mobile telephony
play

Mobile telephony Fabian van den Broek Agenda Introductjon 2G / 3G - PowerPoint PPT Presentation

Nov 03, 2022 •303 likes •843 views

Advanced Network Security Mobile telephony Fabian van den Broek Agenda Introductjon 2G / 3G / 4G Security Authentjcatjon Cryptography Eavesdropping Privacy Tracking A solutjon: PMSI 2 Telephony

  1. Advanced Network Security Mobile telephony Fabian van den Broek

  2. Agenda ● Introductjon ● 2G / 3G / 4G Security ● Authentjcatjon – Cryptography – ● Eavesdropping ● Privacy Tracking ● A solutjon: PMSI ● 2

  3. Telephony security Source: htups:/ /nl.wikipedia.org/wiki/Almon_Strowger 3

  4. Telephony security Source: htup:/ /sites.psu.edu/thedeepweb/2015/09/17/captain-crunch-and-his-toy-whistle/ 4

  5. Introductjon Standards by ETSI and 3GPP ● 2G: GSM (Global System for Mobile Communicatjon) ● 2.5G: GPRS (General Packet Radio Service) ● 3G: UMTS (Universal Mobile Telecommunicatjons System) ● 4G: LTE (Long Term Evolutjon) ● 5G ● About 8.5 billion connectjons and 5 billion subscribers ● 5

  6. 2G (GSM) 1G was analogue without any encryptjon in place ● 2G deployed in 1990s ● 2G is digital and provides authentjcatjon and encryptjon ● Stjll relevant for ICS/SCADA systems (e.g. ERTMS) ● 6

  7. GSM-R Part of ERTMS (European Rail Traffjc Management System) ● Used for communicatjon between personnel as well as trains and track-side ● equipment Used, for example, to grant trains permission to drive on parts of the tracks ● and to provide speed limits 7

  8. Identjfjers IMSI (Internatjonal Mobile Subscriber Identjty) ● Home country ● Home network IMEI (Internatjonal Mobile Equipment Identjty) ● User 8

  9. 2G - Architecture Core Network AuC (Authentjcatjon Center) Access Network MS (Mobile Statjon) VLR (Visitor Locatjon Register) BTS (Base Transceiver Statjon) HLR (Home Locatjon Register) SIM (Subscriber Identjty Module) Gateways MSC BSC (Mobile Switching Center) (Base Statjon Controller) ME (Mobile Equipment) PSTN and Internet BTS (Base Transceiver Statjon) 9

  10. 2G - Architecture Visitor Locatjon Register (VLR) keeps track of phones present in its area ● Mapping between IMSI and TMSI ● Home Locatjon Register (HLR) stores permanent informatjon about ● subscribers Authentjcatjon Center (AuC) stores long-term shared secrets with SIMs ● 10

  11. 2G - Authentjcatjon Authentjcatjon and Key Agreement (AKA) ● Shared symmetric key K between SIM and home network ● Two algorithms, A3 and A8 ● Can be determined by the provider ● 11

  12. 2G - Authentjcatjon Identjty request Identjty response, IMSI IMSI Retrieve K for IMSI RAND ← {0,1} 128 XRES ← A3(K, RAND) CK ← A8(K, RAND) RAND, XRES, CK Authentjcatjon request, RAND SRES ← A3(K, RAND) CK ← A8(K, RAND) Authentjcatjon response, SRES Verify XRES = SRES Data encrypted with CK 12

  13. Roaming Phone can use a network difgerent than its providers network ● Visited Network (VN) or Serving Network ● Home Network (HN) ● Visitjng Network requests authentjcatjon informatjon from Home Network ● Authentjcatjon informatjon provided by Home Network ● Visited Network performs authentjcatjon ● Visited Network reports presence of phone ● Home Network informs previous network that phone lef ● Home Network keeps track of the current locatjon of its subscribers ● Necessary for, e.g., incoming calls ● 13

  14. 2G - Encryptjon algorithms A5/0 ● No encryptjon ● A5/1 ● Proprietary stream cipher ● A5/2 ● Weaker cipher for export ● A5/3 ● KASUMI, a block cipher based on MISTY ● – Used with 64 bit keys 14

  15. 3G (UMTS) 3G (UMTS) introduced in 2001 ● Algorithms used for encryptjon and MACs ● KASUMI (128 bit key) ● SNOW 3G, stream cipher by Lund University ● Mutual authentjcatjon ● 15

  16. 3G - Architecture Core Network AuC (Authentjcatjon Center) Access Network MS (Mobile Statjon) VLR (Visitor Locatjon Register) Node B HLR (Home Locatjon Register) USIM (Universal Subscriber Identjty Module) Gateways MSC RNC (Mobile Switching Center) (Radio Network Controller) ME (Mobile Equipment) PSTN and Internet Node B 16

  17. 3G - Authentjcatjon Identjty request Identjty response, IMSI IMSI Retrieve K and SQN for IMSI RAND ← {0,1} 128 MAC ← f1(K,SQN,AMF,RAND) XRES ← f2(K,RAND) CK ← f3(K,RAND) IK ← f4(K,RAND) AK ← f5(K,RAND) AUTN ← (SQN XOR AK,AMF,MAC) Update SQN ← SQN + 1 Authentjcatjon request, RAND, AUTN RAND, AUTN, XRES, CK, IK AK ← f5(K,RAND) XSQN ← (SQN XOR AK) XOR AK XMAC ← f1(K,XSQN,AMF,RAND) Verify XMAC = MAC Verify SQN <= XSQN <= SQN + range Update SQN ← XSQN SRES ← f2(K,RAND) CK ← f3(K,RAND) IK ← f4(K,RAND) Authentjcatjon response, SRES Verify XRES = SRES 17 Data encrypted with CK and authentjcated with IK

  18. 3G - Authentjcatjon Functjons f1 to f5 not standardised ● Only used by SIM card and provider’s authentjcatjon server ● Recommendatjon for f1 to f5 is to use Rijndael ● 18

  19. 4G (LTE) 4G (LTE) introduced in 2010 ● Almost 90% coverage reported by Open Signal in February 2018 ● Algorithms used for encryptjon and MACs ● SNOW 3G ● AES ● Cell towers are assumed to be smarter ● Separatjon between signal and data channel ● Signal channel encrypted between phone and core network ● Data channel encrypted between phone and cell tower ● Possible to perform handover directly between cell towers ● 19

  20. 4G - Authentjcatjon Authentjcatjon protocol the same as 3G ● More elaborate key hierarchy ● Reduce tjmes necessary to execute (slow) AKA protocol ● Cell towers get their own keys ● Mechanisms to protect against compromise of cell towers ● 20

  21. 4G – Key hierarchy Home network K AKA CK, IK Visitjng network K ASME ID of Visitjng Network Signal data keys Cell tower K eNB User data keys 21

  22. 4G - Handover Handover between cell towers can be done without interference of backend ● Key update mechanisms to provide forward and backward security ● Only involving cell towers provides backward security ● Involving backend also provides forward security ● SIM and backend generate the Next-hop parameter (NH) ● Based on a shared secret and counter ● 22

  23. 4G – Key derivatjon Cell info Cell info K ASME K eNB K eNB K eNB K eNB Cell info Cell info Cell info K eNB K eNB K eNB NCC = 1 NH Cell info Cell info Cell info K eNB K eNB K eNB NCC = 2 NH 23

  24. Authentjcatjon comparison 24

  25. Eavesdropping Difgerent approaches ● Passive ● Actjve (i.e. with a man-in-the-middle) ● Works mainly well with 2G ● Only authentjcatjon of the phone ● Weak or no encryptjon supported ● Ofen fallback to 2G is possible ● 25

  26. Run your own network Possible using a Sofware Defjned Radio (SDR) and open source sofware (e.g. ● OpenBTS) Pretend to be your victjms network and get them to connect to you ● E.g. by jamming or providing a stronger signal ● 26

  27. Man-in-the-middle (2G) Identjty request Identjty response, IMSI Authentjcatjon request, RAND SRES ← A3(K, RAND) CK ← A8(K, RAND) Authentjcatjon response, SRES VoIP Unencrypted data Use A5/0 (no encryptjon) ● Forward calls via VoIP ● No incoming calls ● 27

  28. Man-in-the-middle (2G) Identjty request Identjty request Identjty response, IMSI Identjty response, IMSI Authentjcatjon request, RAND Authentjcatjon request, RAND SRES ← A3(K, RAND) CK ← A8(K, RAND) Authentjcatjon response, SRES Dummy data (A5/2) Retrieve key CK Authentjcatjon response, SRES Data (A5/2) Data (A5/3) 28 Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communicatjon, Barkan et al., 2010

  29. Eavesdropping Complete solutjons available for governmental organisatjons ● 29

  30. Interceptjng signals Again using Sofware Defjned Radios (SDR) and open source sofware (e.g. ● AirProbe) 30

  31. Interceptjng signals Problem: channel hopping ● Solutjon: multjple or more powerful radios ● 31

  32. Cracking A5/1 Weak algorithm ● First atuack publicly described by Anderson in 1994 ● Many more research since then ● A5/1 is a stream cipher, so if you have known plaintext you have part of the ● keystream 32

  33. Cracking A5/1 Rainbow tables available to quickly retrieve used key ● Known as Berlin tables ● Released in 2010 ● Around 2TB ● Probabilistjc ● Limited amount of known plaintext necessary ● Shortly aferwards the tool Kraken was released that could use these tables ● to crack GSM traffjc 33

  34. Cracking A5/2 A5/2 was purposefully weak for export ● Can be cracked in seconds ● Barkan et al., 2010 ● No longer allowed in new phones since 2007 ● 34

  35. Cracking A5/3 Atuack published Dunkelman et al. in 2010 ● Theoretjcal atuack that might not be practjcal ● KASUMI weaker than MISTY on which it is based ● 35

  36. SS7 Signaling System 7 ● Used in the core network and to communicate between providers ● For example, used to exchange authentjcatjon requests, send locatjon updates and ● deliver SMS messages From an era where providers trusted each other... ● Originally when sending an SMS ● Ask Home Network current network of phone (i.e. country and provider) ● Send SMS directly to the phone’s current network ● Fixed when using Home Routjng ● Home Network delivers the SMS ● Might enable interceptjng for 3G ● 36

  37. 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture no: 11 (Brief) history of mobile telephony Global System for Mobile

Lecture no: 11 (Brief) history of mobile telephony Global System for Mobile

RADIO SYSTEMS ETI 051 Contents Lecture no: 11 (Brief) history of mobile telephony Global System for Mobile Communications (GSM) Wide-band Code-Division Multiple Access (WCDMA) GSM and WCDMA Ove Edfors, Department of

257 views • 8 slides
Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security

Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security

Advanced Network Security Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security Authentcaton Cryptography Eavesdropping Privacy Tracking A solutonn PPNSI 2 Telephony security

546 views • 51 slides
&quot;3G and Beyond: The Convergence of Mobile Telephony and Computing&quot; SFM-05: Moby

&quot;3G and Beyond: The Convergence of Mobile Telephony and Computing&quot; SFM-05: Moby

&quot;3G and Beyond: The Convergence of Mobile Telephony and Computing&quot; SFM-05: Moby University of Urbino Bertinoro, 28 April 2005 Matteo Magotti Vodafone Italy Technology Evolution Data Transmission Technology Roadmap Max Trx Speed

1.04k views • 73 slides
Testing the waterbed effect in mobile telephony Christos Genakos (University of Cambridge)

Testing the waterbed effect in mobile telephony Christos Genakos (University of Cambridge)

Testing the waterbed effect in mobile telephony Christos Genakos (University of Cambridge) and Tommaso Valletti (Imperial College London, University of Rome and CEPR) 6 th Conference on Applied Infrastructure Research Berlin, 6 th October

327 views • 21 slides
POI360 Panoramic Mobile Video Telephony over LTE Cellular Networks Xiufeng Xie Xinyu Zhang

POI360 Panoramic Mobile Video Telephony over LTE Cellular Networks Xiufeng Xie Xinyu Zhang

POI360 Panoramic Mobile Video Telephony over LTE Cellular Networks Xiufeng Xie Xinyu Zhang University of Michigan-Ann Arbor University of California San Diego CoNEXT 2017 Background: 360 Video for VR 360 camera Sphere view Panoramic

492 views • 26 slides
Telephony Fraud and Abuse Telephony Fraud and Abuse Merve Sahin sahin@eurecom.fr Background

Telephony Fraud and Abuse Telephony Fraud and Abuse Merve Sahin sahin@eurecom.fr Background

Telephony Fraud and Abuse Telephony Fraud and Abuse Merve Sahin sahin@eurecom.fr Background Background 2 Telephony Networks Quick history 1870s: Plain Old Telephone System (POTS) Enabled by transmission of voice over copper lines

1.2k views • 80 slides
In connection since 2003 Yekaterinburg IP-TV and IP-telephony, construction Rostov- Novosibirsk

In connection since 2003 Yekaterinburg IP-TV and IP-telephony, construction Rostov- Novosibirsk

In connection since 2003 Yekaterinburg IP-TV and IP-telephony, construction Rostov- Novosibirsk Moscow Saint-Petersburg Chantilly Shanghai Multiplexing (WDM) and optical carriers Wavelength-Division of mobile Data Processing Centers and

686 views • 12 slides
CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

887 views • 11 slides
IP Telephony Telephony and and IP Multimedia services Multimedia services architectures

IP Telephony Telephony and and IP Multimedia services Multimedia services architectures

IP Telephony Telephony and and IP Multimedia services Multimedia services architectures architectures 21-9-2004, Nol Crespi, noel.crespi@int-evry.fr / +33160764623 SIP &amp; IMS Architecture SIP &amp; IMS Architecture HSS HSS

319 views • 9 slides
Adaptive Loss Concealment Adaptive Loss Concealment for Internet Internet Telephony Telephony

Adaptive Loss Concealment Adaptive Loss Concealment for Internet Internet Telephony Telephony

Adaptive Loss Concealment Adaptive Loss Concealment for Internet Internet Telephony Telephony for Applications Applications Henning Sanneck GMD FOKUS, Berlin sanneck@fokus.gmd.de Supported by the USMInt (DFN) and Multicube (ACTS) projects

302 views • 17 slides
Study of fixed telephony Study of fixed telephony costs in Argentina costs in Argentina

Study of fixed telephony Study of fixed telephony costs in Argentina costs in Argentina

Study of fixed telephony Study of fixed telephony costs in Argentina costs in Argentina Methodology and considerations GENERAL CONSIDERATIONS The following points are essential considerations: Each model and study has to be adapted to the

430 views • 26 slides
Telephony Framework in Tizen 2.1: Whats new? Harish Bishnoi, Philippe Nunes Agenda

Telephony Framework in Tizen 2.1: Whats new? Harish Bishnoi, Philippe Nunes Agenda

Telephony Framework in Tizen 2.1: Whats new? Harish Bishnoi, Philippe Nunes Agenda Introduction Architecture Tizen2.1 Features Call Flows Porting Telephony Future work 2 Introduction Introduction | Feature Overview

717 views • 33 slides
VoIP Telephony and Contact Centre Solutions Information Session Bid 4/11/1/2/02-13 6 June 2013

VoIP Telephony and Contact Centre Solutions Information Session Bid 4/11/1/2/02-13 6 June 2013

VoIP Telephony and Contact Centre Solutions Information Session Bid 4/11/1/2/02-13 6 June 2013 @ 11:00 Hannes Combrink Agenda 1 Telephony and / or Contact Centre 2 Electronic Submission 3 Dispersed sites and Infrastructure 4 Implementation

308 views • 9 slides
Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Sergey Puzankov Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com SS7 in the 20 th century SCP STP STP SSP SCP STP STP PSTN SSP SSP SS7 Signaling System #7, a set of telephony protocols

937 views • 60 slides
Robust Erlang John Hughes Genesis of Erlang Problem: telephony systems in the late 1980s

Robust Erlang John Hughes Genesis of Erlang Problem: telephony systems in the late 1980s

Robust Erlang John Hughes Genesis of Erlang Problem: telephony systems in the late 1980s Digital More and more complex Plain Old Telephony Highly concurrent System Hard to get right Approach: a group at Ericsson

629 views • 50 slides
IP Telephony Telephony: : The The technology technology which which IP will see see off

IP Telephony Telephony: : The The technology technology which which IP will see see off

IP Telephony Telephony: : The The technology technology which which IP will see see off off the the PSTN PSTN will Bibliographical Project Project Bibliographical Presented by by Presented Masood Khosroshahy Masood Khosroshahy

318 views • 9 slides
Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke

Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke University Is this circle secure? PROBLEM: The question is under-defined. What does it mean to for a circle to be secure? LESSON:

400 views • 29 slides
Downgrade Resilience in Key Exchange markulf kohlweiss joint work with: k. bhargavan, c.

Downgrade Resilience in Key Exchange markulf kohlweiss joint work with: k. bhargavan, c.

Downgrade Resilience in Key Exchange markulf kohlweiss joint work with: k. bhargavan, c. brzuska, c. fournet, m. green, s. zanella-beguelin 1 Downgrade as an everyday phenomen https:// http:// 2 TLS protocol suite not a single protocol

624 views • 24 slides
Constructors and Destructors Invoking Mechanisms Advantage of OOP Multiple Constructors

Constructors and Destructors Invoking Mechanisms Advantage of OOP Multiple Constructors

Contents House Keeping Problem Constructors Destructors Constructors and Destructors Invoking Mechanisms Advantage of OOP Multiple Constructors Array of Objects C++ Object Oriented Programming Default Arguments

198 views • 5 slides
World 2012 XW12 1 2 Overview and Introduction XW12 XW12 3 4 Overview School of IS

World 2012 XW12 1 2 Overview and Introduction XW12 XW12 3 4 Overview School of IS

Sync, Clone, and Snapshot ... Dr Ashley Aitken Curtin University A.Aitken@Curtin.Edu.Au AshleyAitken (Twitter, Skype, LinkedIn) World 2012 XW12 1 2 Overview and Introduction XW12 XW12 3 4 Overview School of IS Curtin University

470 views • 10 slides
Evaluating storage technologies for solar and wind energy Jessika E. Trancik MIT Institute for

Evaluating storage technologies for solar and wind energy Jessika E. Trancik MIT Institute for

Evaluating storage technologies for solar and wind energy Jessika E. Trancik MIT Institute for Data, Systems, and Society March 5, 2017 Andlinger Center Highlight Seminar Series Princeton University 7000 600 a b 6000 500 Cumulative GW P

834 views • 45 slides
COMMUNITY ORGANIZING 101 with OFA This work is licensed under the Creative Commons Attribution-Non

COMMUNITY ORGANIZING 101 with OFA This work is licensed under the Creative Commons Attribution-Non

COMMUNITY ORGANIZING 101 with OFA This work is licensed under the Creative Commons Attribution-Non Commercial 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/4.0/ or send a letter to

731 views • 62 slides
The Role of Emotion, Values, and Beliefs in the Construction of Innovative Work Realities

The Role of Emotion, Values, and Beliefs in the Construction of Innovative Work Realities

The Role of Emotion, Values, and Beliefs in the Construction of Innovative Work Realities Isabel Ramos*, Daniel M. Berry, o Joa A. Carvalho* *U. do Minho, PT U. of Waterloo, CA 2006 I. Ramos, D.M. Berry, J.A. Carvalho RE

1.57k views • 128 slides
Deborah Davis August 2020 1 Railroad Commission of Texas | June 27, 2016 (Change Date In First

Deborah Davis August 2020 1 Railroad Commission of Texas | June 27, 2016 (Change Date In First

Form PR, (New) Form P-17, and P-17A Deborah Davis August 2020 1 Railroad Commission of Texas | June 27, 2016 (Change Date In First Master Slide) Form PR, (New) Form P-17, and P-17A 1 Class Description How to file the PR Report

951 views • 93 slides

More recommend