Privacy through Pseudonymity in Mobile Telephony Systems
|
|
- Lesley Norris
- 6 years ago
- Views:
Transcription
1 Privacy through Pseudonymity in Mobile Telephony Systems Myrto Arapinis 1 Loretta Mancini 2 Eike Ritter 2 Mark Ryan 2 1 School of Informatics, University of Edinburgh 2 School of Computer Science, University of Birmingham NDSS / 24
2 Context 2 / 24
3 Law enforcement agencies track individuals 3 / 24
4 But also... private detectives, jealous partners, abusive bosses, nosy neighbors,... 4 / 24
5 But also... private detectives, jealous partners, abusive bosses, nosy neighbors,... retailers, shopping malls, airports, railway stations, museums, public areas,... 4 / 24
6 Privacy and the GSM/UMTS standards 5 / 24
7 Privacy is an explicit goal of GSM/UMTS GSM/UMTS aim at providing user untraceability from third parties GSM/UMTS specification ( )] [3GPP TS V9.3.0 An intruder cannot deduce whether different services are delivered to the same user. the user is identified by a pseudonym/temporary identity (TMSI) which should be periodically updated. 6 / 24
8 TMSI reallocation in the GSM/UMTS standards Initiated by the MS to update its location MS unique identity stored in the SIM card: IMSI The network assigns a temporary identity TMSI A new TMSI should be assigned at each change of location 7 / 24
9 TMSI reallocation in the GSM/UMTS standards Initiated by the MS to update its location MS unique identity stored in the SIM card: IMSI The network assigns a temporary identity TMSI A new TMSI should be assigned at each change of location 7 / 24
10 Analysis of TMSI reallocation 8 / 24
11 TMSI reallocation procedure 9 / 24
12 Our focus: correct usage of TMSIs Does TMSI reallocation really achieve privacy? 10 / 24
13 Our focus: correct usage of TMSIs Does TMSI reallocation really achieve privacy? What does periodically mean? 10 / 24
14 Our focus: correct usage of TMSIs Does TMSI reallocation really achieve privacy? What does periodically mean? Is a new TMSI assigned at each change of location as the standard specifies? 10 / 24
15 Our focus: correct usage of TMSIs Does TMSI reallocation really achieve privacy? What does periodically mean? Is a new TMSI assigned at each change of location as the standard specifies? Are session keys reused? 10 / 24
16 Experimental setup 11 / 24
17 Experimental setup Osmocom-BB project implements GSM mobile station controlled by host Radio communication executed via flashed firmware on mobile phone Can use wireshark to analyse the communication OsmocomBB osmocon layer1 phone Layer2/3 mobile wireshark ccch_scan layer1 network bcch_scan cbch_sniff cell_log 12 / 24
18 TMSI reallocation procedure rarely executed same TMSI allocated for hours and even days, independently of MS activity Observed for major operators in UK, France, Italy and Greece 13 / 24
19 Change of location without TMSI reallocation Change of location area does not imply a change of TMSI Example: couch journey between different cities in the UK First new TMSI assigned after about 45 min (53km) Second new TMSI assigned after about 60 min (70km) However: location update procedure performed every 5 min (3km) 14 / 24
20 Reuse of previous ciphering keys Previously established keys are reused for TMSI reallocation Observed for major UK and Italian network operators 15 / 24
21 Reuse of previous ciphering keys Previously established keys are reused for TMSI reallocation Observed for major UK and Italian network operators Gives rise to replay attack 15 / 24
22 Replay attack and fix 16 / 24
23 TMSI reallocation replay attack (1) 17 / 24
24 TMSI reallocation replay attack (2) 18 / 24
25 Fix for replay attack 19 / 24
26 Unlinkability UMTS specification [3GPP TS V9.3.0 ( )] An intruder cannot deduce whether different services are delivered to the same user. An attacker cannot distinguish two scenarios 20 / 24
27 Fixed TMSI reallocation satisfies unlinkability Formal model of fixed TMSI reallocation procedure in the applied pi calculus Formal proof of unlinkability νdck.(!(init MS)!SN) νdck.(!(init!ms)!sn) Proof works by constructing suitable bisimulation Key point: multiple sessions of same mobile phone can be simulated by multiple phones executing one session each 21 / 24
28 Conclusion 22 / 24
29 Summary of our results What does periodically mean? Is a new TMSI assigned at each change of location as the standard specifies? Are session keys reused? 1 23 / 24
30 Summary of our results What does periodically mean? locate a victim by paging it 1 RARELY Is a new TMSI assigned at each change of location as the standard specifies? Are session keys reused? 1 D. F. Kune et al. Location leaks over the GSM air interface, NDSS, K. Nohl and S. Munaut, Wideband gsm sniffing, 27C3, / 24
31 Summary of our results What does periodically mean? locate a victim by paging it 1 TMSI reallocation should be activity dependent RARELY Is a new TMSI assigned at each change of location as the standard specifies? Are session keys reused? 1 D. F. Kune et al. Location leaks over the GSM air interface, NDSS, K. Nohl and S. Munaut, Wideband gsm sniffing, 27C3, / 24
32 Summary of our results What does periodically mean? locate a victim by paging it 1 TMSI reallocation should be activity dependent RARELY Is a new TMSI assigned at each change of location as the standard specifies? tracking across different locations by passively sniffing NO Are session keys reused? 1 D. F. Kune et al. Location leaks over the GSM air interface, NDSS, K. Nohl and S. Munaut, Wideband gsm sniffing, 27C3, / 24
33 Summary of our results What does periodically mean? locate a victim by paging it 1 TMSI reallocation should be activity dependent RARELY Is a new TMSI assigned at each change of location as the standard specifies? NO tracking across different locations by passively sniffing TMSI reallocation should be executed at each change of location Are session keys reused? 1 D. F. Kune et al. Location leaks over the GSM air interface, NDSS, K. Nohl and S. Munaut, Wideband gsm sniffing, 27C3, / 24
34 Summary of our results What does periodically mean? locate a victim by paging it 1 TMSI reallocation should be activity dependent RARELY Is a new TMSI assigned at each change of location as the standard specifies? NO tracking across different locations by passively sniffing TMSI reallocation should be executed at each change of location Are session keys reused? replay attacks allowing phone tracking YES 1 D. F. Kune et al. Location leaks over the GSM air interface, NDSS, K. Nohl and S. Munaut, Wideband gsm sniffing, 27C3, / 24
35 Summary of our results What does periodically mean? locate a victim by paging it 1 TMSI reallocation should be activity dependent RARELY Is a new TMSI assigned at each change of location as the standard specifies? NO tracking across different locations by passively sniffing TMSI reallocation should be executed at each change of location Are session keys reused? YES replay attacks allowing phone tracking replay attacks can be avoided using a simple counter, or by forbidding the reuse of session keys 1 D. F. Kune et al. Location leaks over the GSM air interface, NDSS, K. Nohl and S. Munaut, Wideband gsm sniffing, 27C3, / 24
36 Thank you! 24 / 24
Analysis of privacy in mobile telephony systems
Int. J. Inf. Secur. (2017) 16:491 523 DOI 10.1007/s10207-016-0338-9 REGULAR CONTRIBUTION Analysis of privacy in mobile telephony systems Myrto Arapinis 1 Loretta Ilaria Mancini 2 Eike Ritter 2 Mark Dermot
More informationNew Privacy Issues in Mobile Telephony: Fix and Verification
New Privacy Issues in Mobile Telephony: Fix and Verification Myrto Arapinis, Loretta Mancini, Eike Ritter, Mark Ryan, Kevin Redon, Nico Golde, Ravi Borgaonkar CCS 2012, Raleigh, NC October 2012 In my bag
More informationAttacking Mobile-Terminated Services in GSM
Berlin Institute of Technology FG Security in Telecommunications Weiss Attacking Mobile-Terminated Services in GSM TelcoSecDay 2013 Nico Golde, Kevin Redon, Heidelberg, March 12th 2013 nico@sec.t-labs.tu-berlin.de
More informationGSM Sniffing with OsmocomBB. Joshua Pereyda
GSM Sniffing with OsmocomBB Joshua Pereyda Introduction In November 2011, Karsten Nohl and Sylvain Munaut presented a passive sniffing attack on modern cell phone systems My goal was to reproduce this
More informationGUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier
SysSec System Security Lab. GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier Byeongdo Hong, Sangwook Bae, Yongdae Kim KAIST SysSec Feb. 19, 2018 Paging Area
More informationDefeating IMSI Catchers. Fabian van den Broek et al. CCS 2015
Defeating IMSI Catchers Fabian van den Broek et al. CCS 2015 Ren-Jay Wang CS598 - COMPUTER SECURITY IN THE PHYSICAL ckground 3GPP 3GPP 3 rd Generation Partnership Project Encompasses: GSM and related 2G
More informationQuestioning the Feasibility of UMTS GSM Interworking Attacks
Questioning the Feasibility of UMTS GSM Interworking Attacks Christoforos Ntantogian 1, Christos Xenakis 2 1 Department of Informatics and Telecommunications, University of Athens, Greece 2 Department
More informationChapter 13 Location Privacy
Chapter 13 Location Privacy Security aspects of mobile communication Implicit addressing Pseudonyms Communication mixes [NetSec], WS 2007/2008 13.1 Security Aspects of Mobile Communication Mobile communication
More informationGPRS Intercept: Wardriving your country. Karsten Nohl, Luca Melette,
GPRS Intercept: Wardriving your country Karsten Nohl, nohl@srlabs.de Luca Melette, luca@srlabs.de Executive summary Do not send sensitive data over GPRS GPRS/EDGE networks provide the data backbone of
More informationUnderstanding IMSI Privacy!
Understanding IMSI Privacy Ravishankar Borgaonkar TU Berlin Swapnil Udar Aalto University Email: darshak@sec.t-labs.tu-berlin.de Blackhat USA 2014, Las Vegas, 7 th August 2014 Overview Unresolved Privacy
More informationCity Research Online. Permanent City Research Online URL:
Komninos, N. & Dimitriou, T. (2006). Adaptive authentication and key agreement mechanism for future cellular systems. Paper presented at the 15th IST Mobile & Wireless Communications Summit, 04-08 June
More informationSecurity functions in mobile communication systems
Security functions in mobile communication systems Dr. Hannes Federrath University of Technology Dresden Security demands Security functions of GSM Known attacks on GSM Security functions of UMTS Concepts
More informationON THE IMPACT OF GSM ENCRYPTION AND MAN-IN-THE-MIDDLE ATTACKS ON THE SECURITY OF INTEROPERATING GSM/UMTS NETWORKS
ON THE IMPACT OF GSM ENCRYPTION AND MAN-IN-THE-MIDDLE ATTACKS ON THE SECURITY OF INTEROPERATING GSM/UMTS NETWORKS Ulrike Meyer, Susanne Wetzel Darmstadt University of Technology, Department of Computer
More informationGSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL
GSM Hacking Wireless Mobile Phone Communication 30 th January 2014 Labs.mwrinfosecurity.com MWR Labs 1 Labs.mwrinfosecurity.com MWR Labs Introduction to GSM June 2008 2.9 BILLION subscribers use GSM. Replaced
More information(More) cryptographic protocols
(More) cryptographic protocols Myrto Arapinis School of Informatics University of Edinburgh October 19, 2017 1/24 Authentication and key agreement protocols 2/24 Authentication and key agreement Long-term
More information3G TS V1.0.0 ( )
3GPP TSG-CN WG2 Phoenix, Arizona 15-19 November, 1999 Tdoc 3GPP N2-99 G95 3G TS 23.116 V1.0.0 (1999-11) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network;
More informationCOMP327 Mobile Computing Session: Lecture Set 6 - Personal Area Networks and Wireless Connections - Part 2
COMP327 Mobile Computing Session: 2017-2018 Lecture Set 6 - Personal Area Networks and Wireless Connections - Part 2 35 Recap from Part 1 Wireless Connection Technologies Wireless Personal Area Networks
More informationThreat patterns in GSM system. Basic threat patterns:
Threat patterns in GSM system Usage of mobile devices in business simpli es, speeds up and optimizes business processes. However, it is necessary to understand that the more complicated the device is the
More informationGSM security country report: Thailand
GSM security country report: Thailand GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin February 2013 Abstract. GSM networks differ widely in their protection capabilities against common
More informationGLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017
GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017 1 SYLLABUS GSM General architecture and interfaces of cellular system and the PSTN and Internet networks: BTS, MSC, Internetworking,
More informationGSM security country report: Estonia
GSM security country report: Estonia GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin September 2014 Abstract. GSM networks differ widely in their protection capabilities against common
More informationCHANGE REQUEST. Ericsson, Siemens AG, Lucent Technologies
3GPP TSG-CN Meeting #25 Palm Springs, USA. 8 th to 10 th September 2004. NP-040310 CHANGE REQUEST CR-Form-v7.1 24.008 CR 882 rev 3 Current version: 6.5.0 For HELP on using this form, see bottom of this
More informationRequest for Comments: Cisco Systems January 2006
Network Working Group Request for Comments: 4186 Category: Informational H. Haverinen, Ed. Nokia J. Salowey, Ed. Cisco Systems January 2006 Status of This Memo Extensible Authentication Protocol Method
More informationGhost Telephonist. Link Hijack Exploitations in 4G LTE CS Fallback. Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI
Ghost Telephonist Link Hijack Exploitations in 4G LTE CS Fallback Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI UnicornTeam, 360 Technology July 27, 2017 Who We Are? 360 Technology is a leading
More informationGhost Telephonist. Link Hijack Exploitations in 4G LTE CS Fallback. Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI
Ghost Telephonist Link Hijack Exploitations in 4G LTE CS Fallback Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI UnicornTeam, 360 Technology July 27, 2017 Who We Are? 360 Technology is a leading
More information3GPP TS V6.6.0 ( )
TS 23.251 V6.6.0 (2006-03) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Network Sharing; Architecture and functional description
More informationMobile network security report: Ukraine
Mobile network security report: Ukraine GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin June 2017 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationGSM security. Christian Kröger. University of Twente P.O. Box 217, 7500AE Enschede The Netherlands
GSM security Christian Kröger University of Twente P.O. Box 217, 7500AE Enschede The Netherlands christian.kroeger@gmail.com ABSTRACT In this paper we will give a general overview over the state of GSM
More informationCommunication and Distributed Systems Seminar on : LTE Security. By Anukriti Shrimal May 09, 2016
Communication and Distributed Systems Seminar on : LTE Security By Anukriti Shrimal May 09, 2016 LTE network with interfaces LTE Security 2 Contents LTE Security : Why, What, How EPS Architecture Design
More information11:1 Anonymous Internet Access Method for Wireless Systems
11:1 Anonymous Internet Access Method for Wireless Systems Petri Jokela Juha-Petri Kärnä NomadicLab, Ericsson Research FIN-02420 Jorvas Finland {petri.jokela, juha-petri.karna}@ericsson.com 1 Introduction
More informationWireless Security Security problems in Wireless Networks
Wireless Security Security problems in Wireless Networks Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security
More informationETSI TS V ( )
TS 133 234 V14.0.0 (2017-04) TECHNICAL SPECIFICATION Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Wireless Local Area Network (WLAN) interworking security (3GPP TS 33.234 version
More informationThe SSL/TLS protocol. Myrto Arapinis School of Informatics University of Edinburgh. October 27, 2016
The SSL/TLS protocol Myrto Arapinis School of Informatics University of Edinburgh October 27, 2016 1 / 27 SSL/TLS protocol Goals: Confidentiality, Integrity, Non repudiation SSL/TLS use X.509 certificates
More informationCircuit switched network
GPRS-Services Page 12 2. GPRS-Services GPRS integrates a vast sum of additional services in a GSM-network. For this it will be necessary to define a subscriber profile that corresponds with services the
More informationUNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase
UNIT-5 GSM System Operations (Traffic Cases) Registration, call setup, and location updating Call setup Interrogation phase For the interrogation phase The initial address message comes outside the GSM
More informationETSI TS V3.5.0 ( )
TS 133 102 V3.5.0 (2000-07) Technical Specification Universal Mobile Telecommunications System (UMTS); 3G Security; Security Architecture (3G TS 33.102 version 3.5.0 Release 1999) 1 TS 133 102 V3.5.0 (2000-07)
More informationJP-3GA (R99) Super Charger ; Stage 2
JP-3GA-23.116(R99) Super Charger ; Stage 2 Version 1 Nov 30, 2000 THE TELECOMMUNICATION TECHNOLOGY COMMITTEE JP-3GA-23.116(R99) Super-Charger Technical Realisation Stage2 Remarks Application level of English
More information3GPP TS V4.2.0 ( )
TS 23.116 V4.2.0 (2001-12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network; Super-Charger technical realization; Stage 2 (Release 4) The present document
More informationUMTS Addresses and Identities Mobility and Session Management
UMTS Addresses and Identities Mobility and Session Management - Numbering, addressing and location identities - UE modes - Mobility management - Session management and QoS Numbering, Addressing and Location
More informationETSI ETR 341 TECHNICAL December 1996 REPORT
ETSI ETR 341 TECHNICAL December 1996 REPORT Source: ETSI DECT Reference: DTR/RES-03058 ICS: 33.020 Key words: DECT, GSM, DSS1, ISDN Radio Equipment and Systems (RES); Digital Enhanced Cordless Telecommunications/
More informationContents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications
Royal Holloway, University of London, IC3 Network Security, 13 November 2006 Contents GSM and UMTS Security Introduction to mobile telecommunications Second generation systems - GSM security Third generation
More informationModelling the Security of Key Exchange
Modelling the Security of Key Exchange Colin Boyd including joint work with Janaka Alawatugoda, Juan Gonzalez Nieto Department of Telematics, NTNU Workshop on Tools and Techniques for Security Analysis
More informationUMTS System Architecture and Protocol Architecture
UMTS System Architecture and Protocol Architecture Overview on overall system architecture UMTS network architecture and elements Mobile station High-level functions UMTS domains and strata UMTS/GPRS protocol
More informationEavesdropping on and decrypting of GSM communication using readily available low-cost hardware and free open-source software in practice
M.Sc. Systems and Network Engineering Eavesdropping on and decrypting of GSM communication using readily available low-cost hardware and free open-source software in practice Jeffrey Bosma - jeffrey.bosma@os3.nl
More informationSecurity of Cellular Networks: Man-in-the Middle Attacks
Security of Cellular Networks: Man-in-the Middle Attacks Mario Čagalj University of Split 2013/2014. Security in the GSM system by Jeremy Quirke, 2004 Introduction Nowadays, mobile phones are used by 80-90%
More informationSystem Architecture Evolution
System Architecture Evolution Contents 2.1 Architecture of LTE 2.2 Communication Protocols 2.3 Example Information Flows 2.4 Bearer Management 2.5 State Diagrams 2.6 Spectrum Allocation 2.1 Architecture
More informationETSI TS V6.3.0 ( )
TS 123 251 V6.3.0 (2005-03) Technical Specification Universal Mobile Telecommunications System (UMTS); Network sharing; Architecture and functional description (3GPP TS 23.251 version 6.3.0 Release 6)
More informationNetwork Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013
Network Security: Cellular Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013 Outline Cellular networks GSM security architecture and protocols Counters UMTS AKA and session
More informationMobile Security / /
Mobile Security 96-835 / 18-639 / 14-829 Patrick Tague 2 Sept 2010 Class #4 Overview of Mobile/Cellular Systems Agenda Overview of mobile cellular systems System architecture and overview 2G, 2.5G, 2.75G,
More informationEfficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection
Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection Author: Jing-Lin Wu, Wen-Shenq Juang and Sian-Teng Chen Department of Information Management, Shih Hsin University,
More informationINSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO. GSM Security. MAC Computação Móvel
INSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO GSM Security MAC 5743 - Computação Móvel Damian Matuszewski NR USP 7956955 dimatusz@gmail.com 12/07/2012 Abstract: GSM is the most common
More informationGSM Security Overview
GSM Security Overview Mehdi Hassanzadeh Mehdi.Hassanzadeh@ii.uib.no Selmer Center, University of Bergen, Norway Norsk ryptoseminar, Bergen, November 9-10, 2011 Agenda A5 Overview : Attack History on A5/1
More informationUnit title: Mobile Technology: Device Connectivity (SCQF level 5) Outcome 1
1 Outcome 1 A description of mobile device internet connectivity using two current Wi-Fi methods. A description of mobile device internet connectivity using two current GSM mobile telephony methods. A
More informationETSI TS V1.1.1 ( )
TS 101 863-6 V1.1.1 (2001-11) Technical Specification Digital Enhanced Cordless Telecommunications (); / Interworking Profile (IWP); Part 6: Packet switched data 2 TS 101 863-6 V1.1.1 (2001-11) Reference
More informationConfiguring WEP and WEP Features
CHAPTER 9 This chapter describes how to configure Wired Equivalent Privacy (WEP), Message Integrity Check (MIC), and Temporal Key Integrity Protocol (TKIP). This chapter contains these sections: Understanding
More information3GPP TSG SA WG3 Security S November 19-22, 2002 Oxford, UK. WLAN Pseudonym Generation for EAP-SIM/AKA Discussion and decision
TSG SA WG3 Security S3-020654 November 19-22, 2002 Oxford, UK Agenda Item: Source: Title: Document for: WLAN Ericsson WLAN Pseudonym Generation for EAP-SIM/AKA Discussion and decision 1. Introduction Both
More informationTHREATS TO PACKET CORE SECURITY OF 4G NETWORK
07 CONTENTS Terms and abbreviations... : main components and protocols...4 Attack scenarios...5 What is necessary for a successful attack...5 Threats to EPC security...7. Fraud...7. Connection hijacking...8.
More informationCar2Car Communication Consortium C2C-CC
Car2Car Communication Consortium C2C-CC Secure Vehicular Communication: Results and Challenges Ahead February 20th/21st 2008, Lausanne Benjamin Weyl BMW Group Research and Technology Chair C2C-CC Security
More informationNS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks
NS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks Neetesh Saxena, Narendra S. Chaudhari Abstract- In this paper, we propose an improved and efficient AKA protocol named NS-AKA to prevent
More informationVerification of security protocols introduction
Verification of security protocols introduction Stéphanie Delaune CNRS & IRISA, Rennes, France Tuesday, November 14th, 2017 Cryptographic protocols everywhere! they aim at securing communications over
More information10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.
10 Call Set-up Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up. 10.1 INTRODUCTION... 2 10.2 CALL TO MS (MT)... 3 10.3 CALL FROM MS
More informationDAY 2. HSPA Systems Architecture and Protocols
DAY 2 HSPA Systems Architecture and Protocols 1 LTE Basic Reference Model UE: User Equipment S-GW: Serving Gateway P-GW: PDN Gateway MME : Mobility Management Entity enb: evolved Node B HSS: Home Subscriber
More informationETSI TS V3.4.0 ( )
TS 133 103 V3.4.0 (2000-10) Technical Specification Universal Mobile Telecommunications System (UMTS); 3G Security; Integration Guidelines (3GPP TS 33.103 version 3.4.0 Release 1999) 1 TS 133 103 V3.4.0
More informationAIDA ANALYSE IDENTIFY DETECT ALLOCATE GSM/UMTS
AIDA ANALYSE IDENTIFY DETECT ALLOCATE INTERCEPTION DEVICE IN GSM/UMTS NETWORK Pavel Bezpalec, Michal Kašík Department of telecommunication engineering Czech Technical University in Prague Access IT s.r.o.
More informationCUSTOMER PORTAL. Creating Venues & Groups
CUSTOMER PORTAL Creating Venues & Groups CREATING VENUES You will need to be at Customer level in order to create new venues. 1. Clicking the option at the top left of the screen. 2. The side menu will
More informationPast & Future Issues in Smartcard Industry
Past & Future Issues in Smartcard Industry Ecrypt 2 Summer School Guillaume Dabosville Oberthur Technologies Oberthur Technologies the group its divisions payment, mobile, transport and digital TV markets
More informationETSI TS V3.1.0 ( )
TS 131 121 V3.1.0 (2001-06) Technical Specification Universal Mobile Telecommunications System (UMTS); UICC-Terminal Interface; USIM Application Test specification (3GPP TS 31.121 version 3.1.0 Release
More information3GPP TS V8.0.0 ( )
3GPP TS 48.051 V8.0.0 (2008-12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group GSM EDGE Radio Access Network; Base Station Controller - Base Transceiver Station
More informationHow Insecure is Wireless LAN?
Page 1 of 7 How Insecure is Wireless LAN? Abstract Wireless LAN has gained popularity in the last few years due to its enormous benefits such as scalability, mobile access of the network, and reduced cost
More informationETSI TS V8.3.0 ( ) Technical Specification
TS 129 280 V8.3.0 (2010-01) Technical Specification Universal Mobile Telecommunications System (UMTS); LTE; Evolved Packet System (EPS); 3GPP Sv interface (MME to MSC, and SGSN to MSC) for SRVCC (3GPP
More informationEnabler Manual Security Indicator
Enabler Manual Security Indicator Project name 5G Enablers for Network and System Security and Resilience Short name 5G-ENSURE Grant agreement 671562 Call H2020-ICT-2014-2 Authors UOXF: Ravishankar Borgaonkar
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationAdvanced Security for Systems Engineering VO 10: Mobile Applications
Advanced Security for Systems Engineering VO 10: Mobile Applications Clemens Hlauschek Lukas Brandstetter Christian Schanes INSO Industrial Software Institute of Computer Aided Automation Faculty of Informatics
More informationSimulation of LTE Signaling
Simulation of LTE Signaling 1 Florin SANDU, 2 Szilárd CSEREY, 3 Eugen MILE-CIOBANU 1 "Transilvania University of Brasov Bd Eroilor nr. 29A RO-500036 Brasov sandu@unitbv.ro, 2,3 SIEMENS Program and System
More informationOperator Policy. What Operator Policy Can Do. A Look at Operator Policy on an SGSN
The proprietary concept of an operator policy, originally architected for the exclusive use of an SGSN, is non-standard and currently unique to the ASR 5x00. This optional feature empowers the carrier
More informationETSI TR V3.1.0 ( )
TR 123 912 V3.1.0 (2001-12) Technical Report Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Technical report on Super-Charger (3GPP TR 23.912
More informationSecurity and Privacy in Public IoT Spaces
Security and Privacy in Public IoT Spaces Albert F Harris III, Hari Sundaram, and Robin Kravets Department of Computer Science University of Illinois at Urbana-Champaign {aharris,hs1,rhk}@illinois.edu
More informationMobile Security Fall 2013
Mobile Security 14-829 Fall 2013 Patrick Tague Class #3 Telecom Security from 1G to 4G Basics of Telecom Security Different players in the mobile ecosystem have different security concerns Security concerns
More information3GPP security. Valtteri Niemi 3GPP SA3 (Security) chairman Nokia
3GPP security Valtteri Niemi 3GPP SA3 (Security) chairman Nokia 1 Some history and background 2 Some history 1/2 SA3 took over the responsibility of specifications created by ETSI SMG10, e.g. TS 43.020
More information3GPP TS V ( )
TS 23.116 V10.1.0 (2011-09) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Super-Charger technical realization; Stage 2 (Release 10)
More informationChapter 6. Stream Cipher Design
Chapter 6. Stream Cipher Design 1 Model for Secure Communications and Attacks 2 Shannon's Theory on Perfect Secrecy and Product Cryptosystems (self reading, Stinson s book, or Chapters 1 and 2 in Stalling's
More informationEUROPEAN ETS TELECOMMUNICATION November 1996 STANDARD
EUROPEAN ETS 300 522 TELECOMMUNICATION November 1996 STANDARD Third Edition Source: ETSI TC-SMG Reference: RE/SMG-030302PR2 ICS: 33.020 Key words: Digital cellular telecommunications system, Global System
More informationTECHNICAL BRIEFING: MOBILE ACCESS TO THE INTERNET. Bornholm, October 2003
Electronic Communications Committee (ECC) within the European Conference of Postal and Telecommunications Administrations (CEPT) TECHNICAL BRIEFING: MOBILE ACCESS TO THE INTERNET Bornholm, October 2003
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationREFERENCE OFFER FOR DIRECT WHOLESALE ROAMING ACCESS
REFERENCE OFFER FOR DIRECT WHOLESALE ROAMING ACCESS 1. Introduction 1.1. The Reference Offer for Direct Wholesale Roaming Access ( Reference Offer ) is published on the grounds of Article 3 of Regulation
More informationETSI TS V8.3.0 ( ) Technical Specification
TS 123 251 V8.3.0 (2011-03) Technical Specification Universal Mobile Telecommunications System (UMTS); LTE; Network sharing; Architecture and functional description (3GPP TS 23.251 version 8.3.0 Release
More informationCustom Connect. All Area Networks. customer s guide to how it works version 1.0
All Area Networks Custom Connect customer s guide to how it works version 1.0 The information in this technical user guide and the glossary of terms has been prepared in good faith and is correct at the
More informationEAGLE EYE MC. 1. Introduction
1. Introduction Worldwide explosion of communication technologies creates a significant challenge for law enforcement agencies, national security organizations and enterprise security responsible for battling
More informationPOWER-ON AND POWER-OFF PROCEDURES
POWER-ON AND POWER-OFF PROCEDURES TABLE OF CONTENTS 1. Power-On Sequence 2. Network and Cell Selection 3. RRC Connection Establishment 4. Attach Procedure 5. Detach Procedure 1. POWER-ON SEQUENCE The following
More informationMobile Network A9ack Evolu=on
Mobile Network A9ack Evolu=on Karsten Nohl Luca Mele9e SRLabs Template v12 Security research is successful if vulnerabili=es get removed Security researchers discover
More informationITU-T Q Signalling architecture and requirements for IP-based short message service over ITU-T defined NGN
I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T Q.3053 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (03/2017) SERIES Q: SWITCHING AND SIGNALLING, AND ASSOCIATED MEASUREMENTS
More informationRadiator. EAP-SIM and EAP- AKA Support
June 16, 2008 Radiator Radiator EAP-SIM and EAP- AKA Support Copyright (C) 2003-2008 Open System Consultants Pty. Ltd. White paper discussing EAP-SIM and EAP- AKA authentication support for Radiator. For
More informationIMSI/IMEI Catching & Localization System. (IMSI/IMEI Catcher + Direction Finder)
IMSI/IMEI Catching & Localization System (IMSI/IMEI Catcher + Direction Finder) About Us Our intelligent, integrated and highly mobile IMSI/IMEI Catching & Localization system is used for identifying the
More informationMIXes in Mobile Communication Systems: Location Management with Privacy *
Proc. Workshop on Information Hiding, Cambridge (UK), Univ.of Cambridge, Isaac Newton Institute, 30.5.-1.6.96 MIXes in Mobile Communication Systems: Location Management with Privacy * Hannes Federrath,
More informationSecurity protocols. Correctness of protocols. Correctness of protocols. II. Logical representation and analysis of protocols.i
Security protocols Logical representation and analysis of protocols.i A security protocol is a set of rules, adhered to by the communication parties in order to ensure achieving various security or privacy
More informationRadiator. EAP-SIM and EAP- AKA Support
September 12, 2011 Radiator Radiator EAP-SIM and EAP- AKA Support Copyright (C) 2003-2011 Open System Consultants Pty. Ltd. White paper discussing EAP-SIM and EAP- AKA authentication support for Radiator.
More informationDesigning Authentication for Wireless Communication Security Protocol
Designing Authentication for Wireless Communication Security Protocol Ms. Roshni Chandrawanshi, Prof. Ravi Mohan, Mr. Shiv Prakash Chandrawanshi Abstract Security is considered an important issue for mobile
More informationETSI TS V9.0.0 ( ) Technical Specification
TS 123 116 V9.0.0 (2010-01) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Super-Charger technical realization; Stage
More informationExam Advanced Network Security
Exam Advanced Network Security Jaap-Henk Hoepman, Joeri de Ruiter July 2, 2018 NOTE: READ THIS CAREFULLY: This exam consists of two alternatives. The first alternative is the regular exam for students
More informationCellular Phone Control System for Prisons and Corrective Services Facilities
Cellular Phone Control System for Prisons and Corrective Services Facilities ENGAGE CELLGUARD October 2011 Table of Contents 1 Introduction... 1 2 ENGAGE CELLGUARD Overview... 2 3 ENGAGE CELLGUARD Main
More information