Security in Wide Area Networks
Basic Idea Currently, the only technology that provides this type of coverage is satellite and cell phones. Although satellite technology provides truly global coverage, the current cost makes it impractical for common use. Cell phone technology, on the other hand, is practically ubiquitous and much more affordable 10/20/2019
High redundancy allows voice quality to be maintained. Low-power cells share frequencies and use spread-spectrum technology allowing multiple users per channel per cell. High redundancy allows voice quality to be maintained. Handoffs from one cell to another occur as the mobile unit passes out of one cell’s coverage area and into another’s. (Actually, multiple base stations are received at once, and the strongest is used.) While many locations have poor or no coverage, cellular wireless networks provide the closest approximation to ubiquitous connectivity this side of satellite phones. 10/20/2019
Initially, cellular networks just carried voice. The next step was to use these networks to carry data to provide Internet connectivity through the cell phone. 10/20/2019
digital data over a cellular network. 10/20/2019
efficient way to send digital data over a cellular network. 10/20/2019
CDMA CMDA is a spread-spectrum technique. The transmitter uses a code, shared by both endpoints, to send each bit of data across a large frequency range. The receiver uses the code to reconstruct the original data from the spread-spectrum signal. This frequency-spreading technique makes it very difficult to intercept the signal unless the code is known. While CDMA had been developed originally for military applications, its commercial goal was its larger capacity over TDMA-based systems rather than security. CDMA’s relatively strong security property comes from the low probability of interception (LPI) of the data because of the encoding used for spread spectrum as compared with GSM’s weak(er) encryption of its data [CDMA]. 10/20/2019
GSM Global systems for mobile communication (GSM) is one type of cellular phone network, and it has security mechanisms that provide authentication and encryption. GSM is based on TDMA; thus, intercepting the signals is much easier than in CDMA. Therefore, GSM has separate security mechanisms to encrypt the data it transmits. 10/20/2019
GSM provides mechanisms for authentication and encryption. GSM security mechanisms are based on a shared secret between the home location register (HLR) and the subscriber identity module (SIM)—in other words, the security modules in the phone and the central station. A subscriber identity module is a removable hardware device that provides security, is managed by network operators, and is independent of the terminal device in which it resides. GSM provides mechanisms for authentication and encryption. 10/20/2019
GSM authentication 10/20/2019
The shared secret Ki is a 128-bit key The shared secret Ki is a 128-bit key. Authentication is performed when the HLR or base station sends a 128-bit random number called a challenge to the mobile station (MS), i.e., the phone. The MS calculates the response, a 32-bit signed response (SRES), by using the A3 algorithm feeding the challenge and the shared secret as input. The base station then compares the SRES received from the MS with the expected value. 10/20/2019
GSM encryption 10/20/2019
The MS and base station use a 64-bit session key Kc for data encryption of the over-the-air channel. They calculate Kc by using Ki and a 128-bit random number, which are the same numbers used to calculate the SRES. Instead of using the A8 algorithm as was originally specified, however, most manufacturers use the A3 algorithm to calculate Kc as well. This is done to reduce the number of cryptographic algorithms to encode in the telephone firmware. 10/20/2019
The session key is not used to encrypt the data directly. Instead, it is used to generate the key stream that encrypts the data. Basic stream encryption algorithm works by XORing the Data stream with a key stream generated by a pseudorandom-number generator (PRNG) provided with an initial seed. In this case, the seed is Kc, and the PRNG is the A5 algorithm. Actually, the seed is Kc and the frame number. 10/20/2019
Problems with GSM Security Session life The first problem is the long life of authenticated sessions. While the mobile station may be requested to reauthenticate at the beginning of each call, typically this is not done. This means that the same session key Kc is used for days. The longer a session key is used, the weaker it becomes. 10/20/2019
Weak encryption algorithm Traffic is encrypted via the A5 algorithm only over the air between the mobile and base stations. The data are decrypted when they arrive at the base station and are sent from the base station to the operator’s backbone network in plaintext. Almost all GSM implementations use the COMP-128 algorithm for both A3 and A8 algorithms 10/20/2019
Encryption between mobile host and base station only. Limits to the secret key Other problems There are several other GSM problems. No data integrity algorithm is used; therefore, data could be modified and the receiver could not detect it. Authentication is performed in only one direction, from the user to the network. No mechanism exists to identify the network to the user. Also, there is no indication to the user that encryption is being used. 10/20/2019
3G 3G security is based on GSM but is designed to fix its shortcomings. The security mechanisms of 3G provide authentication, confidentiality, and encryption. 10/20/2019
Authentication GSM authentication provides protection from unauthorized service access and is based on the A3 algorithm, which is known to have limitations. Encryption is used to protect both the user data and the signaling data. The A8 and A5 algorithms are used but are not strong enough. 10/20/2019
Confidentiality Confidentiality is provided by identifying users with a permanent identity, called the international mobile subscriber identity (IMSI) and a temporary mobile subscriber identity (TMSI). Transmission of the IMSI is not protected; it is sent as plaintext. Therefore, a more secure mechanism is needed. The user and network agree on the cipher key and algorithm during the AKA phase. 10/20/2019
Attacker Capabilities In order to perform an attack, an attacker must have one or more of the following capabilities: eavesdropping, impersonation of a user, impersonation of a network, “man in the middle,” or compromising authentication vectors in the network. 10/20/2019
Eavesdropping. This capability allows the intruder to receive signaling, data, and control information associated with other users. This requires a modified mobile station. Impersonation of a user. This capability allows the intruder to send signaling, control, and data information such that it appears to originate from a different user. This requires a modified mobile station. 10/20/2019
“Man in the middle.” This capability allows the intruder to place himself between the target user and the network. Being a “man in the middle” allows the intruder to eavesdrop, modify, delete, reorder, replay, and fake signaling, control, and data messages between the user and the network. This requires a modified base station in conjunction with a modified mobile station. 10/20/2019
Impersonation of a network Impersonation of a network. This capability allows the intruder to send signaling, control, and data information such that it appears to originate from a different network or system component. This requires a modified base station. 10/20/2019