security architectures
play

Security Architectures of Mobile Systems Valtteri Niemi University - PowerPoint PPT Presentation

Jul 08, 2023 •224 likes •1.23k views

Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015 Petrozavodsk, 13 May 1 Contents Background and scope GSM design decisions a priori and a posteriori decisions security mechanisms

  1. Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT’2015 Petrozavodsk, 13 May 1

  2. Contents • Background and scope • GSM – design decisions • a priori and a posteriori decisions – security mechanisms • 3G – design decisions – security mechanisms • LTE (4G) – design decisions – security mechanisms • 5G perspectives 2

  3. Background and scope 3

  4. Mobile systems • Cellular systems – GSM, 3G, LTE (= 4G), … – Standardized by ETSI, 3GPP – Huge global footprint • Other wireless access technologies – e.g. WiFi • Mobile apps – e.g. facebook • Other technologies in mobile devices – Camera, GPS, accelerometer, …. • Services – Communication services, e.g. Skype, Whatsapp ,… – Location-based services – Cloud services – ….. 4

  5. Mobile systems • Cellular systems – GSM, 3G, LTE (= 4G), … Our scope – Standardized by ETSI, 3GPP – Huge global footprint • Other wireless access technologies – e.g. WiFi • Mobile apps – e.g. facebook • Other technologies in mobile devices – Camera, GPS, accelerometer, …. • Services – Communication services, e.g. Skype, Whatsapp ,… – Location-based services – Cloud services – ….. 5

  6. Information security • System security – e.g. trying to ensure that the system does not contain any weak parts. • Application security – e.g. Internet banking • Protocol security – e.g. how to achieve security goals by executing well-defined communication steps. • Platform security – e.g. system depends on correctness of OS in all elements. • Security primitives – basic building blocks on top of which all protection mechanisms are built. – e.g. cryptographic algorithms, but also more concrete items like a protected memory. 6

  7. Information security Our (main) scope • System security – e.g. trying to ensure that the system does not contain any weak parts. • Application security – e.g. Internet banking • Protocol security – e.g. how to achieve security goals by executing well-defined communication steps. • Platform security – e.g. system depends on correctness of OS in all elements. • Security primitives – basic building blocks on top of which all protection mechanisms are built. – e.g. cryptographic algorithms, but also more concrete items like a protected memory. 7

  8. Design of a secure system • Threat analysis – list all possible threats against the system, regardless of difficulty or cost • Risk analysis – weight of threats estimated – both probability of the attack and potential damage taken into account • Requirements capture – based on risk analysis, decide what kind of protection is required for the system • Design phase – build actual protection mechanisms to meet requirements – Existing building blocks, e.g. security protocols, are identified, possibly new mechanisms are developed, and a security architecture is created • Security analysis – carrying out an evaluation of the results independently of the previous phase • Reaction phase – reaction to all future security breaches cannot be planned beforehand  original design should allow enhancements 8

  9. Design of a secure system • Threat analysis – list all possible threats against the system, regardless of difficulty or cost • Risk analysis – weight of threats estimated – both probability of the attack and potential damage taken into account • Requirements capture – based on risk analysis, decide what kind of protection is required for the system Our (main) scope • Design phase – build actual protection mechanisms to meet requirements – Existing building blocks, e.g. security protocols, are identified, possibly new mechanisms are developed, and a security architecture is created • Security analysis – carrying out an evaluation of the results independently of the previous phase • Reaction phase – reaction to all future security breaches cannot be planned beforehand  original design should allow enhancements 9

  10. Communication security • Authenticity – Verifying the identities of the communicating parties • Confidentiality – Limit the intelligibility of the communication just to parties involved • Integrity – If all messages sent by the party A are identical to the ones received by the party B and vice versa, then integrity of the communication has been preserved • Non-repudiation – For message sent by A, this implies that A cannot later deny sending of it • Availability – This is an underlying pre-requisite for communication: a channel must be available 10

  11. Communication security Our (main) scope • Authenticity – Verifying the identities of the communicating parties • Confidentiality – Limit the intelligibility of the communication just to parties involved • Integrity – If all messages sent by the party A are identical to the ones received by the party B and vice versa, then integrity of the communication has been preserved • Non-repudiation – For message sent by A, this implies that A cannot later deny sending of it • Availability – This is an underlying pre-requisite for communication: a channel must be available 11

  12. GSM 12

  13. Landscape at the time of design • Stakeholders: European national telecom operators • Target: supplement for fixed networks (in Europe) • Use case: voice calls • Tight export control of crypto

  14. a priori design decisions for GSM security • GSM aimed to be as secure as the fixed networks to which it would be connected • Security mechanisms should protect the system for 20 years 14

  15. GSM access security K i HLR AuC K i • The secret key of user i exists (and stays) only in two places: - in her own SIM card - in the Authentication Center 15

  16. Trust model • Each operator shares long term security association with its subscriber – Security association credentials stored in tamper-resistant identity module issued to subscriber (called the SIM or UICC) • Operators may enter roaming agreements with other operators  a certain level of trust exists between the respective domains 16

  17. Authentication of user i • Authentication Center chooses a random number RAND and computes RAND K i one-way function SRES Kc • The triple (RAND, SRES, Kc) is sent to the MSC/VLR. • MSC/VLR sends RAND to the phone. • The one-way function of computing SRES/Kc is called A3/A8. These are operator-specific . 17

  18. Authentication cont’d • The SIM card computes RAND K i one-way function SRES’ Kc ’ and sends the output SRES’ to the MSC/VLR. • If SRES = SRES’, then the call is accepted. 18

  19. Encryption of the call • During the authentication a secret key is exchanged: Kc = Kc’ by which all calls/signalling are encrypted between the phone and the base station until the next authentication occurs. • The encryption algorithm is called A5. The first two versions A5/1 and A5/2 were standardized but the specs are confidential and managed by GSM Association. Later, a third version A5/3 was created and is publicly available. All make use of 64-bit keys Kc. • Nowadays there is also a 128-bit key algorithm A5/4. – Deployment of this is more difficult than in A5/3 case because longer keys require changes in many parts of the system 19

  20. Structure of A5 stream cipher Kc (64 bits) frame number (22) core of A5 pseudorandom bit stream (114) XOR plain message (114) encrypted message (114) 20

  21. GSM security protocol MS (SIM) MSC/VLR HLR IMSI, Ki (and BTS) {{IMSI, Ki }} IMSI / TMSI IMSI RAND RAND, XRES, K c K c SRES SRES=XRES ? encrypted TMSI 21

  22. a posteriori design decisions for GSM security • Active attacks which involve impersonating a network element were intentionally not addressed • Authentication based on what you have: smart card • Specs of cryptoalgorithms kept confidential 22

  23. Example of a reactive design decision

  24. Barkan – Biham A5/2 Attack (from 2003) Exploited weaknesses in cryptographic algorithms: – A5/2 can be broken very fast … and exploited also other legacy features in the GSM security system: – A5/2 was a mandatory feature in terminals – Call integrity based only on encryption – Same Kc is used in different algorithms – Attacker can force the victim MS to use the same Kc by RAND replay An example attack: Decryption of strongly encrypted call – Catch a RAND and record a call encrypted with Kc and A5/3 – Replay the RAND and tell the MS to use A5/2 – Analyse Kc from the received encrypted uplink signal – Decrypt the recorded call with Kc 24

  25. Countermeasure • Withdrawal of A5/2 from all 3GPP terminals 25

  26. GPRS security • Similar to GSM security • SGSN takes the role of MSC/VLR for authentication • Encryption terminates also in SGSN – Embedded in Logical Link Layer (LLC) – Counter: frame number (22 bits) replaced by LLC counter (32 bits) – Algorithms: • GEA1 (confidential, weakest) • GEA2 (confidential) • GEA3 (publicly available) • GEA4 (Rel-9 addition; first to use 128-bit keys instead of 64-bit keys) 26

  27. 3G 27

  28. Landscape at the time of design • GSM became phenomenal success story • Stakeholders: national operators, private challenger operators, regulators • Target: truly global system

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang xwy@cs.duke.edu Overview Why studying network security? The topic itself is worth another class Basic cryptography building blocks

768 views • 49 slides
Security Considerations for Microservice Architectures Daniel Richter, Tim Neumann, and Andreas

Security Considerations for Microservice Architectures Daniel Richter, Tim Neumann, and Andreas

Security Considerations for Microservice Architectures Daniel Richter, Tim Neumann, and Andreas Polze Operating Systems & Middleware Group Hasso Plattner Institute at University of Potsdam, Germany Motivation EPA the legacy system

1.28k views • 30 slides
Security and OWASP Top 10 with Service Oriented Architectures Adnan Masood Sr. System Architect

Security and OWASP Top 10 with Service Oriented Architectures Adnan Masood Sr. System Architect

Practical Web Application Security and OWASP Top 10 with Service Oriented Architectures Adnan Masood Sr. System Architect Green Dot Corporation What this talk is about? 2 This session is an introduction to web application security

839 views • 60 slides
A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

1 A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of Engineering: Computer Science Promotor: Prof. Frank Piessens Advisors: Jan Tobias Mhlberg Jo Van Bulck 2 Introduction Growing trend towards

513 views • 27 slides
Challenges of Security Risks in Service-Oriented Architectures Youakim Badr 1 , Frederique

Challenges of Security Risks in Service-Oriented Architectures Youakim Badr 1 , Frederique

UMR 5205 Challenges of Security Risks in Service-Oriented Architectures Youakim Badr 1 , Frederique Biennier 1 , Pascal Bou Nassar 3 , Soumya Banerjee 2 1 LIRIS Lab, INSA-Lyon, France 2 Agence Universitaire de la Francophonie (AUF)

433 views • 21 slides
Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectures Architectural styles Software architectures Architectures versus middleware Self-management in distributed systems 1 / 26 Architectures Architectural styles Architectural styles Basic idea Organize into

571 views • 33 slides
Web Authentication: A User-Centered Security R emy Degenne Chair for Network Architectures

Web Authentication: A User-Centered Security R emy Degenne Chair for Network Architectures

Web Authentication: A User-Centered Security R emy Degenne Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen October 10, 2013 R emy Degenne: Web Authentication: A

1.03k views • 15 slides
Security and Privacy in the Smart Energy Grid Martin Erich Jobst Chair for Network Architectures

Security and Privacy in the Smart Energy Grid Martin Erich Jobst Chair for Network Architectures

Security and Privacy in the Smart Energy Grid Martin Erich Jobst Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen July 01, 2013 Martin Erich Jobst: Security and Privacy in the

774 views • 53 slides
Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin Lukasiewycz TUM CREATE Singapore Outline Motivation (current E/E architectures) Trends (Integrated Architectures / Connected Car) Challenges Overview

496 views • 23 slides
Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures

Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures

Chair for Network Architectures and Services Technische Universit at M unchen Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures and Services Department of Informatics Technische Universit

519 views • 28 slides
Overview Agent Architectures Definition of agent architecture Classical Architectures for

Overview Agent Architectures Definition of agent architecture Classical Architectures for

Overview Agent Architectures Definition of agent architecture Classical Architectures for robots consists of functional components Situated Automata eliminates explicit deliberation Behavior-Based Architectures behaviors as essential

641 views • 11 slides
Security of CPE Management Protocols Patrick Sattler, B. Sc. Advisor: Oliver Gasser, M. Sc.

Security of CPE Management Protocols Patrick Sattler, B. Sc. Advisor: Oliver Gasser, M. Sc.

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Security of CPE Management Protocols Patrick Sattler, B. Sc. Advisor: Oliver Gasser, M. Sc. April 20, 2017 Chair of Network Architectures and

437 views • 24 slides
Analyzing Security Architectures Marwan Abi-Antoun Jeffrey M. Barnes Dept. of Computer Science

Analyzing Security Architectures Marwan Abi-Antoun Jeffrey M. Barnes Dept. of Computer Science

Analyzing Security Architectures Marwan Abi-Antoun Jeffrey M. Barnes Dept. of Computer Science Inst. for Software Research Wayne State University Carnegie Mellon University mabiantoun@wayne.edu jmbarnes@cs.cmu.edu Acknowledgements: David

467 views • 42 slides
CompSci 356: Computer Network Architectures Lecture 2: Network Architectures Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 2: Network Architectures Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 2: Network Architectures Xiaowei Yang xwy@cs.duke.edu Overview Design requirements of the original Internet Where to places functions Ref: Concepts of Network Architectures ?

1.24k views • 77 slides
CompSci 356: Computer Network Architectures Lecture 2: Network Architectures Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 2: Network Architectures Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 2: Network Architectures Xiaowei Yang xwy@cs.duke.edu Overview Design requirements of the original Internet Where to places functions Concepts of Network Architectures ? 1 st

1.36k views • 76 slides
Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU

Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU

Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU controller 10C Disks control address main bus 10D Low Level I/O Techniques data interrupts 10E Higher Level I/O Techniques memory

657 views • 16 slides
Physical Security of Smart Cards Michael Tunstall University College Cork, Ireland. Limerick

Physical Security of Smart Cards Michael Tunstall University College Cork, Ireland. Limerick

Physical Security of Smart Cards Michael Tunstall University College Cork, Ireland. Limerick March 5, 2008 Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 Limerick 1 / 37 Introduction Outline

586 views • 37 slides
Simon: NSA-designed Cipher in the Post-snowden World Tomer Ashur KU Leuven 28/12/2015 The

Simon: NSA-designed Cipher in the Post-snowden World Tomer Ashur KU Leuven 28/12/2015 The

Simon: NSA-designed Cipher in the Post-snowden World Tomer Ashur KU Leuven 28/12/2015 The SIMON and SPECK Families of Lightweight Block Ciphers Two families of lightweight block ciphers (10 variants for each) Tomer Ashur Simon:

784 views • 51 slides
Algebraic Cryptanalysis of STARK-Friendly Designs: Application to MARVELlous and MiMC Martin

Algebraic Cryptanalysis of STARK-Friendly Designs: Application to MARVELlous and MiMC Martin

S C I E N C E P A S S I O N T E C H N O L O G Y Algebraic Cryptanalysis of STARK-Friendly Designs: Application to MARVELlous and MiMC Martin Albrecht Carlos Cid Lorenzo Grassi Dmitry Khovratovich Reinhard Lfenegger

895 views • 61 slides
The Skein Hash Function First Hash Function Candidate Conference Leuven, Belgium 26 February 2009

The Skein Hash Function First Hash Function Candidate Conference Leuven, Belgium 26 February 2009

The Skein Hash Function First Hash Function Candidate Conference Leuven, Belgium 26 February 2009 Niels Ferguson Stefan Lucks Bruce Schneier Doug Whiting Mihir Bellare Tadayoshi Kohno Jon Callas Jesse Walker Overview Fast 6.1 cycles/byte on

581 views • 16 slides
Bookmarks for Cryptographers Beno t Viguier ( x y. x@y.nl ) benoit viguier CHES 2017

Bookmarks for Cryptographers Beno t Viguier ( x y. x@y.nl ) benoit viguier CHES 2017

Bookmarks for Cryptographers Beno t Viguier ( x y. x@y.nl ) benoit viguier CHES 2017 Rump Session Taipei, 26th September 2017 Institute for Computing and Information Sciences Digital Security Radboud University Nijmegen 1 Tikz

436 views • 19 slides
98 s.sadeghi.khu@gmail.com

98 s.sadeghi.khu@gmail.com

98 s.sadeghi.khu@gmail.com

1.41k views • 99 slides
SR3: Secure Reputation-based Resilient Routing Karine Altisen Stphane Devismes Raphal Jamet

SR3: Secure Reputation-based Resilient Routing Karine Altisen Stphane Devismes Raphal Jamet

SR3: Secure Reputation-based Resilient Routing Karine Altisen Stphane Devismes Raphal Jamet Pascal Lafourcade VERIMAG, Universits de Grenoble This work was supported by the ARESA2 ANR Project Altisen et al. (VERIMAG) SR3 15 May 2013 1

993 views • 68 slides
Remarks on the Data Complexity of Zero-Correlation Linear Attacks C eline Blondeau Aalto

Remarks on the Data Complexity of Zero-Correlation Linear Attacks C eline Blondeau Aalto

Remarks on the Data Complexity of Zero-Correlation Linear Attacks C eline Blondeau Aalto University ESC, Luxembourg 2015 Outline Zero-Correlation Linear Attacks Data Complexity of Zero-Correlation Attacks Repetition of Plaintexts Data

464 views • 35 slides

More recommend