Mobile Security 96-835 / 18-639 / 14-829 Patrick Tague 2 Sept 2010 Class #4 Overview of Mobile/Cellular Systems
Agenda Overview of mobile cellular systems System architecture and overview 2G, 2.5G, 2.75G, and 3G systems Security concerns for: User Service provider Government
Generic Mobile Architecture Interconnection Network Cellular Provider Internet Public Telephone Network
Past-to-Current Systems 2G (digital PCS) GSM global system for mobile communication CDMA Cellular (IS-95A) 2.5G (IP-based) GPRS general packet radio service IS-95B, CDMA2000-1xRTT 2.75G (IP-based) EDGE enhanced data rates for GSM evolution 3G (IP-based) UMTS universal mobile telecom system TD-CDMA, WCDMA, CDMA2000-3xRTT
adapted from [M. Stepanov; http://www.gsm-security.net/] 2G GSM/CDMA Architecture Mobile Stations Base Station Subsystem Network Management Subscriber and terminal equipment databases SIM BTS Exchange System OMC SIM BTS BSC MSC VLR SIM HLR AUC SIM BTS EIR
GPRS 2G 2.5G 2.75G Adds an IP-overlay on circuit-switched GSM network Introduces packet data service Only architectural change is addition of GSN (GPRS Support Node) that acts as a gateway to Internet or other GPRS networks EDGE Changes GSM physical layer (modulation and coding) Otherwise the same as GPRS CDMA2000 Essentially a wideband-version higher-capacity CDMA
GSM vs. CDMA Debate Really, it's the TDMA vs. CDMA debate Let's digress...
Multiple Access FDMA freq. division multiple access CDMA TDMA time division multiple access: flip X & Y axes TDMA + FDMA this is actually what GSM does images 2010 Patrick from Tague [Erik Lawrey; SkyDSP.com]
How CDMA Works Alice's data: 1001 Alice's chip code: 11010 Alice Alice's output: 11010 00101 00101 11010 Bob Bob's data: 0011 Bob's chip code: 01011 Bob's output: 10100 10100 01011 01011 Received (superposition): 11110 10101 01111 11011 11110 11010 = 3, 3/5 > 1/2, so Alice sent a 1 11110 01011 = 2, 2/5 < 1/2, so Bob sent a 0
TDMA vs. CDMA Debate Where CDMA wins: Capacity - CDMA has better frequency reuse in adjacent cells (each cell also has a unique code), so more users can be supported Privacy - CDMA provides inherent privacy unless chip codes are public information Reliability/smooth degradation TDMA has hard limit on N users, N+1 st user is denied CDMA shares Diversity CDMA spreads info over wider bandwidth Environment Existing cells can be upgraded to support more users
TDMA vs. CDMA Debate Where TDMA wins: Maturity - TDMA has been around for a longer time Self-jamming loss of synchronization in CDMA causes users to interfere with each other TDMA and FDMA can use guard slots/bands to prevent this Soft handoff CDMA soft handoff requires simultaneous contact with both towers, which is more complicated than hard handoff in TDMA/FDMA Overall, who wins?
3G Technologies UMTS is basically, the convergence of GSM and CDMA technologies into a common framework TD-CDMA combines TDMA and CDMA WCDMA (similar to EDGE with CDMA) CDMA2000-3xRTT (three times the channel usage as 1xRTT) Does TDMA vs. CDMA matter anymore?
Example: VZW's 3G Network image from [VZW CDMA Network Security whitepaper]
Basic Security Concerns Interconnection Network Cellular Provider Internet Identification of calling/called parties Public Telephone Network Voice privacy over wireless medium Verifiable billing records and audit trail Caller identity privacy Protection from fraud and masquerading
Users' Security Requirements No user/entity should be able to bill calls on another user's behalf Stolen mobile devices shouldn't be able to make calls The network shouldn't record calls, only enough info to perform billing functions No records of digital service usage should be made Voice eavesdropping should be impossible A mobile user's location should be private until disclosed (except in emergencies) A device's user should not be identifiable until disclosed
Providers' Security Reqs. Communication service billing should be correctly managed All types of fraud should be prevented and mechanisms should be updated as necessary Correct naming and addressing of devices must be implemented; routing functions must be secure Providers should be able to add services / functions and provide desired security for them
Gov't Security Requirements Location information must be provided to emergency services Robust infrastructure should be available in emergencies Communication and information must be accessible to law enforcement Useful measures must be in place for monitoring and protection of essential assets and infrastructures
What's Next? Security in GSM and CDMA systems