Security Issues in Wireless Network

There are many types of Wireless Media

Yes GSM, Bluetooth, WCDMA, Wireless LAN, 802.XX, Satellite.. Wow many ..

GSM Security

Evolution of Cellular Networks

Evolution of Cellular Networks

1G

2G

2.5G

3G

4G

Analog

Digital

Circuit-switching

Packet-switching

1G Systems

Goal: To develop a working system that could provide basic voice service Time frame: 1970-1990 Technology: FDMA/FDD Example Systems: Advanced Mobile Phone System (AMPS-USA) Total Access Communication System (TACS-UK) Nordic Mobile Telephone (NMT-Europe) Incompatible analog systems

2G Systems

Goal: Digital voice service with improved quality and also provide better data services Time Frame: 1990- 2000 Technology: TDMA/TDD, CDMA Example Systems: Global System for Mobile (GSM-Europe) IS-136(TDMA) IS-95 (CDMA)

2.5G Systems

Goal: To provide better data rates and wider range of data services and also act as a transition to 3G Time frame: 2000-2002 Systems: IS-95B High Speed Circuit Switched Data (HSCSD) General Packet Radio Service (GPRS) Enhanced Data rates for GSM Evolution (EDGE)

3G Systems

Goal: High speed wireless data access and unified universal standard Time frame: 2002Two competing standards One based on GSM, IS-136 and PDC known as 3GPP Other based on IS-95 named 3GPP2 Completely move from circuit switching to packet switching Enhanced data rates of 2-20Mbps
9

10

4G Systems
Future systems Goal: High mobility, High data rate, IP based network Hybrid network that can interoperate with other networks

11

Briefly on 1G

12

AMPS

1G system developed by Bell Labs Analog system used FDMA/FDD 40Mhz of spectrum 842 channels rate: 10kbps

13

AMPS: Architecture

BTS

Public Switched Telephone Network

BTS

MTSO (MSC)
BTS

BTS MTSO: Mobile Telecommunication Switching Office Also known as MSC (Mobile Switching Center) BTS: Base Transceiver Station

14

AMPS: Conventional Telephone Cell Phone

BTS

Public Switched Telephone Network

BTS MTSOPaging message (MSC) BTS

BTS

15

AMPS: Conventional Telephone Cell Phone

Call arrives at MSC via the PSTN MSC then sends out a paging message via all BTS on the FCC (Forward Control Channel). The paging message contains subscribers Mobile Identification Number (MIN) The mobile unit responds with an acknowledgement on the RCC (Reverse Control Channel) MSC directs BS to assign FVC (Forward Voice Channel) and RVC (Reverse Voice Channel)

16

AMPS: Cell phone initializes a call

Subscriber unit transmits an origination message on the RCC Origination message contains MIN Electronic Serial Number Station Class Mark Destination phone number If BTS receives it correctly then it is passed on to MSC MSC validates the information and connects the call

17

Hello, I cant hear you, I calling from mobile

What he used?? GSM???

18

GSM: Architecture

GSM system consists of three interconnected sub-systems Base station Subsystem Mobile station (MS) Base Transceiver Station (BTS) Base Station Controllers (BSC) Network Switching Subsystem (NSS) Mobile Switching Center (MSC) Home Location Register (HLR) Visitor Location Register (VLR) Authentication center (AUC) Operation Support Subsystem Operation Maintenance Centers
19

GSM: Architecture

Mobile Stations

Base Station Subsystem

Network Management

Subscriber and terminal equipment databases

OMC

BTS

Exchange System

VLR
BTS BSC MSC HLR BTS EIR AUC

20

GSM
BTS BTS

BTS
BTS BTS BTS

BSC

BSC BTS BTS Base Station Subsystem The BTS provides last mile connection to the MS and communication is between the BTS and MS BSCs connect the MS to the NSS Handover between BTS within same BSC is handled by the BSC

21

GSM

Network Switching Subsystem BTS BTS BTS BSC HLR VLR AUC

BTS
MSC BTS BTS BSC BTS BTS Base Station Subsystem Operation Support Subsystem
22 Public Networks

OSS

GSM Security

The best way to appreciate security is by looking at how chaotic and dangerous a mobile communications system would be without security. At any given moment, any body could eavesdrop into your conversation. Your bank account information, daily schedule, and any other information you may disclose on the phone would be at risk. Besides listening in, at any given moment, a hacker could impersonate your user information to make calls that would later amount to thousands of dollars in service charges. The list goes on and on.

Topics discussed in this section:

Issues Algorithm Correction of the problems

23

GSM Mobile Station

Mobile Station Mobile Equipment (ME) Physical mobile device Identifiers IMEI International Mobile Equipment Identity Subscriber Identity Module (SIM) Smart Card containing keys, identifiers and algorithms Identifiers Ki Subscriber Authentication Key IMSI International Mobile Subscriber Identity TMSI Temporary Mobile Subscriber Identity MSISDN Mobile Station International Service Digital Network PIN Personal Identity Number protecting a SIM 24 LAI location area identity

GSM Security Issues

The two security goals of GSM are to provide: an infrastructure which protects access to the mobile services and, to prevent any information from being disclosed. In other words, GSM aims to prevent fraudulent phone use and to provide privacy for both parties. The following security measures are done to provide security: Authentication for registered users Secure Data Transfer Subscriber Identity protection Mobile phones are inoperable without SIM chip Duplicate SIMS on network are not permitted Keys are securely stored
25

GSM Security Issues

If all the measures listed above are met, GSM will be able to provide anonymity, authentication, confidentiality, and integrity. GSM divides security on three different levels. Each level provides the mechanism for anonymity, authentication, confidentiality, or integrity. On the lowest level of security, GSM provides authentication and anonymity for the user through the SIM card. The SIM chip serves as the identification of the user. Billing and authentication are verified through the SIM chip. The second layer of security identifies the location of the user and reveals the incoming callers name to the receiver so the receiver can choose whether or not to accept the call. The third layer encrypts any data traveling between the two users. With the data encrypted and connection secure, integrity and confidentiality is provided. 26

Encryption Implementation
A cell phone call placed on a GSM network goes through two steps.

Any mobile device must first be authenticated before any data transmission can begin. Following successful authentication, a private key, Kc, is generated for data exchange. Authentication is done through a challenge and response mechanism. The base station initially sends out a random 128bit number, r, to the mobile device. Using A3 encryption, with inputs Ki from the SIM and the random number r, a 32-bit encrypted number SRES is generated. The mobile device then sends the SRES generated number back to the network for validation. The network itself knows the mobile devices Ki and can thus compare the value it generated to the value the mobile device generated. Authentication is successful if both numbers 27 are identical.

Security in GSM
Principles Only authenticated users are allowed to access the network No user data or voice communication is transmitted in clear text The subscriber identity module (SIM) card is a vital part of GSM security. It stores International Mobile Subscriber Identity (IMSI) Ciphering Key Generating Algorithm (A8) Authentication Algorithm (A3) Personal Identification Number Individual Subscriber Authentication Key (Ki)

28

SIM Anatomy
Subscriber Identification Module (SIM) Smart Card a single chip computer containing OS, File System, Applications Protected by PIN Owned by operator (i.e. trusted) SIM applications can be written with SIM Toolkit

29

SIM Anatomy

30

Microprocessor Card

Typical specification 8 bit CPU 16 K ROM 256 bytes RAM 4K EEPROM Cost: $5-50 Smart Card Technology Based on ISO 7816 defining Card size, contact layout, electrical characteristics I/O Protocols: byte/block based File Structure
31

Security in GSM
Mobile station contains A5 algorithm and IMEI The network stores A3, A5, A8 algorithms The Authentication Center stores IMSI Temporary Mobile Subscriber Identity (TMSI) Individual Subscriber Authentication Key (Ki)

32

Security in GSM: Authentication

Channel Establishment Identity (TMSI or IMSI) Authentication Request (RAND) Run Authentication Algorithm (RAND) Response (SRES,Kc)

Mobile Station SIM

Network
Authentication Response (SRES)

RAND is 128 bit random sequence SRES is signed response generated for authentication

Authentication based on RAND

At the Network end RAND (challenge) A3 Algorithm Ki (128 bit) Proper authentication completed if result is zero At the Mobile user end in the SIM Transmitted to mobile

RAND (challenge)
A3 Algorithm Ki (128 bit) A8 Algorithm

Transmitted back to base station Kc used for encryption of user data and34 signaling data

Security in GSM: Authentication

Ki is known only to the operator who programs the SIM card and is tied to IMSI IMSI should be transmitted as less as possible. Only TMSI is used for authentication TMSI is periodically updated

35

Security in GSM: Data Encryption

GSM uses symmetric cryptography Data is encrypted using an algorithm which is seeded by the ciphering key Kc Kc is known only to base station and mobile phone and is frequently changed The A5 algorithm is used for ciphering the data Along with Kc the algorithm is seeded by the value based on the TDMA frame Internal state of the algorithm is flushed after a burst

36

Security in GSM: Authentication

Kc (from A8 algorithm) A5 algorithm

Xor Encoded message

Count (from TDMA frame)

User Data

37

Initial Authentication Between User and Network

USER
Ki From SIM r 128-Bit from Network

NETWORK
Ki Known r 128-Bit from Network

A3
SRES 32-Bit

A3
SRES 32-Bit

38

A8 Key Generation
If authentication is successful, a connection is made and a new key, Kc, is generated to be shared by the user and network. The key is generated by applying an A8 algorithm on values Ki and the random value r. By doing this, a private key Kc will be generated for later use when transferring information.

User and Network

Ki From SIM r From network

A8
Kc Private Key for both user and network

39

Data Encryption & Decryption

With a private key Kc generated, information can be exchanged between two parties. GSM voice ciphers by using the A5 algorithm with inputs Kc, which is known by both parties, and the incoming data. At that point data encryption and decryption is completed.
User and Network Communication
Kc Kc

DATA

A5

CIPHERED DATA

A5

40

Security Issues Solved

SIM chip and PIN One means of security that GSM provides is achieved through the use of a PIN. The PIN prevents unauthorized users from modifying data on another account. The PIN also prevents fraudulent use of a phone if it is stolen. GSM specifically prevents more than one SIM chip from being on the network at the same time. By doing this, a user who is able to impersonate and clone a SIM chip will still have troubles getting on to the system because the original owner of the SIM may still be on the network

41

Security Issues Problems

COMP 128 At the current time, a lot of GSM phones apply a COMP 128 algorithm inside of the A3 and A8 encryption schemes. The COMP 128 algorithm has a weakness which allows an attacker to retrieve the secret key Ki from the mobile devices SIM chip. This is achieved by sending known data to the mobile device and analyzing the results that are returned from the device. With this knowledge, the attacker can clone the SIM chip for fraudulent use. It is estimated that a hobbyist could purchase the necessary equipment to clone SIM chips for less than $40,000. The COMP 128 algorithm became a public concern after IBM researchers demonstrated that they had discovered away to clone a SIM chip with in a few seconds. Efforts have been made to develop new algorithms to correct this problem.

42

Security Issues Problems

COMP 128 At the current time, a lot of GSM phones apply a COMP 128 algorithm inside of the A3 and A8 encryption schemes. The COMP 128 algorithm has a weakness which allows an attacker to retrieve the secret key Ki from the mobile devices SIM chip. This is achieved by sending known data to the mobile device and analyzing the results that are returned from the device. With this knowledge, the attacker can clone the SIM chip for fraudulent use. It is estimated that a hobbyist could purchase the necessary equipment to clone SIM chips for less than $40,000. The COMP 128 algorithm became a public concern after IBM researchers demonstrated that they had discovered away to clone a SIM chip with in a few seconds. Efforts have been made to develop new algorithms to correct this problem.

43

Effort to Correct the Problems

A5 Implementation and Eavesdropping The A5 algorithm used to encrypt streaming cipher data is not a universal standard. There are currently three implementations, A0 /0, A5/1, and A5/2. All of them are used throughout the world, varying from region to region. A5/1 is the strongest encryption because it has a time complexity of 2^54. A5/2 has a time complexity of only 2^16. The weaker A5 implementations are susceptible to eavesdropping.

Lack of Testing The algorithms used for GSM are all hidden from the public. At first glance this may seem reasonable but being hidden from the public eye prevents it from being tested by the world. As more and more people begin finding weaknesses about the network and the algorithms, more people will begin hacking the networks. When this does happen it will be difficult to fix the problem when the problem has already spread to million and millions of phones. If the algorithms were open source, then more testing could be done before the phones were all distributed to the public.
44

Effort to Correct the Problems

Lack of Internal Encryption GSM solved most of the security issues involved with transmission of data through the radio channel. Currently data is only encrypted between the mobile device and the base stations. All other communication and signaling on the fixed telecommunications network is done in plain text.

Short Message Service Short message service (SMS) is a service provided through GSM that allows users to send text messages to other mobile users. Users often overlook the fact that SMS provides no real security. All messages sent via SMS are sent in a predictable, clear text format. The originating address of a SMS message can be forged. This weakness allows anybody the ability to send messages to phones with harmful instructions. People could be instructed to send sensitive information back to the sender. The sender would then be in place to record the information.
45

Effort to Correct the Problems

Physical Theft GSM packs all the information needed to use in a phone inside a single SIM chip. By doing that, the value of the phone itself has increased. A new phone can be used by replacing the SIM chip. No real measures can be taken against physical phone theft.

46

Solutions to Current Security Issues

A corrected version of the COMP 128 has been developed, however, the cost to replace all SIM chips and include the new algorithm is too costly to cellular phone companies. The new release of 3GSM will include a stronger version of the COMP 128 algorithm and a new A5 algorithm implementation. The A5/3 is expected to solve current confidentiality and integrity problems. Fixed network transmission could be fixed by simply applying some type of encryption to any data transferred on the fixed network.

47

Summary
GSM has many benefits over current cellular systems. The main problem now involves the COMP 128 algorithm problem. This problem will be solved as newer technology gets phased in. The lack of extra encryption on the telecommunications network doesnt pose as a major problem because any data transfer on there will have the same security as the current public switched telephone networks. As GSM slowly moves towards 3GSM, more problems and security issues will be resolved.

48

I believe that 3G/4G will have security issues

By default, yes but we need to study on that

49

How Do You Want Protect Your Network System

Thank You Good Luck in the Exam

50