Analysis of 2G and 3G Mobile Security
Roy Campbell
Participants
• UIUC: • Roy Campbell • Dennis Mickunas, • Jalal Al-Muhtadi• Sarosh Havewala
• Motorola: • Bruce Briley • John Wang• Rong Wang • Lily Chen
Contents
• Motorola study of wireless security protocols – Present– Proposed
• Approach
• Other UIUC SRG security and mobile system research
GSM Security
• Analysis of – existing 2nd Generation (2G) CDMA and GSM
security frameworks.– 3rd Generation (3G) CDMA and GSM
network security proposals.
• Analyzing various aspects of 3G encryption and authentication techniques and their impact upon performance.
Internet Security
• IP/TCP/application layer security mechanisms effectiveness and performance over wireless networks
• Comparative performance analyses of the various security mechanisms (literature versus our studies)
• Security threat evaluation
2G GSM Security• Private Key
– A3 Key Negotiation – A8 Key Generation– A5 Encryption– Private Key encrypts message to server– Server generates random number for session
key
3G GSM Security Scenarios• Integration with Internet
• Web Access
• Multimedia
• QoS
• Network Applications
• Levels of Service
• Bandwidth
The effect of deploying security
mechanisms under different
scenarios and the impact on
performance and security
Security Features within different Components
• User
• Subscriber
• UMTS terminal equipment
• Network operator
• Service provider
Studying existing security features
and their effectiveness
under different traffic scenarios
and QoP.
User Security Features
• location confidentiality
• identity confidentiality
• traffic confidentiality
• traffic integrity
• non-repudiation
• user events, numbering, service profile
• access control
Subscriber Security Features
• Subscriber access to service profile
• user action authorization
• incontestable charging
• privacy of charging data
• integrity of charging data
• charging limitation
Terminal Equipment
• Location confidentiality
• Authentication of user to terminal
• Access control to terminal
• Terminal numbering
Network Operator Security
• Databases
• Re-authentication
• Blacklisting
• Tracing of users
• User action authorization
• Subscription authorization
• Tracing of terminal equipment
User Security Features Cont.
• Signaling and control data– confidentiality– origin authentication– integrity
• Authentication– user to user– network operator to user– service provider to user
Plan of Action
• Using “Simulation” software to model wireless communications networks, protocols, mobile devices, and various security mechanisms.
• Existing Simulators: OPNET, OMNET++, C++Sim (others)
• Alternatively, implementing our own simulator.
Evaluating Performance over Wireless Links
BaseBase BaseBase
InternetInternet
GatewayGatewayEvaluating different
authentication &
encryptionmechanisms
Evaluating different
authentication &
encryptionmechanisms
i1000plus
Java VirtualBase
Java VirtualBase
Modeling Wireless Communication
Java VirtualBase
Java VirtualBase
InternetInternet
GatewayGatewaySimulating A wireless link over TCP/IP
Simulating A wireless link over TCP/IP
Java Virtual Cell phone
Java Virtual Cell phone
Java Virtual Cell phone
Java Virtual Cell phone
Security plug-ins
UIUC SRG Security and Mobile System Research:
Secure Active Network• Seraphim interoperable secure active
networks
• Role based access control policies
• Dynamic security enforcement using active capability
CORBA Security Services• Standard object interfaces
for accessing security services
• Authentication, non-repudiation, and access control
• Interoperability between different security mechanisms
• Interoperability among different policy domains
AA BB
*interceptorinterceptor
Client
ORBORB ORBORB
requ
est
Object Implementation
Use & generate security information in the IOR
SecIOP
SESAME
Active Capability/Certificates
Network TransportNetwork Transport
Dynamic Policies
Dynamic Policies BOABOA
Security MechanismsSecurity Mechanisms
Application Client
ORBStubStub
Active Capability/Certificates
Application Server
Security Components
2k: Global Distributed Mobile Object System
• Mobile users, resources, dynamic networks
• Infrastructure for smart spaces
• Network-centric user-oriented view
• Components
• Security
• Distributed object solutions
Env.Service
ProfileService
QoS
NamingService
A Light-Weight Security Mechanism: A Light-Weight Security Mechanism: Tiny UIUC SESAMETiny UIUC SESAME
IDL InterfaceIDL InterfaceIDL InterfaceIDL InterfaceGSS-APIGSS-APIGSS-APIGSS-API
TinyTinySESAMESESAME
TinyTinySESAMESESAME
Dynamic Security Policy with Risk Values
• Policy representation framework supports:– Discretionary Access Control(DAC)– Double DAC– Role Base Access Control– Assignment of Risk values to different entities and
dynamically changing them– Non-Discretionary Access Control including
Mandatory Access Control(MAC)– GUI for building and administrating policies
PalmPilot Integration in 2K
EnvironmentService
ProfileServer
Environment ImplementationRepository
Camera
2K Camera Device Driver
1
2
3
4
5
6
7
System Bootstrapping
System Utilization
Streaming Video to Palm Pilot
Video ProxyVideo Proxy
MPEG Stream
Compressed Bitmap Stream
• Palm Pilot – lacks processing power to
decode MPEG
• Video proxy – transforms MPEG streams
– reduces• frame rate, color depth, size
– sends compressed bitmaps
Loadable Protocols
• Transparently change CORBA networking
• Dynamically loadable transport protocols
• Supports multi-protocol applications
• IP multicast protocol module (IPM)
• Multicast used for discovery/allocation
TAO
GIOP
TCP/IIOP UDPLDP IP Multicast