gsmsso.ppt

661 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
661
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

gsmsso.ppt

  1. 1. Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell
  2. 2. Agenda <ul><ul><li>Introduction to SSO. </li></ul></ul><ul><ul><li>Review of GSM security. </li></ul></ul><ul><ul><li>How to SSO using GSM. </li></ul></ul><ul><ul><li>Some Attacks. </li></ul></ul><ul><ul><li>Conclusions. </li></ul></ul>
  3. 3. Agenda <ul><ul><li>Introduction to SSO. </li></ul></ul><ul><ul><li>Review of GSM security. </li></ul></ul><ul><ul><li>How to SSO using GSM. </li></ul></ul><ul><ul><li>Some Attacks. </li></ul></ul><ul><ul><li>Conclusions. </li></ul></ul>
  4. 4. Why do we need SSO ? <ul><li>Current Situation: </li></ul><ul><li>Network users interact with multiple service providers. </li></ul>
  5. 5. Why do we need SSO ? <ul><li>Problems: </li></ul><ul><li>Usability, security, privacy… </li></ul>
  6. 6. What is SSO ? <ul><li>A mechanism that allows users to authenticate themselves to multiple service providers, using only one identity. </li></ul>
  7. 7. SSO – How ? <ul><li>Establish trust relationships, common security infrastructure (e.g. PKI), sign contractual agreements… </li></ul>
  8. 8. SSO – some examples <ul><li>Kerberos </li></ul><ul><ul><ul><li>TTP = Kerberos server </li></ul></ul></ul><ul><ul><ul><li>1) Authenticates user (password), issues “ticket”. </li></ul></ul></ul><ul><ul><ul><li>2) User shows ticket to service provider. </li></ul></ul></ul><ul><li>Microsoft Passport </li></ul><ul><ul><ul><li>TTP = www.passport.com </li></ul></ul></ul><ul><ul><ul><li>1) Authenticates user (password), installs encrypted cookie. </li></ul></ul></ul><ul><ul><ul><li>2) Service Provider reads the cookie. </li></ul></ul></ul><ul><li>Liberty Alliance </li></ul><ul><ul><ul><li>TTP = “Identity Provider” </li></ul></ul></ul><ul><ul><ul><li>1) Authenticates user, issues “assertion” (XML). </li></ul></ul></ul><ul><ul><ul><li>2) Assertion is shown to service provider. </li></ul></ul></ul>
  9. 9. Agenda <ul><ul><li>Introduction to SSO. </li></ul></ul><ul><ul><li>Review of GSM security. </li></ul></ul><ul><ul><li>How to SSO using GSM. </li></ul></ul><ul><ul><li>Some Attacks. </li></ul></ul><ul><ul><li>Conclusions. </li></ul></ul>
  10. 10. Review of GSM Security
  11. 11. Review of GSM Security
  12. 12. Review of GSM Security
  13. 13. Review of GSM Security
  14. 14. Review of GSM Security
  15. 15. Review of GSM Security
  16. 16. Review of GSM Security
  17. 17. Review of GSM Security
  18. 18. Review of GSM Security
  19. 19. Review of GSM Security Encrypted under K c If the visited network can decrypt, then the SIM is authentic (IMSI matches K i )
  20. 20. Agenda <ul><ul><li>Introduction to SSO. </li></ul></ul><ul><ul><li>Review of GSM security. </li></ul></ul><ul><ul><li>How to SSO using GSM. </li></ul></ul><ul><ul><li>Some Attacks. </li></ul></ul><ul><ul><li>Conclusions. </li></ul></ul>
  21. 21. Architecture - before
  22. 22. Architecture – after (1)
  23. 23. Architecture – after (2)
  24. 24. Architecture
  25. 25. Architecture Service providers form trust relationships with the home network.
  26. 26. Architecture Singe Sign-On using SIM (IMSI) !
  27. 27. SSO Protocol
  28. 28. SSO Protocol
  29. 29. SSO Protocol
  30. 30. SSO Protocol
  31. 31. SSO Protocol
  32. 32. SSO Protocol
  33. 33. SSO Protocol
  34. 34. SSO Protocol
  35. 35. SSO Protocol
  36. 36. Agenda <ul><ul><li>Introduction to SSO. </li></ul></ul><ul><ul><li>Review of GSM security. </li></ul></ul><ul><ul><li>How to SSO using GSM. </li></ul></ul><ul><ul><li>Some Attacks. </li></ul></ul><ul><ul><li>Conclusions. </li></ul></ul>
  37. 37. Replay Attack Attacker could capture this message and replay it later in order to impersonate the user identified by the IMSI.
  38. 38. Replay Attack At the time of replay another RAND will be selected by the service provider and the protocol will fail. fresh ! old ! X
  39. 39. Reflection Attack The service provider SP “A” is malicious . It wants to impersonate the user to SP “B”.
  40. 40. Reflection Attack
  41. 41. Reflection Attack
  42. 42. Reflection Attack
  43. 43. Reflection Attack
  44. 44. Reflection Attack
  45. 45. Reflection Attack
  46. 46. Reflection Attack X
  47. 47. Other Attacks <ul><li>SIM theft / cloning </li></ul><ul><ul><li>SIM PIN is optional! </li></ul></ul><ul><ul><li>Need two-factor user authentication. </li></ul></ul><ul><li>Home network server is SPoF </li></ul><ul><ul><li>Vulnerable to DoS attack. </li></ul></ul><ul><ul><li>It is assumed that it is well-protected. </li></ul></ul><ul><li>Attacks on the SP-home network link </li></ul><ul><ul><li>Link must be integrity-protected and encrypted. </li></ul></ul><ul><ul><li>SSL/TLS, VPN, IPSec, etc… </li></ul></ul>
  48. 48. Agenda <ul><ul><li>Introduction to SSO. </li></ul></ul><ul><ul><li>Review of GSM security. </li></ul></ul><ul><ul><li>How to SSO using GSM. </li></ul></ul><ul><ul><li>Some Attacks. </li></ul></ul><ul><ul><li>Conclusions. </li></ul></ul>
  49. 49. Advantages <ul><li>no user interaction is required. </li></ul><ul><li>protocol can be repeated many times. </li></ul><ul><li>simple single logoff. </li></ul><ul><li>no sensitive information is sent. </li></ul><ul><li>no major computational overheads. </li></ul><ul><li>no changes in deployed GSM infrastructure. </li></ul><ul><li>fraud management extends to SSO. </li></ul><ul><li>can easily be extended to enable LBS. </li></ul>
  50. 50. Disadvantages <ul><li>works only for GSM subscribers. </li></ul><ul><li>global identifier (IMSI). </li></ul><ul><li>might incur costs for service providers. </li></ul>
  51. 51. Extension for UMTS
  52. 52. Thanks! Questions?

×