View
32
Download
0
Category
Tags:
Preview:
DESCRIPTION
IWD2243 Wireless & Mobile Security. Chapter 2 : Security in Traditional Wireless Network. 2.1 Security in First Generation TWNs. 1G TWN – AMPS (Advanced Mobile Phone System) Designed with very little security – no encryption Can be intercept using police scanner - PowerPoint PPT Presentation
Citation preview
Prepared by : Zuraidy Adnan, FITM UNISEL
1
IWD2243Wireless & Mobile Security
Chapter 2 : Security in Traditional Wireless Network
Prepared by : Zuraidy Adnan, FITM UNISEL
2
2.1 Security in First Generation TWNs 1G TWN – AMPS (Advanced Mobile Phone
System) Designed with very little security – no
encryption Can be intercept using police scanner For authentication – MS send Electronic Serial
Number (ESN) to the network Net verifies valid ESN (clear text) – allows
subscribers access network services. Radio hobbyist – can eavesdrop & capture valid
ESN and use it to commit fraud. Security part been enhanced in 2G TWN
Prepared by : Zuraidy Adnan, FITM UNISEL
3
2.2 Security in 2nd Generation TWNs Move from analog to digital – design led to
significant improvement in the security Speech coding algorithm, Gaussian Minimum
Shift Keying (GMSK), digital modulation, slow freq hopping, TDMA.
See figure 17.1 : GSM Architecture Network beyond BTS (RBS) is controlled
environment – since it was controlled by service provider
Access network (MS to BTS (RBS)) considered as hostile operating environment
Prepared by : Zuraidy Adnan, FITM UNISEL
4
2.2 Security in 2nd Generation TWNs (cont.) Anonymity in GSM
ME switch on – identify itself to the network & requesting services from the network.
Location management using IMSI Eavesdropper can capture IMSI over the air, since IMSI and
subscriber identity need to be submitted in location mgmt. Considered as security threat. Anonymity feature – protect the subscriber against someone
who knows the subscriber’s IMSI & try to trace subscribers location + identify call made to or from whom.
Using TMSI – still maintained in VLR/MSC – SIM authenticated with the network, network allocate TMSI to the subscriber.
For all communication with the SIM – used TMSI
Prepared by : Zuraidy Adnan, FITM UNISEL
5
2.2 Security in 2nd Generation TWNs (cont.) Key establishment in GSM
Key establishment – used to establish some sort of a secret or key between two communicating parties.
GSM security model – uses a128-bit preshared secret key (Ki) for securing ME-to-BTS interface.
Each SIM is embedded with a unique Ki – information which been shared by SIM and the network.
Part of network which hold the unique Ki – AuC
Prepared by : Zuraidy Adnan, FITM UNISEL
6
2.2 Security in 2nd Generation TWNs (cont.) Authentication in GSM
ME switch on – search for a wireless net to connect to by listening to a certain set of freq.
Found – ME-SIM sends a sign on message to the BTS (RBS) requesting for a network.
BTS contact MSC to decide whether or not to allow the ME-SIM access to the network.
MSC ask HLR to provide it with 5 sets of security triplets.
Sec triplets – 3 numbers – RAND (128bit random number), SRES (32bit signed response to the RAND generated using preshared Ki), and session key Kc (encryption key generated using Ki)
Prepared by : Zuraidy Adnan, FITM UNISEL
7
2.2 Security in 2nd Generation TWNs (cont.) Authentication in GSM (cont.)
MSC pick one, and use it for current session. RAND sent to the ME via BSC & BTS as a challenge. ME expected to generate SRES to this RAND using A3
algorithm, Ki stored in its SIM. SRES sent back to MSC via BTS & BSC. MSC compares SRES received from ME with SRES
from HLR. Match – MSC safely deduce the ME-SIM has valid Ki.
MSC allow ME to access the network. If SRES do not match – would not allow ME to connect
to the network. See figure 17.2, 17.3 ; page 373.
Prepared by : Zuraidy Adnan, FITM UNISEL
8
2.2 Security in 2nd Generation TWNs (cont.) Authentication in GSM (cont.)
GSM does not specify how BTS and BSC need to be connected & not specify how to secure it.
GSM authenticate the SIM, not the subscriber. What happen if ME is stolen? GSM core net maintain a database for all valid
equipment (EIR).
Prepared by : Zuraidy Adnan, FITM UNISEL
9
2.2 Security in 2nd Generation TWNs (cont.) Confidentiality in GSM
Session key Kc been used for providing confidentiality over the wireless ME-BTS interface – A5 algorithm.
A5 – Stream chiper – generates a unique key stream for every packet by using 64bit session key (Kc) and the sequence number of the frame as the input.
What’s wrong with GSM security? No provision for any integrity protection. Limited encryption scope. The GSM chiper algorithm are not published along
with GSM standard.
Prepared by : Zuraidy Adnan, FITM UNISEL
10
2.2 Security in 2nd Generation TWNs (cont.) What’s wrong with GSM security? (cont.)
Algorithm used for encryption in ME-BTS is no longer secure.
One way authentication. SIM cloning.
Prepared by : Zuraidy Adnan, FITM UNISEL
11
2.3 Security in 2.5 Generation TWNs Explosive growth of the Internet – Upgrade net
to 2.5G to provide data services. Connecting ME to the Internet GPRS (General Packet Radio Services) –
provide ME with data connectivity to various web servers
GSM – voice call – 1 timeslot GSM – data – multiple timeslots, because the
need of more bandwidth. Interesting implications on the security
architecture.
Prepared by : Zuraidy Adnan, FITM UNISEL
12
2.3 Security in 2.5 Generation TWNs (cont.) WAP
GPRS provide layer 2 connectivity Constraint for ME for using HTTP and HTML –
bandwidth, memory, CPU, screen size. Wireless Application Protocol (WAP) come in
handy. WAP – open spec that offers standard method to
access internet based content and services from ME
Designed for minimizing bandwidth requirements Information content formatted suitably for ME’s
small screen, low bandwidth, high latency environment – WAE.
Prepared by : Zuraidy Adnan, FITM UNISEL
13
2.3 Security in 2.5 Generation TWNs (cont.) WAP (cont.)
See figure 17.8 : WAP programming model Client - embedded browser in ME. Server – normal web
server New entity – WAP gateway Embedded browser request using URL – forwarded by
WAP gateway and get info using HTTP & HTML format. WAP gateway role – reformat the content from web
server suitable for WAE transmission and ME display Language used – WML End-to-end security required. Using WTLS in WAP stack. WTLS modeled along the lines of Secure Socket Layer
(SSL)/Transport Layer Security (TLS).
Prepared by : Zuraidy Adnan, FITM UNISEL
14
2.3 Security in 2.5 Generation TWNs (cont.) WAP (cont.)
TLS – designed for reliable transport layer (ie. TCP), while WTLS – operate for unreliable datagram transport.
WTLS protocol modified to cope with long roundtrip times and limited bandwidth availability.
WTLS optimized to operate with limited processing power and limited memory of ME.
Prepared by : Zuraidy Adnan, FITM UNISEL
15
2.3 Security in 2.5 Generation TWNs (cont.) Code Security
Applets can be downloaded and can be executed inside ME.
Extremely important to ensure that the applets is not a malicious piece of code that can harm ME.
Its important to have applets been signed by CA. If the subscriber trust the CA, can execute the
applets. In otherwise they can block the execution of the
applets.
Prepared by : Zuraidy Adnan, FITM UNISEL
16
2.3 Security in 3 Generation TWNs Universal Mobile Telecommunications System
(UMTS) Designed using GSM security as a starting
point – to ensure interoperability between both technologies.
Anonymity in UMTS Builds on the concept of TMSI introduced by GSM. UMTS architecture provides provisions for
encrypting any signaling or subscriber data that might reveal subscriber’s identity.
TMSI located at VLR/MSC, IMSI-TMSI mapping maintain in VLR/MSC
Prepared by : Zuraidy Adnan, FITM UNISEL
17
2.3 Security in 3 Generation TWNs Key establishment in UMTS
No key establishment protocol, uses 128bit preshared secret key (Ki) between USIM and AuC.
Form the basis for all security in UMTS Authentication in UMTS
Authentication follows GSM authentication model Net authenticate USIM and USIM authenticates the
network See figure 17.10a : UMTS authentication, page 389 See figure 17.10b : UMTS authentication vector
generation, page 390 See figure 17.11 : UMTS response generation at USIM Most provider used COMP128 algorithm for authentication
protocol
Prepared by : Zuraidy Adnan, FITM UNISEL
18
2.3 Security in 3 Generation TWNs Confidentiality in UMTS
Use KASUMI encryption algorithm, 128bit session key CK.
More secure than A5 – GSM, longer key of encryption
See figure 17.12 : UMTS encryption, page 392. Parameters for f8 (algorithm) :
128bit CK 32bit Count-c – chipering sequence number 5bit Bearer – unique identifier for bearer chanel 1bit Direction – indicates the direction of transmission 16bit Length – indicates the length of key-stream block
Prepared by : Zuraidy Adnan, FITM UNISEL
19
2.3 Security in 3 Generation TWNs Confidentiality in UMTS (cont.)
The key stream XORed with plaintext = chipertext At the receiving end, chipertext XORed with key
stream = plaintext UMTS security extends the encrypted interface
from BTS back to the RNC
Prepared by : Zuraidy Adnan, FITM UNISEL
20
2.3 Security in 3 Generation TWNs Integrity protection in UMTS
Using integrity key – IK, derived using authentication process.
See figure 17.13 : UMTS message integrity Parameters in f9 (algorithm) :
128bit IK 32bit integrity sequence number Message Direction 32bit Fresh – perconnection nonce
Output, chipertext MAC-I At the receiving end, the process repeated, XMAC-I The receiver compares XMAC-I with MAC-I, so the receiver
can deduce that the message was not tampered with.
Prepared by : Zuraidy Adnan, FITM UNISEL
21
2.3 Security in 3 Generation TWNs Putting the pieces together
See figure 17.14 : UMTS Security – Overview, page 396.
Network Domain Security Mobile Application Part (MAP), MAPSEC protocol –
works at the app layer to protect MAP message cryptographically.
See figure 17.15 : MAPSEC, page 399. Key Administration Center (KAC) – establish security
association (SA) with KAC network B. Use Internet Key Exchange (IKE) protocol. 3 mode protection :- no protection, integrity
protection only, integrity with confidentiality.
Prepared by : Zuraidy Adnan, FITM UNISEL
22
2.3 Security in 3 Generation TWNs Network Domain Security (cont.)
Strongly influenced by IPSec protocol. Instead having MAP in SS7 (MAPSEC), MAP over IP-
based networks. UMTS network designers model MAPSEC along IPSec
lines. See figure 17.16 : MAP over IP-based networks, page
400. KAC replaced by Security Gateway (SEG) Establish SA with Network B, but not distribute SA’s
to its Network Elements (NE) It maintain database of established SAs and database
that specify how and when SAs is going to be used.
Recommended