Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues in Mobile Communication Systems

Published byElliott Sowell Modified over 10 years ago

Similar presentations

Presentation on theme: "Security Issues in Mobile Communication Systems"— Presentation transcript:

1 Security Issues in Mobile Communication Systems
N. Asokan Nokia Research Center IAB workshop on wireless internetworking February 29 - March 2, 2000

2 What is different about wireless networks?
Low bandwidth minimize message sizes, number of messages Increased risk of eavesdropping use link-level encryption ("wired equivalency") Also wireless networks typically imply user/device mobility Security issues related to mobility authentication charging privacy Focus of this presentation Message size: choose appropriate cryptographic algorithms, use compression Number of messages: e.g., use derived keys

3 Overview Brief overview of how GSM and 3GPP/UMTS address these issues
Potential additional security concerns in the "wireless Internet" Ways to address these concerns, and their implications

4 GSM/GPRS security Authentication
one-way authentication based on long-term shared key between user's SIM card and the home network Charging network operator is trusted to charge correctly; based on user authentication Privacy data link-level encryption over the air; no protection in the core network identity/location/movements, unlinkability use of temporary identifiers (TMSI) reduce the ability of an eavedropper to track movements within a PLMN but network can ask the mobile to send its real identity (IMSI): on synchronization failure, on database failure, or on entering a new PLMN network can also page for mobiles using IMSI

5 3GPP/UMTS enhancements (current status)
Authentication support for mutual authentication Charging same as in GSM Privacy data some support for securing core network signaling data increased key sizes identity/location/movements, unlinkability enhanced user identity confidentiality using "group keys" a group key is shared by a group of users Other improvements integrity of signaling, cryptographic algorithms made public large groups: increased exposure of group key network may still page using IMSIs; may also ask for IMSI

6 Enhanced user identity confidentiality
IMSI is not sent in clear. Instead, it is encrypted by a static group key KG and the group identity IMSGI is sent in clear. Serving Node Home Environment USIM IMSI request IMSGI | E(KG, random bits| IMSI | redundancy bits) IMSI

7 What is different in the wireless Internet?
Potentially low cost of entry for ISPs supporting mobile access Consequently, old trust assumptions as in cellular networks may not hold here between user and home ISP between user and visited ISP between ISPs Implications: potential need for incontestable charging increased level of privacy Relevant even in cellular networks? example: mom-and-pop outfits offering wireless Internet connectivity the potnetial needs may be relevant even in cellular networks (e.g., as evidenced by the changes from GSM to 3G); but in the Internet they are likely to be more urgent.

8 Incontestable charging
Required security service: unforgeability Cannot be provided if symmetric key cryptography is used exclusively hybrid methods may be used (e.g., based on hash chains) Authorization protocol must support some notion of a "charging certificate" used for local verification of subsequent authorization messages Visited domain Home domain Charging certificate usualy this exchange results in session keys being distributed; but for non-repudiability, some sort of certificate needs to be distributed User

9 Enhanced privacy Stronger levels or privacy
temporary id = home-domain, E(K, random bits| real-id ) using public key encryption K is the public encryption key of the home-domain using opaque tokens K is a symmetric encryption key known only to the home-domain tokens are opaque to the mobile user user requires means of obtaining new tokens no danger of loss of synchronization Identity privacy without unlinkability is often not useful static identities allow profiles to be built up over time encryption of identity using a shared key is unsatisfactory: trades off performance vs. level of unlinkability shared key: two approaches group key as in 3G: exposure individual key: cannot send a key ID -> impractical

10 Enhanced privacy (contd.)
Release information on a need-to-know basis: e.g., does the visited domain need to know the real identity? typically, the visited domain cares about being paid ground rule: stress authorization not authentication require authentication only where necessary (e.g., home agent forwarding service in Mobile IP)

11 An example protocol template
Visited Domain Home Domain User Home, E(PKH, U, V, PKU,…) SigU(...) E(PKH, U, V, PKU,…), ... SigH(PKU...) unforgeable registration request real identity not revealed to the visited domain

12 Implications Public-key cryptography can provide effective solutions
increased message sizes: use of elliptic curve cryptography can help lack of PKI: enhanced privacy solution does not require a full-fledged PKI, some sort of infrastructure is required for charging anyway Are these problems serious enough? trust assumption may not change so drastically providing true privacy is hard: hiding identity information is irrelevant as long as some other linkable information is associated with the messages try not to preclude future solution e.g., don’t insist on authentication when it is not essential provide hooks for future use e.g., 16-bit length fields to ensure sufficient room in message formats

13 Summary Trust assumptions are different in the Internet
Enhanced levels of security services may be necessary Public-key cryptography can provide effective solutions Try not to preclude future provision of improved security services

14 End of presentation Additional slides follow

15 Reducing number of messages
Visited domain Home domain Visited domain Home domain User User Initial shared key KUH Initial shared key KUH KUV  f (KUH, V, …) authUH, ... authUH, authUV, ... authUH, ... authUH, ... KUV  f (KUH, V, …) KUV KUV KUV KUV KUV Derive session keys as functions of long term keys plus transient information user can compute the session key unilaterally KUV authUV, ...

16 Elliptic curve cryptosystems
Comparison between discrete log based systems of equivalent strength in different groups DSA: system parameters = 2208 bits, public key = 1024 bits, private key = 160 bits, signature size = 320 bits ECDSA: system parameters = 481 bits, public key = 161 bits, private key = 160 bits, signature size = 160 bits Comparison between EC and RSA of "equivalent strength" RSA: public key = 1088 bits, private key = 2048 bits, signature size = 1024 bits (taken from Certicom's white papers)

Download ppt "Security Issues in Mobile Communication Systems"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Security Issues In Mobile IP

Security Issues In Mobile IP
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Technical Presentation AIAC 2010-2011 Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.

Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
Mobile IP. 2 N+I_2k © 2000, Peter Tomsu 02_mobile_ip Evolution of Data Services Mobile IP GSM GPRS CDMA Other Cellular Circuit Switched Data Today Packet.

Mobile IP. 2 N+I_2k © 2000, Peter Tomsu 02_mobile_ip Evolution of Data Services Mobile IP GSM GPRS CDMA Other Cellular Circuit Switched Data Today Packet.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
SCSC 455 Computer Security

SCSC 455 Computer Security
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Similar presentations

Ads by Google