Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Communications Mobile Security Fundamentals-3

Published bySuzan Abigail Kelly Modified over 5 years ago

Similar presentations

Presentation on theme: "Mobile Communications Mobile Security Fundamentals-3"— Presentation transcript:

1 Mobile Communications Mobile Security Fundamentals-3
– v4 W. Adi Lecture-8 Mobile Security Fundamentals-3

2 Advanced Encryption Standard
AES Advanced Encryption Standard Proposed for 3G Mobile Authentication Functions International Standard competition managed by NIST: US National Institute of Science and Technology AES Winner Algorithm: The Rijndael Block Cipher, Decision Oct. 2000

3 AES Round-3 Finalist Algorithms
(finalized in 2001) MARS : IBM (USA) RC : R. Rivest (MIT), creator of the widely used RC4 (USA) Twofish : Counterpane Internet Security, Inc. (USA) Serpent : Ross Anderson, Eli Biham and Lars Knudsen (USA) Rijndael: Designed by J. Daemen and V. Rijmen (Belgium) Joan Daemen (of Proton World International) Vincent Rijmen (of Katholieke Universiteit Leuven).

4 Rijndael: Basic concept
Key Key Expansion Round Keys K1 K2 ... K9 K10 X ... R1 R2 R9 R10 Y 10 Encryption Rounds R1 … R10

5 Rijndael: Basic Encryption Round Functions
Byte sub a3 .. a16 a1 a2 b16 b3 b2 b1 / 8 bits b = [M] a C The only non-linear mapping ! A is 4x32 bits Transposition B Mix column Linear mapping B = [C] A Round-Key Ki= 128 bits +

6 Security of AES/ Rijndael
Published to the scientific community 1998 Is still not broken !! - No proof that Rijndael can not be broken !!

7 Important Lessons in Security Business
2nd Generation security lessons Experts learned over the years that the only way to assure security is: follow an open design process encourage public scientific review Nobody is better than the rest of the research community.

8 New 3G Security Features 1/2
Network Authentication The user can provably identify the network Network Security Mechanisms to support security within and between networks Switch Based Security More secrecy switch based rather than only to base station IMEI Integrity Integrity mechanisms for IMEI provided from login Secure Services Protect against misuse of services provided by Service Network and Home Environment

9 New 3G Security Features 2/2
Secure Applications Provide security for applications resident on USIM Fraud Detection Mechanisms to combating fraud in roaming situations Flexibility Security features can be extended and enhanced as required by new threats and services Visibility and Configurability Users are notified whether security is on and what level of security is available. Users can configure security features for individual services Lawful Interception Mechanisms to provide authorized agencies with certain information about subscribers

10 3G User Confidentiality
Permanent user identity IMSI, user location, and user services cannot be determined by eavesdropping Achieved by use of temporary identity (TMSI) which is assigned by VLR (IMSI is sent in clear text when establishing TMSI) Network Mobile Visiting Location Register

11 Mutual Authentication Mechanism 1/2
During Authentication and Key Agreement (AKA) the user and network authenticate each other, and also they agree on cipher and integrity key (CK, IK). CK and IK are used until their time expires. Assumption: trusted HE and SN, and trusted links between them. After AKA, security mode must be negotiated to agree on encryption and integrity algorithm.

12 3G Mutual Authentication Mechanism 2/2
Generation of authentication data at “Mobile” site Generation of authentication data at “Home Network” site : Authentication Token AES K: subscriber seret key SQN: Seuence Number AK:Authentication Key CK:Cipher Key IK:Integrity Key MAC: Message Authentication Code

13 3G Data Integrity Mechanism
Integrity of data and source authentication of signaling data must be provided. The user and network agree on integrity key IK and algorithm during AKA and security mode set-up KASUMI Message authentic if equal

14 3G Data Encryption Mechanism
Data Confidentiality Signaling and user data should be protected from eavesdropping. The user and network agree on cipher key CK and algorithm during AKA and security mode set-up KASUMI

15 Problems with 3G Security
IMSI is sent in clear text when allocating TMSI to the user The transmission of IMEI is not protected; Equipment identity is still not secured A user can be brought to camp on a false BS. Once the user camps on the radio channels of a false BS, the user is out of reach of the paging signals of the network Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The intruder poses as a man-in-the-middle and drops the user once the call is set-up

16 Public Key Cryptography
Fundamentals of Public Key Cryptography Published 1976 by (Diffie &Hellman) at Stanford University Breakthrough: Proved for the first time that it is possible to share secrets without secret agreement Many 3G mobile security applications in user layer are expected to employ public key cryptography (Mobile Commerce, mobile IP applications ...)

17 Secret Key Cryptography
(Symmetric System) K-open = K-close - Open and close with the same key !! - Secret Key Agreement required

18 Public-Key Secrecy Systems
K-open K-secret - Open and close with different keys!! - No Secret Key Agreement required Two Major Schemes in Public Key Cryptography: Diffie-Hellman Public Key exchange scheme RSA public Key secrecy system

19 A B Public-Key Cryptography Breakthrough 1976
(Diffie-Hellman) Shared Secret without exchange of secrets “Mechanical Scenario” Open Register A B Secret key-A Secret key-B injection injection SHIELD ! Same thing ! Shared Secret

20 How to “publicly” hide (shield) a secret ?
shielded secret SHIELD = One Way Function ( commutative ! ) 6 9 How: 2 6 mod 11 = 9 log2 9 (mod 11) = 6 Discrete logarithm : no formula is known to compute log2 modulo 11 !

21 ( ) ( ) A B Example for Diffie-Hellman key exchange scheme 1976
Widely use in internet and banking ... Open Agreement and Register Shielding function is: y = (5 x) mod 7 A B Secret key-A= 3 K-open-A= 6 5 3 = 6 K-open-B= 3 5 5 = 3 Secret key-B= 5 ( ) 5 ( ) 3 5 3 5 5 5 5 3 Shield 5 3 6 5 5.3 5 3.5 ! same thing ! Z = 6

22 Basic Public Key Secrecy System (RSA system)
(Mechanical simulation: user B wants secured message from A) User A User B Public register Ko= Kc-1 close open ( )Kc (mod m) Kc M MKc.Ko = M (MKc)Ko Ko MKc

23 Mathematical Model of a Public-Key Crypto-system
(using asymmetric keys) Sender Receiver Y = E (Zp,X) X X Message Message E ( Zp,X ) D ( Zs,Y ) Channel Secret-Key Zs Public-Key Zp Public Directory Z.. Zp Z... Zs

24 Cryptographic Protocols No Key Cryptography : Shamir 3-Pass Protocol
User A User B A Pass 1 A B A A B A A A B Pass 2 A B A B B B A B Pass 3 B B

25 ( ) ( ) ( ) Omura-Massey Lock* for: Shamir’s 3-Pass Protocol User A
Secrecy without Authenticity User A User B p = large prime All computations modulo p Eb = secret key Db = Eb-1 Ea = secret key Da = Ea-1 Ea M ( ) Eb 1 = M Ea M Ea Eb M 2 Da ( ) Ea Eb Db ( ) 3 M Eb Eb M = M M * J.L. Massey & J. K. Omura, US Patent, 1986

26 Non-Perfect Secret Sharing
Secret 10100 10010 Part A Part B 10100 10010 Secret

27 Perfect Secret Sharing
Example: share the secret between users A and B 11101 Random BSS 10100 Secret 01001 User B + 11101 User A 10100 + 10100 + Common Secret

Download ppt "Mobile Communications Mobile Security Fundamentals-3"

Similar presentations

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Myagmar, Gupta UIUC 2001 1 3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
By Sean Fisk.  Not a new technology  Inherently insecure  In recent years, increased popularity.

By Sean Fisk.  Not a new technology  Inherently insecure  In recent years, increased popularity.
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.

GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
FORESEC Academy FORESEC Academy Security Essentials (IV)

FORESEC Academy FORESEC Academy Security Essentials (IV)
BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.

BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.
Chapter 21 Public-Key Cryptography and Message Authentication.

Chapter 21 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security (CS435) Part Eight (Key Management)

Cryptography and Network Security (CS435) Part Eight (Key Management)
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.

+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Cryptography issues – elliptic curves Presented by Tom Nykiel.

Cryptography issues – elliptic curves Presented by Tom Nykiel.

Similar presentations

Ads by Google