Your SlideShare is downloading. ×
0
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Presentation - PPT
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Presentation - PPT

3,638

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,638
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
143
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. GSM and UMTS Security Vishal Prajapati (08305030) Vishal Sevani (07405010) Om Pal (07405702) Sudhir Rana (05005002)
  • 2. GSM Security Architecture Home network Switching and routing Other Networks (GSM, fixed, Internet, etc.) Visited network HLR/AuC VLR SIM
  • 3. GSM Security Features <ul><li>Authentication </li></ul><ul><ul><li>network operator can verify the identity of the subscriber making it infeasible to clone someone else’s mobile phone </li></ul></ul><ul><li>Confidentiality </li></ul><ul><ul><li>protects voice, data and sensitive signalling information (e.g. dialled digits) against eavesdropping on the radio path </li></ul></ul><ul><li>Anonymity </li></ul><ul><ul><li>protects against someone tracking the location of the user or identifying calls made to or from the user by eavesdropping on the radio path </li></ul></ul>
  • 4. GSM Authentication Protocol RAND RES {RAND, XRES, Kc} Authentication Data Request RES = XRES? MSC or SGSN HLR/AuC SIM A3 A8 Ki RAND Kc Kc RES A3 A8 Ki RAND XRES
  • 5. Encryption in GSM
  • 6. GSM Encryption Principles <ul><li>Data on the radio path is encrypted between the Mobile Equipment (ME) and the Base Transceiver Station (BTS) </li></ul><ul><ul><li>protects user traffic and sensitive signalling data against eavesdropping </li></ul></ul><ul><ul><li>extends the influence of authentication to the entire duration of the call </li></ul></ul><ul><li>Uses the encryption key (Kc) derived during authentication </li></ul>
  • 7. GSM User Identity Confidentiality <ul><li>User identity confidentiality on the radio access link </li></ul><ul><ul><li>temporary identities (TMSIs) are allocated and used instead of permanent identities (IMSIs) </li></ul></ul><ul><li>Helps protect against: </li></ul><ul><ul><li>tracking a user’s location </li></ul></ul><ul><ul><li>obtaining information about a user’s calling pattern </li></ul></ul><ul><li>IMSI: International Mobile Subscriber Identity </li></ul><ul><li>TMSI: Temporary Mobile Subscriber Identity </li></ul>
  • 8. Specific GSM Security Problems <ul><li>The GSM cipher A5/2 </li></ul><ul><ul><li>A5/2 is now so weak that the cipher key can be discovered in near real time using a very small amount of known plaintext </li></ul></ul><ul><ul><li>Aim find the initial internal state of the registers. </li></ul></ul><ul><ul><ul><li>Each frame in - 4.615 ms </li></ul></ul></ul><ul><ul><ul><li>So 2^8 frames in a sec. </li></ul></ul></ul><ul><ul><ul><li>After finding the initial state go backward and can generate Kc </li></ul></ul></ul>
  • 9. <ul><li>False Base Station Attack(1) </li></ul><ul><li>Compromises User Identity Confidentiality </li></ul><ul><li>Force MS to send IMSI </li></ul><ul><li>Cipher mode fault </li></ul>
  • 10. <ul><li>False Base Station Attack(2) </li></ul><ul><li>Active attack </li></ul><ul><li>IDENTITY REQUEST </li></ul><ul><li>Compromises User Data Confidentiality </li></ul>Source: LiTH-ISY-EX-3559-2004
  • 11. Accessing Signaling network <ul><li>No requirement of decrypting skills </li></ul><ul><li>Need a instrument that captures microwave </li></ul><ul><li>Gains control of communication between MS and intended receiver </li></ul>
  • 12. UMTS Security Mechanisms
  • 13. Limitations of GSM Security <ul><ul><li>Design only provides access security - communications and signalling in the fixed network portion aren’t protected </li></ul></ul><ul><ul><li>Design does not address active attacks , whereby network elements may be impersonated </li></ul></ul><ul><ul><li>Design goal was only ever to be as secure as the fixed networks to which GSM systems connect </li></ul></ul><ul><ul><li>Short key size of Kc (64 bits) makes it more vulnerable to various attacks </li></ul></ul>
  • 14. Enhancements in UMTS vs GSM <ul><li>Mutual Authentication </li></ul><ul><ul><li>provides enhanced protection against false base station attacks by allowing the mobile to authenticate the network </li></ul></ul><ul><li>Data Integrity </li></ul><ul><ul><li>provides enhanced protection against false base station attacks by allowing the mobile to check the authenticity of certain signalling messages </li></ul></ul><ul><li>Network to Network Security </li></ul><ul><ul><li>Secure communication between serving networks. MAPSEC or IPsec can be used </li></ul></ul>
  • 15. UMTS Enhancements (contd) <ul><li>Wider Security Scope </li></ul><ul><ul><li>Security is based within the RNC rather than the base station </li></ul></ul><ul><li>Flexibility </li></ul><ul><ul><li>Security features can be extended and enhanced as required by new threats and services </li></ul></ul><ul><li>Longer Key Length </li></ul><ul><ul><li>Key length is 128 as against 64 bits in GSM </li></ul></ul>
  • 16. UMTS Radio Access Link Security HLR AuC Access Network (UTRAN) Visited Network User Equipment D RNC BTS USIM ME SGSN H MSC Home Network (2) Authentication (1) Distribution of authentication vectors (4) Protection of the access link (ME-RNC) (3) CK,IK (3) CK, IK MSC – circuit switched services SGSN – packet switched services
  • 17. Authentication and Key Agreement <ul><li>Mutual Authentication between user and the network </li></ul><ul><li>Establishes a cipher key and integrity key </li></ul><ul><li>Assures user that cipher/integrity keys were not used before, thereby providing protection against replay attacks </li></ul>
  • 18. Authentication and Key Agreement
  • 19. Authentication and Key Agreement
  • 20. UMTS Integrity Protection Principles <ul><li>Protection of some radio interface signalling </li></ul><ul><ul><li>protects against unauthorised modification, insertion and replay of messages </li></ul></ul><ul><ul><li>applies to security mode establishment and other critical signalling procedures </li></ul></ul><ul><li>Helps extend the influence of authentication when encryption is not applied </li></ul><ul><li>Uses the 128-bit integrity key (IK) derived during authentication </li></ul><ul><li>Integrity applied at the Radio Resource Control (RRC) layer of the UMTS radio protocol stack </li></ul><ul><ul><li>signalling traffic only </li></ul></ul>
  • 21. Integrity and authentication of origin of signalling data provided. The integrity algorithm (KASUMI) uses 128 bit key and generates 64 bit message authentication code. Integrity Check
  • 22. UMTS Encryption Principles <ul><li>Data on the radio path is encrypted between the Mobile Equipment (ME) and the Radio Network Controller (RNC) </li></ul><ul><ul><li>protects user traffic and sensitive signalling data against eavesdropping </li></ul></ul><ul><ul><li>extends the influence of authentication to the entire duration of the call </li></ul></ul><ul><li>Uses the 128-bit encryption key (CK) derived during authentication </li></ul>
  • 23. Encryption Signaling and user data protected from eavesdropping. Secret key, block cipher algorithm (KASUMI) uses 128 bit cipher key.
  • 24. Protection Against Active Attacks
  • 25. <ul><li>False Base Station Attack(1) </li></ul><ul><li>Compromises User Identity Confidentiality </li></ul><ul><li>Reason </li></ul><ul><li>No provision to ascertain the origin of information ie. lack of integrity check </li></ul>
  • 26. <ul><li>False Base Station Attack(2) </li></ul><ul><li>Exploits – user data confidentiality </li></ul><ul><li>Reason </li></ul><ul><li>No provision to ascertain the origin of information ie. lack of integrity check </li></ul>Source: LiTH-ISY-EX-3559-2004
  • 27. <ul><li>False Base Station Attack </li></ul><ul><li>Solution </li></ul><ul><li>Use of Integrity Check </li></ul><ul><li>After AKA SRNC sends integrity protected message containing security capabilities of the ME, which the mobile verifies to ensure there is no foul play </li></ul>
  • 28. Lack of Network Domain Security <ul><li>No security for communication between network elements in GSM </li></ul><ul><li>Easy to gain access to sensitive information such as Kc </li></ul><ul><li>Network Domain Security in UMTS foils these attacks </li></ul>
  • 29. Summary of UMTS Security <ul><ul><li>UMTS builds upon security mechanisms of GSM, and in addition provides following enhancements, </li></ul></ul><ul><ul><ul><li>Encryption terminates at the radio network controller </li></ul></ul></ul><ul><ul><ul><li>Mutual authentication and integrity protection of critical signalling procedures to give greater protection against false base station attacks </li></ul></ul></ul><ul><ul><ul><li>Longer key lengths (128-bit) </li></ul></ul></ul><ul><ul><ul><li>Network Domain Security using MAPSEC or IPSec </li></ul></ul></ul>
  • 30. References <ul><li>UMTS security, Boman, K. Horn, G. Howard, P. Niemi, V. Electronics & Communication Engineering Journal, Oct 2002, Volume: 14, Issue:5, pp. 191- 204 </li></ul><ul><li>&quot;Evaluation of UMTS security architecture and services“, A. Bais, W. Penzhorn, P. Palensky, Proceedings of the 4th IEEE International Conference on Industrial Informatics, p. 6, Singapore, 2006 </li></ul><ul><li>UMTS Security, Valtteri Niemi, Kaisa Nyberg, published by John Wiley and Sons, 2003 </li></ul><ul><li>GSM-Security: a Survey and Evaluation of the Current Situation, Paul Yousef, Master’s thesis, Linkoping Institute of Technology, March 2004 </li></ul><ul><li>GSM: Security, Services, and the SIM Klaus Vedder, LNCS 1528, pp. 224-240, Springer-Verlag 1998 </li></ul><ul><li>Instant ciphertext-only cryptanalysis of GSM encrypted communication, Elad Barkan, Eli Biham, Nathan Keller, Advances in Cryptology – CRYPTO 2003 </li></ul>

×