Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
GSM SECURITY 101
AN OVERVIEW OF ITS SECURITY
AGENDA
 Brief introduction to GSM
 GSM Architecture
 Attacks andThreats on GSM networks
 Types of Attacks against Mobi...
GSM: INTRODUCTION
 GSM is the most widely used cellular standard
 Over 3.6 billion users, mostly in Europe and Asia
 Ba...
GSM ARCHITECTURE
GSM DATA
 Initially designed to carry voice traffic
 Data connections initially 9600 bps
 No need for modems as there i...
AUTHENTICATION
The authentication procedure checks the validity of the subscriber’s SIM card and then decides whether the ...
GSM ALGORITHMS
A consequence of international roaming is the exchange of information between providers in different countr...
ATTACKS AND THREATS ON GSM NETWORKS
LOW-TECH FRAUD
 Call forwarding to premium rate numbers
 Bogus registration details
 Roaming fraud
 Terminal theft
 M...
COUNTERMEASURES FOR LOW-TECH FRAUD
Fraud Management systems look for:
 Multiple calls at the same time,
 Large variation...
ATTACKS ON GSM NETWORKS
 Eavesdropping.This is the capability that the intruder eavesdrops signalling and data connection...
ATTACKS ON GSM NETWORKS
 Man-in-the-middle.This is the capability whereby the intruder puts itself in between the target ...
DE-REGISTRATION SPOOFING
 An attack that requires a modified MS and exploits the weakness that the network cannot authent...
LOCATION UPDATE SPOOFING
 An attack that requires a modified MS and exploits the weakness that the network cannot authent...
CAMPING ON A FALSE BTS
 An attack that requires a modified BTS and exploits the weakness that a user can be enticed to ca...
CAMPING ON FALSE BTS/MS
 An attack that requires a modified BTS/MS and exploits the weakness that a user can be enticed t...
FAKE BTS
• IMSI catcher by Law Enforcement
• Intercept mobile originated calls
• Can be used for over-the-air cloning
TYPES OF ATTACKS AGAINST MOBILE NETWORKS
SECURING THE MOBILE NETWORK
GSM SECURITY
As all cellular communications are sent over the air interface, it is less secure than a wired network, as it...
SECURITY BY OBSCURITY
 In April 1998, the Smartcard Developer Association (SDA) together with two U.C. Berkeley researche...
THIRD GENERATION WIRELESS
 Evolution from existing European and US digital cellular systems (W-CDMA, CDMA2000, UMTS).
 P...
THE GPRS NETWORK INFRASTRUCTURE
3G SECURITY MODEL
 Network access security (I): the set of security features that provide users with secure access to 3G ...
3GVS. GSM
 A change was made to defeat the false base station attack.The security mechanisms include a sequence
number th...
3GVS. GSM
 GSM authentication vector: temporary authentication data that enables anVLR/SGSN to
engage in GSM AKA with a p...
GSM AND GPRS SECURITY
The main function of a GSM/GPRS network is to support and facilitate the transmission of information...
EVOLUTION OF GPRS
ADVANTAGES OF LTE
QUESTIONS ?
Upcoming SlideShare
Loading in …5
×

1

Share

Download to read offline

GSM Security 101 by Sushil Singh and Dheeraj Verma

Download to read offline

GSM Security 101 by Sushil Singh and Dheeraj Verma @ Combined OWASP/null Delhi chapter July Meeting on 25th July, 2015

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

GSM Security 101 by Sushil Singh and Dheeraj Verma

  1. 1. GSM SECURITY 101 AN OVERVIEW OF ITS SECURITY
  2. 2. AGENDA  Brief introduction to GSM  GSM Architecture  Attacks andThreats on GSM networks  Types of Attacks against Mobile Networks  Third generation and evolution
  3. 3. GSM: INTRODUCTION  GSM is the most widely used cellular standard  Over 3.6 billion users, mostly in Europe and Asia  Based onTDMA radio access and PCM trunking  Use SS7 signaling with mobile-specific extensions  Provides authentication and encryption capabilities  Today’s networks are 2G evolving to 2.5G  Third generation (3G) and future (4G)
  4. 4. GSM ARCHITECTURE
  5. 5. GSM DATA  Initially designed to carry voice traffic  Data connections initially 9600 bps  No need for modems as there is a digital path from MS to MSC  Enhanced rates up to 14.4 kbps  GPRS provides speeds up to 150 kbps  UMTS (3G) promises permanent connections with up to 2 Mbps transfer rate
  6. 6. AUTHENTICATION The authentication procedure checks the validity of the subscriber’s SIM card and then decides whether the mobile station is allowed on a particular network.The network authenticates the subscriber through the use of a challenge- response method.
  7. 7. GSM ALGORITHMS A consequence of international roaming is the exchange of information between providers in different countries.All countries have strict regulations against the export of encryption algorithms and thus GSM works around it.When a user tries to use his phone in say another country, the local networks request the HLR of the subscriber’s home network for the RAND, SRES and KC which is sufficient for authentication and encrypting data.Thus the local network does not need to know anything about the A3 or A8 algorithms stored in the SIM.  Authentication Algorithm A3 – It is operator-dependent and is an operator option.The A3 algorithm is a one-way function.That means it is easy to compute the output parameter SRES by using the A3 algorithm but very complex to retrieve the input parameters (RAND and KI) from the output parameter. Remember the key to GSM’s security is keeping KI unknown.While it may sound odd that each operator may choose to use A3 independently,it was necessary to cover the case of international roaming.  Ciphering Algorithm A5 – Currently, there exists several implementations of this algorithm though the most commonly used ones are A5/0,A5/1 and A5/2.The reason for the different implementations is due to export restrictions of encryption technologies.A5/1 is the strongest version and is used widely in Western Europe and America, while the A5/2 is commonly used in Asia. Countries under UN Sanctions and certain third world countries use the A5/0, which comes with no encryption.  Ciphering Key Generating Algorithm A8 – It is operator-dependent.In most providers the A3 and A8 algorithms are combined into a single hash function known as COMP128.The COMP128 creates KC and SRES, in a single instance.
  8. 8. ATTACKS AND THREATS ON GSM NETWORKS
  9. 9. LOW-TECH FRAUD  Call forwarding to premium rate numbers  Bogus registration details  Roaming fraud  Terminal theft  Multiple forwarding, conference calls
  10. 10. COUNTERMEASURES FOR LOW-TECH FRAUD Fraud Management systems look for:  Multiple calls at the same time,  Large variations in revenue being paid to other parties,  Large variations in the duration of calls, such as very short or long calls,  Changes in customer usage, perhaps indicating that a mobile has been stolen or is being abused,  Monitor the usage of a customer closely during a 'probationary period'
  11. 11. ATTACKS ON GSM NETWORKS  Eavesdropping.This is the capability that the intruder eavesdrops signalling and data connections associated with other users.The required equipment is a modified MS.  Impersonation of a user.This is the capability whereby the intruder sends signalling and/or user data to the network, in an attempt to make the network believe they originate from the target user.The required equipment is again a modified MS.  Impersonation of the network.This is the capability whereby the intruder sends signalling and/or user data to the target user, in an attempt to make the target user believe they originate from a genuine network.The required equipment is modified BTS.
  12. 12. ATTACKS ON GSM NETWORKS  Man-in-the-middle.This is the capability whereby the intruder puts itself in between the target user and a genuine network and has the ability to eavesdrop, modify, delete, re-order, replay, and spoof signalling and user data messages exchanged between the two parties.The required equipment is modified BTS in conjunction with a modified MS.  Compromising authentication vectors in the network.The intruder possesses a compromised authentication vector, which may include challenge/response pairs, cipher keys and integrity keys.This data may have been obtained by compromising network nodes or by intercepting signalling messages on network links.
  13. 13. DE-REGISTRATION SPOOFING  An attack that requires a modified MS and exploits the weakness that the network cannot authenticate the messages it receives over the radio interface.  The intruder spoofs a de-registration request (IMSI detach) to the network.  The network de-registers the user from the visited location area and instructs the HLR to do the same.The user is subsequently unreachable for mobile terminated services.  3G: Integrity protection of critical signalling messages protects against this attack. More specifically, data authentication and replay inhibition of the de-registration request allows the serving network to verify that the de-registration request is legitimate.
  14. 14. LOCATION UPDATE SPOOFING  An attack that requires a modified MS and exploits the weakness that the network cannot authenticate the messages it receives over the radio interface.  The user spoofs a location update request in a different location area from the one in which the user is roaming.  The network registers in the new location area and the target user will be paged in that new area.  The user is subsequently unreachable for mobile terminated services.  3G: Integrity protection of critical signalling messages protects against this attack. More specifically, data authentication and replay inhibition of the location update request allows the serving network to verify that the location update request is legitimate.
  15. 15. CAMPING ON A FALSE BTS  An attack that requires a modified BTS and exploits the weakness that a user can be enticed to camp on a false base station.  Once the target user camps on the radio channels of a false base station, the target user is out of reach of the paging signals of the serving network in which he is registered.  3G:The security architecture does not counteract this attack. However, the denial of service in this case only persists for as long as the attacker is active unlike the above attacks which persist beyond the moment where intervention by the attacker stops.These attacks are comparable to radio jamming which is very difficult to counteract effectively in any radio system.
  16. 16. CAMPING ON FALSE BTS/MS  An attack that requires a modified BTS/MS and exploits the weakness that a user can be enticed to camp on a false base station.  A false BTS/MS can act as a repeater for some time and can relay some requests in between the network and the target user, but subsequently modify or ignore certain service requests and/or paging messages related to the target user.  3G:The security architecture does not prevent a false BTS/MS relaying messages between the network and the target user, neither does it prevent the false BTS/MS ignoring certain service requests and/or paging requests.  Integrity protection of critical message may however help to prevent some denial of service attacks, which are induced by modifying certain messages.
  17. 17. FAKE BTS • IMSI catcher by Law Enforcement • Intercept mobile originated calls • Can be used for over-the-air cloning
  18. 18. TYPES OF ATTACKS AGAINST MOBILE NETWORKS
  19. 19. SECURING THE MOBILE NETWORK
  20. 20. GSM SECURITY As all cellular communications are sent over the air interface, it is less secure than a wired network, as it opens the door to eavesdroppers with appropriate receivers. Several security functions were built into GSM to safeguard subscriber privacy.These include:  Authentication of the registered subscribers only  Secure data transfer through the use of encryption  Subscriber identity protection  Mobile phones are inoperable without a SIM  Duplicate SIMs are not allowed on the network  Securely stored KI
  21. 21. SECURITY BY OBSCURITY  In April 1998, the Smartcard Developer Association (SDA) together with two U.C. Berkeley researchers claimed to have cracked the COMP128 algorithm stored on the SIM. By sending large number of challenges to the authorization module, they were able to deduce the KI within several hours.They also discovered that KC uses only 54 bits of the 64 bits.The remaining 10 bits are replaced by zeros, which makes the cipher key purposefully weaker.  The GSM Alliance responded to the incident, stating even if a SIM could be cloned it would serve no purpose, as the GSM network would only allow only one call from any phone number at any one time. GSM networks are also capable of detecting and shutting down duplicate SIM codes found on multiple phones  In August 1999, an American group of researchers claimed to have cracked the weaker A5/2 algorithm commonly used in Asia, using a single PC within seconds.  In December 1999, two leading Israeli cryptographers claimed to have cracked the strong A5/1 algorithm responsible for encrypting conversations.They admit the version they cracked may not be the exact version used in GSM handsets,as GSM operators are allowed to make small modifications to the GSM algorithms.The researchers used a digital scanner and a high end PC to crack the code.Within two minutes of intercepting a call with a digital scanner, the researchers were able to listen to the conversation.  The GSM Alliance of North America has claimed that none of its members use the A5/1 algorithm, opting for more recently developed algorithms.
  22. 22. THIRD GENERATION WIRELESS  Evolution from existing European and US digital cellular systems (W-CDMA, CDMA2000, UMTS).  Promises broadband multimedia on everyone’s handset and a multitude of related services.  Spectrum up for auctions in many countries, put many operators in financial debt.  Delays in 3G rollouts cast doubt over its success. Some talk about jumping to 4G directly.
  23. 23. THE GPRS NETWORK INFRASTRUCTURE
  24. 24. 3G SECURITY MODEL  Network access security (I): the set of security features that provide users with secure access to 3G services, and which in particular protect against attacks on the (radio) access link;  Network domain security (II): the set of security features that enable nodes in the provider domain to securely exchange signalling data, and protect against attacks on the wireline network;  User domain security (III): the set of security features that secure access to mobile stations  Application domain security (IV): the set of security features that enable applications in the user and in the provider domain to securely exchange messages.  Visibility and configurability of security (V): the set of features that enables the user to inform himself whether a security feature is in operation or not and whether the use and provision of services should depend on the security feature.
  25. 25. 3GVS. GSM  A change was made to defeat the false base station attack.The security mechanisms include a sequence number that ensures that the mobile can identify the network.  Key lengths were increased to allow for the possibility of stronger algorithms for encryption and integrity.  Mechanisms were included to support security within and between networks.  Security is based within the switch rather than the base station as in GSM.Therefore links are protected between the base station and switch.  Integrity mechanisms for the terminal identity (IMEI) have been designed in from the start, rather than that introduced late into GSM.
  26. 26. 3GVS. GSM  GSM authentication vector: temporary authentication data that enables anVLR/SGSN to engage in GSM AKA with a particular user.A triplet consists of three elements: a) a network challenge RAND, b) an expected user response SRES and c) a cipher key Kc.  UMTS authentication vector: temporary authentication data that enables anVLR/SGSN to engage in UMTS AKA with a particular user.A quintet consists of five elements: a) a network challenge RAND, b) an expected user response XRES, c) a cipher key CK, d) an integrity key IK and e) a network authentication token AUTN.
  27. 27. GSM AND GPRS SECURITY The main function of a GSM/GPRS network is to support and facilitate the transmission of information, whether it is voice or non-voice. Similar to any form of information transmission, there exists associated information security risks. When information is transmitted across a GSM/GPRS network, security measures must be taken to protect the information from unauthorized access.The type of information that must be protected on a GSM/GPRS network includes the following:  User Data – This is either voice or non-voice data sent or received by users registered on a GSM/GPRS network.  Charging Information – Information collected from the SGSN and GGSN used to bill for non-voice services.  Subscriber Information –This information is stored in the mobile station, the HLR and theVLR.This is customer specific information for subscribers and roaming users.  Technical Information of the GSM/GPRS Network – This information describes and lays out the GSM/GPRS network architecture and configuration.
  28. 28. EVOLUTION OF GPRS
  29. 29. ADVANTAGES OF LTE
  30. 30. QUESTIONS ?
  • PaulusJrLz

    Oct. 30, 2018

GSM Security 101 by Sushil Singh and Dheeraj Verma @ Combined OWASP/null Delhi chapter July Meeting on 25th July, 2015

Views

Total views

1,483

On Slideshare

0

From embeds

0

Number of embeds

4

Actions

Downloads

59

Shares

0

Comments

0

Likes

1

×