Cell Phone Security

35
Cell Phone Security Linden Tibbets Coen 150 5/28/2004

description

Cell Phone Security. Linden Tibbets Coen 150 5/28/2004. Introduction. Changed structure of our lives and the way we do business Hundreds of models and services Potential for major annoyance. Endless Uses. Store contact information Make task or to-do lists - PowerPoint PPT Presentation

Transcript of Cell Phone Security

Page 1: Cell Phone Security

Cell Phone Security

Linden Tibbets

Coen 150

5/28/2004

Page 2: Cell Phone Security

Introduction

Changed structure of our lives and the way we do business

Hundreds of models and services

Potential for major annoyance

Page 3: Cell Phone Security

Endless Uses

Store contact information Make task or to-do lists Keep track of appointments and set reminders Use the built-in calculator for simple math Send or receive e-mail Get news, entertainment, and stock quotes from the Internet Browse regular Internet sites Play simple games Integrate other devices such as PDAs, MP3 players, and GPS

receivers Use credit cards to buy products and services Download ring tones, games, and other programs for the specific

phone

Page 4: Cell Phone Security

Are They Secure?

Vast amounts of personal information– Personal Phone Book– Address– Credit Card Number– Email Password– Account Information

Page 5: Cell Phone Security

A Brief History

Page 6: Cell Phone Security

Concept Began in 1947– Researchers improve traffic of primitive car phones

by reusing freq. in smaller areas called ‘cells’– Federal Communications Commission (FCC)

hinders cell phone progress– Only enough channels for 23 conversations per cell– Not practical

Page 7: Cell Phone Security

The Cell Phone Boom

1967 FCC expands available frequencies 1973 Dr. Martin Cooper at Motorola makes first

cell phone call to his rival Joel Engel at Bell Labs

1983 First cell phone network in US (Chicago) 1987 Over a million users 2004 If you don’t have a cell phone your in the

minority

Page 8: Cell Phone Security

How Do They Work?

Page 9: Cell Phone Security

Inside the Cell Phone

Inner workings not much different than a personal computer

– RAM– CPU– Input – Output– Power Source

Page 10: Cell Phone Security

The Cellular Approach

At first only one tower per city (around 25 channels)

Now a provider has 832 freq. in each city

One cell uses 1/7 of these Share freq. Between cells Cell Phones are two way

devices so they use two separate channels

Page 11: Cell Phone Security

Frequency Breakdown

Provider has 395 total voice channels (more when it goes digital)

42 control channels for system signals 395 x 2(in/out) + 42 = 832 Frequencies

Page 12: Cell Phone Security

Definitions

Electronic Serial Number (ESN) - a unique 32-bit number programmed into the phone when it is manufactured

Mobile Identification Number (MIN) - a 10-digit number derived from your phone's number

System Identification Code (SID) - a unique 5-digit number that is assigned to each carrier by the FCC

Page 13: Cell Phone Security

When you first power up the phone, it listens for an SID on the control channel. The control channel is a special frequency that the phone and base station use to talk to one another about things like call set-up and channel changing. If the phone cannot find any control channels to listen to, it knows it is out of range and displays a "no service" message.

Page 14: Cell Phone Security

When it receives the SID, the phone compares it to the SID programmed into the phone. If the SIDs match, the phone knows that the cell it is communicating with is part of its home system.

Along with the SID, the phone also transmits a registration request, and the MTSO (Mobile Telephone Switching Office) keeps track of your phone's location in a database -- this way, the MTSO knows which cell you are in when it wants to ring your phone.

Page 15: Cell Phone Security

The MTSO gets the call, and it tries to find you. It looks in its database to see which cell you are in.

The MTSO picks a frequency pair that your phone will use in that cell to take the call.

The MTSO communicates with your phone over the control channel to tell it which frequencies to use, and once your phone and the tower switch on those frequencies, the call is connected.

Page 16: Cell Phone Security

As you move toward the edge of your cell, your cell's base station notes that your signal strength is diminishing. Meanwhile, the base station in the cell you are moving toward (which is listening and measuring signal strength on all frequencies, not just its own one-seventh) sees your phone's signal strength increasing. The two base stations coordinate with each other through the MTSO, and at some point, your phone gets a signal on a control channel telling it to change frequencies. This hand off switches your phone to the new cell.

Page 17: Cell Phone Security

Analog to Digital

Early phones were purely analog ‘radios’ To increase security and channel use

efficiency converted all calls to digital, encrypted and spread over the frequencies

Three methods to do this: FDMA, TDMA, CDMA

Page 18: Cell Phone Security

FDMA

Frequency division multiple access

Much like analog control except now calls are digital

Insecure since a call is set to specific frequencies.

Page 19: Cell Phone Security

TDMA

Frequency division multiple access

Splits calls up into different time slots.

Allocates only a certain amount of time on any given freq.

Introduces data encryption Basis for GSM (Global System

for Mobile Communications). Used everywhere except USA.

Page 20: Cell Phone Security

CDMA

Code division multiple access

Uses unique code in phone to encrypt the data then break it up into packets that are sent on a broad range of freq.

Further scrambles information

Page 21: Cell Phone Security

What Makes Cellular Insecure?

Page 22: Cell Phone Security

Physical Problems

Small and easily lost Most phones have a password lock but they

are easy to get around and nobody uses them Easy target for stealing personal information

Page 23: Cell Phone Security

Common Wireless Problems

Analog and FDMA phones easy to listen in on Needed $200 scanner and some technical

skills Overcome by CDMA and TDMA Still possible to crack yet much harder Cell network is much the same as a WLAN Lack security physical wires provide, anybody

can pick up the signal

Page 24: Cell Phone Security

Common Wireless Security contd.

The level of protection is limited– Slow data rates– Availability– High error rates due to the mobility of user– Limited computational power– Limited battery power

Page 25: Cell Phone Security

Encryption Problems

The limitations of the cell phone and its network disable the encryption and authentication process

Number of bits in the key must be low Number of handshakes or checks the authentication

scheme allowed is low as well Despite these limitations cell phones remain more

secure than most wireless networks due to the fast pace changes and the scrambling of data over multiple frequencies

Page 26: Cell Phone Security

Attacks, Interference, Other problems

Page 27: Cell Phone Security

Should We Still Worry

In order to listen in to a modern cell phone conversation an organization must be well funded and posses considerable technical skill

Even grabbing a credit card number would not enable you to turn a profit

Yet there remain problems with everyday cell phone usage

Page 28: Cell Phone Security

Cloning

Early days quite simple Figure out the ESN, MIN, SID Program other phones with these numbers and

all calls would be billed to one user’s account Harder to do today Still costs cellular providers over 500 million

dollars a year

Page 29: Cell Phone Security

Cloning in the Digital Age

Most phones carry all of the critical info on a SIMM card much like a smart card

Group of Berkeley researchers claimed to have cracked this encryption in 10 hours by sending a large number of challenges to the authorization module in the phone, compromising the security behind the GSM standard

Page 30: Cell Phone Security

Cloning in the Digital Age contd.

Claim the A5 cipher that keeps conversations private was made intentionally weaker by replacing the leading 10 bits of a 64-bit key with zeros

Blame the NSA for forcing the weakness in order to monitor cell phone traffic

Page 31: Cell Phone Security

SMS Attacks

Many phones use SMS messaging service Can send and receive messages to phones or

the internet Programs created to bomb a specific phone

with thousands of messages (DOS attack)– Jams the phone’s service– Uses up the user’s predetermined text limit

Page 32: Cell Phone Security

They Know Where You Are

Providers can pinpoint your location to within 100 feet if your phone is on

The constant check for signal strength creates the side effect of tracking locations and movement

A huge market for more invasive advertising– Track the consumer’s location– Send tailored ads to a cell phone based on the location of the

user– Consider how bad it is on the Internet and this doesn’t seem

so far fetched

Page 33: Cell Phone Security

Turn It Off in the Airplane

Signals have been proven to disrupt the workings of sensitive equipment

A single phone in a plane causes no problems, but a whole cabin full of phone users really could change the readings in some equipment

Other reports of cellular traffic having an effect on the payment systems at pay-at-the-pump gas stations

Page 34: Cell Phone Security

Jamming

Simple device used to send a signal on all available freq. in an area causing a cell phone to show no service bars

Already in use to protect the President from cellular phone bomb calls (similar to the bomb in Spain) while he is traveling

Illegal in the USA Restaurants and Movie theaters lobbying for such

devices to keep their places of business cell phone free

Page 35: Cell Phone Security

Conclusion

Just like secure computer networks, cell phones must make use of current data encryption schemes, authentication methods and physical security

In order for the cell phone to become a more useful tool in everyday lives it must first secure its current features and gain the trust of the millions of users who still watch what they say or do over the phone