Security Requirements Authorization Which objects are accessible by whom? Authentication Reliable identification of users identity . Mobile Communications Mobile Communications Confidentiality Security No access to information for unauthorized users. Integrity Types of Attacks 802.11 Security Protection of data from manipulation/deletion. GSM Security GSM Security Access Control Lists Access Control Lists Non-repudiation WEP Authentication Originator cannot deny being the origin of data. WPA/WPA2 Encryption 802.1X/EAP Temporary ID (TMSI) Availability Tunneling … of resources and data to legitimate users. Sicherheit Mobile Communication Security 1 Mobile Communication Security 2 Attack Types Attack Types Active attacks: Passive attacks: Masquerading Falsifying of identity Falsifying of identity Eavesdropping undetected interception and recording of communications by non- Tampering authorized persons Unnoticed manipulation of messages during transmission p g g Traffic flow analysis Replay Storage of messages and later (unmanipulated) retransmission. g g ( p ) By observing transmitted messages By observing transmitted messages Conclusions about behavior, interest and habits of users Denial of Service Prevention of users from using a service by overload- or interference attacks. Security Security Mobile Communication Security 3 Mobile Communication Security 4
GSM / UMTS security mechanisms GSM / UMTS security mechanisms User Authentication For each GSM subscriber, there is a key K i (128 bit) K i is stored on the SIM (Subscriber Identification Module) and HLR (Home Location Register) Location Register) User Authentication K i never leaves the SIM card or the HLR To authenticate, a "challenge-response" method is used, based on a one- Encryption way function, in GSM referred to as A3 algorithm. Each network operator can define A3 itself, known examples: COMP128 (already cracked, takes less than a minute) COMP128 (already cracked takes less than a minute) Temporary Identification (TMSI) T Id tifi ti (TMSI) COMP128-2 (secret) COMP128-3 (secret, but some analysis shows that problems of COMP128 have been basically solved) Security Security Mobile Communication Security 5 Mobile Communication Security 6 GSM / UMTS security mechanisms GSM / UMTS security mechanisms User Authentication (cont.) Encryption of the air interface (optional) Suppose a mobile station i enters a new cell (eg in a foreign network). The challenge response method cannot prevent „Man in the Middle“ attacks The Authorization Center (AC) at the users HLR is then contacted by the Th A th i ti C t (AC) t th HLR i th t t d b th Eavesdropping and unauthorized phone calls on the expense of others E d i d th i d h ll th f th foreign network. Therefore, there is another one way function in GSM called "A8 algorithm" The AC generates a random number RAND (128 bit) and a value SRES g ( ) A8 is also determined by the network operator, e.g. also COMP128-3 y p , g (32 bit) by employing A3 with K i to RAND. HLR generates a symmetric key K c from RAND and K i by A8 HLR sends (RAND, SRES) encrypted and signed to the foreign network. HLR sends (RAND, SRES, K c ) encrypted and signed to the foreign network. The foreign network sends RAND (challenge) to the mobile station i and The foreign network sends RAND to mobile station as before. „asks“ it to calculate SRES‘ by executing A3 with K i on RAND. The mobile station computes K c using RAND and K i employing A8 Then the mobile station sends calculated SRES back to foreign network Then the mobile station sends calculated SRES‘ back to foreign network K i th K c is then used on the air interface as an encryption key. d th i i t f ti k (response). If SRES = SRES‘ the mobile station is authenticated successfully. Security Security Mobile Communication Security 7 Mobile Communication Security 8
GSM / UMTS security mechanisms GSM / UMTS security mechanisms Encryption of the Air interface (optional, cont.) Temporary identification (TMSI) With K c all calls between mobile and base station are encrypted. The IMSI number (International Mobile Subscriber Identity) is used as international mobile subscriber identifier international mobile subscriber identifier. The encryption algorithm itself is called „A5-algorithm“ in GSM Th ti l ith it lf i ll d A5 l ith “ i GSM It is transferred only once in a foreign network. There are 3 different standardizedA5: After the transfer the MSC/VLR computes a TMSI (Temporary Mobile p ( p y A5/1 stream cipher algorithm, weak p g , Subscriber Identity) A5/2 stream cipher algorithm, even weaker A5/3 block cipher algorithm, strong For any further communication the TMSI is used In case of a re-registration at a cell or a cell to cell handover a new TMSI is computed, encrypted and transferred. This mechanism makes it difficult for http://www.gsmworld.com/using/algorithms/index.shtml attackers to create a motion profile, which means mapping of IMSI to TMSI. Security Security Mobile Communication Security 9 Mobile Communication Security 10 GSM / UMTS security mechanisms The IEEE 802.11 standard security mechanisms Summary Provision of: Access Control Authentication Encryption yp 802.11 Wireless Client Access Point Request Service Set Identifier Wired Equivalent Privacy (WEP) (SSID) WiFi Protected Access (WPA) Media Access Control (MAC filtering) Security Mobile Communication Security 11 Mobile Communication Security 12
Access Control - Service Set Identifier (SSID) Access Control - MAC Address List Standard Mode Access control by means of Access Control Lists (ACL) of MAC addresses The network name (SSID) doesn‘t have to be known to the client The network name (SSID) doesn t have to be known to the client SSID = dividing a Wireless LAN into distinct segments ACLs have to be managed via management software centrally on access AP sends "beacon" signals containing the SSID, so that clients can find the points points desired segment desired segment Not well scalable. Administrative burden is very high. Hidden Mode (closed network, no broadcast) AP sends beacon“ signals without SSID therefore the client must know AP sends „beacon signals without SSID, therefore the client must know Remedy Remedy the SSID of desired segment upfront. central file with MAC list AP does not reply to SSID broadcasts by clients RADIUS Server Username = MAC address Username = MAC address Unfortunately the SSID is transmitted in other signalling messages in clear Password = „null“ or „none“ text. MAC addresses are generally transmitted unencrypted MAC addresses are generally transmitted unencrypted SSID can be easily intercepted with a „Wireless Sniffer“. Attacker can intercept MAC address and misuse it on his/her own wireless interface card = MAC address spoofing (identity pretention) Mobile Communication Security 13 Mobile Communication Security 14 Wired Equivalent Privacy (WEP) WEP modes Radio waves do not stop at the front door of buildings Open System Authentication p y Unlike wired systems, it requires no physical intervention in order to break Unlike wired systems it requires no physical intervention in order to break into the network Station Identity Wired Equivalent Privacy Wi d E i l t P i result Access Point safety from interception is supposed to be at least as good as wired Wireless Client systems. Primary goal is privacy: prevention of eavesdropping Shared Key Authentication Secondary target is authentication of clients Station Identity Station Identity WEP 802.11 is available in a 40-bit and 128-bit version Challenge C WEP has no method for key management WEP ( C ) Keys must be configured manually Global key <-> personal key Access Point Wireless Client result Keys are the same for everyone, are secret only for a short period of time. Keys are the same for everyone are secret only for a short period of time Mobile Communication Security 15 Mobile Communication Security 16
Recommend
More recommend
