Security of Cellular Networks: Man-in-the Middle Attacks

Similar documents
Chapter 3 GSM and Similar Architectures

Cellular Communication

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture

GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017

Last time?! Block 3: Lecture 1! Wireless networks! Ingredients 2: Antennas! Ingredients 1: Mobile Phones, PDAs & Co.! 20/05/14. Part 3: lecture 3!

Pertemuan 7 GSM Network. DAHLAN ABDULLAH

EUROPEAN ETS TELECOMMUNICATION November 1996 STANDARD

Mobile Communications

GSM. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides) GPRS

Information Technology Mobile Computing Module: GSM Handovers

Advanced Computer Networks Exercise Session 4. Qin Yin Spring Semester 2013

Basics of GSM in depth

Communication Networks 2 Signaling 2 (Mobile)

GSM System Overview. Ph.D. Phone Lin.

E2-E3: CONSUMER MOBILITY. CHAPTER-5 CDMA x OVERVIEW (Date of Creation: )

UNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase

CHAPTER 4 SYSTEM IMPLEMENTATION 4.1 INTRODUCTION

ETSI TS V7.1.0 ( )

Rab Nawaz Jadoon. Cellular Systems - II DCS. Assistant Professor. Department of Computer Science. COMSATS Institute of Information Technology

Nexus8610 Traffic Simulation System. Intersystem Handover Simulation. White Paper

Understanding Carrier Wireless Systems

Mobility: vocabulary

Design of a Routing Mechanism to Provide Multiple Mobile Network Service on a Single SIM Card Boobalan. P, Krishna. P, Udhayakumar. P, Santhosh.

Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography.

Mobility and Security Management in the GSM System

GSM Open-source intelligence

Signaling System 7 (SS7) By : Ali Mustafa

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

Mobile Security Fall 2013

Chapter 2 The 3G Mobile Communications

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 ISSN

GSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

E1-E2 UPGRADATION COURSE CONSUMER MOBILITY. 3G Concept

Dimensioning, configuration and deployment of Radio Access Networks. part 1: General considerations. Mobile Telephony Networks

JP-3GA (R99) Network Architecture

Threat patterns in GSM system. Basic threat patterns:

Chapter 1 : Historical Background of Mobile Communications Early Systems (World War II)

COMP327 Mobile Computing Session: Lecture Set 5 - Wireless Communication Part 2

GSM and Similar Architectures Lesson 13 GPRS

3G TS V3.6.0 ( )

Practical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning

ETSI ETR 109 TECHNICAL October 1993 REPORT

3G TS V3.1.0 ( )

Hands-On Modern Mobile and Long Term Evolution LTE

GPRS and UMTS T

Mobile Security / /

Security functions in mobile communication systems

UMTS System Architecture and Protocol Architecture

Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm.

Evolution from GSM to UMTS

RF OPTIMIZATION FOR QUALITY IMPROVEMENT IN GSM NETWORK

Data and Voice Signal Intelligence Interception Over The GSM Um Interface

ETSI TS V3.6.0 ( )

UNIK4230: Mobile Communications Spring Semester, Per Hj. Lehne

ETSI TS V1.1.1 ( )

GPRS security. Helsinki University of Technology S Security of Communication Protocols

Chapter 7. Wireless and Mobile Networks. Computer Networking: A Top Down Approach

GSM Mobility Management

Cellular Networks and Mobility

ETSI TS V6.4.0 ( )

Semi-Active GSM Monitoring System SCL-5020SE

CSC 401 Data and Computer Communications Networks

ETSI ETR 341 TECHNICAL December 1996 REPORT

INSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO. GSM Security. MAC Computação Móvel

COSC : mobility within same subnet. Lecture 26. H1 remains in same IP subnet: IP address can remain same

Designing Authentication for Wireless Communication Security Protocol

Wireless and Mobile Network Architecture

Wireless Communications

Short Message Service (SMS)

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

Evolution from GSM to UMTS (IMT-2000)*

Wireless Security Background

UMTS Addresses and Identities Mobility and Session Management

Please refer to the usage guidelines at or alternatively contact

Wireless and Mobile Network Architecture

GSM and Mobile Telephony Trends

CSC 4900 Computer Networks: Mobility

Communication Systems for the Mobile Information Society

Advanced Computer Networks. WLAN, Cellular Networks

Technical description of international mobile roaming May 2010

Mobility Chapter 5 Ad Hoc a Hoc nd S ensor Net r works rks Roger W r a W ttenhofer fe r 5/1

Telecommunication Services Engineering Lab

Client Server Programming and GSM Networking Protocols (SS7 Signaling)

Section 4 GSM Signaling BSSMAP

Telecommunication Services Engineering Lab

University of Agder Department of Information and Communication Technology EXAM

Mobile and Sensor Systems

Security issues in mobile communications

Defeating IMSI Catchers. Fabian van den Broek et al. CCS 2015

No lecture on Thurs. Last homework will be out this week (not due, covers wireless) Extra office hours for next week and the week after.

Chapter 3. 3G Operational Issues. For internal circulation of BSNL only Page 1

Introduction to Mobile Computing

Internal. GSM Fundamentals.

2001, Cisco Systems, Inc. All rights reserved. Copyright 2001, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.

Input ports, switching fabric, output ports Switching via memory, bus, crossbar Queueing, head-of-line blocking

E3-E4 (CM MODULE) CDMA x & EV-DO. For internal circulation of BSNL only

The GSM Standard (An overview of its security)

Wireless Communication

TELE COMMUNICATIONS Objective Introduction Global System for Mobile Communication (GSM):

Transcription:

Security of Cellular Networks: Man-in-the Middle Attacks Mario Čagalj University of Split 2013/2014. Security in the GSM system by Jeremy Quirke, 2004

Introduction Nowadays, mobile phones are used by 80-90% of the world s population (billion of users) Evolution 1G: analog cellular networks 2G:digital cellular networks with GSM (Global System for Mobile Communications) beign the most popular and the most widely used standard (circuit switching) other 2G: technologies IS-95 CDMA based (US), PDC (Japan), etc. 2.5G:GPRS (General Packet Radio Service) packet switching 2.75G: EDGE faster data service 3G: UMTS (CDMA based), HSPA for data traffic (e.g., 5-10 Mbps) other 3G: CDMA2000 (US, S. Korea) 4G: LTE (OFDM based), peak data rates of 100Mbps GSM security specifications 2

Cellular Network Architecture A high level view Databases (e.g., Home Location Register) Mobile Station Base Station Mobile Switching Center External Network Cellular Network EPFL, JPH 3

Cellular Network Architecture Registration Process Nr: 079/4154678 EPFL, JPH Tune on the strongest signal 4

Cellular Network Architecture Service Request 079/4154678 079/8132627 079/4154678 079/8132627 EPFL, JPH 5

Cellular Network Architecture Paging Broadcast(locating a particular mobile station in case of mobile terminated call) 079/8132627? 079/8132627? 079/8132627? 079/8132627? EPFL, JPH Note: paging makessenseonlyover a small area 6

Cellular Network Architecture Response 079/8132627 079/8132627 EPFL, JPH 7

Cellular Network Architecture Channel Assignement Channel 47 Channel 47 Channel 68 Channel 68 EPFL, JPH 8

Cellular Network Architecture Conversation EPFL, JPH 9

Cellular Network Architecture Handover (or Handoff) EPFL, JPH 10

Cellular Network Architecture Message Sequence Chart Caller Base Station Switch Base Station Callee Periodic registration Periodic registration Service request Service request Paging broadcast Page request Page request Paging broadcast Paging response Paging response Tune to Ch.47 Assign Ch. 47 Assign Ch. 68 Tune to Ch. 68 Ring indication Stop ring indication EPFL, JPH Ring indication Stop ring indication User response Alert tone User response 11

GSM System Architecture Based on Mobile Communications: Wireless Telecommunication Systems

Architecture of the GSM system GSM is a PLMN (Public Land Mobile Network) several providers setup mobile networks following the GSM standard within each country components MS (mobile station) BS (base station) MSC (mobile switching center) LR (location register) subsystems RSS (radio subsystem): covers all radio aspects NSS (network and switching subsystem): call forwarding, handover, switching OSS (operation subsystem): management of the network 13

Please check http://gsmfordummies.com/architecture/arch.shtml GSM: overview NSS with OSS OMC, EIR, AUC HLR GMSC fixed network VLR MSC VLR MSC BSC BSC RSS 14

GSM: system architecture radio subsystem network and switching subsystem fixed networks MS MS MSC ISDN PSTN BTS BTS BSC EIR SS7 HLR BTS BTS BSS BSC MSC IWF VLR ISDN PSTN PSPDN CSPDN 15

System architecture: radio subsystem radio subsystem MS BTS BTS MS BSC network and switching subsystem MSC Components MS(Mobile Station) BSS(Base Station Subsystem): consisting of BTS(Base Transceiver Station): sender and receiver BSC(Base Station Controller): controlling several transceivers BTS BTS BSS BSC MSC 16

Radio subsystem The Radio Subsystem (RSS) comprises the cellular mobile network up to the switching centers Components Base Station Subsystem (BSS): Base Transceiver Station (BTS): radio components including sender, receiver, antenna -if directed antennas are used one BTS can cover several cells Base Station Controller (BSC): switching between BTSs, controlling BTSs, managing of network resources, mapping of radio channels onto terrestrial channels Mobile Stations (MS) 17

GSM: cellular network segmentation of the area into cells possible radio coverage of the cell cell idealized shape of the cell use of several carrier frequencies not the same frequency in adjoining cells cell sizes vary from some 100 m up to 35 km depending on user density, geography, transceiver power etc. hexagonal shape of cells is idealized (cells overlap, shapes depend on geography) if a mobile user changes cells handover of the connection to the neighbor cell 18

System architecture: network and switching subsystem MSC network subsystem EIR fixed partner networks ISDN PSTN Components MSC(Mobile Services Switching Center) IWF(Interworking Functions) ISDN(Integrated Services Digital Network) PSTN(Public Switched Telephone Network) PSPDN(Packet Switched Public Data Net.) CSPDN(Circuit Switched Public Data Net.) SS7 MSC IWF HLR VLR ISDN PSTN PSPDN CSPDN Databases HLR(Home Location Register) VLR(Visitor Location Register) EIR(Equipment Identity Register) 19

Network and switching subsystem NSS is the main component of the public mobile network GSM switching, mobility management, interconnection to other networks, system control Components Mobile Services Switching Center (MSC) controls all connections via a separated network to/from a mobile terminal within the domain of the MSC -several BSC can belong to a MSC Databases (important: scalability, high capacity, low delay) Home Location Register (HLR) central master database containing user data, permanent and semi-permanent data of all subscribers assigned to the HLR (one provider can have several HLRs) Visitor Location Register (VLR) local database for a subset of user data, including data about all user currently in the domain of the VLR 20

Mobile Services Switching Center The MSC (mobile switching center) plays a central role in GSM switching functions additional functions for mobility support management of network resources interworking functions via Gateway MSC (GMSC) integration of several databases 21

Operation subsystem The OSS (Operation Subsystem) enables centralized operation, management, and maintenance of all GSM subsystems Components Authentication Center (AUC) generates user specific authentication parameters on request of a VLR authentication parameters used for authentication of mobile terminals and encryption of user data on the air interface within the GSM system Equipment Identity Register (EIR) registers GSM mobile stations and user rights stolen or malfunctioning mobile stations can be locked and sometimes even localized Operation and Maintenance Center (OMC) different control capabilities for the radio subsystem and the network subsystem 22

Mobile Terminated Call Please check http://gsmfordummies.com/gsmevents/mobile_terminated.shtml 1: calling a GSM subscriber 2: forwarding call to GMSC 3: signal call setup to HLR 4, 5: request MSRN (roaming number) from VLR 6: forward responsible MSC to GMSC 7: forward call to current MSC 8, 9: get current status of MS 10, 11: paging of MS 12, 13: MS answers 14, 15: security checks 16, 17: set up connection calling station PSTN 1 2 BSS HLR 3 6 GMSC 10 4 5 7 BSS MS VLR 8 9 14 15 MSC 10 13 10 16 11 12 17 BSS 11 11 11 23

Mobile Originated Call 1, 2: connection request 3, 4: security check 5-8: check resources (free circuit) VLR 9-10: set up call PSTN 6 5 GMSC 7 8 3 4 MSC 2 9 MS 1 10 BSS 24

Mobile Terminated and Mobile Originated Calls MS MTC paging request BTS MS MOC BTS channel request channel request immediate assignment immediate assignment paging response service request authentication request authentication request authentication response authentication response ciphering command ciphering command ciphering complete ciphering complete setup setup call confirmed call confirmed assignment command assignment command assignment complete assignment complete alerting alerting connect connect connect acknowledge connect acknowledge data/speech exchange data/speech exchange 25

Security in GSM Based on: Security in the GSM system by Jeremy Quirke The GSM Standard (An overview of its security) by SANS Institute InfoSec Reading Room Mobile Communications: Wireless Telecommunication Systems

SecurityServices in GSM Access control/authentication user <--x--sim (Subscriber Identity Module): secret PIN (personal identification number) SIM <--x-- network: challenge response method Confidentiality voice and signaling encrypted on the wireless link (after successful authentication) Anonymity temporary identity TMSI (Temporary Mobile Subscriber Identity) newly assigned at each new location update(lup) encrypted transmission 27

SecurityServices in GSM Authentication SIM (Subscriber Identity Module) card smartcard inserted into a mobiel phone contains all necessary details to obtain access to an account unique IMSI (International Mobile Subscriber Identity) K i -the individual subscriber authentication key(128bit, used to generate all other encryption and authentication keying GSM material) highly protected the mobile phone never learns this key, mobile only forwards any required material to the SIM known only to the SIM and network AUC (Authentication Center) SIM unlocked using a PIN or PUK authentication (A3 algorithm) and key generation (A8 algorithm) is performed in the SIM SIM contains a microprocessor 28

SecurityServices in GSM Authentication mobile network SIM K i RAND RAND RAND K i AC 128 bit 128 bit 128 bit 128 bit A3 SRES* 32 bit A3 SRES 32 bit SIM MSC SRES* =? SRES SRES 32 bit SRES K i : individual subscriber authentication key SRES: signed response 29

SecurityServices in GSM Authentication K c : Session encryption key generated together with SRES 30

SecurityServices in GSM Encryption mobile network (BTS) MS with SIM K i RAND RAND RAND K i AC 128 bit 128 bit 128 bit 128 bit SIM A8 A8 cipher key BTS K c 64 bit A5 data encrypted data K c 64 bit SRES data A5 MS 31

SecurityServices in GSM Authentication and Encryption A3 and A8 algorithms are both run in SIM at the same time on the same input (RAND, K i ) A3A8 = COMP128v1, COMP128v2, COMP123v3 (serious weaknesses known) not used in UMTS Encryption algorithm A5 symmetric encryption algorithm voice/data encryption performed by a phone using generated encryption key K c 32

SecurityServices in GSM Encryption A5 algorithms A5/0 no encryption used A5/1 and A5/2 developed far from public domain and later found flawed stream ciphers based on linear feedback shift registers A5/2 completely broken (not used anymore in GSM) A5/1 is a bit stronger but also broken by many researchers A5/3 is a block cipher based on Kasumi encryption algorithm used in UMTS, GSM, and GPRS mobile communications systems public and reasonably secure (at least at the moment) 33

SecurityServices in GSM Summary 34

SecurityWeaknesess in GSM A mobile phone does not authenticate the base station! only mobile authenticate to BS (one-way authentication) fake BS and man-in-the middle attacks possible attacker does not have to know authentication key K i A5/0 -No Encryption algorithm is a valid choicein GSM for voice, SMS, GPRS, EDGE services Many weaknesses in A5 family of encryption algorithms 35

SecurityWeaknesess in GSM 36

SecurityServices in GSM Anonymity Preventing eavesdropper (listening attacker) from determining if a particular subscriber is/was in the given area location privacy thanks to long ranges a very powerful attack attacker uses IMSI (International Mobile Subscriber Identity) IMSI Catchers To preserve location privacy GSM defines TMSI (Temporary Mobile Subscriber Identity) when a phone turned on, IMSI from SIM transmitted in clear to the AUC after this TMSI is assigned to this user for location privacy after each location update or a predefined time out, a new TMSI is assigned to the mobile phone a new TMSI is sent encrypted (whenever possible) VLR database contains mapping TMSI to IMSI 37

SecurityServices in GSM Anonymity 38

SecurityServices in GSM Anonymity 39

SecurityWeaknesess in GSM Attack Against the Anonymity Service GSM provisions for situation when the network somhow loses track of a particular TMSI in this case the network must ask the subscriber its IMSI over the radio link using the IDENTITY REQUEST and IDENTITY RESPONSE mechanism however, the connection cannot be encrypted if the network does not know the IMSI and so the IMSI is sent in plain text the attacker can use this to map known TMSI and unknown and user-specific IMSI 40

Countermeasures: UMTS UMTS defines 2-way authentication and mandates the use of stronger encryption and authentication primitives prevents MITM attacks by a fake BS, but be cautious... Still many reasons to worry about most mobiles support < 3G standards (GPRS, EDGE) when signal is bad, hard to supprot UMTS rates mobile providers already invested a lot of money and do not give up upon old BSS equippment femtocells 41

Many Reason to Worry About Your Privacy http://www.theregister.co.uk/2008/05/20/tracking_phones/ http://www.theregister.co.uk/2011/10/31/met_police_datong_mo bile_tracking/ (check also http://www.pathintelligence.com) http://docs.google.com/viewer?url=https%3a%2f%2fmedia.black hat.com%2fbh-dc-11%2fperez-pico%2fblackhat_dc_2011_perez- Pico_Mobile_Attacks-Slides.pdf http://docs.google.com/viewer?url=http%3a%2f%2ffemto.sec.tlabs.tu-berlin.de%2fbh2011.pdf 42

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback