that
3G/4G will have
security issues
By default, yes but
we need to study
on that…
49
How Do You Want Protect Your Network System
Thank You
Good Luck in the Exam
50