3G Security Principles Build on GSM security

Slides:



Advertisements
Similar presentations
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
Advertisements

GSM Security and Encryption
GSM and UMTS Security.
Peter Howard Vodafone Group R&D
Security WG Areas of Interest FYI - Strawman Vancouver June 2001 Sprint PCS ®
Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
GSM standard (continued)
Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
TWC 2005 Frankfurt 1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization.
Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.
Wireless Network Security
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
 Global System for Mobile Communications (GSM) is a second generation (2G) cellular standard developed to cater voice services and data delivery using.
GSM: The European Standard for Mobile Telephony Presented by Rattan Muradia Requirement for course CSI 5171 Presented by Rattan Muradia Requirement for.
Security in GSM/GPRS and UMTS
GSM,GPRS & CDMA Technology
CDMA Power Control, Smart Antenna. Power Control in CDMA All the mobiles communicate on the same frequency. Therefore, internal interference is developed.
An Analysis of Bluetooth Security
Cellular Mobile Communication Systems Lecture 8
Chapter 4 Application Level Security in Cellular Networks.
Wireless Network Security and Interworking
Mobile Telephone System And GSM Security. The Mobile Telephone System First-Generation Mobile Phones First-Generation Mobile Phones Analog Voice Analog.
GSM NETWORK ARCHITECTURE CH 2. In this chapter we will see : In this chapter we will see : 1.GSM NETWORK ARCHITECTURE 2.The Radio Subsystem 3.The Network.
4.1 Security in GSM Security services – access control/authentication user  SIM (Subscriber Identity Module): secret PIN (personal identification number)
Overview of cellular system
Cellular Networks 1. Overview 1G Analog Cellular 2G TDMA - GSM 2G CDMA - IS G 3G 4G and Beyond Cellular Engineering Issues 2.
1 Lecture 19 EEE 441 Wireless And Mobile Communications.
1 Wireless Networks Lecture 17 GPRS: General Packet Radio Service (Part I) Dr. Ghalib A. Shah.
Mobile Telephone System And GSM Security. The Mobile Telephone System First-Generation Mobile Phones First-Generation Mobile Phones Analog Voice Analog.
Mobile Communications: Wireless Telecommunication Systems  Market  GSM  Overview  Services  Sub-systems  Components.
Bitwali1 Wireless Communication Introduction to Mobile Communication and Cellular System Lecture 3-4.
Overview of the GSM for Cellular System
Wireless Network PMIT- By-
GLOBAL SYSTEM FOR MOBILE COMMUNICATION
GSM, UTMS, Wi-Fi and some Bluetooth
GSM Training for Professionals
Third Generation (3G) Cellular Network 3G System
GPS.
GSM.
Global System for Mobile Communications
GSM SECURITY AND ENCRYPTION
GSM,GPRS & CDMA Technology
GSM.
Wireless Communications MOBILE COMMUNICATIONS Lecture:7
Mobile and Wireless Network Security
Fundamentals of Cellular and Wireless Networks
Mobile Communications Mobile Security Fundamentals-3
By Theodora Kontogianni
GSM location updating procedure
Name:Shivalila A H,Shima
Subject Name: GSM Subject Code: 10EC843
GPRS GPRS stands for General Packet Radio System. GPRS provides packet radio access for mobile Global System for Mobile Communications (GSM) and time-division.
Global system for Mobile Communications
Network Architecture How does it all work?
GPRS Architecture Ayan Ganguly Bishakha Roy Akash Dutta.
GSM location updating procedure
GPRS Introduction to GPRS. 1.1) what is GPRS?
Mario Čagalj University of Split 2013/2014. Security of Cellular Networks: Man-in-the Middle Attacks ‘Security in the GSM system’ by Jeremy Quirke, 2004.
An Introduction to CDMA Air Interface: IS-95A
Dept. of Business Administration
Special Topic: Wireless Security
LM 7. Cellular Network Security
Security in Wide Area Networks
Presentation transcript:

3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP Myagmar, Gupta UIUC 2001

GSM Network Architecture   PSTN/ISDN MS                     MSC BTS           Um BSC A A-bis Mobility mgt OMC EIR AUC HLR VLR Voice Traffic Circuit-switched technology Myagmar, Gupta UIUC 2001

Key functions: privacy, integrity and confidentiality GSM Security Elements, 1 Key functions: privacy, integrity and confidentiality Authentication Protect from unauthorized service access Based on the authentication algorithm A3(Ki, RAND)=> SRES Problems with inadequate algorithms Encryption Scramble bit streams to protect signaling and user data Ciphering algorithm A8(Ki, RAND) => Kc A5(Kc, Data) => Encrypted Data Need stronger encryption Confidentiality Prevent intruder from identifying users by IMSI Temporary MSI Need more secure mechanism

GSM Security Elements, 2 A removable hardware security module SIM Manageable by network operators Terminal independent Secure Application Layer Secure application layer channel between subscriber module and home network Transparency Security features operate without user assistance Needs greater user visibility Minimized Trust Requires minimum trust between HE and SN

Problems with GSM Security, 1 Active Attacks Impersonating network elements such as false BTS is possible Key Transmission Cipher keys and authentication values are transmitted in clear within and between networks (IMSI, RAND, SRES, Kc) Limited Encryption Scope Encryption terminated too soon at edge of network to BTS Communications and signaling in the fixed network portion aren’t protected Designed to be only as secure as the fixed networks Channel Hijack Protection against radio channel hijack relies on encryption. However, encryption is not used in some networks. Myagmar, Gupta UIUC 2001

Problems with GSM Security, 2 Implicit Data Integrity No integrity algorithm provided Unilateral Authentication Only user authentication to the network is provided. No means to identify the network to the user. Weak Encryption Algorithms Key lengths are too short, while computation speed is increasing Encryption algorithm COMP 128 has been broken Replacement of encryption algorithms is quite difficult Unsecured Terminal IMEI is an unsecured identity Integrity mechanisms for IMEI are introduced late Myagmar, Gupta UIUC 2001

Problems with GSM Security, 3 Lawful Interception & Fraud Considered as afterthoughts Lack of Visibility No indication to the user that encryption is on No explicit confirmation to the HE that authentication parameters are properly used in SN when subscribers roam Inflexibility Inadequate flexibility to upgrade and improve security functionality over time Myagmar, Gupta UIUC 2001

3G Network Architecture Circuit Network Circuit/ Signaling Gateway Mobility Manager Feature Server(s) Circuit Switch IN Services RNC Call Agent Voice Data + Packet Voice IP Core Network Radio Access Control Packet Network (Internet) Packet Gateway IP RAN 3G 2G 2G/2.5G Myagmar, Gupta UIUC 2001

New Security Features, 1 Network Authentication Explicit Integrity The user can identify the network Explicit Integrity Data integrity is assured explicitly by use of integrity algorithms Also stronger confidentiality algorithms with longer keys Network Security Mechanisms to support security within and between networks Switch Based Security Security is based within the switch rather than the base station IMEI Integrity Integrity mechanisms for IMEI provided from the start Myagmar, Gupta UIUC 2001

New Security Features, 2 Secure Services Secure Applications Protect against misuse of services provided by SN and HE Secure Applications Provide security for applications resident on USIM Fraud Detection Mechanisms to combating fraud in roaming situations Flexibility Security features can be extended and enhanced as required by new threats and services Visibility and Configurability Users are notified whether security is on and what level of security is available Users can configure security features for individual services Myagmar, Gupta UIUC 2001

New Security Features, 3 Compatibility Standardized security features to ensure world-wide interoperability and roaming At least one encryption algorithm exported on world-wide basis Lawful Interception Mechanisms to provide authorized agencies with certain information about subscribers Myagmar, Gupta UIUC 2001

Summary of 3G Security Features, 1 User Confidentiality Permanent user identity IMSI, user location, and user services cannot be determined by eavesdropping Achieved by use of temporary identity (TMSI) which is assigned by VLR IMSI is sent in cleartext when establishing TMSI Myagmar, Gupta UIUC 2001

Summary of 3G Security Features, 2 Mutual Authentication During Authentication and Key Agreement (AKA) the user and network authenticate each other, and also they agree on cipher and integrity key (CK, IK). CK and IK are used until their time expires. Assumption: trusted HE and SN, and trusted links between them. After AKA, security mode must be negotiated to agree on encryption and integrity algorithm. AKA process: Myagmar, Gupta UIUC 2001

Summary of 3G Security Features, 3 Generation of authentication data at HLR: Myagmar, Gupta UIUC 2001

Summary of 3G Security Features, 4 Generation of authentication data in USIM: Myagmar, Gupta UIUC 2001

Summary of 3G Security Features, 5 Data Integrity Integrity of data and authentication of origin of signalling data must be provided The user and network agree on integrity key and algorithm during AKA and security mode set-up Myagmar, Gupta UIUC 2001

Summary of 3G Security Features, 6 Data Confidentiality Signalling and user data should be protected from eavesdropping The user and network agree on cipher key and algorithm during AKA and security mode set-up Myagmar, Gupta UIUC 2001

Summary of 3G Security Features, 7 IMEI IMEI is sent to the network only after the authentication of SN The transmission of IMEI is not protected User-USIM Authentication Access to USIM is restricted to authorized users User and USIM share a secret key, PIN USIM-Terminal Authentication User equipment must authenticate USIM Secure Applications Applications resident on USIM should receive secure messages over the network Visibility Indication that encryption is on Indication what level of security (2G, 3G) is available Myagmar, Gupta UIUC 2001

Summary of 3G Security Features, 8 Configurability User configures which security features activated with particular services Enabling/disabling user-USIM authentication Accepting/rejecting incoming non-ciphered calls Setting up/not setting up non-ciphered calls Accepting/rejecting use of certain ciphering algorithms GSM Compatibility GSM user parameters are derived from UMTS parameters using the following conversion functions: cipher key Kc = c3(CK, IK) random challenge RAND = c1(RAND) signed response SRES = c2(RES) GSM subscribers roaming in 3GPP network are supported by GSM security context (example, vulnerable to false BTS) Myagmar, Gupta UIUC 2001

Problems with 3G Security IMSI is sent in cleartext when allocating TMSI to the user The transmission of IMEI is not protected; IMEI is not a security feature A user can be enticed to camp on a false BS. Once the user camps on the radio channels of a false BS, the user is out of reach of the paging signals of SN Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The intruder poses as a man-in-the- middle and drops the user once the call is set-up Myagmar, Gupta UIUC 2001

References 3G TS 33.120 Security Principles and Objectives http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300.pdf 3G TS 33.120 Security Threats and Requirements http://www.arib.or.jp/IMT-2000/ARIB-spec/ARIB/21133-310.PDF Michael Walker “On the Security of 3GPP Networks” http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/mike_walker.pdf Redl, Weber, Oliphant “An Introduction to GSM” Artech House, 1995 Joachim Tisal “GSM Cellular Radio Telephony” John Wiley & Sons, 1997 Lauri Pesonen “GSM Interception” http://www.dia.unisa.it/ads.dir/corso-security/www/CORSO-9900/a5/Netsec/netsec.html 3G TR 33.900 A Guide to 3rd Generation Security ftp://ftp.3gpp.org/TSG_SA/WG3_Security/_Specs/33900-120.pdf 3G TS 33.102 Security Architecture ftp://ftp.3gpp.org/Specs/2000-12/R1999/33_series/33102-370.zip 3G TR 21.905 Vocabulary for 3GPP Specifications http://www.quintillion.co.jp/3GPP/Specs/21905-010.pdf Myagmar, Gupta UIUC 2001

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.