Lessons learned from 2G,3G,4G what we need to fix in 5G ETSI Security Week G Security Adrian Dabrowski
|
|
- Shana Dennis
- 5 years ago
- Views:
Transcription
1 Lessons learned from 2G,3G,4G what we need to fix in 5G ETSI Security Week G Security Adrian Co-Authors: David Rupprecht, Thorsten Holz, Edgar Weippl, Christina Pöpper
2 What are the lessons from the past? What is the future of mobile network security research?
3
4 Numerous publicaions towards individual quesions. We need the big picture to shape future research!
5 Numerous publicaions towards individual quesions. We need the big picture to shape future research!
6 Systematization Methodology How to get the big picture?
7 Methodology Literatur e Defenses Defense Characteristi cs Security Requirement s Aims s Flaws s Root s Challenges, Research Questions Characteristi cs 7
8 Security Requirements and Aims Security Requirement Security Requirement s s Literat Literat ure ure Aims Aims Defenses Defenses Flaws Flaws Defense Characteristics Defense Characteristics Root Root Challenges, Challenges, Research Research Questions Questions Characteristics Characteristics Security requirements for the system Each attack aim challenges a security requirement Aims: s on Privacy s on Secrecy Denial of Service s on Integrity Fraud s 8
9 s, Characteristics and Flaws Security Requirement Security Requirement s s Literat Literat ure ure Aims Aims Defenses Defenses Flaws Flaws Defense Characteristics Defense Characteristics Root Root Challenges, Challenges, Research Research Questions Questions Characteristics Characteristics s the act of assailing the system with a deinite attack aim. An attack exploits on distinct law of the system Impact analyses based on attack characteristics Target Technology (2G/3G/4G) er capabilities SS7 9
10 Defenses and Defense Characteristics Security Requirement Security Requirement s s Literat Literat ure ure Aims Aims Defenses Defenses Flaws Flaws Defense Characteristics Defense Characteristics Root Root Challenges, Challenges, Research Research Questions Questions Characteristics Characteristics Impact and feasibility of defenses Defense Characteristics Type of Defense Detection or Mitigation Realization Method Speciication or Research Status Vague Proposal or Evaluated Proposal 10
11 s and Root s Literat Literat ure ure Defenses Defenses Defense Characteristics Defense Characteristics Security Requirement Security Requirement s s Aims Aims Flaws Flaws Root Root Challenges, Challenges, Research Research Questions Questions Characteristics Characteristics From the concrete to the abstract Flaws that have similar technical are grouped by a common cause Root causes are the underlying reason for certain cause 11
12 Research Questions and Challenges Security Requirement Security Requirement s s Literat Literat ure ure Aims Aims Defenses Defenses Flaws Flaws Defense Characteristics Defense Characteristics Root Root Challenges, Challenges, Research Research Questions Questions Characteristics Characteristics Research Questions Shortcomings of existing work Shortcomings of new technologies Challenges of a cause s Flaws Defense s Challenges and Research Questions 12
13 Assessment Root Challenges and Research Questions Challenges and Research Questions Challenges and Research Questions
14 Scope 14
15 Systematization The big picture!
16
17
18 Root s Issue Speciication Issue Wireless Channel Protocol Context Discrepancy 18
19 Overview Issue Speciication Issue Wireless Channel Protocol Context Discrepancy Insecure Leaky Unsecured Preauthentication Traic Non-Existing Mutual Authentication Weak Crypto Insecure Internetwork Protocols Resource Usage Asymmetry Wireless Channel Cross-Layer Information Loss Routing Coniguration Accounting Policy Inconsistency
20 Issue
21 Issue Deinition Mistakes in the implementation Deviations from the speciication Issue Insecure Leaky s Insecure Leaky 21
22 Insecure Example: Baseband exploits Others: SMS of Death, ASN.1 decoder heap, Crypto State Machine Aim: Integrity, Secrecy Issue Insecure Leaky 22
23 Defenses Intermediate defenses Filtering SMS for SMS attacks Detection of vulnerabilities: Issue Insecure Leaky Automated detecion Manual detecion Test Cases Test Cases Reverse Engineering CMP r0, r1 ADDGE r2, r2, r3 ADDLT r2, r2, r4 23
24 Challenges Detection of vulnerabilities Existing testing frameworks focus on one particular type of law and do not exhaust all laws Manual detection for memory bugs Automated testing of baseband is not recommend Reliable detection of vulnerabilities is needed Decoding function of messages and protocol state machine Research Scope: mobile phone vs. mobile network Issue Insecure Leaky 24
25 Challenges of countermeasures Classical system security Memory safe languages ASLR (Address Space Layout Randomization) CFI (Control Flow Integrity) Hard to realize Closed basebands Real-time capability Issue Insecure Leaky 25
26 Speciication Issue
27 Speciication Issue Deinition Security implications in speciication Protocols and state machines s Unsecured pre-authentication traic Non-existing mutual authentication Weak Cryptography Insecure Inter-network protocols Resource Usage asymmetry Speciication Issue Unsecured Preauthentication Traic Non-Existing Mutual Authentication Weak Crypto Insecure Internetwork Protocols Resource Usage Asymmetry 27
28 Unsecured Pre-authentication Traic Speciication Issue Example: Downgrade s and IMSI Request Unsecured Preauthentication Traic Non-Existing Mutual Authentication Weak Crypto Insecure Internetwork Protocols Resource Usage Asymmetry The phone cannot verify the authenticity of the network before authentication and key agreement run 28
29 Unsecured Pre-authentication Traic Speciication Issue Detection Mapping and probing Behavioral analysis Baseband irewall Mitigations: Proposal for specialized protocol changes for certain attacks ephemeral Identiiers (e.g., P-IMSI) PKI TESLA Unsecured Preauthentication Traic Non-Existing Mutual Authentication Weak Crypto Insecure Internetwork Protocols Resource Usage Asymmetry 30
30 Challenges How to secure the pre-authentication traic? Shortcoming: speciic protocol changes No sustainable solution for all attacks vectors (some messages are needed) We are keeping inding new excessive functionality that actually should be authenticated Shouldn t we look for a generic solution? Encrypt also the broadcast traic? Speciication Issue Unsecured Preauthentication Traic Non-Existing Mutual Authentication Weak Crypto Insecure Internetwork Protocols Resource Usage Asymmetry 31
31 Challenges How to secure the pre-authentication traic? Concrete Challenge: General solution to secure pre-authentication traic: What exactly should be secured: Protect pre-authentication traic towards the phone! Optional pre-authentication traic towards the network? Suggestion: PKI and TELSA Certain constraints Speciication Issue Unsecured Preauthentication Traic Non-Existing Mutual Authentication Weak Crypto Insecure Internetwork Protocols Resource Usage Asymmetry Limited bandwidth (specs such as NB LTE?) => And on which layers? Resource constrained devices Focus on availability 32
32 Ressource Usage Asymmetry : An cheap operation on one side triggers an expensive operation on the other. e.g., HLR updates, resource allocation Mostly used for DoS s, resource exhaustion Challenges: Prove of commitment protocols e.g., prove of work such as Merkle puzzles,... Speciication Issue Unsecured Preauthentication Traic Non-Existing Mutual Authentication Weak Crypto Insecure Internetwork Protocols Resource Usage Asymmetry 33
33 Protocol Context Discrepancy
34 Protocol Context Discrepancy Deinition Telcos impose (legacy) billing methods on IP data that was never meant for that purpose Translation between IP data identity, the radio layer identity and service billing identity. Protocol Context Discrepancy Cross-Layer Information Loss Routing Coniguration Accounting Policy Inconsistency s Cross-Layer Information Loss Routing Coniguration Accounting Policy Inconsistency 41
35 Cross-Layer Information Loss Example: IMS based SMS spooing Several options IMS proves identity based on SIM with AKA protocol Transport layer security (ipsec) provides no protection against data manipulation on the client E.g., spooing SIP headers Changing caller-ids Protocol Mobile Network Context Discrepancy Cross-Layer Information Loss Routing Coniguration Accounting Policy Inconsistency Additional problems: RTP-streams do not pass IMS 42
36 Conclusion The big picture!
37 Conclusion Issue Speciication Issue Wireless Channel Protocol Context Discrepancy Insecure Leaky Unsecured Preauthentication Traic Non-Existing Mutual Authentication Weak Crypto Insecure Internetwork Protocols Resource Usage Asymmetry Wireless Channel Cross-Layer Information Loss Routing Coniguration Accounting Policy Inconsistency
38 Thank You! Questions?
39 Contacts Adrian David Rupprecht 46
40 47
C and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More information3GPP security. Valtteri Niemi 3GPP SA3 (Security) chairman Nokia
3GPP security Valtteri Niemi 3GPP SA3 (Security) chairman Nokia 1 Some history and background 2 Some history 1/2 SA3 took over the responsibility of specifications created by ETSI SMG10, e.g. TS 43.020
More informationVoLTE Security in NG PRDs
Background A number of different audits and security analysis of various VoLTE networks have been performed. - See also FSAG WP VoLTE Security Threats and Attacks The observation from the audits were in
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationAnalysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs
Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs by Charikleia Zouridaki Charikleia Zouridaki 1, Marek Hejmo 1, Brian L. Mark 1, Roshan K. Thomas 2, and Kris Gaj 1 1 ECE
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationQUANTUM SAFE PKI TRANSITIONS
QUANTUM SAFE PKI TRANSITIONS Quantum Valley Investments Headquarters We offer quantum readiness assessments to help you identify your organization s quantum risks, develop an upgrade path, and deliver
More informationIT Security Evaluation : Common Criteria
AfriNIC-9 MEETING Mauritius 22-28 November 2008 IT Security Evaluation : Common Criteria Ministry of Communication Technologies National Digital Certification Agency Mounir Ferjani November 2008 afrinic
More informationDefeating IMSI Catchers. Fabian van den Broek et al. CCS 2015
Defeating IMSI Catchers Fabian van den Broek et al. CCS 2015 Ren-Jay Wang CS598 - COMPUTER SECURITY IN THE PHYSICAL ckground 3GPP 3GPP 3 rd Generation Partnership Project Encompasses: GSM and related 2G
More informationT Salausjärjestelmät (Cryptosystems) Introduction to the second part of the course. Outline. What we'll cover. Requirements and design issues
T-110.470 Salausjärjestelmät (Cryptosystems) Requirements and design issues Introduction to the second part of the course 25.10.2004 1 3 Outline What we'll cover Introduction to the second part of the
More informationWhat the Stack? On Memory Exploitation and Protection in Resource Constrained Automotive Systems
What the Stack? On Memory Exploitation and Protection in Resource Constrained Automotive Systems Aljoscha Lautenbach Magnus Almgren Tomas Olovsson Dept. of Computer Science and Engineering Chalmers University
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More information18-642: Security Vulnerabilities
18-642: Security Vulnerabilities 11/20/2017 Security Vulnerabilities Anti-Patterns for vulnerabilities Ignoring vulnerabilities until attacked Assuming vulnerabilities won t be exploited: Unsecure embedded
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationCS Final Exam
CS 600.443 Final Exam Name: This exam is closed book and closed notes. You are required to do this completely on your own without any help from anybody else. Feel free to write on the back of any page
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationSecure Telephony Enabled Middle-box (STEM)
Report on Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen 04/14/2003 Dr. Mark Stamp - SJSU - CS 265 - Spring 2003 Table of Content 1. Introduction 1 2. IP Telephony Overview.. 1 2.1 Major Components
More informationOVERVIEW OF SUBJECT REQUIREMENTS
Course Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank OVERVIEW OF SUBJECT REQUIREMENTS Note: This document is intended as a guide only. Enrolling students
More informationNetwork Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011
Network Security: Broadcast and Multicast Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2011 Outline 1. Broadcast and multicast 2. Receiver access control (i.e. data confidentiality)
More informationGhost Telephonist. Link Hijack Exploitations in 4G LTE CS Fallback. Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI
Ghost Telephonist Link Hijack Exploitations in 4G LTE CS Fallback Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI UnicornTeam, 360 Technology July 27, 2017 Who We Are? 360 Technology is a leading
More informationFall 2010/Lecture 32 1
CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1 Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol
More informationReflections on Security Options for the Real-time Transport Protocol Framework. Colin Perkins
Reflections on Security Options for the Real-time Transport Protocol Framework Colin Perkins Real-time Transport Protocol Framework RTP: A Transport Protocol for Real-Time Applications RFCs 3550 and 3551
More informationHacking Air Wireless State of the Nation. Presented By Adam Boileau
Hacking Air Wireless State of the Nation Presented By Adam Boileau Introduction Wireless in 2006 802-dot-what? Threats to Wireless Networks Denial of Service Attacks against Authentication Attacks against
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationMobile WiMAX Security
WHITE PAPER WHITE PAPER Makes Mobile WiMAX Simple Mobile WiMAX Security Glossary 3 Abstract 5 Introduction to Security in Wireless Networks 6 Data Link Layer Security 8 Authentication 8 Security Association
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationTECHNICAL BRIEFING: MOBILE ACCESS TO THE INTERNET. Bornholm, October 2003
Electronic Communications Committee (ECC) within the European Conference of Postal and Telecommunications Administrations (CEPT) TECHNICAL BRIEFING: MOBILE ACCESS TO THE INTERNET Bornholm, October 2003
More informationMaking Forensic Attack Event/forensic Analysis as Simple as Possible and No Simpler
Making Forensic Attack Event/forensic Analysis as Simple as Possible and No Simpler Sean Peisert, UC Davis Given at Schloss Dagstuhl July 22, 2008 1 Electronic Voting Machines Need to be able to count
More informationCapability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One)
Capability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One) Presented by: Andrew Schmitt Theresa Chasar Mangaya Sivagnanam
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationAdvanced Distributed Algorithms and Data Structures. Christian Scheideler Institut für Informatik Universität Paderborn
Advanced Distributed Algorithms and Data Structures Christian Scheideler Institut für Informatik Universität Paderborn Advanced Distributed Algorithms and Data Structures Lecture: Thu 2-4 pm, F2.211 Tutorial:
More informationTaking Over Telecom Networks
Taking Over Telecom Networks Hardik Mehta (@hardw00t) Loay Abdelrazek (@sigploit) Taking Over Telecom Networks - Hardik Mehta (@hardw00t) and Loay Abdelrazek (@sigploit) 1 Press Release: some highlights
More information18-642: Security Mitigation & Validation
18-642: Security Mitigation & Validation 11/27/2017 Security Migitation & Validation Anti-Patterns for security mitigation & validation Poorly considered password policy Poorly considered privilege management
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationJ. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering
Auburn Information Assurance Laboratory J. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering 107 Dunstan Hall Auburn
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationin memory: an evolution of attacks Mathias Payer Purdue University
in memory: an evolution of attacks Mathias Payer Purdue University Images (c) MGM, WarGames, 1983 Memory attacks: an ongoing war Vulnerability classes according to CVE Memory
More informationUnderstanding IMSI Privacy!
Understanding IMSI Privacy Ravishankar Borgaonkar TU Berlin Swapnil Udar Aalto University Email: darshak@sec.t-labs.tu-berlin.de Blackhat USA 2014, Las Vegas, 7 th August 2014 Overview Unresolved Privacy
More informationPOST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG
POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK 2018 02.02.2018 DR. DANIEL SLAMANIG WHAT IS POST-QUANTUM CRYPTOGRAPHY? Also called quantum safe/resistant cryptography NOT quantum cryptography (= quantum
More informationGSMK. Cryptography Network Security. GSMK Oversight SS7 Firewall and Intrusion Detection System
Cryptography Network Security GSMK Firewall and Intrusion Detection System GSMK Firewall and intrusion detection system to prevent attacks via interconnect. Protect your Network s Achilles Heel. With the
More informationImproving Security in Embedded Systems Felix Baum, Product Line Manager
Improving Security in Embedded Systems Felix Baum, Product Line Manager The Challenge with Embedded Security Business Imperatives Security Imperatives I need to keep my production expenses as low as possible.
More informationNetwork Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: Broadcast and Multicast Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Broadcast and multicast 2. Receiver access control (i.e. data confidentiality)
More informationComputer Security Course. Midterm Review
Computer Security Course. Dawn Song Midterm Review In class: Logistics On time: 4:10-5:30pm Wed 1 8x11 page cheat sheet allowed Special requirements: see TA Part I, II, III Scope Software Security Secure
More informationProtecting Information Assets - Week 3 - Data Classification Processes and Models. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 3 - Data Classification Processes and Models Readings In the News MIS5206 Week 3 Data Classification Processes and Models Test Taking Tip Quiz Readings Vacca Chapter
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationBachelor of Information Technology (Network Security)
Course information for Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank Course Design The Bachelor of Information Technology (Network Security) is a three-year
More informationGreen Lights Forever: Analyzing the Security of Traffic Infrastructure
Green Lights Forever: Analyzing the Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic Infrastructure Case Study Threat Model Types of Attack Recommendation Broader
More informationGPRS billing: getting ready for UMTS
GPRS billing: getting ready for UMTS In his first article about UMTS, Lucas Baugé looks into the key challenges of GPRS billing. He seeks to show how solving these challenges will help operators succeed
More information.NET Secure Coding for Client-Server Applications 4-Day hands on Course. Course Syllabus
.NET Secure Coding for Client-Server Applications 4-Day hands on Course Course Syllabus Course description.net Secure Coding for Client-Server Applications 4-Day hands on Course Secure programming is the
More informationSecurity Testing. John Slankas
Security Testing John Slankas jbslanka@ncsu.edu Course Slides adapted from OWASP Testing Guide v4 CSC 515 Software Security What is Security Testing? Validate security controls operate as expected What
More informationKey Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2. Cas Cremers, ETH Zurich
Key Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2 Cas Cremers, ETH Zurich Overview What is IKE? Internet Key Exchange, part of IPsec Formal analysis of IKE Previously considered infeasible
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Securing Java/ JEE Web Applications (TT8320-J) Day(s): 4 Course Code: GK1123 Overview Securing Java Web Applications is a lab-intensive, hands-on Java / JEE security training course, essential for experienced
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationThreat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017
Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationCIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols
CIS 6930/4930 Computer and Network Security Topic 6.2 Authentication Protocols 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake. Authenticate
More informationDanube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks. Thilo Sauter Albert Treytl
Danube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks Thilo Sauter Albert Treytl Wireless Sensor Network Vision High-level company functions
More informationAbstract of the Book
Book Keywords IEEE 802.16, IEEE 802.16m, mobile WiMAX, 4G, IMT-Advanced, 3GPP LTE, 3GPP LTE-Advanced, Broadband Wireless, Wireless Communications, Cellular Systems, Network Architecture Abstract of the
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationFundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
More informationGPRS security. Helsinki University of Technology S Security of Communication Protocols
GPRS security Helsinki University of Technology S-38.153 Security of Communication Protocols vrantala@cc.hut.fi 15.4.2003 Structure of the GPRS Network BSS GTP PLMN BSS-Base Station sub-system VLR - Visiting
More informationEXAM IN TTM4137 WIRELESS SECURITY
English Norwegian University of Science and Technology Department of Telematics EXAM IN TTM4137 WIRELESS SECURITY Contact person: Professor Danilo Gligoroski. (Tel. 95089319). Date of exam: December 04,
More informationVerifying Real-World Security Protocols from finding attacks to proving security theorems
Verifying Real-World Security Protocols from finding attacks to proving security theorems Karthik Bhargavan http://prosecco.inria.fr + many co-authors at INRIA, Microsoft Research, Formal security analysis
More informationWHITEPAPER. Vulnerability Analysis of Certificate Validation Systems
WHITEPAPER Vulnerability Analysis of Certificate Validation Systems The US Department of Defense (DoD) has deployed one of the largest Public Key Infrastructure (PKI) in the world. It serves the Public
More informationOECD work on IoT. Regulatory impacts of IoT or the liberalisation of the SIM-card
OECD work on IoT Regulatory impacts of IoT or the liberalisation of the SIM-card Disclaimer The views expressed here are my own and may not be those of the OECD or its member countries. OECD work on IoT
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationCommunication and Distributed Systems Seminar on : LTE Security. By Anukriti Shrimal May 09, 2016
Communication and Distributed Systems Seminar on : LTE Security By Anukriti Shrimal May 09, 2016 LTE network with interfaces LTE Security 2 Contents LTE Security : Why, What, How EPS Architecture Design
More informationFemtocell: Femtostep to the Holy Grail
.... Femtocell: Femtostep to the Holy Grail Ravishankar Borgaonkar, Kévin Redon Technische Universität Berlin, SecT ravii/kredon@sec.t-labs.tu-berlin.de TROOPERS 2011, 30 March 2011 3G/UMTS femtocells
More informationCSCI 680: Computer & Network Security
CSCI 680: Computer & Network Security Lecture 15 Prof. Adwait Nadkarni Fall 2017 Derived from slides by William Enck and Micah Sherr 1 Grading Class Participat ion and Quizzes 10% Grade Breakdown Homewo
More informationPROPOSAL THESIS RESEACH IP MULTIMEDIA PACKET DELAY AND TRAFFIC ANALYSIS
PROPOSAL THESIS RESEACH IP MULTIMEDIA PACKET DELAY AND TRAFFIC ANALYSIS Author DHANNY PERMATASARI PUTRI 55412110012 MAGISTER TELECOMMUNICATION PROGRAMME ELECTRO DEPARTEMENT UNIVERSITAS MERCU BUANA JAKARTA
More informationDefenses against Wormhole Attack
Defenses against Wormhole Attack Presented by: Kadhim Hayawi, ID: 20364216 COURSE PRESENTATION FOR ECE750 - INTELLIGENT SENSORS AND SENSOR NETWORKS Prof. Otman A. Basir Outline Introduction Packet Leashes
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationTelecoms: Generational Evolution of Attack Surfaces. HITB Beijing 2018
Telecoms: Generational Evolution of Attack Surfaces HITB Beijing 2018 Blast from the Past Agenda Brief history of telecoms Generation Zero Generation Fixed Generation Analog Mobile 1G Mobile 2G Mobile
More informationWireless Security Security problems in Wireless Networks
Wireless Security Security problems in Wireless Networks Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationHSTS and Cookies: Side-channels to Steal Browsing History
HSTS and Cookies: Side-channels to Steal Browsing History Adrian Dabrowski adabrowski@sba-research.org Twitter: @atrox_at Co-Authors: Georg Merzdovnik, Nikolaus Kommenda, Edgar R. Weippl DeepSec 2016-11-10
More informationGSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL
GSM Hacking Wireless Mobile Phone Communication 30 th January 2014 Labs.mwrinfosecurity.com MWR Labs 1 Labs.mwrinfosecurity.com MWR Labs Introduction to GSM June 2008 2.9 BILLION subscribers use GSM. Replaced
More informationOracle Communications WebRTC Session Controller
Oracle Communications WebRTC Session Controller Concepts Release 7.0 E40976-01 November 2013 Oracle Communications WebRTC Session Controller Concepts, Release 7.0 E40976-01 Copyright 2013, Oracle and/or
More information3GPP security hot topics: LTE/SAE and Home (e)nb
3GPP security hot topics: LTE/SAE and Home (e)nb Valtteri Niemi 3GPP SA3 (Security) chairman Nokia Research Center, Lausanne, Switzerland Marc Blommaert 3GPP LTE/SAE security rapporteur Devoteam Telecom
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationMore on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017
More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017 Page 1 Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of cryptography Symmetric
More informationExperimenting with early opportunistic key agreement
septembre 2002 SÉcurité des Communications sur Internet SECI02 Experimenting with early opportunistic key agreement Catharina Candolin ½ & Janne Lundberg ½ & Pekka Nikander ¾ 1: Laboratory for Theoretical
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same
More information