mobile network security
play

Mobile Network Security Refik MOLVA Institut Eurcom B.P. 193 - PowerPoint PPT Presentation

Apr 01, 2024 •331 likes •950 views

Mobile Network Security Refik MOLVA Institut Eurcom B.P. 193 06904 Sophia Antipolis Cedex - France Refik.Molva@eurecom.fr Institut Eurecom 2005 Outline Wireless LAN 802.11 (WiFi) Mobile Telecommunications Security

  1. Mobile Network Security Refik MOLVA Institut Eurécom B.P. 193 06904 Sophia Antipolis Cedex - France Refik.Molva@eurecom.fr  Institut Eurecom 2005

  2. Outline → • Wireless LAN • 802.11 (WiFi) • Mobile Telecommunications Security • GSM Security Features • 3GPP Security Architecture • CDPD Key agreement and authentication • Fraud management •Mobile IP • IPsec-based solution • Firewalls vs. Mobile IP vs. Packet Filtering Mobile Network Security - R. Molva 1

  3. 802.11 Wireless Networks Infrastructure Mode Ad Hoc Mode Mobile Network Security - R. Molva 2

  4. Association Establishment in Infrastructure Mode Client Access Point Beacon(SSID) OR Probe Request (SSID) Authentication Various Alternatives Association Request Association Response Client is associated Data Deauthenticate OR Client is not associated Deassociate Mobile Network Security - R. Molva 3

  5. Specific Vulnerabilities and Threats • lack of physical protection • eavesdropping and spoofing are easier than with wired networks • denial of (data link layer) communication service is feasible Main attacks: • eavesdropping • man in the middle • denial of service Mobile Network Security - R. Molva 4

  6. Eavesdropping • 802.11is viewed as a standard Ethernet but – media is shared as opposed to switched – each node can receive all frames • traffic can be eavesdropped from few kilometers away using appropriate equipment Mobile Network Security - R. Molva 5

  7. Man in the Middle Attack Victim Attacker Access Point Deassociate(Victim’s MAC@) Beacon as Access Point Victim is not associated on different channel Association Req. (Victim’s MAC@) Association Req. (Victim’s MAC@) Association Resp. Association Resp. Man in the Middle acts as AP Victim Victim’s data traffic Victim’s data traffic Main reason why this attack works: Management frames (associate, deassociate) are not authenticated except in 802.11i. Mobile Network Security - R. Molva 6

  8. Denial of Service • Jamming • Virtual carrier-sense attack • Spoofing of deauthentication/deassociation messages • De-synchronization attacks Mobile Network Security - R. Molva 7

  9. Security Requirements • no identification based on the physical access → Peer Entity Authentication → Data Origin Authentication • ease of disclosure and tampering with data → Data Confidentiality and Integrity → Privacy (Anonymity) • ease of access to communication media → Access Control (data link layer) → DoS prevention (?) Mobile Network Security - R. Molva 8

  10. 802.11 Network Access Control • Network Identification based on SSID (Service Set Identifier) – “secret” SSID shared by too many – Exchanged in cleartext – Ease of replay • Access Control: MAC-address based authorization to Access Point – MAC-addresses are not authenticated – MAC-addresses are easy to set on most cards • 802.1x – Clients authenticated and screened by Radius Server – AP serves as proxy – Extensible Authentication Protocol (EAP) Mobile Network Security - R. Molva 9

  11. 802.11 Client and Data Security • Wireless Equivalent Privacy (WEP) • Wi-Fi Protected Access (WPA) • 802.11i (WPA2) Mobile Network Security - R. Molva 10

  12. 802.1x • General purpose network access control mechanism • 802.1x support in Access point • No impact on clients’ wireless interface • Authentication and Authorization by RADIUS server – Extensible Authentication Protocol (EAP) RFC 2284 • Alternative methods: password, smartcard, tokens, OTP • Alternative protocols: simple challenge response, EAP- TLS. – RADIUS server determines whether access to controlled ports of the AP should be allowed Mobile Network Security - R. Molva 11

  13. 802.1x Operational Flows Client Access Point RADIUS Access Denied Association Req. Association Resp. Authentication using EAP Authentication using EAP Authentication Success Authentication Success Data Access Authorized Mobile Network Security - R. Molva 12

  14. WEP Services – Data Confidentiality – Data Integrity – Data Origin Authentication – Access control through client authentication by the AP Mobile Network Security - R. Molva 13

  15. WEP • RC4 stream cipher • 40bit and 104bit keys • WEP key shared by all • No key distribution Mobile Network Security - R. Molva 14

  16. WEP operation • K : shared key (40 or 104 bits) • integrity check: IC = h(header|data) • random initialization vector: IV (24 bits) • Keystream generation: k = RC4(K, IV) • Encryption of data fragment m: E K (m) = m ⊕ k Mobile Network Security - R. Molva 15

  17. WEP packet header data IC k header IV ciphertext 802.11 packet Mobile Network Security - R. Molva 16

  18. WEP Encryption flaws If C 1 = P 1 ⊕ RC4(v,k) and C 2 = P 2 ⊕ RC4(v,k) C 1 ⊕ C 2 = (P 1 ⊕ RC4(v,k)) ⊕ (P 2 ⊕ RC4(v,k)) = P 1 ⊕ P 2 • secret parts of P 1 can be retrieved based on known parts of P 2 . • keystream can be retrieved similarly. • once keystreams are identified, new ciphertext can be decrypted based on (cleartext) IV used as index to an array of known keystreams if keystreams are reused. • reuse of the same keystream: – standards recommend, but do not require, a per-stream IV to combat this – Some PCMCIA cards reset IV to 0 each time they’re re-initialized and increment by 1, so expect reuse of low-value IVs – WEP only uses 24-bit IVs � “birthday paradox” Mobile Network Security - R. Molva 17

  19. WEP Message Authentication Flaws • Hash function h, based on CRC-32, is a linear function of the message: h(X) ⊕ h(Y) = h(X ⊕ Y) Modification attack: New (valid) ciphertext can be computed from existing ciphertext without the knowledge of the keystream: • Existing ciphertext C = RC4(k,v) ⊕ (M | h(M)) • New ciphertext resulting from a desired modification(D) on C: C’= C ⊕ (D | h(D)) = RC4(k,v) ⊕ (M | h(M)) ⊕ (D | h(D)) = RC4(k,v) ⊕ (M ⊕ D | h(M) ⊕ h(D)) = RC4(k,v) ⊕ (M ⊕ D | h(M ⊕ D)) Mobile Network Security - R. Molva 18

  20. WEP flaws continued • Using flaws in encryption and message authentication, further attacks such as spoofing, dictionary attacks, traffic injection, route subversion can be mounted. Tools are available. • Management messages (deassociate, deauthenticate) are not authenticated: DoS and MITM attacks still work. • Advanced attack: Retrieve WEP keys using the attack described in "Weaknesses in the Key Scheduling Algorithm of RC4“ by Fluhrer, Mantin, and Shamir – Airsnort http://airsnort.shmoo.com – WEPCrack http://wepcrack.sourceforge.net/ Mobile Network Security - R. Molva 19

  21. Wi-Fi Protected Access (WPA) • subset of the forthcoming IEEE 802.11i security standard (also known as WPA2) • designed to overcome the weaknesses of WEP • Compatible with existing 802.11 hardware using firmware upgrades • Features of WPA • Enhanced encryption scheme: Temporal Key Integrity Protocol (TKIP) – RC4, dynamic session keys – 48 bit IV • Non-linear Message Integrity Checks (MIC) based on Michael • Strong User Authentication using one of the standard Extensible Authentication Protocol (EAP) types available Mobile Network Security - R. Molva 20

  22. WPA2 - 802.11i Ultimate improvements over WPA 802.11i Features • New encryption algorithm: Advanced Encryption Standard (AES) → impact on hardware • Dynamic keys both for encryption and authentication Mobile Network Security - R. Molva 21

  23. Outline • Wireless LAN • 802.11 (WiFi) → • Mobile Telecommunications Security • GSM Security Features • 3GPP Security Architecture • CDPD Key agreement and authentication • Fraud management •Mobile IP • IPsec-based solution • Firewalls vs. Mobile IP vs. Packet Filtering Mobile Network Security - R. Molva 22

  24. GSM HLR AuC Wired Network MSC MSC VLR VLR BTS BTS BTS BTS BTS BTS Radio link roaming MS MS Mobile Switching Center (MSC) Base Station (BS) Mobile Subscriber (MS) = Mobile Equipment (ME) + Subscriber Identity Module (SIM) Home Location Registry (HLR) Authentication Center (AuC) Visiting Location Registry (VLR) Mobile Network Security - R. Molva 23

  25. Security Requirements • Security Threats – Eavesdropping on the Radio interface • data confidentiality • User anonymity – MS Impersonation (masquerade) • Security Services – Subscriber identity protection – Subscriber authentication – Data confidentiality Goal: Wireless security equivalent to wired Network Mobile Network Security - R. Molva 24

  26. Subscriber Identity Protection in GSM • IMSI: universal identity (15 digits - 9 octets) • replaced by TMSI (temporary mobile subscriber identity) (4 octets) • First registration or after failure in VLR IMSI is sent in clear. • TMSI allocated by the VLR where the MS is registered. • TMSI protected by Data Confidentiality Service transmitted to MS. • Subsequent identification of MS by VLR is based on TMSI. Mobile Network Security - R. Molva 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mobile Phones Networked device

302 views • 11 slides
Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security Symposium, 2008 Many Protocols Authentication and key exchange SSL/TLS, Kerberos, IKE, JFK, IKEv2, Wireless and mobile computing Mobile IP, WEP,

959 views • 71 slides
CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor 10/2/18 Florida Institute for Cybersecurity (FICS) Research Cellular Telecommunications Architecture Background Air Interfaces Network

831 views • 39 slides
CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick Traynor 11/8/2018 (Thanks to Adam Doup and Brad Reaves) Florida Institute for Cybersecurity (FICS) Research Announcements Abstracts for Course

1.38k views • 46 slides
What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017 Dan S. Wallach , Rice University tl;dr The computers inside the computer Every chip has one or more CPUs inside; they have exploitable bugs

1.23k views • 87 slides
Mobile Communications Chapter 8: Network Protocols/Mobile IP Motivation Problems Data

Mobile Communications Chapter 8: Network Protocols/Mobile IP Motivation Problems Data

Mobile Communications Chapter 8: Network Protocols/Mobile IP Motivation Problems Data transfer Micro mobility support Encapsulation DHCP Security Ad-hoc networks IPv6 Routing protocols Prof. Dr.-Ing. Jochen

984 views • 39 slides
CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick Traynor 11/15/18 Florida Institute for Cybersecurity (FICS) Research Closing Notes Remember, 50% of the course grade comes from this project.

624 views • 33 slides
Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security

Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security

Advanced Network Security Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security Authentcaton Cryptography Eavesdropping Privacy Tracking A solutonn PPNSI 2 Telephony security

546 views • 51 slides
CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18 Florida Institute for Cybersecurity (FICS) Research Reminders You need to start working on your project! Some of you have not yet built

1.22k views • 32 slides
Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity It used to be that phones had so little connectivity to devices other than the phone network that security wasn't a huge deal Phone number

660 views • 15 slides
Attacking the Baseband Modem of Mobile Phones to Breach the Users Privacy and Network Security

Attacking the Baseband Modem of Mobile Phones to Breach the Users Privacy and Network Security

Attacking the Baseband Modem of Mobile Phones to Breach the Users Privacy and Network Security Dr. Christos Xenakis Dr. Christoforos Ntantogian Associate Professor, Department of Digital Systems School of Information and Communication

524 views • 26 slides
Latest Trends in Mobile Security By M K Chaithanya C-DAC Hyderabad Outline Introduction

Latest Trends in Mobile Security By M K Chaithanya C-DAC Hyderabad Outline Introduction

Latest Trends in Mobile Security By M K Chaithanya C-DAC Hyderabad Outline Introduction Statistics of Mobile Usage Current State of Mobile Security Recent Attacks Various Mobile Threats Security & Privacy

1.03k views • 57 slides
Pakistan and Terrorism Before and After 9/11 October 2003 PDF created with pdfFactory trial

Pakistan and Terrorism Before and After 9/11 October 2003 PDF created with pdfFactory trial

Pakistan and Terrorism Before and After 9/11 October 2003 PDF created with pdfFactory trial version www.pdffactory.com Introduction Pakistan before 9/11 Pakistan as key US ally after 9/11 Is Pakistan really an ally?

196 views • 15 slides
Wh-movement basics A wh -question is a sentence that crucially contains somewhere in it a wh

Wh-movement basics A wh -question is a sentence that crucially contains somewhere in it a wh

Wh-movement basics A wh -question is a sentence that crucially contains somewhere in it a wh -word. Words that are informally identifiable as wh -words are found across the languages of the world but the semantics of these elements is a

1k views • 52 slides
upon OpenStreetMap Chris Emberson, GeoData Institute University of Southampton Sunday 29 th July

upon OpenStreetMap Chris Emberson, GeoData Institute University of Southampton Sunday 29 th July

The challenges and issues associated with a natural resource mapping framework based upon OpenStreetMap Chris Emberson, GeoData Institute University of Southampton Sunday 29 th July 2018 The RADIMA project Aims and Objectives Aims (of the

412 views • 13 slides
Enol Fernndez EGI Foundation eosc-hub.eu Dissemination level : Public/Confidential If

Enol Fernndez EGI Foundation eosc-hub.eu Dissemination level : Public/Confidential If

Enol Fernndez EGI Foundation eosc-hub.eu Dissemination level : Public/Confidential If confidential, please define: Disclosing Party: (those disclosing confidential information) @EOSC_eu Recipient Party: (to whom this information is disclosed,

881 views • 20 slides
Organizational Structure More than simply related or not. Reveals the direction of

Organizational Structure More than simply related or not. Reveals the direction of

3/30/2011 Presenter: Zhang Bo Organizational Structure More than simply related or not. Reveals the direction of supervision and influence. Examples: Advisor-advisee relationship Terrorist organization hierarchy 1 3/30/2011

312 views • 12 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
5/18/2010 Traditional PC application Shuo Chen Rui Wang, XiaoFeng Wang and Kehuan Zhang Web

5/18/2010 Traditional PC application Shuo Chen Rui Wang, XiaoFeng Wang and Kehuan Zhang Web

5/18/2010 Traditional PC application Shuo Chen Rui Wang, XiaoFeng Wang and Kehuan Zhang Web application Web application (1) split between client and server (1) split between client and server (2) state transitions driven by network traffic

287 views • 4 slides
Section 16 Section 16 System Design a 16-1 1 Operating Modes Operating Modes a 16-2 2

Section 16 Section 16 System Design a 16-1 1 Operating Modes Operating Modes a 16-2 2

Section 16 Section 16 System Design a 16-1 1 Operating Modes Operating Modes a 16-2 2 Operating Modes User mode Causes exceptions when protected resources are accessed. May be used for algorithm/application code Supervisor mode

987 views • 64 slides

More recommend