cellular networks background and classical vulnerabilities
play

Cellular Networks: Background and Classical Vulnerabilities - PowerPoint PPT Presentation

Oct 08, 2022 •91 likes •378 views

  1. �������฀฀���฀฀�������� ��������������฀�������� � � �������฀���฀��������฀��������฀������ ����������฀��฀��������฀�������฀���฀����������� ������������฀�����฀�����������฀����������฀����฀฀�� Cellular Networks: Background and Classical Vulnerabilities Patrick Traynor CSE 545 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  2. Cellular Networks • Provide communications infrastructure for an estimated 2.6 billion users daily. ‣ The Internet connects roughly 1 billion. • For many people, this is their only means of reaching the outside world. • Portable and inexpensive nature of user equipment makes this technology accessible to most socio- economic groups. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2

  3. Aren’t They The Same? • Cellular networks and the Internet are built to support very different kinds of traffic. ‣ Real-time vs Best Effort • The notions of control and authority are different. ‣ Centralized vs distributed • The underlying networks are dissimilar. ‣ Circuit vs packet-switched Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

  4. Network Characteristics • Composed of wired backbone and wireless last-hop • Inconsistent performance ‣ Variable delay ‣ High error rates ‣ Lower bandwidth • Potentially high mobility. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4

  5. Access Basics - FDMA • The most basic access technique is known as Frequency-Division Multiple Access (FDMA). • Each user in these systems receives their own dedicated frequency band (i.e., “carrier”). ‣ Requires one for uplink and another for downlink. • To reduce interference, each carrier must be separated by guard bands. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

  6. TDMA Access • Time-Division Multiple Access (TDMA) systems greatly increase spectrum utilization. • Each carrier is subdivided into timeslots, thereby increasing spectrum use by a factor of the divisor. • Requires tight time synchronization in order to work. ‣ To protect against clock drift, we need to buffer our timeslots with guard-time. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

  7. CDMA Access • Code-Division Multiple Access (CDMA) systems have users transmit simultaneously on the same frequency. • The combined transmissions are viewed additively by the receiver. • By applying a unique code, the receiver can mask-out the correct signal. ‣ Picking these codes must be done carefully. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 7

  8. In the beginning... (1G) • First commercial analog systems introduced in the early 1980’s. • Two competing standards arose: The Advanced Mobile Phone System (AMPS) and Total Access Communication System (TACS). • Both systems were FDMA-based, so supporting a large number of calls concurrently was difficult. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 8

  9. The Advent of Digital (2G) • Second Generation systems were introduced in the early 1990’s. • Three competing standards: IS-136 and GSM (TDMA) and IS-95-A/cdmaOne (CDMA). • 2G networks introduced dedicated control channels, which greatly increased the amount of information exchanged between devices and the network. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9

  10. Introducing Data (2.5G) • Digital brings higher bandwidth, and the opportunity to deploy data services. • Standards for data systems: GPRS and HSCSD (TDMA) IS-95-B/cdmaOne (CDMA). • 2.5G Data services have been met with varying success. ‣ 2.75G provides significant improvements. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10

  11. High Speed (3G) • In theory, can provide rates of 10 Mbps downlink. • Slow to roll out, 3G systems are only now becoming widespread. ‣ In Pennsylvania, only a few major cities have coverage. • Competing standards: cdma2000/EV-DO and WCDMA/UMTS. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11

  12. Evolution Summary 1G 2G 2.5G 2.75G 3G (analog) (digital) (data) (data) (wideband data) IS-95-A/ IS-95-B/ cdma2000 1x (1.25 MHz) AMPS cdmaOne cdmaOne cdma2000 3x (5 MHz) 1X EVDO: HDR IS-136 136 HS EDGE TDMA TACS GPRS WCDMA GSM EDGE HSCSD Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12

  13. SS7 Network • Powering all of these networks is the SS7 core. ‣ 3G networks will eventually shift to the all-IP IMS core, but SS7 will never fully go away. • These systems are very different from IP networks. ‣ The requirements are different: real-time vs best-effort services. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  14. Protocol Architecture MAP Application Layer TCAP Transport Layer ISUP SCCP Network Layer MTP L3 Link Layer MTP L2 Physical Layer MTP L1 • All of the functionality one expects to find in the OSI/Internet protocol stack is available in SS7. • Where those services are implemented may be different. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14

  15. Message Transfer Part • Covers most of the functionality of the lowest three OSI/Internet protocol stack. • Broken into three “levels”. ‣ MTP1: 56/64 KBps physical links. ‣ MTP2: Link layer and reliable message delivery. MAP ‣ MTP3: Network layer functionality. TCAP ISUP SCCP MTP L3 MTP L2 MTP L1 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15

  16. ISUP , SCCP , TCAP • ISDN User Part (ISUP): Carries call routing information for resource reservation. • Signaling Connection Control Part (SCCP): Carries routing information for specific functions. • Transaction Capabilities Application Part MAP (TCAP): Interface to request the execution TCAP of remote procedures. ISUP SCCP MTP L3 MTP L2 MTP L1 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  17. Mobile Application Part • The application layer for SS7 networks. • This supports services directly visible by the user: ‣ Call handling ‣ Text messaging ‣ Location-based services MAP TCAP • Protected by MAPsec ISUP SCCP ‣ Sort of... MTP L3 MTP L2 MTP L1 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17

  18. Network Components • HLR stores records for all phones in the network. • MSC/VLR connect wired and wireless components of the network and perform handoffs. • BS communicate wirelessly with users. MSC MSC • MS is a user’s mobile device. VLR VLR Serving MS MSC Network HLR Gateway MSC Systems and Internet Infrastructure Security (SIIS) Laboratory Page 18

  19. Security Issues • Such networks have long been viewed as secure because few had access to them or the necessary knowledge. • However, attacks are not a new phenomenon. ‣ Many different classes of attacks are well documented. • We investigate a number of such attacks throughout the remainder of this lecture. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 19

  20. Weak Crypto • GSM networks use COMP128 for all operations. ‣ Authentication (A3), session key gen (A8) and encryption (A5). • COMP128 was a proprietary algorithm... ‣ ...that can be broken in under one second. ‣ Weaker variants can be broken in 10 milliseconds. • Replaced by COMP128-2 and COMP128-3 (maybe) ‣ Also proprietary. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 20

  21. One-Way Authentication • In GSM systems, the network cryptographically authenticates the client. • The client assumes that any device speaking to it is the network. • Accordingly, it is relatively easy to perform a “Man in the Middle” attack against all GSM networks. ? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 21

  22. Core Vulnerabilities • None of the messages sent within the network core are authenticated. • MAPsec attempts to address this problem by providing integrity and/or confidentiality. • The only known deployment of MAPsec was online for two days before being shut off. ‣ Serious performance degradation prevent its use. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 22

  23. Eavesdropping • Early analog systems were easy to eavesdrop upon. ‣ Processing power, export rules and bandwidth worked against cryptography. • GSM systems use weak crypto, so eavesdropping is still possible over the air. • Nothing is encrypted through the network itself, so anyone with access can listen to any call. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 23

  24. Jamming • The legality of cell phone jamming varies from country to country. ‣ USA: Illegal ‣ France: Legal in certain circumstances • Just because it is illegal in some countries does not mean it is not a threat. ‣ You can buy hand-held jammers on the street in most major cities. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobility and cellular networks Mobility and cellular networks Cellular radio and PCS networks

Mobility and cellular networks Mobility and cellular networks Cellular radio and PCS networks

Wireless WANs Mobility and cellular networks Mobility and cellular networks Cellular radio and PCS networks Wireless data networks Satellite links and networks Mobility, etc.- 2 Basic concepts and directions in telecommunications

289 views • 7 slides
The structure of cellular networks The structure of cellular networks To be able to construct and

The structure of cellular networks The structure of cellular networks To be able to construct and

The structure of cellular networks The structure of cellular networks To be able to construct and analyze a cellular network, we need to clearly define what we identify as a node and what we represent with an edge. The nodes and edges have to

680 views • 41 slides
Location Services Based on Location Services Based on Cellular Networks Cellular Networks Mikko

Location Services Based on Location Services Based on Cellular Networks Cellular Networks Mikko

Location Services Based on Location Services Based on Cellular Networks Cellular Networks Mikko Voipio Next Generation Wireless Networks November 31, 2005 Background Background A lot of information is location based Location is,

509 views • 18 slides
Cellular Networks Principles of Cellular Networks First Generation Analog, AMPS Second

Cellular Networks Principles of Cellular Networks First Generation Analog, AMPS Second

CMPE 477 Wireless and Mobile Networks Cellular Networks Principles of Cellular Networks First Generation Analog, AMPS Second Generation TDMA, GSM System Architecture Radio Interface Localization and Calling Handover

715 views • 50 slides
for Cellular Networks dra<-arkko-core-cellular-00 J.

for Cellular Networks dra<-arkko-core-cellular-00 J.

Building Power-Efficient CoAP Devices for Cellular Networks dra<-arkko-core-cellular-00 J. Arkko, A. Eriksson, A. Kernen IETF 84, Vancouver, BC,

428 views • 11 slides
Modern Wireless Networks Cellular Networks ICEN 574 Spring 2019 Prof. Dola Saha 1 Cellular

Modern Wireless Networks Cellular Networks ICEN 574 Spring 2019 Prof. Dola Saha 1 Cellular

Modern Wireless Networks Cellular Networks ICEN 574 Spring 2019 Prof. Dola Saha 1 Cellular Generations Universally accepted single technology ~1990 ~2020 ~2010 ~1980 ~2000 2 Convergence of Wireless Technologies 3 The Next

1.52k views • 47 slides
WIRELESS & CELLULAR NETWORKS SECTIONS 7.1 TO 7.3, 7.7 CSC 249 APRIL 3, 2018 New

WIRELESS & CELLULAR NETWORKS SECTIONS 7.1 TO 7.3, 7.7 CSC 249 APRIL 3, 2018 New

4/2/18 WIRELESS & CELLULAR NETWORKS SECTIONS 7.1 TO 7.3, 7.7 CSC 249 APRIL 3, 2018 New challenges: wireless links and mobile hosts Cellular networks for Internet access Introduction to mobility 1 4/2/18 CSMA/CD: carrier sensing

494 views • 23 slides
networks (1 st generation device) Donhee Ham, Harvard University Electrogenic cellular networks

networks (1 st generation device) Donhee Ham, Harvard University Electrogenic cellular networks

CMOS electronics probe inside biological cellular networks (1 st generation device) Donhee Ham, Harvard University Electrogenic cellular networks ~10 11 neurons ~10 9 cardiomyocytes ~10 15 synapses ~10 10 cell-cell connections Dichotomy

313 views • 18 slides
NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
Performance Oriented Association in Cellular Networks with Technology Diversity Abishek

Performance Oriented Association in Cellular Networks with Technology Diversity Abishek

Performance Oriented Association in Cellular Networks with Technology Diversity Abishek Sankararaman, Jeong-woo Cho, Franois Baccelli. Outline Motivation and Background. Main mathematical model. Summary of Results. Conclusions

862 views • 69 slides
15-441/641: Cellular Networks How different from WiFi? and Mobility Overview of

15-441/641: Cellular Networks How different from WiFi? and Mobility Overview of

11/20/2019 Overview Cellular networks 15-441/641: Cellular Networks How different from WiFi? and Mobility Overview of technologies Mobility 15-441 Fall 2019 Profs Peter Steenkiste & Justine Sherry The Internet

313 views • 10 slides
A First Look at Unstable Mobility Management in Cellular Networks Yuanjie Li 1 Jiaqi Xu 2 Chunyi

A First Look at Unstable Mobility Management in Cellular Networks Yuanjie Li 1 Jiaqi Xu 2 Chunyi

A First Look at Unstable Mobility Management in Cellular Networks Yuanjie Li 1 Jiaqi Xu 2 Chunyi Peng 2 Songwu Lu 1 1 University of California, Los Angeles 2 The Ohio State University HotMobile16 Ubiquitous Cellular Network Access Cellular

648 views • 29 slides
3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless

3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless

3rd Generation Systems Review of Cellular Wireless Networks UMTS Cellular Wireless Network Evolution First Generation : Analog AMPS: Advance Mobile Phone Systems Residential cordless phones Second Generation : Digital

584 views • 40 slides
T-110.456 Next generation cellular networks Location Services Based on Cellular Systems Alexei

T-110.456 Next generation cellular networks Location Services Based on Cellular Systems Alexei

T-110.456 Next generation cellular networks Location Services Based on Cellular Systems Alexei Semenov 06.04.2005 Agenda - Introduction - Location Service System Architecture - Mobile Location Protocol - Evolution of Location Services -

450 views • 17 slides
Cellular Automata: Overview and classical results Silvio Capobianco k, Silvio@ru.is H ask

Cellular Automata: Overview and classical results Silvio Capobianco k, Silvio@ru.is H ask

Reykjav k, August 23, 2006 Cellular Automata: Overview and classical results Silvio Capobianco k, Silvio@ru.is H ask olinn Reykjav a degli Studi di Roma La Sapienza, capobian@mat.uniroma1.it Universit` 1

663 views • 53 slides
Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo University of Michigan AIMS-5 2013 Background Prevalence of cellular networks Mobile Traffic is expected to grow rapidly in the near future

510 views • 18 slides
Concurrency 1 Introduction Alexandre David adavid@cs.aau.dk Credits for the slides: Claus

Concurrency 1 Introduction Alexandre David adavid@cs.aau.dk Credits for the slides: Claus

Concurrency 1 Introduction Alexandre David adavid@cs.aau.dk Credits for the slides: Claus Brabrand Jeff Magee & Jeff Kramer 1 Course Teachers: Alexandre David adavid@cs.aau.dk Emmanuel Fleury fleury@cs.aau.dk Page:

608 views • 21 slides
Tonights Agenda 6:30 Welcome & Updates 6:35 Main Event Nominations, selection, viewing

Tonights Agenda 6:30 Welcome & Updates 6:35 Main Event Nominations, selection, viewing

Tonights Agenda 6:30 Welcome & Updates 6:35 Main Event Nominations, selection, viewing & discussion 7:35 Wrap up, Networking Clear the house! 7:55 Who: Barry OReilly, business advisor & author Where: MindTheProduct 2017

561 views • 13 slides
Hinesville Area Metropolitan Planning Organization Policy Committee (PC) June 11, 2020 @ 9:00

Hinesville Area Metropolitan Planning Organization Policy Committee (PC) June 11, 2020 @ 9:00

Hinesville Area Metropolitan Planning Organization Policy Committee (PC) June 11, 2020 @ 9:00 A.M. 1 2 3. Approval of Minutes Motion to Approve the PC Minutes of: April 9, 2020 3 4a. Project and Transit Update 4 4a. Project and Transit

608 views • 33 slides
Mapped Tent Pitching Method for Hyperbolic Conservation Laws Christoph Wintersteiger

Mapped Tent Pitching Method for Hyperbolic Conservation Laws Christoph Wintersteiger

Mapped Tent Pitching Method for Hyperbolic Conservation Laws Christoph Wintersteiger Institute for Analysis and Scientific Computing, TU Wien Jay Gopalakrishnan Portland State University, USA Joachim Sch oberl Institute for Analysis and

1.6k views • 111 slides
Pediatric Trauma Resuscitation: How We Do It Maria F. McMahon, RN, MSN, PNP-AC/PC Trauma Center

Pediatric Trauma Resuscitation: How We Do It Maria F. McMahon, RN, MSN, PNP-AC/PC Trauma Center

Pediatric Trauma Resuscitation: How We Do It Maria F. McMahon, RN, MSN, PNP-AC/PC Trauma Center Manager Boston Childrens Hospital Struggles Communication Behavior in trauma room Documentation of Attending arrival

383 views • 15 slides
A Scalable Processing-in-Memory Accelerator for Parallel Graph Processing Seminar on Computer

A Scalable Processing-in-Memory Accelerator for Parallel Graph Processing Seminar on Computer

A Scalable Processing-in-Memory Accelerator for Parallel Graph Processing Seminar on Computer Architecture Roknoddin Azizibarzoki Junwhan Ahn, Sungpack Hong* Sungjoo Yoo, Onur Mutlu+ Kiyoung Choi Seoul National University *Oracle Labs

646 views • 41 slides
A Network for the Balkans Goran Djordjevi SEENET-MTP Network Office Faculty of Science and

A Network for the Balkans Goran Djordjevi SEENET-MTP Network Office Faculty of Science and

Southeastern European Network in Mathematical and Theoretical Physics SEENET-MTP A Network for the Balkans Goran Djordjevi SEENET-MTP Network Office Faculty of Science and Mathematics, University of Ni , SERBIA Department of Theoretical

857 views • 48 slides
Final Results Review Third Workshop 10/25/2019 Jasmine Ouyang, Sr. Consultant Gabe Mantegna,

Final Results Review Third Workshop 10/25/2019 Jasmine Ouyang, Sr. Consultant Gabe Mantegna,

MN Storage Cost-Benefit Analysis Final Results Review Third Workshop 10/25/2019 Jasmine Ouyang, Sr. Consultant Gabe Mantegna, Consultant Kush Patel, Partner Logistics Please mute yourself There will be 20 minutes for Q&A at the

760 views • 71 slides

More recommend