Upload
jeffrey-shepherd
View
223
Download
1
Tags:
Embed Size (px)
Citation preview
Cellular Network Security
Ryan Stepanek
Secure Systems Administration Spring 2011
A brief history of cellular networks Cellular networks have been deployed for the
last three decades
1G networks had maxspeeds of about 9.6 kbs [1]
As network technology evolved, two standards emerged: CDMA and GSM
Modern cellular networks operate in the third and fourth generation, reaching theoretical speeds up to 100 Mbit/s
Challenges of Cellular Networks Open Access Wireless – No physical connection
necessary! Bandwidth Limitations – Everyone has to share the
network. System Complexity – The larger the
implementation of the system the more difficult it is to maintain security.
Confidentiality – Private data needs to be encrypted.
Integrity – Must minimize data loss; more services being sent through the network.
Authentication With Other Networks – Companies need to play nice with each other.
Security Issue for Cellular Networks Operating systems on mobile devices –
Android, Windows, iPhone
Web services – Potential for abuse through the addition of new services; DOS.
Location Detection – Keep the location of the user private!
Spyware; malware – Phones and network may be vulnerable.
Phone OS by Market Share
Phone OS Market Share – US, UK, China
I-Security Mobile OS – left open to viruses and malware
Users can jailbreak and run their own code History of being slow to patch
SMS virus – over two months to patch! Spreading the virus required only the victims
phone number Spread through memory corruption in iPhone[6]
Potentially detrimental to host network Dangerously popular – In December 2009 AT&T
was forced to halt iPhone sales in New York[5] Can you hear me now? Network load became too
great for existing infrastructure
Blackberries Very good encryption
Causes conflicts with governments on the grounds of national security
i.e. India 2009[7] Relies on security through obscurity Vulnerable through third party apps
i.e. the Webkit browser was used at this year’s Pwn2Own hacking expo.[8]
Blackberry Enterprise Server(BES) Commonly used in business and government,
compromising the server could allow access to phone information
Fairly secure if configured correctly(EAL 4+)[10]
Android Open source
Incredibly threatening to network profit/security i.e. free WiFi tethering
Rooting Allows greater control over the phone Creates a natural conflict between the service
provider and customer Also increases vulnerability to viruses i.e. custom
ROMs will not receive updates from the service provider
Companies now actively trying to hinder rooting i.e. Motorola[8]
GSM vs CDMA GSM
More than 3.8 billion people worldwide Far more common outside of North America More than 89 percent of market share[4] More than more than 212 countries and territories[3] Interferes with some electronics
CDMA Transmits data signal modulated with
pseudorandom code Generally allows for larger transmission cells Allows users to share frequencies
3G – Network Components Radio Access Network
Towers Radio Network Controllers
Core Network Packet Switched Network Circuit Switched Network SGSN – Handles Access Control and Route
Management GGSN – Gateway to the Internet
3G – Implementation
Attacks on Cellular Neworks DOS/DDOS – Probably the most common.
iPhones Services and bandwidth usage seems to be
increasing faster than network infrastrucure More achievable now through infecting phones
Jamming Highly localized, similar in effect to DOS
Eavesdropping Man in the Middle attacks Session hijacking
3G - Defensive Measures Network Access Security
Utilizes secret keys and secret key ciphers to maintain confidentiality
Uses a temporary International Mobile User Identity to protect the user’s identity.
Challenge Response System Used when Authenticating Occurs when user first connects to network, when
the network receives a service request, when a location update is sent, on attach/detatch request, etc..[1]
3G-Integrity and Confidentiality Signaling communications between mobile
station and network F9 algorithm used to calculate 32-bit MAC-I for
data integrity then compared to a calculated XMAC-I
F8 used to keep data confidential, utilizes a cipher key that comes from the mobile device; output is then XORed with the original data stream
Both F8 and F9 rely on KASUMI cipher Based on feistel structure to create 64bit data
blocks and a 128 bit key
F8 – Confidentiality Algorithm
3G-Internet Security Wireless Application Protocol
Protocol that handles wireless devices connecting to the web
Independent of underlying OS WAP2 – puts devices into direct communication with
servers Uses layers similar to standard networks
IPv6 and IPv4 3G allows for circuit switched and packet switched
network nodes 4G is packet switched nodes only; completely IPv6
compatible
Cellular Network Security – Factors to Consider
Liability Quantity and nature of data Potential harm from data Lawsuits
Profits Bandwidth is not free Capability of devices vs. popularity of devices Risk for every network expansion
Sources [1] “Security in Wireless Cellular Networks” Gardezi, Ali.
http://docs.google.com/viewer?a=v&q=cache:mFeuQOB24gwJ:www1.cse.wustl.edu/~jain/cse574-06/ftp/cellular_security.pdf+cellular+network+security&hl=en&gl=us&pid=bl&srcid=ADGEESgk1O3TVCFitfU0KCDfZp2FIogPvw0bjkw767GFdWlAOyWm866YcuCt8IEn2uag617WAW0S32eIhFbaoMgQiJh_WJi5QYE2RIwkizPeTRzmsFcBNMtESgBQNA9NmF5VgqtrQBe0&sig=AHIEtbR683Y3fhGxdHQa47sZCueMwq3jsA
[2] “Exploiting Vulnerabilities and Security Mechanisms in Internet Based SMS Capable Cellular Networks” Azim, Akramul. http://docs.google.com/viewer?a=v&q=cache:AmTvXrmYVNoJ:citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.121.2158%26rep%3Drep1%26type%3Dpdf+cellular+network+security&hl=en&gl=us&pid=bl&srcid=ADGEESiJC2Zr-k8fOWOH70HSEDwahX_x1pJXZOS2AndHNcBqh0Qm3xcBlkqiVgOW0spQM0aqzoMxYkuThzhKiHCKxOa8nc8slQ_qDM1a5OQ_zO0qnBL3Y_9zylwEMLPYr8ORC5mXftkM&sig=AHIEtbQjQIcq5LnEbumpqWogCCN3u0uXVA
Sources - Countinued [3] “CDMA vs. GSM – Which One is the BestYou?”
http://www.cellutips.com/gsm-vs-cdma-which-one-is-the-best-for-you/ [4] “GSM: Global System for Mobile Communications”
http://www.3gamericas.org/index.cfm?fuseaction=page§ionid=242 [5] “AT&T apparently resumes online iPhone sales in New York City”
http://articles.cnn.com/2009-12-28/tech/iphone.sales.nyc_1_iphone-sales-online-sales-at-t-service?_s=PM:TECH
[6] “First iPhone Virus Found Using SMS Testing” http://ironmill.wordpress.com/2009/07/30/iphone-virus/
[7] “BlackBerry encryption 'too secure': National security vs. consumer privacy” http://www.zdnet.com/blog/igeneration/blackberry-encryption-too-secure-national-security-vs-consumer-privacy/5732
[8] “BlackBerry security breached at Pwn2Own 2011” http://crackberry.com/blackberry-security-breached-pwn2own-2011
[9] “Are the Days of Rooting Android Phones Coming to an End?” http://www.droid-life.com/2011/04/04/are-the-days-of-rooting-android-phones-coming-to-an-end/
[10] “Approvals and Certifications” http://us.blackberry.com/ataglance/security/certifications.jsp