cis 6930 cellular and mobile network security
play

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony - PowerPoint PPT Presentation

Sep 20, 2023 •767 likes •887 views

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

  1. CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research

  2. Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

  3. Well Placed Nostalga? The general feeling is that the Internet and its openness brought about • significant insecurity. 
 If only, some lamented, we could go back to a more closed and controlled • environment like telecommunications networks, security would no longer be such an issue. 
 Is such an assertion well founded? 
 • How secure are telecommunications 
 • networks in reality? Florida Institute for Cybersecurity (FICS) Research 3

  4. Setting Expectations This lecture is designed to kick off the final portion of the semester and give us • context to our security discussions. Just how good were the “good old days”? 
 • We will introduce classes of vulnerabilities today. • We will spend the rest of the semester studying many of them in great detail. 
 • Many of the lectures moving ahead rely on 
 • the understanding of the architecture of the 
 networks you have spent so much time 
 learning. Florida Institute for Cybersecurity (FICS) Research 4

  5. Weak Cryptography The algorithms underlying these operations are also insecure. • Rumor has it that was is partially intentional. • COMP-128 (used as A3) can expose K i . • 2 19 queries to the SIM card allow attacker to recover K i . • A5/1 and A5/2 (used as A5) are also weak. • Golic (1997) and Biryukov (2000) created known-plaintext attacks • possible in 2 40 operations or with 300 GB of space. Multiple recent efforts use rainbow tables and GPUs to rapidly crack • keys. Florida Institute for Cybersecurity (FICS) Research 5

  6. Vulnerabilities in the Network Core In-band Signaling • “Captain Crunch” attacks 
 • Unauthenticated signaling in the SS7 core. • MAPSec standard created, never used in reality outside of one unfortunate and • informative instance. How “walled” are these gardens in reality? 
 • ASN.1 compiler/parser buffer overflows • Nearly every core node vulnerable. • Florida Institute for Cybersecurity (FICS) Research 6

  7. Eavesdropping AMPS had no encryption. • Device cloning attacks by capturing the ESN. 
 • Networks can specify A5/0 mode during Cipher Mode “negotiation”. • A5/0 is mandated in France to allow easy over-the-air lawful • interception. 
 Crypto ends at the BS. • Microwave backhauls to the network make interception easy. • Florida Institute for Cybersecurity (FICS) Research 7

  8. Jamming A number of companies sell “personal jamming” devices. • You can buy them in street markets in many major cities. • Many public places (e.g., theaters, churches, etc) have considered purchasing • slightly higher-grade products. This is HIGHLY illegal in the US, but not so in other countries. 
 • AMPS and GSM are relatively easy to jam directly. 
 • CDMA should make this much hard. • Why do you think jamming is still possible? • Florida Institute for Cybersecurity (FICS) Research 8

  9. Tracking, Privacy and CALEA Lawful intercept of personal communications has a deep legal history in this • country. In general, your calls can not be listened in upon without the approval of a • judge. Significant infrastructure exists to support lawful interception. • Recent history provides examples of “less-lawful” interception. • Location of specific individuals, email sent over cellular networks and text • messages are very much in a grey area. US DoJ is arguing against the need for warrants 
 • here. Implications? Florida Institute for Cybersecurity (FICS) Research 9

  10. Overload and DoS Networks are designed and provisioned based on certain assumptions • about traffic load. Voice traffic is much easier to predict than data. • Connecting telephony to the much less regulated, less predictable Internet • creates opportunities to violate the above assumptions. Understanding the architecture can make these attacks targeted and • efficient. Brute-force DoS is largely uninteresting... • Florida Institute for Cybersecurity (FICS) Research 10

  11. Malware and Mobile Phones Up to this point, most malware in this space has been fairly basic and • uninteresting from an analysis perspective. The vast majority rely on social engineering. • Mobile AV products exist, but how many people do you know that • actually run them? New exploits are becoming increasingly sophisticated. • PDF vulnerabilities, Heap spraying • What are applications secretly leaking about you? • What can be done in this space given the constraints? • Florida Institute for Cybersecurity (FICS) Research 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick Traynor 11/8/2018 (Thanks to Adam Doup and Brad Reaves) Florida Institute for Cybersecurity (FICS) Research Announcements Abstracts for Course

1.38k views • 46 slides
CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick Traynor 11/15/18 Florida Institute for Cybersecurity (FICS) Research Closing Notes Remember, 50% of the course grade comes from this project.

624 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18 Florida Institute for Cybersecurity (FICS) Research Reminders You need to start working on your project! Some of you have not yet built

1.22k views • 32 slides
CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor 9/18/2018 Florida Institute for Cybersecurity (FICS) Research The Big Picture Details create the big picture. -Sanford I. Weill Florida Institute

1.13k views • 40 slides
CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor 10/9/18 Florida Institute for Cybersecurity (FICS) Research A Recap... How do phone calls happen in 3G networks? Our midterm is on 10/18

703 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick Traynor 10/11/2018 Florida Institute for Cybersecurity (FICS) Research UMTS and CDMA 3G technology - major change from GSM (TDMA) Based on

337 views • 22 slides
CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018 Florida Institute for Cybersecurity (FICS) Research Rapid Communication Over Distance Florida Institute for Cybersecurity (FICS) Research 2

827 views • 19 slides
CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor 10/2/18 Florida Institute for Cybersecurity (FICS) Research Cellular Telecommunications Architecture Background Air Interfaces Network

831 views • 39 slides
Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo University of Michigan AIMS-5 2013 Background Prevalence of cellular networks Mobile Traffic is expected to grow rapidly in the near future

510 views • 18 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular handsoffs. Mobile IP, cellular handsoffs. Mythili Vutukuru CS 653 Spring 2014 Feb 24, Monday Network layer: recap The network or IP layer

388 views • 11 slides
CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor 10/23/18 Florida Institute for Cybersecurity (FICS) Research Packet-Switched Mobile Data Florida Institute for Cybersecurity (FICS) Research 2

805 views • 21 slides
Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer: William Enck November 30, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 CSE 543 Computer (and Network) Security - Fall 2006 - Professor

677 views • 21 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Downgrade Resilience in Key Exchange markulf kohlweiss joint work with: k. bhargavan, c.

Downgrade Resilience in Key Exchange markulf kohlweiss joint work with: k. bhargavan, c.

Downgrade Resilience in Key Exchange markulf kohlweiss joint work with: k. bhargavan, c. brzuska, c. fournet, m. green, s. zanella-beguelin 1 Downgrade as an everyday phenomen https:// http:// 2 TLS protocol suite not a single protocol

624 views • 24 slides
Constructors and Destructors Invoking Mechanisms Advantage of OOP Multiple Constructors

Constructors and Destructors Invoking Mechanisms Advantage of OOP Multiple Constructors

Contents House Keeping Problem Constructors Destructors Constructors and Destructors Invoking Mechanisms Advantage of OOP Multiple Constructors Array of Objects C++ Object Oriented Programming Default Arguments

198 views • 5 slides
Language and Stats 11-(7/6)61 Introduction Objectives Logistics Statistical Language Modeling

Language and Stats 11-(7/6)61 Introduction Objectives Logistics Statistical Language Modeling

Language and Stats 11-(7/6)61 Introduction Objectives Logistics Statistical Language Modeling (SLM); Computational Linguistics (CL) Bhiksha Raj 11-761 1 11-761 2 Language and Statistics Iozmne pqmnzg habfbngyeydh shahmw Language or

992 views • 81 slides
Object Oriented Programming in C++ Destructors Based on

Object Oriented Programming in C++ Destructors Based on

Object Oriented Programming in C++ Destructors Based on materials from Brian Balazs (USNA) Destructors Only one per class Class name with ~

728 views • 54 slides
Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke

Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke University Is this circle secure? PROBLEM: The question is under-defined. What does it mean to for a circle to be secure? LESSON:

400 views • 29 slides
Mobile telephony Fabian van den Broek Agenda Introductjon 2G / 3G / 4G Security

Mobile telephony Fabian van den Broek Agenda Introductjon 2G / 3G / 4G Security

Advanced Network Security Mobile telephony Fabian van den Broek Agenda Introductjon 2G / 3G / 4G Security Authentjcatjon Cryptography Eavesdropping Privacy Tracking A solutjon: PMSI 2 Telephony

843 views • 52 slides
Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security

Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security

Advanced Network Security Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security Authentcaton Cryptography Eavesdropping Privacy Tracking A solutonn PPNSI 2 Telephony security

546 views • 51 slides
World 2012 XW12 1 2 Overview and Introduction XW12 XW12 3 4 Overview School of IS

World 2012 XW12 1 2 Overview and Introduction XW12 XW12 3 4 Overview School of IS

Sync, Clone, and Snapshot ... Dr Ashley Aitken Curtin University A.Aitken@Curtin.Edu.Au AshleyAitken (Twitter, Skype, LinkedIn) World 2012 XW12 1 2 Overview and Introduction XW12 XW12 3 4 Overview School of IS Curtin University

470 views • 10 slides

More recommend