IWD2243 Wireless & Mobile Security Chapter 2 : Security in Traditional Wireless Network Prepared by : Zuraidy Adnan, FITM UNISEL1

2.1 Security in First Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL2  1G TWN – AMPS (Advanced Mobile Phone System)  Designed with very little security – no encryption  Can be intercept using police scanner  For authentication – MS send Electronic Serial Number (ESN) to the network  Net verifies valid ESN (clear text) – allows subscribers access network services.  Radio hobbyist – can eavesdrop & capture valid ESN and use it to commit fraud.  Security part been enhanced in 2G TWN

2.2 Security in 2nd Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL3  Move from analog to digital – design led to significant improvement in the security  Speech coding algorithm, Gaussian Minimum Shift Keying (GMSK), digital modulation, slow freq hopping, TDMA.  See figure 17.1 : GSM Architecture  Network beyond BTS (RBS) is controlled environment – since it was controlled by service provider  Access network (MS to BTS (RBS)) considered as hostile operating environment

2.2 Security in 2nd Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL4  Anonymity in GSM  ME switch on – identify itself to the network & requesting services from the network.  Location management using IMSI  Eavesdropper can capture IMSI over the air, since IMSI and subscriber identity need to be submitted in location mgmt.  Considered as security threat.  Anonymity feature – protect the subscriber against someone who knows the subscriber’s IMSI & try to trace subscribers location + identify call made to or from whom.  Using TMSI – still maintained in VLR/MSC – SIM authenticated with the network, network allocate TMSI to the subscriber.  For all communication with the SIM – used TMSI

2.2 Security in 2nd Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL5  Key establishment in GSM  Key establishment – used to establish some sort of a secret or key between two communicating parties.  GSM security model – uses a128-bit preshared secret key (Ki) for securing ME-to-BTS interface.  Each SIM is embedded with a unique Ki – information which been shared by SIM and the network.  Part of network which hold the unique Ki – AuC

2.2 Security in 2nd Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL6  Authentication in GSM  ME switch on – search for a wireless net to connect to by listening to a certain set of freq.  Found – ME-SIM sends a sign on message to the BTS (RBS) requesting for a network.  BTS contact MSC to decide whether or not to allow the ME- SIM access to the network.  MSC ask HLR to provide it with 5 sets of security triplets.  Sec triplets – 3 numbers – RAND (128bit random number), SRES (32bit signed response to the RAND generated using preshared Ki), and session key Kc (encryption key generated using Ki)

2.2 Security in 2nd Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL7  Authentication in GSM (cont.)  MSC pick one, and use it for current session.  RAND sent to the ME via BSC & BTS as a challenge.  ME expected to generate SRES to this RAND using A3 algorithm, Ki stored in its SIM.  SRES sent back to MSC via BTS & BSC.  MSC compares SRES received from ME with SRES from HLR.  Match – MSC safely deduce the ME-SIM has valid Ki. MSC allow ME to access the network.  If SRES do not match – would not allow ME to connect to the network.  See figure 17.2, 17.3 ; page 373.

2.2 Security in 2nd Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL8  Authentication in GSM (cont.)  GSM does not specify how BTS and BSC need to be connected & not specify how to secure it.  GSM authenticate the SIM, not the subscriber.  What happen if ME is stolen?  GSM core net maintain a database for all valid equipment (EIR).

2.2 Security in 2nd Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL9  Confidentiality in GSM  Session key Kc been used for providing confidentiality over the wireless ME-BTS interface – A5 algorithm.  A5 – Stream chiper – generates a unique key stream for every packet by using 64bit session key (Kc) and the sequence number of the frame as the input.  What’s wrong with GSM security?  No provision for any integrity protection.  Limited encryption scope.  The GSM chiper algorithm are not published along with GSM standard.

2.2 Security in 2nd Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL10  What’s wrong with GSM security? (cont.)  Algorithm used for encryption in ME-BTS is no longer secure.  One way authentication.  SIM cloning.

2.3 Security in 2.5 Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL11  Explosive growth of the Internet – Upgrade net to 2.5G to provide data services.  Connecting ME to the Internet  GPRS (General Packet Radio Services) – provide ME with data connectivity to various web servers  GSM – voice call – 1 timeslot  GSM – data – multiple timeslots, because the need of more bandwidth.  Interesting implications on the security architecture.

2.3 Security in 2.5 Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL12  WAP  GPRS provide layer 2 connectivity  Constraint for ME for using HTTP and HTML – bandwidth, memory, CPU, screen size.  Wireless Application Protocol (WAP) come in handy.  WAP – open spec that offers standard method to access internet based content and services from ME  Designed for minimizing bandwidth requirements  Information content formatted suitably for ME’s small screen, low bandwidth, high latency environment – WAE.

2.3 Security in 2.5 Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL13  WAP (cont.)  See figure 17.8 : WAP programming model  Client - embedded browser in ME. Server – normal web server  New entity – WAP gateway  Embedded browser request using URL – forwarded by WAP gateway and get info using HTTP & HTML format.  WAP gateway role – reformat the content from web server suitable for WAE transmission and ME display  Language used – WML  End-to-end security required. Using WTLS in WAP stack.  WTLS modeled along the lines of Secure Socket Layer (SSL)/Transport Layer Security (TLS).

2.3 Security in 2.5 Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL14  WAP (cont.)  TLS – designed for reliable transport layer (ie. TCP), while WTLS – operate for unreliable datagram transport.  WTLS protocol modified to cope with long roundtrip times and limited bandwidth availability.  WTLS optimized to operate with limited processing power and limited memory of ME.

2.3 Security in 2.5 Generation TWNs (cont.) Prepared by : Zuraidy Adnan, FITM UNISEL15  Code Security  Applets can be downloaded and can be executed inside ME.  Extremely important to ensure that the applets is not a malicious piece of code that can harm ME.  Its important to have applets been signed by CA.  If the subscriber trust the CA, can execute the applets.  In otherwise they can block the execution of the applets.

2.3 Security in 3 Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL16  Universal Mobile Telecommunications System (UMTS)  Designed using GSM security as a starting point – to ensure interoperability between both technologies.  Anonymity in UMTS  Builds on the concept of TMSI introduced by GSM.  UMTS architecture provides provisions for encrypting any signaling or subscriber data that might reveal subscriber’s identity.  TMSI located at VLR/MSC, IMSI-TMSI mapping maintain in VLR/MSC

2.3 Security in 3 Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL17  Key establishment in UMTS  No key establishment protocol, uses 128bit preshared secret key (Ki) between USIM and AuC.  Form the basis for all security in UMTS  Authentication in UMTS  Authentication follows GSM authentication model  Net authenticate USIM and USIM authenticates the network  See figure 17.10a : UMTS authentication, page 389  See figure 17.10b : UMTS authentication vector generation, page 390  See figure : UMTS response generation at USIM  Most provider used COMP128 algorithm for authentication protocol

2.3 Security in 3 Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL18  Confidentiality in UMTS  Use KASUMI encryption algorithm, 128bit session key CK.  More secure than A5 – GSM, longer key of encryption  See figure : UMTS encryption, page 392.  Parameters for f8 (algorithm) :  128bit CK  32bit Count-c – chipering sequence number  5bit Bearer – unique identifier for bearer chanel  1bit Direction – indicates the direction of transmission  16bit Length – indicates the length of key-stream block

2.3 Security in 3 Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL19  Confidentiality in UMTS (cont.)  The key stream XORed with plaintext = chipertext  At the receiving end, chipertext XORed with key stream = plaintext  UMTS security extends the encrypted interface from BTS back to the RNC

2.3 Security in 3 Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL20  Integrity protection in UMTS  Using integrity key – IK, derived using authentication process.  See figure : UMTS message integrity  Parameters in f9 (algorithm) :  128bit IK  32bit integrity sequence number  Message  Direction  32bit Fresh – perconnection nonce  Output, chipertext MAC-I  At the receiving end, the process repeated, XMAC-I  The receiver compares XMAC-I with MAC-I, so the receiver can deduce that the message was not tampered with.

2.3 Security in 3 Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL21  Putting the pieces together  See figure : UMTS Security – Overview, page 396.  Network Domain Security  Mobile Application Part (MAP), MAPSEC protocol – works at the app layer to protect MAP message cryptographically.  See figure : MAPSEC, page 399.  Key Administration Center (KAC) – establish security association (SA) with KAC network B.  Use Internet Key Exchange (IKE) protocol.  3 mode protection :- no protection, integrity protection only, integrity with confidentiality.

2.3 Security in 3 Generation TWNs Prepared by : Zuraidy Adnan, FITM UNISEL22  Network Domain Security (cont.)  Strongly influenced by IPSec protocol.  Instead having MAP in SS7 (MAPSEC), MAP over IP-based networks.  UMTS network designers model MAPSEC along IPSec lines.  See figure : MAP over IP-based networks, page 400.  KAC replaced by Security Gateway (SEG)  Establish SA with Network B, but not distribute SA’s to its Network Elements (NE)  It maintain database of established SAs and database that specify how and when SAs is going to be used.