CRACKING GSM AND UMTS SIGNAL INTERCEPTION AND JAMMING By: James Konderla Written for CYBS 6350: Data Security (Fall 2014) 10/18/2014 i
Table of Contents Abstract... iii Overview of GSM and UMTS Technologies... 1 What is GSM?... 1 Where does UMTS come in?... 1 Security, Vulnerabilities and Attacks... 3 First Attack: Man-In-The-Middle... 3 Attack 2: Signal Jamming (Denial of Service)... 6 Thoughts on Encryption... 8 Conclusions... 10 References... 11 Table of Figures Figure 1... 2 Figure 2... 4 Figure 3... 7 Figure 4... 7 Figure 5... 8 ii
Abstract As mobile devices and the always on lifestyle become central to society there remains an area that few choose to think about: mobile security. Mobile devices, in particular smartphones and tablets, have changed society in indisputable ways by allowing the sharing of movies, photos, music, and even allowing the ability to telecommute and stay up to date on the latest news while on the go. At the end of the day, though security of data often drifts to the back of most consumers minds. Recent security events such as the Apple icloud breach (Samson, 2014) have shown that no security technology is unbreakable and all security technologies need constant revision to stay one step ahead of the enemy. In this paper I have chosen to focus on two inter-twined technologies that are central to many lives globally: GSM and UMTS. First we will take a look at both technologies before delving into two of the most pressing attacks: signal interception and signal jamming. Finally we will take a look at the encryption of these technologies as well as some conclusions I have developed based on the review of reference materials, this course, and current events. iii
What is GSM? Overview of GSM and UMTS Technologies The Global System for Mobile Communications (GSM) is a second generation standard for mobile networks (Technopedias, 2014). Founded in the 1980 s by the European Telecommunications Standards Institute the mission of GSM was to make one standard communications method for cellular and mobile devices throughout Europe. GSM uses signals on three different frequencies: 900 MHz, which has since been depreciated, 1800 MHz, and the 1900 MHz band. GSM has very broad usage in Europe as the de-facto mobile protocol and is used widely in the U.S. by T-Mobile and AT&T which amounts to approximately 44% of the total U.S. Cellular Market as of the first quarter of 2014 (Statista, 2014). Although the competing technology, Code Division Multiple Access (CDMA), holds 56% of the current U.S. Market GSM still shows to be the top contender on the international side. The major weaknesses of GSM, though are that the GSM technology has a fixed cell site range of 35 kilometers, has a very low maximum data rate and that GSM and all 2G technologies are circuit-switched: if there are no circuits available or the circuit is unreliable your call or data transmission will not be able to be completed. When it comes down to it, GSM was just not built to be a data-transfer network or to have data securely transferred. Where does UMTS come in? UMTS, or the Universal Mobile Telecommunications Systems, is a third-generation (3G) mobile telecommunications technology. UMTS uses 3 different yet similar air interfaces and was built on top of the existing GSM standard, providing the ability to co-operate with current standards. Though infrastructure upgrades were required, UMTS added the ability for packetswitching and a virtual connection that provides an always on experience using the frequency 1
bands between 1885 and 2025. UMTS expanded GSM into two very important areas: the ability to consistently transfer data at a moment s notice and the ability for a user to freely roam between cell towers without losing connectivity. UMTS, while an improvement on GSM, came with its own set of problems: usage of the COMP128 encryption algorithm (which has been proven to allow user impersonation) a key length of only 32 bits, no method of network authentication allowing the ability of signal interception through false base stations, encryption that terminates at the base station but leaves the message decrypted in transit and an insecure key transmission where cipher keys are transmitted in the clear both inside and outside of the networks (Suominen, 2003). Even with these security flaws, UMTS delivers abilities for data integrity and security based within the Radio Network Controller rather than at the base station itself, methods of lawful interception and an increase to a 128 bit cipher key providing compatibility with GSM network specifications. The way in which these two technologies interact can be found in Image 1 (HACHA malla, 2010). Of particular note is that these two systems interact together and are not separate, providing the capability to transmit both call and data on the same network. Figure 1 2
Security, Vulnerabilities and Attacks UMTS was built on GSM, making many improvements but also inheriting some of the basic weaknesses of the GSM system. One major flaw in the original GSM standard was the authentication of the device and network. Originally, devices on the GSM network had no way of ensuring that they were authenticating to a valid network and vice versa. In fact, during a 2012 DEFCON presentation (Goodin, 2014), a team of hackers known as Ninja Networks created their very own GSM network and were able to successfully demonstrate the failings of the GSM authentication protocols. UMTS was able to improve upon this by implementing the mutual authentication of users (i.e. devices) and the network. This standard, though, made an important improvement beyond mutual authentication: for 3G and 4G networks a mandatory cipher mode using a block cipher called KASUMI, which utilizes a 128 bit cipher key in order to provide data integrity and security (Suominen, 2003). The user, though, is able to disable this security creating a very large hole in the security of this system. In addition to the improvements of authentication, UMTS also provides user identity confidentiality via the use of International Mobile Subscriber Identity (IMSI) numbers that allow GSM and UMTS networks to interconnect and even enable users to use their cellular devices in a roaming fashion on other networks. Both of these improvements, while substantial, still rely on the use of Subscriber Identity Module (SIM) cards. First Attack: Signal Interception (Man-In-The-Middle) With the above mentioned facts in mind for both GSM and UMTS there are two classes of attacks that clearly come to mind and that I have chosen to address: Signal Interception and Denial of Service. Both of these attacks focus on the manipulation of the specific signal bands 3
that GSM and UMTS are built upon as well as the continued use of SIM card technologies, and have been shown to be both easy and cheap to execute. The first of our attacks focuses on Signal Interception via a Man-In-The-Middle attack. As can be seen in Figure 1, Signal interception is already in use by law enforcement agencies via a loophole in the standard that, according to Suomien (2003), states 3GMS shall provide access to the intercepted content of communications (CC) and the Intercept Related Information (IRI) of the mobile target on behalf of Law Enforcement Agencies (LEAs). Figure 2 In simple terms, the UMTS standard allows for wire-tapping. In fact, there is a technology that has caught on like wildfire in almost every area of the mobile device arena that 4
shares a similar vulnerability: Network-Assisted Discovery for Device-to-Device Communications. According to Thanos, Shalmashi and Miao (2014), this technology allows the network to not only estimate the proximity of devices to each other, but sends unique identifiers in clear text between the devices and the network using a priory communication scheme allowing devices to discover one another before communication takes place. Of course a variation of this technology is also in widespread use by applications that allow detailed news, shopping, weather, and other information based on activation of subscriber tracing on a particular network (Willassen, 2003). This is particularly useful in smart phones, allowing users to see nearby Bluetooth or wireless access points and their current signal strength. The same weakness of clear-text identification is built into the IMSI transmissions themselves: when a device registers for the first time in a servicing network the IMSI is sent in clear text and, in some cases, trusted third parties can be used to assist in authentication (Suomien, 2003). In these cases, if a user has disabled certain portions of the security interface on their cellular devices, the signal can be intercepted via man-in-the-middle attacks. According to Goodin (2014), during the presentation at Defcon, Ninja Networks explained that one of the underlying algorithms of the GSM network known as A5/1, which is still in use today during basic authentication with cell towers (also known as Base Stations), uses a basic shift cypher that shifts the cypher text 3 times and is then transformed, or clocked, 100 times to mix up the bits of the cypher. Ninja Networks also demonstrated how a passive attack using a Time-Memory-Tradeoff and Rainbow table, can determine the original identifier and successfully decode the cypher text. In fact, Ninja Networks is not the only group to have discovered the possibility of these attacks. According to a recent story on the Business Insider online news site (Cook, 2014), fake cell towers have appeared all over the U.S., most of which 5
whose owners have remained unidentified. Even worse, due to the widespread use of cellular base stations it has taken even longer to identify fake base towers due to the population no longer noticing the construction of new towers and providers largely not checking the towers unless a technical issue has occurred. The equipment cost for these attacks has shown to be between $70 and $500 thousand for equipment proceeding in active attacks and $1 Million for Passive equipment, such as these cell towers. These towers could provide a huge payoff in populated areas where users check bank accounts, social networks, and even business emails and computers while on the go. Attack 2: Signal Jamming (Denial of Service) This brings me to the second attack focus of this paper: signal jamming. Signal jamming can be done on either a deliberate basis, such as blocking the use of devices in a lecture hall or board room (Naresh, Babu & Satyaswathi, 2013), or accidentally such as in the case of satellite TV blocking certain Wi-Fi or wireless signal bands. In either case, the usual method of conducting signal jamming operations is by over-riding the signal s carrier waves with noise through use of either a mobile signal jammer or a stationary jammer. In fact, signal jamming does not even need to be done on the base station itself and can focus entirely on the uplink of communications instead of the downlink. There are several techniques to jamming GSM signals but the most obvious is the denial of service. By overloading the signal of the downlink on a wireless base station an attacker would be able to keep a cellular device from confirming that a secure and viable connection had been established. In the following table Ståhlberg (2003) has outlined the GSM Frequency bands used in current networks. 6
Figure 3 As shown in the above table, different frequencies are used for the downlink and uplink of communications between a device and the base station itself. When the device enters range of a network it connects to the network through the base station. The problem with this approach is that the device itself measures the Signal to Noise ratio but the base station itself uses a constant power and signal level to enable connection by multiple users and devices in the simplest and fastest way possible. Due to the constant rate of signals, it becomes a simple matter to overpower the base station on the downlink frequencies. In Figure 3 Ståhlberg (2003) has also outlined the GSM system s transmitting powers. Figure 4 The signal power is adjusted in 2 dbm steps but the handset itself has a maximum signal power of 37dBm. Through a simple search of Amazon.com I was able to find several examples of cheap, effective, devices for both short and long range signal jamming. In fact Figure 4 is a device specifically marketed for blocking GSM signals at a short range. 7
Figure 5 In fact, several sites, such as TheSignalJammer.com exist to supply more advanced devices to businesses and schools, both public and private, in efforts to block cellular devices in certain areas of buildings. While these efforts may be justified, such as in grade school classrooms, nothing would stop a would-be attacker from purchasing one of these devices and going to a crowded area to hold an active denial of service attack. Thoughts on Encryption While reviewing the possibility of Man-In-The-Middle and Denial of Service attacks on the GSM and UMTS networks I came across many references to the encryption used on these networks. There are three main encryption Algorithms used to secure data on the GSM network: A5/0, A5/1, and A5/2. As GSM is the underlying technology of UMTS there is no need here to cover UMTS security Algorithms: UMTS is only effective after GSM connection and authentication has been established. The most known of these is the A5/1 algorithm. All of the 8
A5 algorithms operate as a shift cipher and stream cipher but were changed between the iterations. A5/1, for example, consisted of 3 shift registers and a 100-cycle bit scramble. Originally a tightly kept secret, A5/1 was leaked in 1994. This algorithm was not meant for use outside of Europe and was actually intentionally changed and made weaker for users in the U.S. and other markets, creating the A5/2. In 1998, only 4 years since the leak, A5/1 was reverse engineered and broken. With this also came the breaking of A5/2 and A5/0 in the same year due to their commonalities. The algorithms still remained resource intensive to break until 2008 when a team of hackers at the DEFCON conference, known as Ninja Networks, demonstrated the use of 16 PICA E-16 FPGA machines to create a 3 terabyte Rainbow table which contains all the possible combinations of the A5/1 algorithm. 9
Conclusions In reviewing both the man-in-the-middle and denial of service attacks on the GSM/UMTS system one thing is obvious: these systems were not designed for security and were instead designed for commercial and public use. One would think that the security algorithms used in cellular communication on these networks are secure to offset for the possible use of Man-In-The-Middle interactions but that would be an incorrect statement. The A5/0, A5/1, and A5/2 algorithms were all broken in 1998 and several new algorithms used by certain carriers have been kept proprietary with no mention of whether their security has or has not been broken. There are almost no ways for a user to even tell if their signal is being intercepted, legally or otherwise. In fact, the equipment to perform these attacks is so cheap that people and groups can easily afford to obtain it. Even with cost being in the equation, a more troubling aspect of the underlying GSM standard exists: carriers can ask the mobile devices to switch off authentication. Although great strides have been made to secure UMTS the underlying standard of communication still depends on GSM to establish and authenticate the connection. As devices with GSM capabilities are cycled out of the market, whether by force or natural attrition and device upgrades, GSM stands to be depreciated and the capabilities in UMTS can then be discarded. Until then, the greatest security hole in the UMTS cellular standard will continue to exist as, with the allowing of legacy GSM devices to connect to this new technology carriers have also adopted GSM s security flaws. 10
References Cook, J. (2014, September 22). Everything We Know About The Mysterious Fake Cell Towers Across The US That Could Be Tapping Your Phone. Business Insider. Retrieved October 23, 2014, from http://www.businessinsider.com/mysterious-fake-cellphone-towers-2014-9 Goodin, D. (n.d.). At Defcon, hackers get their own private cell network: Ninja Tel. Ars Technica. Retrieved October 25, 2014, from http://arstechnica.com/security/2012/07/ninja-tel-hackerphone-network/ Kassner, M. (n.d.). GSM encryption: No need to crack it, just turn it off.techrepublic. Retrieved September 16, 2014, from http://www.techrepublic.com/blog/itsecurity/gsm-encryption-no-need-to-crack-it-just-turn-it-off/ HACHA malla. (2010, December 11). HACHA malla. Retrieved October 26, 2014, from http://hachamalla.blogspot.com/ Meyer, U., & Wetzel, S. (2004). On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks.personal, Indoor and Mobile Radio Communications, 2004. PIMRC 2004. 15th IEEE International Symposium on, 4, 2876-2883. Naresh, P., Babu, P. R., & Satyaswathi, K. (2013). Mobile Phone Signal Jammer for GSM, CDMA with Prescheduled Time Duration using ARM7. International Journal of Science, Engineering and Technology Research (IJSETR), Volume 2(Issue 9), 1781-1784. Principles of Telecommunication Services Supported by a GSM PLMN. (n.d.). ETSI - European Telecommunications Standards Institute. Retrieved September 16, 2014, from http://www.etsi.org/deliver/etsi_gts/02/0201/03.02.00_60/gsmts_0201sv030200p.pdf Samson, T. (n.d.). Apple icloud breach proves Wozniak's point about cloud risks.infoworld. Retrieved September 23, 2014, from http://www.infoworld.com/article/2618094/cloud-security/appleicloud-breach-proves-wozniak-s-point-about-cloud-risks.html Southern, E., Ouda, A., & Shami, A. (2011). Solutions to security issues with legacy integration of GSM into UMTS.Internet Technology and Secured Transactions (ICITST), 2011 International Conference for, 614-619. Ståhlberg, M. (Director) (2000, August 1). Radio Jamming Attacks Against Two Popular Mobile Networks. Proceedings of the Helsinki University of Technology Seminar on Network Security fall 2000. Lecture conducted from Helsinki University of Technology, Otaniemi, Espoo. Suominen, M. (Director) (2003, April 15). UMTS security. Security issues in mobile networks. Lecture conducted from Helsinki University of Technology, Espoo, Finland. What is the Global System for Mobile Communications (GSM)? - Definition from Techopedia. (n.d.). Techopedias. Retrieved September 23, 2014, from http://www.techopedia.com/definition/5062/global-system-for-mobile-communications-gsm 11
Thanos, A., Shalmashi, S., & Miao, G. (n.d.). Network-Assisted Discovery for Device-to-Device Communications.Academia.edu. Retrieved September 16, 2014, from https://www.academia.edu/5543066/network-assisted_discovery_for_device-to- Device_Communications Willassen, S. Y. (2003). Forensics and the GSM mobile telephone system.international Journal of Digital Evidence,Volume 2(Issue 1). Retrieved September 10, 2014, from http://www.ccse.kfupm.edu.sa/~ahmadsm/coe589-121/willassen2003-mobile-forensics.pdf Wireless carrier market share subscriptions United States 2011-2014 Statistic. (n.d.). Statista. Retrieved September 23, 2014, from http://www.statista.com/statistics/199359/market-shareof-wireless-carriers-in-the-us-by-subscriptions/ 12