INSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO. GSM Security. MAC Computação Móvel
|
|
- Irma Garrison
- 5 years ago
- Views:
Transcription
1 INSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO GSM Security MAC Computação Móvel Damian Matuszewski NR USP dimatusz@gmail.com 12/07/2012 Abstract: GSM is the most common telecommunication standard used worldwide. This paper presents its main security goals and the measures to achieve them. Moreover, the known faults in the GSM security were pointed and potential consequences described. It can be seen that although GSM designers had security in mind when preparing the original specifications, the current network systems fail to fulfill most of the criteria stated in the standard.
2 Table of Content 1 Introduction Security Goals in Telecommunication Systems Security measures in GSM SIM card PIN code User Authentication Ciphering of the transmitted data TMSI usage Security Flaws One directional authentication Weak ciphering algorithms for data encryption Operators have freedom in choosing algorithms for data encryption Potential attacks on the GSM users Eavesdropping SIM Cloning Discussion Conclusions References
3 1 Introduction GSM (Group Special Mobile or General System for Mobile communications) is the international standard for the second generation digital cellular communications developed by the European Telecommunications Standards Institute (ETSI). Its development began in 1982 during the European Conference of Post and Telecommunication Administrations (CEPT). The first network was built in Finland by Telenokia and Siemens in In 1998 GSM was used worldwide and the number of its subscribers crossed 100 million. GSM was created to replace the previous, first generation analogue standard for mobile communications. It introduced many new features and services such as significantly higher capacity (the assigned frequency bandwidth was used much more efficiently), full mobility (calling party no longer need to be informed about the location of the called person), international roaming, Short Message System (SMS), voice mail, data transmission, call forwarding, etc. Moreover, due to the change from analog to digital system, GSM was able to provide security measures to protect both operators and subscribers from various types of frauds and malicious actions. Previously used analog-based cellular telephone systems such as Advanced Mobile Phone System (AMPS) and Total Access Communication System (TACS) did not used any encryption over the wireless communication. In fact any radio hobbyist was able to eavesdrop cellular telephone conversations using a police scanner as both AMPS and TACS were transmitting the voice in the same manner as the broadcast radio. Furthermore, more sophisticated (but still available) equipment allowed retrieving unencrypted subscriber s identification credentials such as Electronic Serial Number (ESN) and eventually cloning its cellular phone and making calls with it. As a consequence, 2
4 cellular fraud in the USA in 1993 was estimated to be US$500 million. GSM addressed these problems by introducing digital encryption of the subscribers data send over the air as well as encoded identification of users by the network center. This paper discusses the security of the GSM standard. The next section explains the main security objectives in telecommunication systems. Section 3 presents the measures of the security present in GSM, whereas section 4 points their main flaws. In section 5 the potential attacks on the GSM subscribers are described. The improvements of the GSM security present in the 3G standard are briefly discussed in section 6. Finally, section 7 summarizes the security in GSM. 2 Security Goals in Telecommunication Systems The security goals can be divided into two groups: the ones stated by the network operators, responsible for delivery of the telecommunication services and the others, required by the customers. It is clear that each of these groups has different aims and priorities. From the operators point of view the most important is that the telecommunication system is protected from any kind of fraud that could bring them financial losses. Hence, GSM was designed to assure that phone cloning will no longer be possible and that the payment for the used services will always arrive to the right people. Moreover, operators want their services to be protected from any modifications from the outside, as this could bring them losses and costs of bringing back the dysfunctional services. On the other hand, GSM subscribers want privacy and anonymity. Of course it is also important for the users that they will not be charged for the calls they did not make but that kind of problem is left for the operators to solve. Ordinary users 3
5 want to be sure that their conversations or data sent via the network stay confidential and protected from access by the undesirable third persons. 3 Security measures in GSM Changing to the digital system allowed GSM to introduce security measures that were not present in the previous analogue standards. Ciphering algorithms were developed to assure that all the security goals of the telecommunication system are achieved. GSM security consists of the following elements: subscriber identity authentication, subscriber identity confidentiality, signaling data confidentiality, and user data confidentiality. The International Mobile Subscriber Identity (IMSI) uniquely identifies the subscriber. IMSI and the personal subscriber authentication key (K I ) make sensitive identification credentials corresponding to the Electronic Serial Number (ESN) in previously used analog systems such as AMPS and TACS. The authentication and encryption procedures in GSM were designed to assure that this sensitive information is never transmitted over the radio channel. Instead, the authentication is performed by a challenge-response mechanism. Finally, temporary, randomly generated ciphering key (K C ) is used to encode the conversations between users. This section presents in details the security mechanisms implemented in the GSM standard. The A3, A5 and A8 encrypting algorithms, which usage is described in this section, do not refer to any particular algorithm. Every GSM network operator has freedom in choosing any algorithm to be implemented for respectively authentication, data encryption and ciphering key generation. The most common implementations for 4
6 A3 are COMP128v1 and COMP128v2. In fact, both of these algorithms perform the function of both A3 and A8 (the ciphering key generation algorithm discussed later) in the same stage. It is important to mention that the three algorithms were never made public. All the knowledge about them comes from their reverse engineering. 3.1 SIM card Subscriber Identity Module (SIM) is a microcontroller embedded in a small plastic card. SIM card contains all of the information necessary to connect to a particular account in the GSM network. These are early mentioned International Mobile Subscriber Identity (IMSI) and the individual subscriber authentication key (K I ). The IMSI is a sequence of up to 15 decimal digits assigned to every subscriber in the world. It contains information about the subscriber s home network and the country of issue. This number can be read from the SIM via the local access to the SIM that is normally protected by a PIN code. Ideally it is transmitted in the air only once, when the user connects to the network for the first time, before the encryption codes are generated. Later for the security reasons Temporal Mobile Subscriber Identity number (TMSI) is used instead of IMSI. The K I is a randomly generated 128-bit number assigned to a particular subscriber and stored in the SIM card. K I is used to seed the generation of all keys and challenges used in the GSM security system. Therefore, this number is highly protected, and is only known to the SIM and the network s Authentication Centre. The mobile phone itself never gets access to K I. Instead it sends to the SIM the information it needs to perform the authentication or generate ciphering keys. SIM card is a microprocessor that stores both IMSI and K I. Moreover, it has implemented ciphering algorithms for subscriber s authentication (A3) and 5
7 generation of the ciphering key for user s data encryption (A8). In other words, authentication and key generation procedures are performed in the SIM. Therefore, the protection of the two numbers stored in SIM card is crucial for the GSM security. Personal Identification Number (PIN) protects the SIM from a local access of third person. 3.2 PIN code Personal Identification Number (PIN) is stored in SIM card and asked any time the mobile phone is switched on. Its main task is to protect from the local access to the IMSI. Moreover, it protects the user data (phone contacts, messages) stored in SIM. If 3 faulty PIN are input, the Personal Unblocking Key (PUK) code is asked. If 10 faulty PUK are entered, SIM card is permanently locked and the user needs to request a new one from the operator. 3.3 User Authentication The subscriber s authentication procedure uses K I that is known only in the SIM and in the network. Since sending K I over the transmission channel would be highly insecure, the GSM designers came with a challenge-response procedure. First, the network generates a 128-bit random number called RAND. Next, RAND is used with the A3 algorithm to generate an authentication token called XRES. Then RAND is sent to the mobile phone for the SIM card to use the same A3 algorithm and generate the 32-bit SRES. Finally, SRES is returned to the network and compared with XRES. If the two numbers are identical, then the K I stored in the SIM card must be the same (to a high mathematical probability) as the one in the Authentication Center of the network and thus, the phone is authenticated. If the values do not match, the connection is terminated and an authentication failure is 6
8 reported to the mobile phone. Figure 1 presents the scheme of the authentication procedure. Fig. 1 Scheme of the authentication procedure in the GSM standard. Since authentication and generation of the data ciphering key K C (described in the subsection 3.4) occur simultaneously in the SIM card (and using the same RAND signal) the procedure described above takes place every time the network wants to change the encryption key. In most cases this happens just before the transmission of the actual data. 3.4 Ciphering of the transmitted data As stated in section 2, protecting the transmitted data from interception is very important for the network subscribers. The GSM standard uses symmetric cryptography procedure to assure that the users data is safe. For each call, just before the data transmission, a new ciphering key (K C ) is generated during the 7
9 authentication. K C is used for the encrypted mobile phone network communication. The 64-bit ciphering key (K C ) is generated by the algorithm A8 that is implemented in the SIM card s microprocessor. A8 computes K C from the same random number that is used in the authentication process (RAND) and the individual subscriber authentication key (K I ). Next, the newly created ciphering key (K C ) is used to encrypt and decrypt the data between the cellular and the network base station. For this purpose the third encrypting algorithm, A5 is used. Both A8 and A5 are implemented in the mobile device and in the network and are chosen according to the operator s preferences and the possibilities of the mobile phone. Figure 2 presents the diagram of the ciphering key (K C ) generation and the encryption of the transmitted data. Fig. 2 Scheme of the generation of the ciphering key K C and the encryption of the transmitted data. The main idea behind this kind of symmetric encryption procedure is that K C should only be known by the mobile device and the network. If this is the case, the data is 8
10 meaningless to anyone intercepting it. Since the ciphering key can be easily and frequently changed the system is less vulnerable to eavesdropping. The ciphering key may be changed at regular intervals as required by network design and security considerations. Figure 3 summarizes both authentication and data encryption procedures in a single diagram. It is crucial to underline that the A3, A8 and A5 encrypting algorithms do not refer to any particular algorithms. Every GSM network operator has freedom in choosing any algorithm to be implemented for respectively authentication, ciphering key generation and data encryption. Fig. 3 Scheme of the authentication, ciphering key generation and data encryption procedures in GSM. 9
11 3.5 TMSI usage The International Mobile Subscriber Identity (IMSI) uniquely identifies the subscriber. It includes the home network code and the country of issue. Ideally IMSI is sent over the communication channel only when the SIM is used for the first time or when there is lack of the subscriber s data in the Authentication Center or at the Visitor Location Register. The Visitor Location Register is a local network database that contains the Temporal Mobile Subscriber Identity (TMSI) codes for all foreign GSM subscribers. This means that every time a subscriber travels abroad and uses the roaming service its TMSI will not be recognized by the local network and as a consequence, user s IMSI will be sent to the network to find the subscriber s mobile device model, ciphering algorithms implanted in the SIM card, K I and home operator code from the global GSM database. This is the moment when the GSM security is most vulnerable for the external attacks since IMSI is transmitted unencrypted (the ciphering key can be generated just later after the first successful authentication). Next, new TMSI is sent to the mobile device after the authentication procedure. TMSI is used to page the user in the network and retrieve its K I, trace its current location and match the transmitted signal with the user. Usage of TMSI allowed the roaming service and assured that the subscriber s identity remains confidential. 10
12 4 Security Flaws In this section some of the discovered flaws in the security of the GSM standard are presented and discussed. It is important to note that the whole security of GSM has been always kept in secret. None of the ciphering algorithms and authentication procedures has ever been made public. All the knowledge that is currently available comes from the reverse engineering and leaks from the GSM developers. 4.1 One directional authentication The most serious fault with the GSM system is that the authentication procedure is only one directional. As described in section 3.3, during the authentication the network is not required to prove its knowledge of the K I. This in turn opens a space for an attacker to setup a false base station with the same Mobile Network Code as the subscriber s network. The authentication procedure initiation depends on the settings of the operator. Hence, the false network may choose not to authenticate, or simply send the RAND and ignore the response. Moreover, ciphering of the transmitted data may not be activated at all. Finally, the attacker can set the cell reselection parameters of his false base station to values that will highly encourage his victims to connect directly to it (and thus avoiding hoping). In such situation the subscriber could unknowingly make calls or send text messages that could be intercepted using this man-in-the-middle attack (since the false network could then route the calls back to the public cellular network). 11
13 4.2 Weak ciphering algorithms for data encryption It was revealed by observation and reverse engineering that the most common implementations of A3/A8: COMP128 and COMP128-2 were deliberately weakened. The ciphering key K C generated by either algorithm has always its 10 least significant bits set to 0. This means that only 54 out of 64 bits from the key is used in practice to protect the users data while transmission. This significantly reduces the strength of the security. 4.3 Operators have freedom in choosing algorithms for data encryption As a consequence of this flaw, the most common implementation of the A3 and A8 algorithms is rolled into a single algorithm COMP128. In some extreme cases operators use no ciphering for the data transmission. Allowing the operators to decide about all three ciphering algorithms and their implementations causes that the security goals of the customers are often pushed to the second plan. 12
14 5 Potential attacks on the GSM users The flaws described in the previous section create space for potential attacks on the GSM subscribers and their data. These attacks can be divided into two main groups: eavesdropping and SIM cloning. Whereas the first one aims in interception of the data transmitted to and from a particular GSM user, the latter targets in a fraud in which the attacker is able to use all GSM services (e.g. receive and make calls) using the victim s account Eavesdropping In 2010 during the Chaos Computer Club Congress Karsten Nohl and Sylvain Munaut demonstrated a start-to-finish means of eavesdropping on encrypted GSM cell phone calls and text messages. For that purpose they used only: four 7-years-old Motorola mobiles (each bought for less than US$15) as network sniffers, ordinary laptop, variety of open source software. But how did they do that? First of all, they used a simple internet query to determine the target s current location to a level of a city or a rural area. Next, they were driving trough and around that area sending to the subscriber s mobile device broken or silent SMS messages that do not show up on the phone. By doing so, they were able to find more précised location of the target by listening to each base station s traffic, looking for the delivery messages and analyzing the response time of the target s mobile phone. 13
15 The two researchers created network sniffers from simple Motorola GSM phones by replacing their firmware. The new software made the mobiles to pass in real time all raw data received from the network to the laptop via USB connection. In this way the researchers were able to monitor significantly more network traffic information then an ordinary phone does. By listening to the network data traffic in the proximity to the target while sending to it the broken messages, its TMSI number could be learned. This allowed them to focus on and intersect only the data exchanged with the target (TMSI is used as an ID to page the GSM subscriber and start the procedure of the authentication before the data transmission). The last step was to decode the intercepted information. This is not that trivial task, however, the two researchers observed a significant fault in the GSM security on the operators side and the way they exchange system information with the subscribed phones. Nohl and Munaut noticed that GSM network periodically sends out strings of identifying information, as well as essentially empty "Are you there?" messages as part of the background communication. Buffer bytes are filling the empty space in these messages. Surprisingly, most of these bytes are identical, even though a new GSM standard was put in place several years ago to replace them by random values. This observation allowed the two researchers to estimate with a high degree of probability the content of these encrypted system messages. Combining this knowledge with a 2TB table of pre-computed encryption keys (a so-called rainbow table), allowed a cracking program to find out the ciphering key K C to the session's encryption in approximately 20 seconds. Later Karsten Nohl and Sylvain Munaut 14
16 used the obtained key to decode the encrypted data transmitted to and from the target. Moreover, the two researchers found out that the operators often use the same ciphering key for subsequent sessions of the user s data transmission. "There is one key used for communication between the operators and the SIM card that is very well protected, because that protects their monetary interest," Nohl said. "The other key is less well protected, because it only protects your private data." SIM Cloning The previously mentioned holes in the GSM security combined together can result in a very serious attack, which is over the air SIM cloning. In this kind of attack the hacker aims in discovering the two secret codes of a particular SIM card: IMSI and K I. Knowing both of these numbers the attacker can create a twin card and use it to intercept all the data transmitted to the victim (answer the calls and receive text messages in victims name) and to use all the services offered by network operator at the expense of the victim. Suppose an attacker created a fake base station and marked it with the operator s code corresponding to the network that its target is subscribed to. Then by placing such base station in the transmission range from the target, the attacker can use the authentication procedure many times to exploit the vulnerabilities in the common implementation of the encryption algorithm A3 COMP128. In order to achieve this, the attacker can page the target mobile phone as described in the section 5.1.2, to get its TMSI and establish a radio connection with it. Next, the IMSI can easily be discovered by sending to the phone the IDENTITY 15
17 REQUEST command. According to the GSM standard all mobile phones must respond at any time to this request returning the IMSI code, just in case the track of their current TMSI was lost. Then, the attacker can initialize multiple authentications (by sending AUTHENTICATION REQUEST messages in a loop) always choosing different, carefully selected RAND signal to exploit the COMP128 algorithm flaws. The target phone, as required and expected, returns the SRES. The attacker can collect the SRESes until enough information has been gained to discover the K I. Once both K I and IMSI are known the attacker can clone the target SIM card, impersonate that user, and make and receive calls and SMS messages in their name. Obviously, knowing the K I, the attacker can also easily overhear the target user s communication via the GSM network. He can monitor the RANDs sent from the legitimate network to the target user, and use the obtained K I to determine the K C used for the data encryption. It is important to mention that this attack will work on any GSM phone, without any previous access to the phone. Moreover, since it is an over-the-air attack, it can be performed from many kilometers away (up to the transmission range between the target mobile and the false base station created by the attacker). 16
18 6 Discussion Although GSM still remains the most used telecommunication standard worldwide, it is slowly being replaced by the so called 3rd generation mobile telecommunications (3G). As expected, most of the serious security flaws present in the GSM standard were addressed. For example 3G allows the user equipment to authenticate the network base stations which prevents the user to connect to a false network. Moreover, the weak ciphering algorithm responsible for keeping the users data confidential (A5) was replaced by more complicated and difficult to break KASUMI block cipher. Are then our connections and transmitted data completely safe? Unfortunately, the answer is no. According to the Security Research Labs researcher Karsten Nohl many operators reserve much of their 3G bandwidth for Internet traffic, while pushing back voice and SMS off to the older GSM network. Moreover, with the new standard and new technology appeared completely new dangers for the users and their data. Nowadays there are many known and reported Trojans and viruses that attack modern telecommunication equipment in order to intersect the data stored in the memory of the device or to bring financial losses to the network subscribers. 17
19 7 Conclusions GSM is the most common telecommunication standard used worldwide. This paper presents its main security goals and the measures to achieve them. Moreover, the known faults in the GSM security were pointed and potential consequences described. It can be seen that although GSM designers had security in mind when preparing the original specifications, the standard fails to fulfill most of the criteria described in the section 2 of this paper. Karsten Nohl, the Security Research Labs researcher, summarized the security in the GSM standard in the following sentences: "GSM is insecure, the more so as more is known about GSM. It's pretty much like computers on the Net in the 1990s, when people didn't understand security well." GSM s faults result from a combination of designing algorithms in secret (neither the ciphering algorithms nor the security procedures like subscriber s authentication have never been made public) and deliberate weakening of the system (present for example in using weak algorithm for data ciphering and decreasing the efficiency of the ciphering key K C by setting its 10 least significant digits to 0). Even though the whole GSM security was protected, few information leaks and reverse engineering allowed to learn and to understand it as well to show to the public the potential dangers eavesdropping and phone cloning. Nevertheless, fortunately, for most users there is no reason to worry much about this security faults. None of the presented attacks can be easily carried out, so the casual cellular network subscriber can feel safe from people spying and intercepting their conversations. However, highly sensitive data (passwords, credit card details or government and military data) should be always transmitted with a special care. 18
20 The final conclusion is that GSM seems to accomplish the undocumented goals of the security. The system is safe enough to protect casual subscribers from general attacks; however, it left few backdoors for the organizations like government spy agencies to intercept the data transmitted between users they wish to inspect. 19
21 8 References [1] Charles Brookson, GSM (and PCN) Security and Encryption, [2] David Margrave, GSM Security and Encryption, George Mason University, N/A. [3] Jeremy Quirke, Security in the GSM system, AusMobile, [4] John Borland, Breaking GSM Security With a $15 Phone, updated on December 28, 2010; last visited July 12, [5] Mikko Suominen, GSM Security, Helsinki University of Technology, [6] Priyanka Agarwa, Security of GSM System, published: January 10, 2005; last visited July 12, [7] Wei Zhang, GSM Security Issues, Iowa State University Department of Computer Engineering, [8] updated on June 28, 2012; last visited on July 12,
GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017
GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017 1 SYLLABUS GSM General architecture and interfaces of cellular system and the PSTN and Internet networks: BTS, MSC, Internetworking,
More informationWireless Security Security problems in Wireless Networks
Wireless Security Security problems in Wireless Networks Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security
More informationSecurity of Cellular Networks: Man-in-the Middle Attacks
Security of Cellular Networks: Man-in-the Middle Attacks Mario Čagalj University of Split 2013/2014. Security in the GSM system by Jeremy Quirke, 2004 Introduction Nowadays, mobile phones are used by 80-90%
More informationSecurity functions in mobile communication systems
Security functions in mobile communication systems Dr. Hannes Federrath University of Technology Dresden Security demands Security functions of GSM Known attacks on GSM Security functions of UMTS Concepts
More informationGSM security country report: Thailand
GSM security country report: Thailand GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin February 2013 Abstract. GSM networks differ widely in their protection capabilities against common
More informationGSM security country report: Estonia
GSM security country report: Estonia GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin September 2014 Abstract. GSM networks differ widely in their protection capabilities against common
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationMobile network security report: Ukraine
Mobile network security report: Ukraine GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin June 2017 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationON THE IMPACT OF GSM ENCRYPTION AND MAN-IN-THE-MIDDLE ATTACKS ON THE SECURITY OF INTEROPERATING GSM/UMTS NETWORKS
ON THE IMPACT OF GSM ENCRYPTION AND MAN-IN-THE-MIDDLE ATTACKS ON THE SECURITY OF INTEROPERATING GSM/UMTS NETWORKS Ulrike Meyer, Susanne Wetzel Darmstadt University of Technology, Department of Computer
More informationGSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL
GSM Hacking Wireless Mobile Phone Communication 30 th January 2014 Labs.mwrinfosecurity.com MWR Labs 1 Labs.mwrinfosecurity.com MWR Labs Introduction to GSM June 2008 2.9 BILLION subscribers use GSM. Replaced
More informationTETRA Security Istanbul February 2011
TETRA Security Istanbul Brian Murgatroyd Chairman ETSI TC TETRA former chairman Security and Fraud Prevention Group (SFPG) TETRA ASSOCIATION Warren Systems Independent Security Consultant brian@warrensystems.co.uk
More informationQuestioning the Feasibility of UMTS GSM Interworking Attacks
Questioning the Feasibility of UMTS GSM Interworking Attacks Christoforos Ntantogian 1, Christos Xenakis 2 1 Department of Informatics and Telecommunications, University of Athens, Greece 2 Department
More informationThe Vulnerability Analysis and Improvement of the TETRA Authentication Protocol
The Vulnerability Analysis and Improvement of the TETRA Authentication Protocol Abstract The TETRA system provides an authentication service which permits only the authorized terminal to access its network
More informationDefeating IMSI Catchers. Fabian van den Broek et al. CCS 2015
Defeating IMSI Catchers Fabian van den Broek et al. CCS 2015 Ren-Jay Wang CS598 - COMPUTER SECURITY IN THE PHYSICAL ckground 3GPP 3GPP 3 rd Generation Partnership Project Encompasses: GSM and related 2G
More informationContents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications
Royal Holloway, University of London, IC3 Network Security, 13 November 2006 Contents GSM and UMTS Security Introduction to mobile telecommunications Second generation systems - GSM security Third generation
More informationSecurity Setup CHAPTER
CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationThe telephone supports 2 SIM cards. All functions are available for both SIM cards and have independent settings.
Samsung C6112 telephone for protection of conversations against control via a GSM service provider as well as via active and semi-active GSM interception complexes, catchers. The telephone supports 2 SIM
More informationCity Research Online. Permanent City Research Online URL:
Komninos, N. & Dimitriou, T. (2006). Adaptive authentication and key agreement mechanism for future cellular systems. Paper presented at the 15th IST Mobile & Wireless Communications Summit, 04-08 June
More informationPractical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning
Practical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning Getting paid Prevent (limit) subscriber fraud Ensure accurate clearing with other operators Reduce churn Ensure
More informationNetwork Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013
Network Security: Cellular Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013 Outline Cellular networks GSM security architecture and protocols Counters UMTS AKA and session
More informationCYBER ATTACKS EXPLAINED: WIRELESS ATTACKS
CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationON SECURITY OF BLUETOOTH WIRELESS SYSTEM. Pavel Kucera, Petr Fiedler, Zdenek Bradac, Ondrej Hyncica
ON SECURITY OF BLUETOOTH WIRELESS SYSTEM Pavel Kucera, Petr Fiedler, Zdenek Bradac, Ondrej Hyncica Brno University of Technology Faculty of Electrical Engineering and Communication Department of Control
More informationCRACKING GSM AND UMTS
CRACKING GSM AND UMTS SIGNAL INTERCEPTION AND JAMMING By: James Konderla Written for CYBS 6350: Data Security (Fall 2014) 10/18/2014 i Table of Contents Abstract... iii Overview of GSM and UMTS Technologies...
More informationChapter 6. Stream Cipher Design
Chapter 6. Stream Cipher Design 1 Model for Secure Communications and Attacks 2 Shannon's Theory on Perfect Secrecy and Product Cryptosystems (self reading, Stinson s book, or Chapters 1 and 2 in Stalling's
More informationUnderstanding IMSI Privacy!
Understanding IMSI Privacy Ravishankar Borgaonkar TU Berlin Swapnil Udar Aalto University Email: darshak@sec.t-labs.tu-berlin.de Blackhat USA 2014, Las Vegas, 7 th August 2014 Overview Unresolved Privacy
More informationCHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM
109 CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM Security is considered to be the most critical factor in many applications. The main issues of such
More informationSecuring SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm.
Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm. Garba S. (1), Abdu-Aguye U.-F., Raubilu A.A., Ibrahim Y. Department of Electrical and Computer Engineering,
More informationThe security of existing wireless networks
Security and Cooperation in Wireless Networks Cellular networks o o GSM UMTS WiFi LANs Bluetooth Security in Wireless Networks Wireless networks are more vulnerable to security issues: Broadcast communications
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More informationBasics of GSM in depth
This document will be helpful for the telecom engineers who deal with GSM as well as for the fresher /interested readers. This document has some advantages over other GSM texts in that it quickly gets
More informationTelecoms: Generational Evolution of Attack Surfaces. HITB Beijing 2018
Telecoms: Generational Evolution of Attack Surfaces HITB Beijing 2018 Blast from the Past Agenda Brief history of telecoms Generation Zero Generation Fixed Generation Analog Mobile 1G Mobile 2G Mobile
More informationSecurity Management System of Cellular Communication: Case Study
Security Management System of Cellular Communication: Case Study Othman O. Khalifa, Abdulrazzag Aburas, A. Al Bagul, Meftah Hrairi, Muhammad Shahril bin Shahbuddin, and Harman bin Mat Kasa Abstract Cellular
More informationCircuit switched network
GPRS-Services Page 12 2. GPRS-Services GPRS integrates a vast sum of additional services in a GSM-network. For this it will be necessary to define a subscriber profile that corresponds with services the
More informationUnderstanding TETRA Security
Understanding TETRA Security Brian Murgatroyd Tetra Association former chairman Security and Fraud Prevention Group (SFPG) Warren Systems Independent Security Consultant brian@warrensystems.co.uk Agenda
More informationComputer Security Policy
Administration and Policy: Computer usage policy B 0.2/3 All systems Computer and Rules for users of the ECMWF computer systems May 1995 Table of Contents 1. The requirement for computer security... 1
More informationAttacking Mobile-Terminated Services in GSM
Berlin Institute of Technology FG Security in Telecommunications Weiss Attacking Mobile-Terminated Services in GSM TelcoSecDay 2013 Nico Golde, Kevin Redon, Heidelberg, March 12th 2013 nico@sec.t-labs.tu-berlin.de
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationChapter 3 GSM and Similar Architectures
CSF645 Mobile Computing 行動計算 Chapter 3 GSM and Similar Architectures 吳俊興 國立高雄大學資訊工程學系 Chapter 3 GSM and Similar Architectures 3.1 GSM Services and System Architecture 3.2 Radio Interfaces 3.3 Protocols
More informationNS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks
NS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks Neetesh Saxena, Narendra S. Chaudhari Abstract- In this paper, we propose an improved and efficient AKA protocol named NS-AKA to prevent
More informationDiminishing Signaling Traffic for Authentication in Mobile Communication System
Diminishing Signaling Traffic for Authentication in Mobile Communication System Chi-Chun Lo and Kuen-Liang Sue Institute of Information Management National Chiao Tung University Hsinchu, Taiwan cclo@cc.nctu.edu.tw,
More informationIntroduction. Security Edition User Guide
Introduction Turbo SIM is a device with a set of pre-installed applications targeted at SMS encryption and privacy protection. Inserted in the SIM Lock together with the operator SIM card, the device can
More informationMobility and Security Management in the GSM System
IOSR Journal of Engineering (IOSRJEN) ISSN: 2250-3021 ISBN: 2878-8719 PP 13-18 National Symposium on engineering and Research Mobility and Security Management in the GSM System 1 Mr. Yogesh S. Amle 2 Mr.
More informationGSM Security Overview
GSM Security Overview Mehdi Hassanzadeh Mehdi.Hassanzadeh@ii.uib.no Selmer Center, University of Bergen, Norway Norsk ryptoseminar, Bergen, November 9-10, 2011 Agenda A5 Overview : Attack History on A5/1
More informationGPRS security. Helsinki University of Technology S Security of Communication Protocols
GPRS security Helsinki University of Technology S-38.153 Security of Communication Protocols vrantala@cc.hut.fi 15.4.2003 Structure of the GPRS Network BSS GTP PLMN BSS-Base Station sub-system VLR - Visiting
More informationGPRS Intercept: Wardriving your country. Karsten Nohl, Luca Melette,
GPRS Intercept: Wardriving your country Karsten Nohl, nohl@srlabs.de Luca Melette, luca@srlabs.de Executive summary Do not send sensitive data over GPRS GPRS/EDGE networks provide the data backbone of
More informationBiometrics problem or solution?
Biometrics problem or solution? Summary Biometrics are a security approach that offers great promise, but also presents users and implementers with a number of practical problems. Whilst some of these
More informationGSM Sniffing with OsmocomBB. Joshua Pereyda
GSM Sniffing with OsmocomBB Joshua Pereyda Introduction In November 2011, Karsten Nohl and Sylvain Munaut presented a passive sniffing attack on modern cell phone systems My goal was to reproduce this
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationCommunication Networks 2 Signaling 2 (Mobile)
Communication Networks 2 Signaling 2 (Mobile) Gusztáv Adamis BME TMIT 2017 GSM signaling Signaling of GSM is based on the ISDN signaling systems SS7/DSS1 But, because of mobility, roaming, radio access
More informationNetwork Working Group Request for Comments: 1984 Category: Informational August 1996
Network Working Group IAB Request for Comments: 1984 IESG Category: Informational August 1996 IAB and IESG Statement on Cryptographic Technology and the Internet Status of This Memo This memo provides
More informationWhitepaper on AuthShield Two Factor Authentication with SAP
Whitepaper on AuthShield Two Factor Authentication with SAP By AuthShield Labs Pvt. Ltd Table of Contents Table of Contents...2 1.Overview...4 2. Threats to account passwords...5 2.1 Social Engineering
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationSemi-Active GSM Monitoring System SCL-5020SE
Semi-Active GSM Monitoring System SCL-5020SE Technology Introduction: GSM networks are most popular and widespread wireless communication media across the world, having a wide customer base in Europe and
More informationGSM security. Christian Kröger. University of Twente P.O. Box 217, 7500AE Enschede The Netherlands
GSM security Christian Kröger University of Twente P.O. Box 217, 7500AE Enschede The Netherlands christian.kroeger@gmail.com ABSTRACT In this paper we will give a general overview over the state of GSM
More informationContents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Symbolic Links 4. Deploy A Firewall 5
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Symbolic Links 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical
More informationSecurity Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.
Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol John Jersin Jonathan Wheeler CS259 Stanford University March 20, 2008 Version 1 Security Analysis of Bluetooth v2.1 + EDR Pairing
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationUNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase
UNIT-5 GSM System Operations (Traffic Cases) Registration, call setup, and location updating Call setup Interrogation phase For the interrogation phase The initial address message comes outside the GSM
More informationExam Advanced Network Security
Exam Advanced Network Security Jaap-Henk Hoepman, Joeri de Ruiter July 2, 2018 NOTE: READ THIS CAREFULLY: This exam consists of two alternatives. The first alternative is the regular exam for students
More informationNetwork Security Issues and Cryptography
Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi
More informationFemtocell: Femtostep to the Holy Grail
.... Femtocell: Femtostep to the Holy Grail Ravishankar Borgaonkar, Kévin Redon Technische Universität Berlin, SecT ravii/kredon@sec.t-labs.tu-berlin.de TROOPERS 2011, 30 March 2011 3G/UMTS femtocells
More information1-7 Attacks on Cryptosystems
1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from
More informationHow to hack your way out of home detention!
How to hack your way out of home detention! About me! William @Amm0nRa Turner! @Assurance! About presentation! Acquire a home detention tracking system! Get a BladeRF SDR! Use open source GSM software
More informationHow Insecure is Wireless LAN?
Page 1 of 7 How Insecure is Wireless LAN? Abstract Wireless LAN has gained popularity in the last few years due to its enormous benefits such as scalability, mobile access of the network, and reduced cost
More informationGSMK CryptoPhone PSTN/1i. User Manual
GSMK CryptoPhone PSTN/1i User Manual A. Installation 1. Turn the key-operated switch on the left side of the device to its vertical position (labeled SECURE ) using one of the supplied keys. 2. Connect
More informationIntroduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 09 Now, we discuss about the insecurity of passwords.
More informationCryptography Lesson Plan
Cryptography Lesson Plan Overview - Cryptography Summary There is a large amount of sensitive information being stored on computers and transmitted between computers today, including account passwords,
More informationGSM Open-source intelligence
GSM Open-source intelligence Kenneth van Rijsbergen 1 1 MSc System and Network Engineering Faculty of Science University of Amsterdam 30 June 2016 Kenneth van Rijsbergen University of Amsterdam GSM OSINT
More informationCRYPTOGRAPHIC ENGINEERING ASSIGNMENT II Theoretical: Design Weaknesses in MIFARE Classic
CRYPTOGRAPHIC ENGINEERING ASSIGNMENT II Theoretical: Design Weaknesses in MIFARE Classic Özgecan Payzin, s4159721 ozgecan.payzin@student.ru.nl April 1, 2013 1 Introduction The MIFARE Classic is one of
More informationInstallation and usage of SSL certificates: Your guide to getting it right
Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationGSM System Overview. Ph.D. Phone Lin.
GSM System Overview Phone Lin Ph.D. Email: plin@csie.ntu.edu.tw 1 Outlines Introduction GSM Architecture Location Tracking and Call Setup Security GSM Data Services Unstructured Supplementary Service Data
More informationWireless Security Algorithms
(NOTE: If you are using a virtual lab to run your attacks you will need an external Wi Fi attachment. The other option is to have a direct install on your computer. Virtual labs cannot access your wireless
More informationLESSON 12: WI FI NETWORKS SECURITY
LESSON 12: WI FI NETWORKS SECURITY Raúl Siles raul@taddong.com Founder and Security Analyst at Taddong Introduction to Wi Fi Network Security Wireless networks or Wi Fi networks IEEE 802.11 Standards Information
More informationRequest for Comments: Cisco Systems January 2006
Network Working Group Request for Comments: 4186 Category: Informational H. Haverinen, Ed. Nokia J. Salowey, Ed. Cisco Systems January 2006 Status of This Memo Extensible Authentication Protocol Method
More informationAmorphic Encryption. Egger Mielberg
Amorphic Encryption Egger Mielberg egger.mielberg@gmail.com 27.01.2019 Abstract. As a symmetric as an asymmetric scheme requires a key (session or private) to be hidden. In this case, an attacker gets
More informationWireless IP for IoT / M2M 101 The Basics
Wireless IP for IoT / M2M 101 The Basics Aeris White Paper A concise introduction to using wireless devices for Internet of Things (IoT) and machine-to-machine (M2M) data transmissions. www.aeris.com 1
More informationIntroduction to SSL. Copyright 2005 by Sericon Technology Inc.
Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter
More informationWPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)
WPA SECURITY (Wi-Fi Protected Access) Presentation By Douglas Cheathem (csc 650.01 Spring 2007) OUTLINE Introduction Security Risk Vulnerabilities Prevention Conclusion Live Demo Q & A INTRODUCTION! WPA
More informationThe Case for Secure Communications
Whitepaper The Case for Secure Communications The tapping of voice communications has occurred virtually as long as electronic communication has been in existence. In the early days of electronic communications,
More informationMobile Security Fall 2013
Mobile Security 14-829 Fall 2013 Patrick Tague Class #3 Telecom Security from 1G to 4G Basics of Telecom Security Different players in the mobile ecosystem have different security concerns Security concerns
More informationCryptanalysis. Ed Crowley
Cryptanalysis Ed Crowley 1 Topics Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types 2 Cryptanalysis Science of cracking ciphers and codes, decoding secrets,
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 9 Encryption and Firewalls By Whitman, Mattord & Austin 2008 Course Technology Learning Objectives Describe the role encryption
More informationSystem-Level Failures in Security
System-Level Failures in Security Non linear offset component (ms) 0.0 0.5 1.0 1.5 2.0 Variable skew De noised Non linear offset Temperature 26.4 26.3 26.2 26.1 26.0 25.9 25.8 Temperature ( C) Fri 11:00
More informationCryptography ThreeB. Ed Crowley. Fall 08
Cryptography ThreeB Ed Crowley Fall 08 Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types Cryptanalysis. Science of cracking ciphers and codes, decoding secrets,
More informationEfficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection
Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection Author: Jing-Lin Wu, Wen-Shenq Juang and Sian-Teng Chen Department of Information Management, Shih Hsin University,
More informationThe Cellular Interceptor CC2800 Series
The Cellular Interceptor CC2800 Series Operational Parameters The Target Mode enables the user to direct cellular interception by variables such as the IMSI, TMSI, or cellular phone number of the suspect.
More informationThe GSM Standard (An overview of its security)
Interested in learning more about cyber security training? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written
More informationSecurity Analysis of Two Anonymous Authentication Protocols for Distributed Wireless Networks
An abridged version of this paper appears in the Proc. of the Third IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom 2005 Workshops), 8-12 March 2005, Kauai Island,
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationA Look Back at Security Problems in the TCP/IP Protocol Suite Review
A Look Back at Security Problems in the TCP/IP Protocol Suite Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 26, 2011 1 Introduction to the topic and the reason
More informationSmartSiren: Virus Detection and Alert for Smartphones. Jerry Cheung, Starsky Wong, Hao Yang and Songwu Lu MOBISYS 2007
SmartSiren: Virus Detection and Alert for Smartphones Jerry Cheung, Starsky Wong, Hao Yang and Songwu Lu MOBISYS 2007 Premise Smartphones have become increasingly popular. So have viruses for smartphones
More informationCRYPTOGRAPHY. BY, Ayesha Farhin
CRYPTOGRAPHY BY, Ayesha Farhin Overview Introduction Types Advantages n Disadvantages Future Developments Bibliography Introduction Cryptography considered as a branch of both mathematics and computer
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More information