Presentation - PPT
Upcoming SlideShare
Loading in...5
×
 

Presentation - PPT

on

  • 4,005 views

 

Statistics

Views

Total Views
4,005
Views on SlideShare
4,005
Embed Views
0

Actions

Likes
0
Downloads
124
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Presentation - PPT Presentation - PPT Presentation Transcript

  • GSM and UMTS Security Vishal Prajapati (08305030) Vishal Sevani (07405010) Om Pal (07405702) Sudhir Rana (05005002)
  • GSM Security Architecture Home network Switching and routing Other Networks (GSM, fixed, Internet, etc.) Visited network HLR/AuC VLR SIM
  • GSM Security Features
    • Authentication
      • network operator can verify the identity of the subscriber making it infeasible to clone someone else’s mobile phone
    • Confidentiality
      • protects voice, data and sensitive signalling information (e.g. dialled digits) against eavesdropping on the radio path
    • Anonymity
      • protects against someone tracking the location of the user or identifying calls made to or from the user by eavesdropping on the radio path
  • GSM Authentication Protocol RAND RES {RAND, XRES, Kc} Authentication Data Request RES = XRES? MSC or SGSN HLR/AuC SIM A3 A8 Ki RAND Kc Kc RES A3 A8 Ki RAND XRES
  • Encryption in GSM
  • GSM Encryption Principles
    • Data on the radio path is encrypted between the Mobile Equipment (ME) and the Base Transceiver Station (BTS)
      • protects user traffic and sensitive signalling data against eavesdropping
      • extends the influence of authentication to the entire duration of the call
    • Uses the encryption key (Kc) derived during authentication
  • GSM User Identity Confidentiality
    • User identity confidentiality on the radio access link
      • temporary identities (TMSIs) are allocated and used instead of permanent identities (IMSIs)
    • Helps protect against:
      • tracking a user’s location
      • obtaining information about a user’s calling pattern
    • IMSI: International Mobile Subscriber Identity
    • TMSI: Temporary Mobile Subscriber Identity
  • Specific GSM Security Problems
    • The GSM cipher A5/2
      • A5/2 is now so weak that the cipher key can be discovered in near real time using a very small amount of known plaintext
      • Aim find the initial internal state of the registers.
        • Each frame in - 4.615 ms
        • So 2^8 frames in a sec.
        • After finding the initial state go backward and can generate Kc
    • False Base Station Attack(1)
    • Compromises User Identity Confidentiality
    • Force MS to send IMSI
    • Cipher mode fault
    • False Base Station Attack(2)
    • Active attack
    • IDENTITY REQUEST
    • Compromises User Data Confidentiality
    Source: LiTH-ISY-EX-3559-2004
  • Accessing Signaling network
    • No requirement of decrypting skills
    • Need a instrument that captures microwave
    • Gains control of communication between MS and intended receiver
  • UMTS Security Mechanisms
  • Limitations of GSM Security
      • Design only provides access security - communications and signalling in the fixed network portion aren’t protected
      • Design does not address active attacks , whereby network elements may be impersonated
      • Design goal was only ever to be as secure as the fixed networks to which GSM systems connect
      • Short key size of Kc (64 bits) makes it more vulnerable to various attacks
  • Enhancements in UMTS vs GSM
    • Mutual Authentication
      • provides enhanced protection against false base station attacks by allowing the mobile to authenticate the network
    • Data Integrity
      • provides enhanced protection against false base station attacks by allowing the mobile to check the authenticity of certain signalling messages
    • Network to Network Security
      • Secure communication between serving networks. MAPSEC or IPsec can be used
  • UMTS Enhancements (contd)
    • Wider Security Scope
      • Security is based within the RNC rather than the base station
    • Flexibility
      • Security features can be extended and enhanced as required by new threats and services
    • Longer Key Length
      • Key length is 128 as against 64 bits in GSM
  • UMTS Radio Access Link Security HLR AuC Access Network (UTRAN) Visited Network User Equipment D RNC BTS USIM ME SGSN H MSC Home Network (2) Authentication (1) Distribution of authentication vectors (4) Protection of the access link (ME-RNC) (3) CK,IK (3) CK, IK MSC – circuit switched services SGSN – packet switched services
  • Authentication and Key Agreement
    • Mutual Authentication between user and the network
    • Establishes a cipher key and integrity key
    • Assures user that cipher/integrity keys were not used before, thereby providing protection against replay attacks
  • Authentication and Key Agreement
  • Authentication and Key Agreement
  • UMTS Integrity Protection Principles
    • Protection of some radio interface signalling
      • protects against unauthorised modification, insertion and replay of messages
      • applies to security mode establishment and other critical signalling procedures
    • Helps extend the influence of authentication when encryption is not applied
    • Uses the 128-bit integrity key (IK) derived during authentication
    • Integrity applied at the Radio Resource Control (RRC) layer of the UMTS radio protocol stack
      • signalling traffic only
  • Integrity and authentication of origin of signalling data provided. The integrity algorithm (KASUMI) uses 128 bit key and generates 64 bit message authentication code. Integrity Check
  • UMTS Encryption Principles
    • Data on the radio path is encrypted between the Mobile Equipment (ME) and the Radio Network Controller (RNC)
      • protects user traffic and sensitive signalling data against eavesdropping
      • extends the influence of authentication to the entire duration of the call
    • Uses the 128-bit encryption key (CK) derived during authentication
  • Encryption Signaling and user data protected from eavesdropping. Secret key, block cipher algorithm (KASUMI) uses 128 bit cipher key.
  • Protection Against Active Attacks
    • False Base Station Attack(1)
    • Compromises User Identity Confidentiality
    • Reason
    • No provision to ascertain the origin of information ie. lack of integrity check
    • False Base Station Attack(2)
    • Exploits – user data confidentiality
    • Reason
    • No provision to ascertain the origin of information ie. lack of integrity check
    Source: LiTH-ISY-EX-3559-2004
    • False Base Station Attack
    • Solution
    • Use of Integrity Check
    • After AKA SRNC sends integrity protected message containing security capabilities of the ME, which the mobile verifies to ensure there is no foul play
  • Lack of Network Domain Security
    • No security for communication between network elements in GSM
    • Easy to gain access to sensitive information such as Kc
    • Network Domain Security in UMTS foils these attacks
  • Summary of UMTS Security
      • UMTS builds upon security mechanisms of GSM, and in addition provides following enhancements,
        • Encryption terminates at the radio network controller
        • Mutual authentication and integrity protection of critical signalling procedures to give greater protection against false base station attacks
        • Longer key lengths (128-bit)
        • Network Domain Security using MAPSEC or IPSec
  • References
    • UMTS security, Boman, K. Horn, G. Howard, P. Niemi, V. Electronics & Communication Engineering Journal, Oct 2002, Volume: 14, Issue:5, pp. 191- 204
    • "Evaluation of UMTS security architecture and services“, A. Bais, W. Penzhorn, P. Palensky, Proceedings of the 4th IEEE International Conference on Industrial Informatics, p. 6, Singapore, 2006
    • UMTS Security, Valtteri Niemi, Kaisa Nyberg, published by John Wiley and Sons, 2003
    • GSM-Security: a Survey and Evaluation of the Current Situation, Paul Yousef, Master’s thesis, Linkoping Institute of Technology, March 2004
    • GSM: Security, Services, and the SIM Klaus Vedder, LNCS 1528, pp. 224-240, Springer-Verlag 1998
    • Instant ciphertext-only cryptanalysis of GSM encrypted communication, Elad Barkan, Eli Biham, Nathan Keller, Advances in Cryptology – CRYPTO 2003