We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byElliott Sowell
Modified over 2 years ago
1 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Security Issues in Mobile Communication Systems N. Asokan Nokia Research Center IAB workshop on wireless internetworking February 29 - March 2, 2000
2 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) What is different about wireless networks? Low bandwidth minimize message sizes, number of messages Increased risk of eavesdropping use link-level encryption ("wired equivalency") Also wireless networks typically imply user/device mobility Security issues related to mobility authentication charging privacy Focus of this presentation
3 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Overview Brief overview of how GSM and 3GPP/UMTS address these issues Potential additional security concerns in the "wireless Internet" Ways to address these concerns, and their implications
4 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) GSM/GPRS security Authentication one-way authentication based on long-term shared key between user's SIM card and the home network Charging network operator is trusted to charge correctly; based on user authentication Privacy data link-level encryption over the air; no protection in the core network identity/location/movements, unlinkability use of temporary identifiers (TMSI) reduce the ability of an eavedropper to track movements within a PLMN but network can ask the mobile to send its real identity (IMSI): on synchronization failure, on database failure, or on entering a new PLMN network can also page for mobiles using IMSI
5 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) 3GPP/UMTS enhancements (current status) Authentication support for mutual authentication Charging same as in GSM Privacy data some support for securing core network signaling data increased key sizes identity/location/movements, unlinkability enhanced user identity confidentiality using "group keys" a group key is shared by a group of users Other improvements integrity of signaling, cryptographic algorithms made public
6 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Enhanced user identity confidentiality IMSI is not sent in clear. Instead, it is encrypted by a static group key KG and the group identity IMSGI is sent in clear. IMSGI | E(KG, random bits| IMSI | redundancy bits) IMSI request IMSI USI M Servin g Node Home Environmen t
7 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) What is different in the wireless Internet? Potentially low cost of entry for ISPs supporting mobile access Consequently, old trust assumptions as in cellular networks may not hold here between user and home ISP between user and visited ISP between ISPs Implications: potential need for incontestable charging increased level of privacy Relevant even in cellular networks?
8 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Incontestable charging Required security service: unforgeability Cannot be provided if symmetric key cryptography is used exclusively hybrid methods may be used (e.g., based on hash chains) Authorization protocol must support some notion of a "charging certificate" used for local verification of subsequent authorization messages Use r Visited domain Home domain Charging certificate
9 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Enhanced privacy Stronger levels or privacy temporary id = home-domain, E(K, random bits| real-id ) using public key encryption K is the public encryption key of the home-domain using opaque tokens K is a symmetric encryption key known only to the home-domain tokens are opaque to the mobile user user requires means of obtaining new tokens no danger of loss of synchronization Identity privacy without unlinkability is often not useful static identities allow profiles to be built up over time encryption of identity using a shared key is unsatisfactory: trades off performance vs. level of unlinkability
10 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Enhanced privacy (contd.) Release information on a need-to-know basis: e.g., does the visited domain need to know the real identity? typically, the visited domain cares about being paid ground rule: stress authorization not authentication require authentication only where necessary (e.g., home agent forwarding service in Mobile IP)
11 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Home, E(PK H, U, V, PK U, …) Sig U (...) An example protocol template User Visited Domai n Home Domain E(PK H, U, V, PK U,…),... Sig H (PK U...) unforgeable registration request real identity not revealed to the visited domain
12 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Implications Public-key cryptography can provide effective solutions increased message sizes: use of elliptic curve cryptography can help lack of PKI: enhanced privacy solution does not require a full-fledged PKI, some sort of infrastructure is required for charging anyway Are these problems serious enough? trust assumption may not change so drastically providing true privacy is hard: hiding identity information is irrelevant as long as some other linkable information is associated with the messages try not to preclude future solution e.g., dont insist on authentication when it is not essential provide hooks for future use e.g., 16-bit length fields to ensure sufficient room in message formats
13 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Summary Trust assumptions are different in the Internet Enhanced levels of security services may be necessary Public-key cryptography can provide effective solutions Try not to preclude future provision of improved security services
14 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) End of presentation Additional slides follow
15 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) K UV Reducing number of messages Use r Visited domain Home domain Initial shared key K UH auth UH,... KUVKUV KUVKUV KUVKUV auth UV,... Use r Visited domain Home domain Initial shared key K UH auth UH, auth UV,... auth UH,... KUVKUV K UV K UV f (K UH, V, …) auth UH,...
16 © NOKIA mobile-security.PPT/ 6/12/2014 / N.Asokan (NRC/COM) Elliptic curve cryptosystems Comparison between discrete log based systems of equivalent strength in different groups DSA: system parameters = 2208 bits, public key = 1024 bits, private key = 160 bits, signature size = 320 bits ECDSA: system parameters = 481 bits, public key = 161 bits, private key = 160 bits, signature size = 160 bits Comparison between EC and RSA of "equivalent strength" RSA: public key = 1088 bits, private key = 2048 bits, signature size = 1024 bits (taken from Certicom's white papers)
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
SCSC 455 Computer Security Chapter 4 Key Distribution and User Authentication Dr. Frank Li.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
1 Security Issues In Mobile IP Zhang Chao Tsinghua University Electronic Engineering.
Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From ： Proceeding of the First International Conference on Security and Privacy for.
Mobile IP. 2 N+I_2k © 2000, Peter Tomsu 02_mobile_ip Evolution of Data Services Mobile IP GSM GPRS CDMA Other Cellular Circuit Switched Data Today Packet.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Chapter 4 Application Level Security in Cellular Networks.
Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
Network Security Celia Li Computer Science and Engineering York University.
Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.
Kerberos Chapter 10 Real world security protocols 1.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents Security of electronic communications Using asymmetric cryptography.
1 Introduction to Information Security , Spring 2016 Lecture 4: Applied cryptography: asymmetric Zvi Ostfeld Slides credit: Eran Tromer.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
1 Cryptography and Network Security (Authentication Protocols and Digital Signatures) Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 Wireless Networks Lecture 17 GPRS: General Packet Radio Service (Part I) Dr. Ghalib A. Shah.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Public Key Infrastructure and Applications. Agenda PKI Overview Digital Signatures What is it? How does it work? Digital Certificates Public Key Infrastructure.
An Efficient Identity-based Cryptosystem for End-to-end Mobile Security IEEE Transactions on Wireless Communications, 2006 Jing-Shyang Hwu, Rong-Jaye Chen,
© 2016 SlidePlayer.com Inc. All rights reserved.