GSM security country report: Thailand

Similar documents
GSM security country report: Estonia

Mobile network security report: Ukraine

Understanding IMSI Privacy!

Mobile Security Fall 2013

Effective SS7 protection ITU Workshop on SS7 Security, June 29 th 2016

GPRS Intercept: Wardriving your country. Karsten Nohl, Luca Melette,

Ghost Telephonist. Link Hijack Exploitations in 4G LTE CS Fallback. Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI

The telephone supports 2 SIM cards. All functions are available for both SIM cards and have independent settings.

Ghost Telephonist. Link Hijack Exploitations in 4G LTE CS Fallback. Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI

Questioning the Feasibility of UMTS GSM Interworking Attacks

1.264 Lecture 26. Security protocols. Next class: Anderson chapter 4. Exercise due before class

INSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO. GSM Security. MAC Computação Móvel

LTE Network Automation under Threat

Experimental Analysis of the Femtocell Location Verification Techniques

ON THE IMPACT OF GSM ENCRYPTION AND MAN-IN-THE-MIDDLE ATTACKS ON THE SECURITY OF INTEROPERATING GSM/UMTS NETWORKS

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Wireless Attacks and Countermeasures

GSM Security Overview

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Attacking Mobile-Terminated Services in GSM

Defeating IMSI Catchers. Fabian van den Broek et al. CCS 2015

GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017

Cryptanalysis. Ed Crowley

Cryptography ThreeB. Ed Crowley. Fall 08

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

2 Overview of existing cipher mode setting procedure

GSM Open-source intelligence

Mobile Security Fall 2013

Pluggable Transports Roadmap

Copyright

Security of Cellular Networks: Man-in-the Middle Attacks

Achieving End-to-End Security in the Internet of Things (IoT)

Chapter 3 GSM and Similar Architectures

GSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL

Femtocell: Femtostep to the Holy Grail

Wireless LAN Security (RM12/2002)

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

1-7 Attacks on Cryptosystems

Security functions in mobile communication systems

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Exam Advanced Network Security

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

RSA DISTRIBUTED CREDENTIAL PROTECTION

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

GSM Interception IMSI Catcher and Voice Interception

Modern IP Communication bears risks

Semi-Active GSM Monitoring System SCL-5020SE

Short Message Service (SMS)

UNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase

Mavenir Keynote. Think Smarter Secure communication Innovate Services. By Mohamed Issa Regional Head of Africa Sales

Wireless and Mobile Network Investigation

NGN: Carriers and Vendors Must Take Security Seriously

Mobile Security Fall 2012

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Long Term Evolution (LTE) / Fifth Generation (5G) mobile networks for military use

Basics of GSM in depth

Machine Learning for 5G Self Organized Network

Integrated Access Management Solutions. Access Televentures

Mobile Network A9ack Evolu=on

Threat patterns in GSM system. Basic threat patterns:

Analysis of privacy in mobile telephony systems

MOBILE NETWORK SECURITY

Wireless Security Security problems in Wireless Networks

Pertemuan 7 GSM Network. DAHLAN ABDULLAH

THREATS TO PACKET CORE SECURITY OF 4G NETWORK

CSE 127: Computer Security Cryptography. Kirill Levchenko

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

CS 361S - Network Security and Privacy Spring Homework #1

GSM Sniffing with OsmocomBB. Joshua Pereyda

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

CSE Computer Security (Fall 2006)

Network Access Control and VoIP. Ben Hostetler Senior Information Security Advisor

NS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Designing Authentication for Wireless Communication Security Protocol

[2017 TopN Security Threats and Preventive Measures for Mobile Networks]

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture

CIS 4360 Secure Computer Systems Applied Cryptography

INSE Lucky 13 attack - continued from previous lecture. Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014)

Communication Networks 2 Signaling 2 (Mobile)

Analysis of Privacy and Security Exposure in Mobile Dating Applications

La Science du Secret sans Secrets

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Symantec Ransomware Protection

GSMK CryptoPhone Baseband Firewall Technical Briefing

Security issues in mobile communications

SOCIAL NETWORKING IN TODAY S BUSINESS WORLD

Design of a Routing Mechanism to Provide Multiple Mobile Network Service on a Single SIM Card Boobalan. P, Krishna. P, Udhayakumar. P, Santhosh.

Taking Over Telecom Networks

Interworking Internet Telephony and Wireless

Femtocells: a Poisonous Needle in the Operator's Hay Stack

Lure10: Exploiting Windows Automatic Wireless Association Algorithm

Security Using Digital Signatures & Encryption

Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection

Overview of Security

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

City Research Online. Permanent City Research Online URL:

Mobility and Security Management in the GSM System

Wireless Network Security

Transcription:

GSM security country report: Thailand GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin February 2013 Abstract. GSM networks differ widely in their protection capabilities against common attacks. This report details the protection capabilities of the four GSM networks in Thailand. We find AIS to have implemented the most protection features and True Move to be the network offering the most attack surface in Thailand. Users of all of the networks are not sufficienty protected from interception. Impersonating users of all of the networks is possible with simple tools. AIS GSM 1800, dtac, and True Move allow user tracking.

Contents 1 Overview 2 2 Protection measures 3 3 Attack scenarios 4 3.1 Passive intercept.................................. 4 3.2 Active intercept.................................. 5 3.3 Impersonation................................... 6 3.4 User tracking................................... 6 4 Conclusion 7 1 Overview Protection dimensions (higher means better) Operator Intercept Impersonation Tracking AIS 37% 24% 81% AIS GSM 1800 41% 45% 13% dtac 31% 31% 13% True Move 29% 20% 12% Table 1: Implemented protection features relative to 2013 best practices (according to SRLabs GSM metric v2.2) This document provides a security analysis of Thailand s four GSM networks, based on data collected between May 2011 and February 2013. The analysis is based on data samples submitted to the GSM Map project 1. It compares implemented protection features across networks. The GSM Map website reports protection features condensed into three attack categories as shown in Table 1. This report details the logic behind the analysis results, lists some of the implemented protection features, and maps the protection capabilities to popular attack tools. Disclaimer. This report was automatically generated using data submitted to gsmmap.org by volunteers. (Thank you!) The analysis does not claim accuracy. Please do not base far-reaching decisions on the conclusions provided herein, but instead verify them independently. If you detect inaccuracies, we are looking forward to hearing from you. 1 GSM Map Project: https://gsmmap.org GSM security country report: Thailand Page 2

Risk category Risks Components Predict freq s Mitigations Hopping entropy Intercept Intercept voice Intercept SMS Crack keys in real time Crack keys offline A5/3 Padding randomization A5/3 Padding randomization SI randomization Impersonation Tracking Make calls illegitimately Receive victim s calls Local tracking Global tracking Reuse cracked keys Track IMSI/ TMSI HLR location finding Update key in each transaction Update TMSI in each transaction Encrypt location updates (preferably with A5/3) Always encrypt IMSI Hide MSC and IMSI in HLR responses Figure 1: Best practice GSM protection measures mitigate three attack scenarios. 2 Protection measures The SRLabs GSM security metric is built on the understanding that GSM subscribers are exposed to three main risks: Interception. An adversary can record GSM calls and short messages from the air interface. Decryption can either be done in real time or as a batch process after recording transactions in bulk. Impersonation. Calls or SMS are either spoofed or received using a stolen mobile identity. Tracking. Mobile subscribers are traced either globally using Internet-leaked information or locally by repeated TMSI pagings. The SRLabs metric traces these three risks and six sub-risks to an extensive list of protection measures, some of which are listed in Figure 1. Table 2 details the implementation depth of some of the mitigation measures present in Thailand s GSM networks. GSM security country report: Thailand Page 3

Attack vector Networks AIS AIS GSM 1800 dtac True Move Over-the-air protection - Encryption algorithm A5/0 0% 2% 0% 0% A5/1 100% 98% 100% 100% - Padding randomization - SI randomization - Require IMEI in CMC - Hopping entropy HLR/VLR configuration - Authenticate calls 6% 25% 9% 1% - Authenticate SMS 26% 43% 19% 1% - Authenticate LURs 97% 97% 88% 37% - Encrypt LURs 100% 97% 100% 100% - Update TMSI - Mask MSC - Mask IMSI Table 2: Protection measures implemented in analyzed networks, compared to best practice references observed in 2013. 3 Attack scenarios The protection measures impact the effectiveness of various common GSM attack tools. 3.1 Passive intercept Passive interception of GSM calls requires two steps: First, all relevant data needs to be intercepted. This step can not be prevented completely, but aggravated significantly by using less predictable frequency hopping sequences. The all of the networks networks make it particularly easy to record radio signals (hopping entropy). Secondly, the intercepted call and SMS traces need to be decrypted. This can be prevented by hardening the A5/1 cipher or by upgrading to modern encryption algorithms. Hardening the A5/1 cipher. The A5/1 cipher was developed in 1987 and is still by far the most common encryption algorithm for GSM calls. First weaknesses of this cipher were discussed GSM security country report: Thailand Page 4

in 1994 2, but it took until the mid-2000 s until successfull attacks on GSM were demonstrated publicly. These attacks exploit (partially) known plaintexts of the encrypted GSM messages to derive the encryption key. Consequently, countermeasures need to reduce the number of predictable bits in GSM frames. Nowadays, several generations of passive A5/1 decipher units exist, that attack different parts of the transaction. Early generation boxes attack the Cipher Mode Complete message. Dtac and True Move are fully vulnerable (Require IMEI in CMC). More modern decipher units leverage predictable Null frames. These Null frames contain little to no relevant information and are filled up with a fixed uniform padding, facilitating known-plaintext attacks. All of the networks are particularly prone to this type of attack. Recently updated boxes further leverage System Information (SI) messages. These messages can be randomized, or not sent at all during encrypted transactions SI randomization. All of the networks have deployed no protection against this type of attack. Upgrading to modern encryption algorithms. With the introduction of third generation mobile telecommunications technology, the A5/3 cipher was introduced. Only few theroretical attacks on this cipher were so far presented publicly, none of which had practical significance. Modern 3G phones can use this cipher for GSM communication as well, if the network supports it. With passive intercept being prevented, attackers must then use active intercept equipment, e.g. fake base stations, as described in Section 3.2. In Thailand, all of the networks continue to fully rely on the outdated A5/1. 3.2 Active intercept Attacks through fake base stations can be prevented to different degrees, based on what the fake base station is used for: Location finding: In this attack scenario, a phone is lured onto a fake station so that the phone s exact location can be determined. This scenario occurs independent from the phone network and hence cannot be prevented through network protection measures. Outgoing call/sms intercept: A fake base station can proxy outgoing connections. In this attack, the network is not necessarily required, so no protection can be achieved from outside the phone. Encrypted call/sms intercept: Modern fake base stations execute full man-in-the-middle attacks in which connections are maintained with both the phone and the real network. Networks can make such active attacks more difficult with a combination of two measures: First, by disabling unencrypted A5/0 calls. Secondly, by decreasing the authentication time given to a the attacker to break the encrytion key. This timeout can be as much as 24 seconds according to GSM standards. AIS, dtac, and True Move use encryption in all call and SMS 2 See https://groups.google.com/forum/#!msg/uk.telecom/tkdcaytoeu4/mroy719hdroj GSM security country report: Thailand Page 5

transactions; however, the GSMmap currently lacks data to decide whether the networks would accept unencrypted transactions as well. The GSM Map database currently lacks reliable data on authentication times in Thailand. 3.3 Impersonation Mobile identities can (temporarily) be hijacked using specific attack phones. These phones require the authentication key deciphered from one transaction. They use this key to start a subsequent transaction. The obvious way to prevent this attack scenario is by requiring a new key in each transaction (Authenticate calls/sms). In Thailand, call impersonation is possible against all of the networks. SMS impersonation is possible against all of the networks. 3.4 User tracking GSM networks are regularly used to track people s whereabouts. Such tracking occurs at two different granularities: Global tracking: Internet-accessible services disclose the general location of GSM customers with granularity typically on a city level. The data is leaked to attackers as part of SMS delivery protocols in form of the MSC address (Mask MSC). AIS supresses MSC information for their customers in Thailand. AIS GSM 1800, dtac, and True Move allow MSC-based tracking. In addition, user s IMSI s can leak in HLR requests. This is the case for AIS GSM 1800, dtac, and True Move. AIS protects this information. Local tracking: Based on TMSI identifiers, users association with location areas and specific cells can be tracked, providing a finer granularity than MSC-based tracking, but a less fine granularity than location finding with the help of fake base stations. IMSIbased tracking is made more difficult by changing the TMSI in each transaction. In some countries, unencrypted location updates can be observed that ease the tracking of users; all of the networks show this behavior (Encrypt LocUpdate). GSM security country report: Thailand Page 6

4 Conclusion The GSM networks in Thailand implement only few of the protection measures observed in other GSM networks. AIS is protecting its subscribers particularly well against tracking. The evolution of mobile network attack and defense techniques is meanwhile progressing further: Modern A5/1 deciphering units are harvesting the remaining non-randomized frames and thanks to faster computers are achieving high intercept rates again. The 3GPP, on the other hand, already completed standard extensions to reduce A5/1 attack surface to a minimum. These standards from 2009 are only hesitantly implemented by equipment manufacturers, leaving users exposed to phone intercept risks. The available protection methods even when implemented in full are barely enough to protect users sufficiently. At the same time, mobile phone attacks are becoming increasingly attractive. A stronger push for implementing modern protection measures is needed to revert this erosion of mobile network security. GSM security country report: Thailand Page 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback