cis 6930 cellular and mobile network security
play

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony - PowerPoint PPT Presentation

Sep 20, 2023 •767 likes •887 views

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

  1. CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research

  2. Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

  3. Well Placed Nostalga? The general feeling is that the Internet and its openness brought about • significant insecurity. 
 If only, some lamented, we could go back to a more closed and controlled • environment like telecommunications networks, security would no longer be such an issue. 
 Is such an assertion well founded? 
 • How secure are telecommunications 
 • networks in reality? Florida Institute for Cybersecurity (FICS) Research 3

  4. Setting Expectations This lecture is designed to kick off the final portion of the semester and give us • context to our security discussions. Just how good were the “good old days”? 
 • We will introduce classes of vulnerabilities today. • We will spend the rest of the semester studying many of them in great detail. 
 • Many of the lectures moving ahead rely on 
 • the understanding of the architecture of the 
 networks you have spent so much time 
 learning. Florida Institute for Cybersecurity (FICS) Research 4

  5. Weak Cryptography The algorithms underlying these operations are also insecure. • Rumor has it that was is partially intentional. • COMP-128 (used as A3) can expose K i . • 2 19 queries to the SIM card allow attacker to recover K i . • A5/1 and A5/2 (used as A5) are also weak. • Golic (1997) and Biryukov (2000) created known-plaintext attacks • possible in 2 40 operations or with 300 GB of space. Multiple recent efforts use rainbow tables and GPUs to rapidly crack • keys. Florida Institute for Cybersecurity (FICS) Research 5

  6. Vulnerabilities in the Network Core In-band Signaling • “Captain Crunch” attacks 
 • Unauthenticated signaling in the SS7 core. • MAPSec standard created, never used in reality outside of one unfortunate and • informative instance. How “walled” are these gardens in reality? 
 • ASN.1 compiler/parser buffer overflows • Nearly every core node vulnerable. • Florida Institute for Cybersecurity (FICS) Research 6

  7. Eavesdropping AMPS had no encryption. • Device cloning attacks by capturing the ESN. 
 • Networks can specify A5/0 mode during Cipher Mode “negotiation”. • A5/0 is mandated in France to allow easy over-the-air lawful • interception. 
 Crypto ends at the BS. • Microwave backhauls to the network make interception easy. • Florida Institute for Cybersecurity (FICS) Research 7

  8. Jamming A number of companies sell “personal jamming” devices. • You can buy them in street markets in many major cities. • Many public places (e.g., theaters, churches, etc) have considered purchasing • slightly higher-grade products. This is HIGHLY illegal in the US, but not so in other countries. 
 • AMPS and GSM are relatively easy to jam directly. 
 • CDMA should make this much hard. • Why do you think jamming is still possible? • Florida Institute for Cybersecurity (FICS) Research 8

  9. Tracking, Privacy and CALEA Lawful intercept of personal communications has a deep legal history in this • country. In general, your calls can not be listened in upon without the approval of a • judge. Significant infrastructure exists to support lawful interception. • Recent history provides examples of “less-lawful” interception. • Location of specific individuals, email sent over cellular networks and text • messages are very much in a grey area. US DoJ is arguing against the need for warrants 
 • here. Implications? Florida Institute for Cybersecurity (FICS) Research 9

  10. Overload and DoS Networks are designed and provisioned based on certain assumptions • about traffic load. Voice traffic is much easier to predict than data. • Connecting telephony to the much less regulated, less predictable Internet • creates opportunities to violate the above assumptions. Understanding the architecture can make these attacks targeted and • efficient. Brute-force DoS is largely uninteresting... • Florida Institute for Cybersecurity (FICS) Research 10

  11. Malware and Mobile Phones Up to this point, most malware in this space has been fairly basic and • uninteresting from an analysis perspective. The vast majority rely on social engineering. • Mobile AV products exist, but how many people do you know that • actually run them? New exploits are becoming increasingly sophisticated. • PDF vulnerabilities, Heap spraying • What are applications secretly leaking about you? • What can be done in this space given the constraints? • Florida Institute for Cybersecurity (FICS) Research 11

Recommend

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick Traynor 11/8/2018 (Thanks to Adam Doup and Brad Reaves) Florida Institute for Cybersecurity (FICS) Research Announcements Abstracts for Course

1.38k views • 46 slides
CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick Traynor 11/15/18 Florida Institute for Cybersecurity (FICS) Research Closing Notes Remember, 50% of the course grade comes from this project.

624 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18 Florida Institute for Cybersecurity (FICS) Research Reminders You need to start working on your project! Some of you have not yet built

1.22k views • 32 slides
CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor 9/18/2018 Florida Institute for Cybersecurity (FICS) Research The Big Picture Details create the big picture. -Sanford I. Weill Florida Institute

1.13k views • 40 slides
CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor 10/9/18 Florida Institute for Cybersecurity (FICS) Research A Recap... How do phone calls happen in 3G networks? Our midterm is on 10/18

703 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick Traynor 10/11/2018 Florida Institute for Cybersecurity (FICS) Research UMTS and CDMA 3G technology - major change from GSM (TDMA) Based on

337 views • 22 slides
CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018 Florida Institute for Cybersecurity (FICS) Research Rapid Communication Over Distance Florida Institute for Cybersecurity (FICS) Research 2

827 views • 19 slides
CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor 10/2/18 Florida Institute for Cybersecurity (FICS) Research Cellular Telecommunications Architecture Background Air Interfaces Network

831 views • 39 slides
Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo University of Michigan AIMS-5 2013 Background Prevalence of cellular networks Mobile Traffic is expected to grow rapidly in the near future

510 views • 18 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular handsoffs. Mobile IP, cellular handsoffs. Mythili Vutukuru CS 653 Spring 2014 Feb 24, Monday Network layer: recap The network or IP layer

388 views • 11 slides
CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor 10/23/18 Florida Institute for Cybersecurity (FICS) Research Packet-Switched Mobile Data Florida Institute for Cybersecurity (FICS) Research 2

805 views • 21 slides
Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer: William Enck November 30, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 CSE 543 Computer (and Network) Security - Fall 2006 - Professor

677 views • 21 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless

3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless

3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless Network Evolution First Generation : Analog AMPS: Advance Mobile Phone Systems Residential cordless phones Second Generation : Digital

584 views • 40 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mobile Phones Networked device

302 views • 11 slides
Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security Symposium, 2008 Many Protocols Authentication and key exchange SSL/TLS, Kerberos, IKE, JFK, IKEv2, Wireless and mobile computing Mobile IP, WEP,

959 views • 71 slides
What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017 Dan S. Wallach , Rice University tl;dr The computers inside the computer Every chip has one or more CPUs inside; they have exploitable bugs

1.23k views • 87 slides
The structure of cellular networks The structure of cellular networks To be able to construct and

The structure of cellular networks The structure of cellular networks To be able to construct and

The structure of cellular networks The structure of cellular networks To be able to construct and analyze a cellular network, we need to clearly define what we identify as a node and what we represent with an edge. The nodes and edges have to

680 views • 41 slides
Mobile Communications Chapter 8: Network Protocols/Mobile IP Motivation Problems Data

Mobile Communications Chapter 8: Network Protocols/Mobile IP Motivation Problems Data

Mobile Communications Chapter 8: Network Protocols/Mobile IP Motivation Problems Data transfer Micro mobility support Encapsulation DHCP Security Ad-hoc networks IPv6 Routing protocols Prof. Dr.-Ing. Jochen

984 views • 39 slides
Self-organisation in future mobile cellular networks Hans van den Berg, Remco Litjens TNO ICT,

Self-organisation in future mobile cellular networks Hans van den Berg, Remco Litjens TNO ICT,

FP7 ICT-SOCRATES Self-organisation in future mobile cellular networks Hans van den Berg, Remco Litjens TNO ICT, Delft, The Netherlands NET-COOP 2009, Eindhoven, 23-25 November 2009 SELF-ORGANISATION IN FUTURE MOBILE CELLULAR NETWORKS OUTLINE

1.27k views • 57 slides

More recommend