Your SlideShare is downloading. ×
0
GSM and UMTS Security Vishal Prajapati (08305030) Vishal Sevani (07405010) Om Pal (07405702) Sudhir Rana (05005002)
GSM Security Architecture Home network Switching and routing Other Networks (GSM, fixed, Internet, etc.) Visited network H...
GSM Security Features <ul><li>Authentication </li></ul><ul><ul><li>network operator can verify the identity of the subscri...
GSM Authentication Protocol RAND RES {RAND, XRES, Kc}  Authentication Data Request RES = XRES? MSC or SGSN HLR/AuC SIM A3 ...
Encryption  in GSM
GSM Encryption Principles <ul><li>Data on the radio path is encrypted between the Mobile Equipment (ME) and the Base Trans...
GSM User Identity Confidentiality <ul><li>User identity confidentiality on the radio access link </li></ul><ul><ul><li>tem...
Specific GSM Security Problems  <ul><li>The GSM cipher A5/2 </li></ul><ul><ul><li>A5/2 is now so weak that the cipher key ...
<ul><li>False Base Station Attack(1) </li></ul><ul><li>Compromises User Identity Confidentiality </li></ul><ul><li>Force M...
<ul><li>False Base Station Attack(2) </li></ul><ul><li>Active attack </li></ul><ul><li>IDENTITY REQUEST </li></ul><ul><li>...
Accessing Signaling network <ul><li>No requirement of decrypting skills </li></ul><ul><li>Need a instrument that captures ...
UMTS Security Mechanisms
Limitations of GSM Security <ul><ul><li>Design only provides  access security  - communications and signalling in the fixe...
Enhancements in UMTS vs GSM <ul><li>Mutual Authentication </li></ul><ul><ul><li>provides enhanced protection against false...
UMTS Enhancements  (contd) <ul><li>Wider Security Scope </li></ul><ul><ul><li>Security is based within the RNC rather than...
UMTS Radio Access Link Security HLR AuC Access Network (UTRAN) Visited Network User Equipment D RNC BTS USIM ME SGSN H MSC...
Authentication and Key Agreement <ul><li>Mutual Authentication between user and the network </li></ul><ul><li>Establishes ...
Authentication and Key Agreement
Authentication and Key Agreement
UMTS Integrity Protection Principles <ul><li>Protection of some radio interface signalling </li></ul><ul><ul><li>protects ...
Integrity and authentication of origin of signalling data provided. The integrity algorithm (KASUMI) uses 128 bit key and ...
UMTS Encryption Principles <ul><li>Data on the radio path is encrypted between the Mobile Equipment (ME) and the Radio Net...
Encryption Signaling and user data protected from eavesdropping. Secret key, block cipher algorithm (KASUMI) uses 128 bit ...
Protection Against Active Attacks
<ul><li>False Base Station Attack(1) </li></ul><ul><li>Compromises User Identity Confidentiality </li></ul><ul><li>Reason ...
<ul><li>False Base Station Attack(2) </li></ul><ul><li>Exploits – user data confidentiality </li></ul><ul><li>Reason  </li...
<ul><li>False Base Station Attack </li></ul><ul><li>Solution </li></ul><ul><li>Use of Integrity Check </li></ul><ul><li>Af...
Lack of Network Domain Security <ul><li>No security for communication between network elements in GSM  </li></ul><ul><li>E...
Summary of UMTS Security <ul><ul><li>UMTS builds upon security mechanisms of GSM, and in addition provides following enhan...
References <ul><li>UMTS security, Boman, K. Horn, G. Howard, P. Niemi, V. Electronics & Communication Engineering Journal,...
Upcoming SlideShare
Loading in...5
×

Presentation - PPT

3,665

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,665
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
143
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Presentation - PPT"

  1. 1. GSM and UMTS Security Vishal Prajapati (08305030) Vishal Sevani (07405010) Om Pal (07405702) Sudhir Rana (05005002)
  2. 2. GSM Security Architecture Home network Switching and routing Other Networks (GSM, fixed, Internet, etc.) Visited network HLR/AuC VLR SIM
  3. 3. GSM Security Features <ul><li>Authentication </li></ul><ul><ul><li>network operator can verify the identity of the subscriber making it infeasible to clone someone else’s mobile phone </li></ul></ul><ul><li>Confidentiality </li></ul><ul><ul><li>protects voice, data and sensitive signalling information (e.g. dialled digits) against eavesdropping on the radio path </li></ul></ul><ul><li>Anonymity </li></ul><ul><ul><li>protects against someone tracking the location of the user or identifying calls made to or from the user by eavesdropping on the radio path </li></ul></ul>
  4. 4. GSM Authentication Protocol RAND RES {RAND, XRES, Kc} Authentication Data Request RES = XRES? MSC or SGSN HLR/AuC SIM A3 A8 Ki RAND Kc Kc RES A3 A8 Ki RAND XRES
  5. 5. Encryption in GSM
  6. 6. GSM Encryption Principles <ul><li>Data on the radio path is encrypted between the Mobile Equipment (ME) and the Base Transceiver Station (BTS) </li></ul><ul><ul><li>protects user traffic and sensitive signalling data against eavesdropping </li></ul></ul><ul><ul><li>extends the influence of authentication to the entire duration of the call </li></ul></ul><ul><li>Uses the encryption key (Kc) derived during authentication </li></ul>
  7. 7. GSM User Identity Confidentiality <ul><li>User identity confidentiality on the radio access link </li></ul><ul><ul><li>temporary identities (TMSIs) are allocated and used instead of permanent identities (IMSIs) </li></ul></ul><ul><li>Helps protect against: </li></ul><ul><ul><li>tracking a user’s location </li></ul></ul><ul><ul><li>obtaining information about a user’s calling pattern </li></ul></ul><ul><li>IMSI: International Mobile Subscriber Identity </li></ul><ul><li>TMSI: Temporary Mobile Subscriber Identity </li></ul>
  8. 8. Specific GSM Security Problems <ul><li>The GSM cipher A5/2 </li></ul><ul><ul><li>A5/2 is now so weak that the cipher key can be discovered in near real time using a very small amount of known plaintext </li></ul></ul><ul><ul><li>Aim find the initial internal state of the registers. </li></ul></ul><ul><ul><ul><li>Each frame in - 4.615 ms </li></ul></ul></ul><ul><ul><ul><li>So 2^8 frames in a sec. </li></ul></ul></ul><ul><ul><ul><li>After finding the initial state go backward and can generate Kc </li></ul></ul></ul>
  9. 9. <ul><li>False Base Station Attack(1) </li></ul><ul><li>Compromises User Identity Confidentiality </li></ul><ul><li>Force MS to send IMSI </li></ul><ul><li>Cipher mode fault </li></ul>
  10. 10. <ul><li>False Base Station Attack(2) </li></ul><ul><li>Active attack </li></ul><ul><li>IDENTITY REQUEST </li></ul><ul><li>Compromises User Data Confidentiality </li></ul>Source: LiTH-ISY-EX-3559-2004
  11. 11. Accessing Signaling network <ul><li>No requirement of decrypting skills </li></ul><ul><li>Need a instrument that captures microwave </li></ul><ul><li>Gains control of communication between MS and intended receiver </li></ul>
  12. 12. UMTS Security Mechanisms
  13. 13. Limitations of GSM Security <ul><ul><li>Design only provides access security - communications and signalling in the fixed network portion aren’t protected </li></ul></ul><ul><ul><li>Design does not address active attacks , whereby network elements may be impersonated </li></ul></ul><ul><ul><li>Design goal was only ever to be as secure as the fixed networks to which GSM systems connect </li></ul></ul><ul><ul><li>Short key size of Kc (64 bits) makes it more vulnerable to various attacks </li></ul></ul>
  14. 14. Enhancements in UMTS vs GSM <ul><li>Mutual Authentication </li></ul><ul><ul><li>provides enhanced protection against false base station attacks by allowing the mobile to authenticate the network </li></ul></ul><ul><li>Data Integrity </li></ul><ul><ul><li>provides enhanced protection against false base station attacks by allowing the mobile to check the authenticity of certain signalling messages </li></ul></ul><ul><li>Network to Network Security </li></ul><ul><ul><li>Secure communication between serving networks. MAPSEC or IPsec can be used </li></ul></ul>
  15. 15. UMTS Enhancements (contd) <ul><li>Wider Security Scope </li></ul><ul><ul><li>Security is based within the RNC rather than the base station </li></ul></ul><ul><li>Flexibility </li></ul><ul><ul><li>Security features can be extended and enhanced as required by new threats and services </li></ul></ul><ul><li>Longer Key Length </li></ul><ul><ul><li>Key length is 128 as against 64 bits in GSM </li></ul></ul>
  16. 16. UMTS Radio Access Link Security HLR AuC Access Network (UTRAN) Visited Network User Equipment D RNC BTS USIM ME SGSN H MSC Home Network (2) Authentication (1) Distribution of authentication vectors (4) Protection of the access link (ME-RNC) (3) CK,IK (3) CK, IK MSC – circuit switched services SGSN – packet switched services
  17. 17. Authentication and Key Agreement <ul><li>Mutual Authentication between user and the network </li></ul><ul><li>Establishes a cipher key and integrity key </li></ul><ul><li>Assures user that cipher/integrity keys were not used before, thereby providing protection against replay attacks </li></ul>
  18. 18. Authentication and Key Agreement
  19. 19. Authentication and Key Agreement
  20. 20. UMTS Integrity Protection Principles <ul><li>Protection of some radio interface signalling </li></ul><ul><ul><li>protects against unauthorised modification, insertion and replay of messages </li></ul></ul><ul><ul><li>applies to security mode establishment and other critical signalling procedures </li></ul></ul><ul><li>Helps extend the influence of authentication when encryption is not applied </li></ul><ul><li>Uses the 128-bit integrity key (IK) derived during authentication </li></ul><ul><li>Integrity applied at the Radio Resource Control (RRC) layer of the UMTS radio protocol stack </li></ul><ul><ul><li>signalling traffic only </li></ul></ul>
  21. 21. Integrity and authentication of origin of signalling data provided. The integrity algorithm (KASUMI) uses 128 bit key and generates 64 bit message authentication code. Integrity Check
  22. 22. UMTS Encryption Principles <ul><li>Data on the radio path is encrypted between the Mobile Equipment (ME) and the Radio Network Controller (RNC) </li></ul><ul><ul><li>protects user traffic and sensitive signalling data against eavesdropping </li></ul></ul><ul><ul><li>extends the influence of authentication to the entire duration of the call </li></ul></ul><ul><li>Uses the 128-bit encryption key (CK) derived during authentication </li></ul>
  23. 23. Encryption Signaling and user data protected from eavesdropping. Secret key, block cipher algorithm (KASUMI) uses 128 bit cipher key.
  24. 24. Protection Against Active Attacks
  25. 25. <ul><li>False Base Station Attack(1) </li></ul><ul><li>Compromises User Identity Confidentiality </li></ul><ul><li>Reason </li></ul><ul><li>No provision to ascertain the origin of information ie. lack of integrity check </li></ul>
  26. 26. <ul><li>False Base Station Attack(2) </li></ul><ul><li>Exploits – user data confidentiality </li></ul><ul><li>Reason </li></ul><ul><li>No provision to ascertain the origin of information ie. lack of integrity check </li></ul>Source: LiTH-ISY-EX-3559-2004
  27. 27. <ul><li>False Base Station Attack </li></ul><ul><li>Solution </li></ul><ul><li>Use of Integrity Check </li></ul><ul><li>After AKA SRNC sends integrity protected message containing security capabilities of the ME, which the mobile verifies to ensure there is no foul play </li></ul>
  28. 28. Lack of Network Domain Security <ul><li>No security for communication between network elements in GSM </li></ul><ul><li>Easy to gain access to sensitive information such as Kc </li></ul><ul><li>Network Domain Security in UMTS foils these attacks </li></ul>
  29. 29. Summary of UMTS Security <ul><ul><li>UMTS builds upon security mechanisms of GSM, and in addition provides following enhancements, </li></ul></ul><ul><ul><ul><li>Encryption terminates at the radio network controller </li></ul></ul></ul><ul><ul><ul><li>Mutual authentication and integrity protection of critical signalling procedures to give greater protection against false base station attacks </li></ul></ul></ul><ul><ul><ul><li>Longer key lengths (128-bit) </li></ul></ul></ul><ul><ul><ul><li>Network Domain Security using MAPSEC or IPSec </li></ul></ul></ul>
  30. 30. References <ul><li>UMTS security, Boman, K. Horn, G. Howard, P. Niemi, V. Electronics & Communication Engineering Journal, Oct 2002, Volume: 14, Issue:5, pp. 191- 204 </li></ul><ul><li>&quot;Evaluation of UMTS security architecture and services“, A. Bais, W. Penzhorn, P. Palensky, Proceedings of the 4th IEEE International Conference on Industrial Informatics, p. 6, Singapore, 2006 </li></ul><ul><li>UMTS Security, Valtteri Niemi, Kaisa Nyberg, published by John Wiley and Sons, 2003 </li></ul><ul><li>GSM-Security: a Survey and Evaluation of the Current Situation, Paul Yousef, Master’s thesis, Linkoping Institute of Technology, March 2004 </li></ul><ul><li>GSM: Security, Services, and the SIM Klaus Vedder, LNCS 1528, pp. 224-240, Springer-Verlag 1998 </li></ul><ul><li>Instant ciphertext-only cryptanalysis of GSM encrypted communication, Elad Barkan, Eli Biham, Nathan Keller, Advances in Cryptology – CRYPTO 2003 </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×