PPT - CEENet HOME Page - Central and Eastern European Networking ...
Transcript of PPT - CEENet HOME Page - Central and Eastern European Networking ...
1
Mobile Security
Wolfgang Schneiderwolfgang.schneider@sit.fraunhofer.deFraunhofer-Institute SITDolivostr. 15DarmstadtGermany
2
Wireless Communication Overview
3
GSM
• GSM Properties– cellular radio network
– digital transmission up to 9600 bit/s
– roaming (mobilität among different network providers, international)
– Good transmission quality (error recognition and correction)
– scalable (große Teilnehmerzahlen möglich)
– worldwide 900 million subscribers
– Europe : over 300 million subscribers
– security mechanisms provided (authentication, authorisation, encryption)
– good usage of resources (frequency- and time-multiplex)
– integration with ISDN and analogue telephone network
– standard (ETSI, European Telecommunications Standards Institute)
4
GSM
GSM Security Requirements
Network provider‘s view• correct Billing: authenticity of the user• no misuse of the service, correct billing of content-usage• efficiency: no more bandwidth needed for security, no long delays
(user acceptance), cost-efficient
User‘s view• confidentiality of communication (voice and data)• privacy, no profiles of the movements of the users• connection with authentic base station• correct billing
Content provider‘s view• correct billing
5
GSM
Overview of GSM Security ServicesSmartcard-based authentication of the user• Identification of the through worldwide unique name IMSI
• Algorithm A3 for authentication is not public,
Confidentiality on the radio link:• Algorithms: up to 7 A5 variants • unique, permanent subscriber key Ki and
dynamicly generated communication keys Kc
Anonymity:• use of temporary identities
6
GSM-Architecture
Network and provider subsystemRadio subsystem
7
GSM-Architecture
Handover und Roaming
Handover
Roaming
MSC MSC
HLR
VLR AC
HLR
VLR AC
8
GSM Security
9
GPRS: General Packet Radio Service
• Properties– Packet mode service (end-to-end)– Data rates up to 171,2 kbit/s (theoretical), effectively up
to 115 Kbit/s– Effektive und flexible Verwaltung der Luftschnittstelle– Adaptive channel coding– Standardised interworking with IP- and X.25 networks– dynamic resource sharin with the „classic“ GSM voice
services– advantage: billing per volume, not per connection time
10
GPRS Security Mechanisms
• Security in GPRS eng very similar to GSM • Authentification through SGSN with Challenge-Response• Use of temporary identities (managed through SGSN)• Encryption algorithm A5/3 (GEA3) • But: no end-to-end encryption• Key generation and managment as in GSM • No authentication and confidentiality of signalling
messages within the signalling network
11
UMTS
• UMTS properties – packet oriented, all-IP, 2-10 Mb/s throughput, – Rich Telephony (voice with video, sound), – audio-, video-streaming (movies etc.), – better QoS, more user control, – video-conferencing as killer application??– worldwide roaming– It is basically a merge of mobile telephony, wireless and
paging technologies into a common system– Support of different carrier systems
• Real time / not real time• Line switching / packet switching
– roaming between UMTS and GSM as well as satellite networks
– asymmetric data rates for up-link/down-link
12
UMTS Cell Structure
13
UMTS Service Concept
• UMTS Service Concept– Virtual Home Environment (VHE): services freely configurable
through user– service quality and according cost can be chosen– dynamic Anpassung an die Verbindung
• UPT: Universal Personal Telecommunication Service – One subscriber number for multiple devices (call management)– virtual mobility of the terrestric network
14
UMTS Security
Adaptation of GSM security
• Confidentiality of the user identity• Authentication of the user towards the network• Encrypted communication over the radio link,• SIM card as personal security module with
authentication of the user towards the SIM card USIM (UMTS Subscriber Identity Module)
15
UMTS Security
• UMTS Extensions– extended UMTS Authentification and key agreement
home network authenticated towards the user,sequence numbers: prevents replay of authentication data, keyed MAC
– Integrity of control data:control data during connection establishment are secured with MAC
– USIM controlled use of keysthe USIM provides new authentication if the encrypted data exceed a certain volume
– Periodic key renewal– Integrity and confidentiality of communication data:
128-bit communication key, MACs for integrity
16
UMTS Problems
Problems– Interoperability between 2G, 2.5G und 3G mobile
networks – different security features: what does it mean in case of
roaming between old and new networks?
17
Wireless Network Infrastructures
• Wireless local area networks (WLAN) and wireless personal area networks (PAN)
• advantages– flexibility– Ad-hoc networks easy to establish– No cables– robustness
• disadvantages– Comparatively low data rates (11 Mbit/s or 54 Mbit/s)– Higher vulnerability on the transmission link in comparison to cabled
local area networks– no international standards for frequency bands– security
18
WLAN Standards/ IEEE 802.11
• IEEE Standard 802.11a, 11b, 11g, 1x (development since 1997)– Intended for
• cost effective and simple use of mobile devices• e.g. campus networks with wireless infrastructure• Ad-hoc networks without infrastructure• Hot spots, e.g. airports, hotels, restaurants
• two modes: infrastructure und ad-hoc– Infrastructure mode:
• User communicate wireless with Access Points (AP),
AP is the bridge between the radio and the wired network
– Ad-hoc mode:• Direct point-to-point communication between users
19
WLAN Standards/ IEEE 802.11
Infrastructure mode
Ad-Hoc mode Peer-to-Peer
Network
20
IEEE 802.11 Security
WEP Wired Equivalent Privacy
• Encryption with RC4 stream cipher with 40 or 104 bit key
with a 24 bit initialisation vector• Relies on a single static shared key• No key management protocol• Cryptanalysis showed that the way how RC4 is used in WEP
makes it vulnerable to eavesdropping attacks• Automatic tools which recover the RC4 key through
eavesdropping are available in the internet• In 2005 a group from the US FBI demonstrated that they
were able to break a WEP-protected WLAN within 3 minutes
using publicly available tools
21
IEEE 802.11 Security
Wi-Fi Protected Access (WPA, IEEE 802.11i)
• Major improvement over WEP• Designed to use with an authentication server, but can be
configured in a pre-shared key mode (PSK) for home and small office environments
• Uses RC4 stream cipher with 128 bit keys• Dynamic key change with Temporal Key Integrity Protocol
(TKIP)• Improved payload integrity through use of a message
integrity code (MIC) instead of a CRC • Includes frame counter to prevent replay attacks
22
IEEE 802.11 Security
• What else can be done?
– Separation of the insecure WLAN from the secure
company intranet – Additional security on higher levels: IPSec or SSL or
SSH– Additional authentication server– Closed shop (only registered MAC addresses)– Supression of the network name
• Next step is the use of AES instead of RC4
23
PANs Standards/ Bluetooth
Bluetooth short overview
– Created 1998 by Ericsson,Intel,IBM,Nokia,Toshiba– Intended for wireless ad-hoc pico networks ( < 10m)– goal: cheap one-chip solution for short distance wireless
communication– Areas of use
• Connectiion of peripheric devices• Support of ad-hoc networks
– Frequency band 2,4 GHz
24
PANs Standards/ Bluetooth
Bluetooth short overview (cont..)
– Point-to-point and point-to-multipoint transmission possible– range 10 cm to 10 m with 1 mW, up to 100m with 100mW– synchronous voice channels– 1 asynchronous data channel– 1 channel data or voice support data rates of:
• 433,9 kbit/s asynchronous-symmetric• 723,2 kbit/s / 57,6 kbit/s asynchronous-asymmetric• 64 kbit/s synchronous, voice
25
PANs Standards/ Bluetooth
Bluetooth network infrastructures
Example of a piconet Examples for master/slaves networking
26
PANs Standards/ Bluetooth
Bluetooth services• Two modes
– Synchronous Connection-oriented Link, SCO• Needed for voice• Master reserves time slots
– Asynchronous Connectionless Link, ACL• Needed for packet oriented data transfer• Master uses polling
27
Security Architecture of Bluetooth
• Central component of the Bluetooth security architecture is the Security Manager with the following tasks:– Administration of security attributes of services and devices– Access control from and to devices– authentication– Encryption/decryption support– Moderation of the connection establishment between two
devices which don‘t know each other
28
Security Architecture of Bluetooth
• Security services comprise :
– mutual authentification of devices, which are identified through a Bluetooth address
– Encryption of transfered data– authorisation of the use of services
• Subjects in Bluetooth are solely devices, i.e. authorisation is always done on the basis of the device identities and attributes
• Objects are the services
29
Security Architecture of Bluetooth
• Access can be granted on the basis of the trustworthyness of the device, or whether a succesful authentication has been done before
• Identification means is the device address (BD_ADDR)
– BD_ADDR is a 48 bit long unique address which is assigned by IEEE
• device authorisation is based on device attributes
30
Security Architecture of Bluetooth
• Bluetooth security on link level is based on 128 bit link key and on the symmetric E0 algorithm
– A link key is being established between two or more communication partners for one session
– Link key and E0 algorithm are used for the device authentication
– Encryption keys are derived from the link key and can have a length between 8 bit and 128 bit.
– The length of the encryption keys is device-dependent and cannot be changed by the user