MS PowerPoint
-
Upload
dominque23 -
Category
Technology
-
view
167 -
download
1
Transcript of MS PowerPoint
![Page 1: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/1.jpg)
Analysis of 2G and 3G Mobile Security
Roy Campbell
![Page 2: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/2.jpg)
Participants
• UIUC: • Roy Campbell • Dennis Mickunas, • Jalal Al-Muhtadi• Sarosh Havewala
• Motorola: • Bruce Briley • John Wang• Rong Wang • Lily Chen
![Page 3: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/3.jpg)
Contents
• Motorola study of wireless security protocols – Present– Proposed
• Approach
• Other UIUC SRG security and mobile system research
![Page 4: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/4.jpg)
GSM Security
• Analysis of – existing 2nd Generation (2G) CDMA and GSM
security frameworks.– 3rd Generation (3G) CDMA and GSM
network security proposals.
• Analyzing various aspects of 3G encryption and authentication techniques and their impact upon performance.
![Page 5: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/5.jpg)
Internet Security
• IP/TCP/application layer security mechanisms effectiveness and performance over wireless networks
• Comparative performance analyses of the various security mechanisms (literature versus our studies)
• Security threat evaluation
![Page 6: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/6.jpg)
2G GSM Security• Private Key
– A3 Key Negotiation – A8 Key Generation– A5 Encryption– Private Key encrypts message to server– Server generates random number for session
key
![Page 7: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/7.jpg)
3G GSM Security Scenarios• Integration with Internet
• Web Access
• Multimedia
• QoS
• Network Applications
• Levels of Service
• Bandwidth
The effect of deploying security
mechanisms under different
scenarios and the impact on
performance and security
![Page 8: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/8.jpg)
Security Features within different Components
• User
• Subscriber
• UMTS terminal equipment
• Network operator
• Service provider
Studying existing security features
and their effectiveness
under different traffic scenarios
and QoP.
![Page 9: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/9.jpg)
User Security Features
• location confidentiality
• identity confidentiality
• traffic confidentiality
• traffic integrity
• non-repudiation
• user events, numbering, service profile
• access control
![Page 10: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/10.jpg)
Subscriber Security Features
• Subscriber access to service profile
• user action authorization
• incontestable charging
• privacy of charging data
• integrity of charging data
• charging limitation
![Page 11: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/11.jpg)
Terminal Equipment
• Location confidentiality
• Authentication of user to terminal
• Access control to terminal
• Terminal numbering
![Page 12: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/12.jpg)
Network Operator Security
• Databases
• Re-authentication
• Blacklisting
• Tracing of users
• User action authorization
• Subscription authorization
• Tracing of terminal equipment
![Page 13: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/13.jpg)
User Security Features Cont.
• Signaling and control data– confidentiality– origin authentication– integrity
• Authentication– user to user– network operator to user– service provider to user
![Page 14: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/14.jpg)
Plan of Action
• Using “Simulation” software to model wireless communications networks, protocols, mobile devices, and various security mechanisms.
• Existing Simulators: OPNET, OMNET++, C++Sim (others)
• Alternatively, implementing our own simulator.
![Page 15: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/15.jpg)
Evaluating Performance over Wireless Links
BaseBase BaseBase
InternetInternet
GatewayGatewayEvaluating different
authentication &
encryptionmechanisms
Evaluating different
authentication &
encryptionmechanisms
i1000plus
![Page 16: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/16.jpg)
Java VirtualBase
Java VirtualBase
Modeling Wireless Communication
Java VirtualBase
Java VirtualBase
InternetInternet
GatewayGatewaySimulating A wireless link over TCP/IP
Simulating A wireless link over TCP/IP
Java Virtual Cell phone
Java Virtual Cell phone
Java Virtual Cell phone
Java Virtual Cell phone
Security plug-ins
![Page 17: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/17.jpg)
UIUC SRG Security and Mobile System Research:
Secure Active Network• Seraphim interoperable secure active
networks
• Role based access control policies
• Dynamic security enforcement using active capability
![Page 18: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/18.jpg)
CORBA Security Services• Standard object interfaces
for accessing security services
• Authentication, non-repudiation, and access control
• Interoperability between different security mechanisms
• Interoperability among different policy domains
AA BB
*interceptorinterceptor
Client
ORBORB ORBORB
requ
est
Object Implementation
Use & generate security information in the IOR
SecIOP
SESAME
![Page 19: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/19.jpg)
Active Capability/Certificates
Network TransportNetwork Transport
Dynamic Policies
Dynamic Policies BOABOA
Security MechanismsSecurity Mechanisms
Application Client
ORBStubStub
Active Capability/Certificates
Application Server
Security Components
![Page 20: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/20.jpg)
2k: Global Distributed Mobile Object System
• Mobile users, resources, dynamic networks
• Infrastructure for smart spaces
• Network-centric user-oriented view
• Components
• Security
• Distributed object solutions
![Page 21: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/21.jpg)
Env.Service
ProfileService
QoS
NamingService
![Page 22: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/22.jpg)
A Light-Weight Security Mechanism: A Light-Weight Security Mechanism: Tiny UIUC SESAMETiny UIUC SESAME
IDL InterfaceIDL InterfaceIDL InterfaceIDL InterfaceGSS-APIGSS-APIGSS-APIGSS-API
TinyTinySESAMESESAME
TinyTinySESAMESESAME
![Page 23: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/23.jpg)
Dynamic Security Policy with Risk Values
• Policy representation framework supports:– Discretionary Access Control(DAC)– Double DAC– Role Base Access Control– Assignment of Risk values to different entities and
dynamically changing them– Non-Discretionary Access Control including
Mandatory Access Control(MAC)– GUI for building and administrating policies
![Page 24: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/24.jpg)
PalmPilot Integration in 2K
EnvironmentService
ProfileServer
Environment ImplementationRepository
Camera
2K Camera Device Driver
1
2
3
4
5
6
7
System Bootstrapping
System Utilization
![Page 25: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/25.jpg)
Streaming Video to Palm Pilot
Video ProxyVideo Proxy
MPEG Stream
Compressed Bitmap Stream
• Palm Pilot – lacks processing power to
decode MPEG
• Video proxy – transforms MPEG streams
– reduces• frame rate, color depth, size
– sends compressed bitmaps
![Page 26: MS PowerPoint](https://reader035.fdocuments.us/reader035/viewer/2022062708/55894a0ad8b42a6d648b466b/html5/thumbnails/26.jpg)
Loadable Protocols
• Transparently change CORBA networking
• Dynamically loadable transport protocols
• Supports multi-protocol applications
• IP multicast protocol module (IPM)
• Multicast used for discovery/allocation
TAO
GIOP
TCP/IIOP UDPLDP IP Multicast