mobile telephony
play

Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G - PowerPoint PPT Presentation

Apr 16, 2023 •36 likes •546 views

Advanced Network Security Mobile telephony Joeri de Ruiter Agenda Introducton 2G / 3G / 4G Security Authentcaton Cryptography Eavesdropping Privacy Tracking A solutonn PPNSI 2 Telephony security

  1. Advanced Network Security Mobile telephony Joeri de Ruiter

  2. Agenda ● Introducton ● 2G / 3G / 4G Security ● Authentcaton – Cryptography – ● Eavesdropping ● Privacy Tracking ● A solutonn PPNSI ● 2

  3. Telephony security Sourcen htpn/ /sites.psu.edu/thedeepweb/2015/09/17/captain-crunch-and-his-toy-whistle/ 3

  4. Introducton Standards by ETSI and 3GPP ● 2Gn GSPN (Global System for PNobile Communicaton) ● 2.5Gn GPRS (General Packet Radio Service) ● 3Gn UPNTS (Universal PNobile Telecommunicatons System) ● 4Gn LTE (Long Term Evoluton) ● 5G ● About 8.5 billion connectons and 5 billion subscribers ● 4

  5. 2G (GSPN) 1G was analogue without any encrypton in place ● 2G deployed in 1990s ● 2G is digital and provides authentcaton and encrypton ● Stll relevant for ICS/SCADA systems (e.g. ERTPNS) ● 5

  6. GSPN-R Part of ERTPNS (European Rail Trafc PNanagement System) ● Used for communicaton between personnel as well as trains and track-side ● equipment Used, for example, to grant trains permission to drive on parts of the tracks ● and to provide speed limits 6

  7. Identiers IPNSI (Internatonal PNobile Subscriber Identty) ● Home country ● Home network ● User IPNEI (Internatonal PNobile Subscriber Identty) 7

  8. 2G - Architecture Core Network AuC (Authentcaton Center) Access Network MS (Mobile Staton) VLR (Visitor Locaton Register) BTS (Base Transceiver Staton) HLR (Home Locaton Register) SIPN (Subscriber Identty PNodule) Gateways PNSC BSC (PNobile Switching Center) (Base Staton Controller) PNE (PNobile Equipment) PSTN and Internet BTS (Base Transceiver Staton) 8

  9. 2G - Architecture Visitor Locaton Register (VLR) keeps track of phones present in its area ● PNapping between IPNSI and TPNSI ● Home Locaton Register (HLR) stores permanent informaton about ● subscribers Authentcaton Center (AuC) stores long-term shared secrets with SIPNs ● 9

  10. 2G - Authentcaton Authentcaton and Key Agreement (AKA) ● Shared symmetric key K between SIPN and home network ● Two algorithms, A3 and A8 ● Can be determined by the provider ● 10

  11. 2G - Authentcaton Identty request Identty response, IMSI IMSI Retrieve K for IPNSI RAND ← {0,1} 128 XRES ← A3(K, RAND) CK ← A8(K, RAND) RAND, XRES, CK Authenticton request, RAND SRES ← A3(K, RAND) CK ← A8(K, RAND) Authenticton response, SRES Verify XRES = SRES Dctc enirypted with CK 11

  12. Roaming Phone can use a network diferent than its providers network ● Visited Network (VN) or Serving Network ● Home Network (HN) ● Visitng Network requests authentcaton informaton from Home Network ● Authentcaton informaton provided by Home Network ● Visited Network performs authentcaton ● Visited Network reports presence of phone ● Home Network informs previous network that phone lef ● Home Network keeps track of the current locaton of its subscribers ● Necessary for, e.g., incoming calls ● 12

  13. 2G - Encrypton algorithms A5/0 ● No encrypton ● A5/1 ● Proprietary stream cipher ● A5/2 ● Weaker cipher for export ● A5/3 ● KASUPNI, a block cipher based on PNISTY ● – Used with 64 bit keys 13

  14. 3G (UPNTS) 3G (UPNTS) introduced in 2001 ● Algorithms used for encrypton and PNACs ● KASUPNI (128 bit key) ● SNOW 3G, stream cipher by Lund University ● PNutual authentcaton ● 14

  15. 3G - Architecture Core Network AuC (Authentcaton Center) Access Network MS (Mobile Staton) VLR (Visitor Locaton Register) Node B HLR (Home Locaton Register) USIPN (Universal Subscriber Identty PNodule) Gateways PNSC RNC (PNobile Switching Center) (Radio Network Controller) PNE (PNobile Equipment) PSTN and Internet Node B 15

  16. 3G - Authentcaton Identty request Identty response, IMSI IMSI Retrieve K and SQN for IPNSI RAND ← {0,1} 128 PNAC ← f1(K,SQN,APNF,RAND) XRES ← f2(K,RAND) CK ← f3(K,RAND) IK ← f4(K,RAND) AK ← f5(K,RAND) AUTN ← (SQN XOR AK,APNF,PNAC) Update SQN ← SQN + 1 RAND, AUTN, XRES, CK, IK Authenticton request, RAND, AUTN AK ← f5(K,RAND) XSQN ← (SQN XOR AK) XOR AK XPNAC ← f1(K,XSQN,APNF,RAND) Verify XPNAC = PNAC Verify SQN <= XSQN <= SQN + range Update SQN ← XSQN SRES ← f2(K,RAND) CK ← f3(K,RAND) IK ← f4(K,RAND) Authenticton response, SRES Verify XRES = SRES Dctc enirypted with CK 16 cnd cuthenticted with IK

  17. 3G - Authentcaton Functons f1 to f5 not standardised ● Only used by SIPN card and provider’s authentcaton server ● Recommendaton for f1 to f5 is to use Rijndael ● 17

  18. 4G (LTE) 4G (LTE) introduced in 2010 ● Almost 90% coverage reported by Open Signal in February 2018 ● Algorithms used for encrypton and PNACs ● SNOW 3G ● AES ● Cell towers are assumed to be smarter ● Separaton between signal and data channel ● Signal channel encrypted between phone and core network ● Data channel encrypted between phone and cell tower ● Possible to perform handover directly between cell towers ● 18

  19. 4G - Authentcaton Authentcaton protocol the same as 3G ● PNore elaborate key hierarchy ● Reduce tmes necessary to execute (slow) AKA protocol ● Cell towers get their own keys ● PNechanisms to protect against compromise of cell towers ● 19

  20. 4G – Key hierarchy Home network K AKA CK, IK Visitnn network K ASPNE ID of Visitng Network Signal data keys Cell tower K eNB User data keys 20

  21. 4G - Handover Handover between cell towers can be done without interference of backend ● Key update mechanisms to provide forward and backward security ● Only involving cell towers provides backward security ● Involving backend also provides forward security ● SIPN and backend generate the Next-hop parameter (NH) ● Based on a shared secret and counter ● 21

  22. 4G – Key derivaton Cell info Cell info K ASPNE K eNB K eNB K eNB K eNB Cell info Cell info Cell info K eNB K eNB K eNB NCC = 1 NH Cell info Cell info Cell info K eNB K eNB K eNB NCC = 2 NH 22

  23. Authentcaton comparison 23 Sourcen PNobile communicaton security, Fabian van den Broek, 2016

  24. Eavesdropping Diferent approaches ● Passive ● Actve (i.e. with a man-in-the-middle) ● Works mainly well with 2G ● Only authentcaton of the phone ● Weak or no encrypton supported ● Ofen fallback to 2G is possible ● 24

  25. Run your own network Possible using a Sofware Deined Radio (SDR) and open source sofware (e.g. ● OpenBTS) Pretend to be your victms network and get them to connect to you ● E.g. by jamming or providing a stronger signal ● 25

  26. PNan-in-the-middle (2G) Identty request Identty response, IMSI Authenticton request, RAND SRES ← A3(K, RAND) CK ← A8(K, RAND) Authenticton response, SRES VoIP Unenirypted dctc Use A5/0 (no encrypton) ● Forward calls via VoIP ● No incoming calls ● 26

  27. PNan-in-the-middle (2G) Identty request Identty request Identty response, IMSI Identty response, IMSI Authenticton request, RAND Authenticton request, RAND SRES ← A3(K, RAND) CK ← A8(K, RAND) Authenticton response, SRES Dummy dctc (A5/2) Retrieve key CK Authenticton response, SRES Dctc (A5/2) Dctc (A5/3) 27 Instant Ciphertext-Only Cryptanalysis of GSPN Encrypted Communicaton, Barkan et al., 2010

  28. Eavesdropping Complete solutons available for governmental organisatons ● 28

  29. Interceptng signals Again using Sofware Deined Radios (SDR) and open source sofware (e.g. ● AirProbe) 29

  30. Interceptng signals Problemn channel hopping ● Solutonn multple or more powerful radios ● 30

  31. Cracking A5/1 Weak algorithm ● First atack publicly described by Anderson in 1994 ● PNany more research since then ● A5/1 is a stream cipher, so if you have known plaintext you have part of the ● keystream 31

  32. Cracking A5/1 Rainbow tables available to quickly retrieve used key ● Known as Berlin tables ● Released in 2010 ● Around 2TB ● Probabilistc ● Limited amount of known plaintext necessary ● Shortly aferwards the tool Kraken was released that could use these tables ● to crack GSPN trafc 32

  33. Cracking A5/2 A5/2 was purposefully weak for export ● Can be cracked in seconds ● Barkan et al., 2010 ● No longer allowed in new phones since 2007 ● 33

  34. Cracking A5/3 Atack published Dunkelman et al. in 2010 ● Theoretcal atack that might not be practcal ● KASUPNI weaker than PNISTY on which it is based ● 34

  35. SS7 Signaling System 7 ● Used in the core network and to communicate between providers ● For example, used to exchange authentcaton requests, send locaton ● updates and deliver SPNS messages From an era where providers trusted each other... ● Originally when sending an SPNS ● Ask Home Network current network of phone (i.e. country and provider) ● Send SPNS directly to the phone’s current network ● Fixed when using Home Routng ● Home Network delivers the SPNS ● PNight enable interceptng for 3G ● 35

  36. 36

  37. Privacy IPNSI catchers (a.k.a. StngRay) can be used to ● Track users ● PNonitor locatons ● Link identtes to devices ● Can pretend to be a base staton to get to ● phones to connect and learn the IPNSI Sourcen U.S. Patent and Trademark Ofce / AP Photo 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture no: 11 (Brief) history of mobile telephony Global System for Mobile

Lecture no: 11 (Brief) history of mobile telephony Global System for Mobile

RADIO SYSTEMS ETI 051 Contents Lecture no: 11 (Brief) history of mobile telephony Global System for Mobile Communications (GSM) Wide-band Code-Division Multiple Access (WCDMA) GSM and WCDMA Ove Edfors, Department of

257 views • 8 slides
Mobile telephony Fabian van den Broek Agenda Introductjon 2G / 3G / 4G Security

Mobile telephony Fabian van den Broek Agenda Introductjon 2G / 3G / 4G Security

Advanced Network Security Mobile telephony Fabian van den Broek Agenda Introductjon 2G / 3G / 4G Security Authentjcatjon Cryptography Eavesdropping Privacy Tracking A solutjon: PMSI 2 Telephony

843 views • 52 slides
&quot;3G and Beyond: The Convergence of Mobile Telephony and Computing&quot; SFM-05: Moby

&quot;3G and Beyond: The Convergence of Mobile Telephony and Computing&quot; SFM-05: Moby

&quot;3G and Beyond: The Convergence of Mobile Telephony and Computing&quot; SFM-05: Moby University of Urbino Bertinoro, 28 April 2005 Matteo Magotti Vodafone Italy Technology Evolution Data Transmission Technology Roadmap Max Trx Speed

1.04k views • 73 slides
Testing the waterbed effect in mobile telephony Christos Genakos (University of Cambridge)

Testing the waterbed effect in mobile telephony Christos Genakos (University of Cambridge)

Testing the waterbed effect in mobile telephony Christos Genakos (University of Cambridge) and Tommaso Valletti (Imperial College London, University of Rome and CEPR) 6 th Conference on Applied Infrastructure Research Berlin, 6 th October

327 views • 21 slides
POI360 Panoramic Mobile Video Telephony over LTE Cellular Networks Xiufeng Xie Xinyu Zhang

POI360 Panoramic Mobile Video Telephony over LTE Cellular Networks Xiufeng Xie Xinyu Zhang

POI360 Panoramic Mobile Video Telephony over LTE Cellular Networks Xiufeng Xie Xinyu Zhang University of Michigan-Ann Arbor University of California San Diego CoNEXT 2017 Background: 360 Video for VR 360 camera Sphere view Panoramic

492 views • 26 slides
Telephony Fraud and Abuse Telephony Fraud and Abuse Merve Sahin sahin@eurecom.fr Background

Telephony Fraud and Abuse Telephony Fraud and Abuse Merve Sahin sahin@eurecom.fr Background

Telephony Fraud and Abuse Telephony Fraud and Abuse Merve Sahin sahin@eurecom.fr Background Background 2 Telephony Networks Quick history 1870s: Plain Old Telephone System (POTS) Enabled by transmission of voice over copper lines

1.2k views • 80 slides
In connection since 2003 Yekaterinburg IP-TV and IP-telephony, construction Rostov- Novosibirsk

In connection since 2003 Yekaterinburg IP-TV and IP-telephony, construction Rostov- Novosibirsk

In connection since 2003 Yekaterinburg IP-TV and IP-telephony, construction Rostov- Novosibirsk Moscow Saint-Petersburg Chantilly Shanghai Multiplexing (WDM) and optical carriers Wavelength-Division of mobile Data Processing Centers and

686 views • 12 slides
CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

887 views • 11 slides
IP Telephony Telephony and and IP Multimedia services Multimedia services architectures

IP Telephony Telephony and and IP Multimedia services Multimedia services architectures

IP Telephony Telephony and and IP Multimedia services Multimedia services architectures architectures 21-9-2004, Nol Crespi, noel.crespi@int-evry.fr / +33160764623 SIP &amp; IMS Architecture SIP &amp; IMS Architecture HSS HSS

319 views • 9 slides
Adaptive Loss Concealment Adaptive Loss Concealment for Internet Internet Telephony Telephony

Adaptive Loss Concealment Adaptive Loss Concealment for Internet Internet Telephony Telephony

Adaptive Loss Concealment Adaptive Loss Concealment for Internet Internet Telephony Telephony for Applications Applications Henning Sanneck GMD FOKUS, Berlin sanneck@fokus.gmd.de Supported by the USMInt (DFN) and Multicube (ACTS) projects

302 views • 17 slides
Study of fixed telephony Study of fixed telephony costs in Argentina costs in Argentina

Study of fixed telephony Study of fixed telephony costs in Argentina costs in Argentina

Study of fixed telephony Study of fixed telephony costs in Argentina costs in Argentina Methodology and considerations GENERAL CONSIDERATIONS The following points are essential considerations: Each model and study has to be adapted to the

430 views • 26 slides
Telephony Framework in Tizen 2.1: Whats new? Harish Bishnoi, Philippe Nunes Agenda

Telephony Framework in Tizen 2.1: Whats new? Harish Bishnoi, Philippe Nunes Agenda

Telephony Framework in Tizen 2.1: Whats new? Harish Bishnoi, Philippe Nunes Agenda Introduction Architecture Tizen2.1 Features Call Flows Porting Telephony Future work 2 Introduction Introduction | Feature Overview

717 views • 33 slides
VoIP Telephony and Contact Centre Solutions Information Session Bid 4/11/1/2/02-13 6 June 2013

VoIP Telephony and Contact Centre Solutions Information Session Bid 4/11/1/2/02-13 6 June 2013

VoIP Telephony and Contact Centre Solutions Information Session Bid 4/11/1/2/02-13 6 June 2013 @ 11:00 Hannes Combrink Agenda 1 Telephony and / or Contact Centre 2 Electronic Submission 3 Dispersed sites and Infrastructure 4 Implementation

308 views • 9 slides
Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Sergey Puzankov Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com SS7 in the 20 th century SCP STP STP SSP SCP STP STP PSTN SSP SSP SS7 Signaling System #7, a set of telephony protocols

937 views • 60 slides
Robust Erlang John Hughes Genesis of Erlang Problem: telephony systems in the late 1980s

Robust Erlang John Hughes Genesis of Erlang Problem: telephony systems in the late 1980s

Robust Erlang John Hughes Genesis of Erlang Problem: telephony systems in the late 1980s Digital More and more complex Plain Old Telephony Highly concurrent System Hard to get right Approach: a group at Ericsson

629 views • 50 slides
IP Telephony Telephony: : The The technology technology which which IP will see see off

IP Telephony Telephony: : The The technology technology which which IP will see see off

IP Telephony Telephony: : The The technology technology which which IP will see see off off the the PSTN PSTN will Bibliographical Project Project Bibliographical Presented by by Presented Masood Khosroshahy Masood Khosroshahy

318 views • 9 slides
Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke

Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke University Is this circle secure? PROBLEM: The question is under-defined. What does it mean to for a circle to be secure? LESSON:

400 views • 29 slides
Downgrade Resilience in Key Exchange markulf kohlweiss joint work with: k. bhargavan, c.

Downgrade Resilience in Key Exchange markulf kohlweiss joint work with: k. bhargavan, c.

Downgrade Resilience in Key Exchange markulf kohlweiss joint work with: k. bhargavan, c. brzuska, c. fournet, m. green, s. zanella-beguelin 1 Downgrade as an everyday phenomen https:// http:// 2 TLS protocol suite not a single protocol

624 views • 24 slides
World 2012 XW12 1 2 Overview and Introduction XW12 XW12 3 4 Overview School of IS

World 2012 XW12 1 2 Overview and Introduction XW12 XW12 3 4 Overview School of IS

Sync, Clone, and Snapshot ... Dr Ashley Aitken Curtin University A.Aitken@Curtin.Edu.Au AshleyAitken (Twitter, Skype, LinkedIn) World 2012 XW12 1 2 Overview and Introduction XW12 XW12 3 4 Overview School of IS Curtin University

470 views • 10 slides
Evaluating storage technologies for solar and wind energy Jessika E. Trancik MIT Institute for

Evaluating storage technologies for solar and wind energy Jessika E. Trancik MIT Institute for

Evaluating storage technologies for solar and wind energy Jessika E. Trancik MIT Institute for Data, Systems, and Society March 5, 2017 Andlinger Center Highlight Seminar Series Princeton University 7000 600 a b 6000 500 Cumulative GW P

834 views • 45 slides
COMMUNITY ORGANIZING 101 with OFA This work is licensed under the Creative Commons Attribution-Non

COMMUNITY ORGANIZING 101 with OFA This work is licensed under the Creative Commons Attribution-Non

COMMUNITY ORGANIZING 101 with OFA This work is licensed under the Creative Commons Attribution-Non Commercial 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/4.0/ or send a letter to

731 views • 62 slides
The Role of Emotion, Values, and Beliefs in the Construction of Innovative Work Realities

The Role of Emotion, Values, and Beliefs in the Construction of Innovative Work Realities

The Role of Emotion, Values, and Beliefs in the Construction of Innovative Work Realities Isabel Ramos*, Daniel M. Berry, o Joa A. Carvalho* *U. do Minho, PT U. of Waterloo, CA 2006 I. Ramos, D.M. Berry, J.A. Carvalho RE

1.57k views • 128 slides
Deborah Davis August 2020 1 Railroad Commission of Texas | June 27, 2016 (Change Date In First

Deborah Davis August 2020 1 Railroad Commission of Texas | June 27, 2016 (Change Date In First

Form PR, (New) Form P-17, and P-17A Deborah Davis August 2020 1 Railroad Commission of Texas | June 27, 2016 (Change Date In First Master Slide) Form PR, (New) Form P-17, and P-17A 1 Class Description How to file the PR Report

951 views • 93 slides
General Reporting Protocol version 2.1 Public Comment Webinar Webinar audio: 213-929-4232

General Reporting Protocol version 2.1 Public Comment Webinar Webinar audio: 213-929-4232

General Reporting Protocol version 2.1 Public Comment Webinar Webinar audio: 213-929-4232 Access code: 548-534-007 1 Logistics To ask questions: Type your question into the question box on your control panel Questions will be

598 views • 28 slides

More recommend