cellular network security

21
Cellular Network Security Ryan Stepanek Secure Systems Administration Spring 2011

Upload: narcisse-gauthier

Post on 03-Jan-2016

52 views

Category:

Documents


2 download

DESCRIPTION

Secure Systems Administration Spring 2011. Cellular Network Security. Ryan Stepanek. A brief history of cellular networks. Cellular networks have been deployed for the last three decades 1G networks had maxspeeds of about 9.6 kbs [1] - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Cellular Network Security

Cellular Network Security

Ryan Stepanek

Secure Systems Administration Spring 2011

Page 2: Cellular Network Security

A brief history of cellular networks Cellular networks have been deployed for the

last three decades

1G networks had maxspeeds of about 9.6 kbs [1]

As network technology evolved, two standards emerged: CDMA and GSM

Modern cellular networks operate in the third and fourth generation, reaching theoretical speeds up to 100 Mbit/s

Page 3: Cellular Network Security

Challenges of Cellular Networks Open Access Wireless – No physical connection

necessary! Bandwidth Limitations – Everyone has to share the

network. System Complexity – The larger the

implementation of the system the more difficult it is to maintain security.

Confidentiality – Private data needs to be encrypted.

Integrity – Must minimize data loss; more services being sent through the network.

Authentication With Other Networks – Companies need to play nice with each other.

Page 4: Cellular Network Security

Security Issue for Cellular Networks Operating systems on mobile devices –

Android, Windows, iPhone

Web services – Potential for abuse through the addition of new services; DOS.

Location Detection – Keep the location of the user private!

Spyware; malware – Phones and network may be vulnerable.

Page 5: Cellular Network Security

Phone OS by Market Share

Page 6: Cellular Network Security

Phone OS Market Share – US, UK, China

Page 7: Cellular Network Security

I-Security Mobile OS – left open to viruses and malware

Users can jailbreak and run their own code History of being slow to patch

SMS virus – over two months to patch! Spreading the virus required only the victims

phone number Spread through memory corruption in iPhone[6]

Potentially detrimental to host network Dangerously popular – In December 2009 AT&T

was forced to halt iPhone sales in New York[5] Can you hear me now? Network load became too

great for existing infrastructure

Page 8: Cellular Network Security

Blackberries Very good encryption

Causes conflicts with governments on the grounds of national security

i.e. India 2009[7] Relies on security through obscurity Vulnerable through third party apps

i.e. the Webkit browser was used at this year’s Pwn2Own hacking expo.[8]

Blackberry Enterprise Server(BES) Commonly used in business and government,

compromising the server could allow access to phone information

Fairly secure if configured correctly(EAL 4+)[10]

Page 9: Cellular Network Security

Android Open source

Incredibly threatening to network profit/security i.e. free WiFi tethering

Rooting Allows greater control over the phone Creates a natural conflict between the service

provider and customer Also increases vulnerability to viruses i.e. custom

ROMs will not receive updates from the service provider

Companies now actively trying to hinder rooting i.e. Motorola[8]

Page 10: Cellular Network Security

GSM vs CDMA GSM

More than 3.8 billion people worldwide Far more common outside of North America More than 89 percent of market share[4] More than more than 212 countries and territories[3] Interferes with some electronics

CDMA Transmits data signal modulated with

pseudorandom code Generally allows for larger transmission cells Allows users to share frequencies

Page 11: Cellular Network Security

3G – Network Components Radio Access Network

Towers Radio Network Controllers

Core Network Packet Switched Network Circuit Switched Network SGSN – Handles Access Control and Route

Management GGSN – Gateway to the Internet

Page 12: Cellular Network Security

3G – Implementation

Page 13: Cellular Network Security

Attacks on Cellular Neworks DOS/DDOS – Probably the most common.

iPhones Services and bandwidth usage seems to be

increasing faster than network infrastrucure More achievable now through infecting phones

Jamming Highly localized, similar in effect to DOS

Eavesdropping Man in the Middle attacks Session hijacking

Page 14: Cellular Network Security

3G - Defensive Measures Network Access Security

Utilizes secret keys and secret key ciphers to maintain confidentiality

Uses a temporary International Mobile User Identity to protect the user’s identity.

Challenge Response System Used when Authenticating Occurs when user first connects to network, when

the network receives a service request, when a location update is sent, on attach/detatch request, etc..[1]

Page 15: Cellular Network Security

3G-Integrity and Confidentiality Signaling communications between mobile

station and network F9 algorithm used to calculate 32-bit MAC-I for

data integrity then compared to a calculated XMAC-I

F8 used to keep data confidential, utilizes a cipher key that comes from the mobile device; output is then XORed with the original data stream

Both F8 and F9 rely on KASUMI cipher Based on feistel structure to create 64bit data

blocks and a 128 bit key

Page 16: Cellular Network Security

F8 – Confidentiality Algorithm

Page 17: Cellular Network Security

3G-Internet Security Wireless Application Protocol

Protocol that handles wireless devices connecting to the web

Independent of underlying OS WAP2 – puts devices into direct communication with

servers Uses layers similar to standard networks

IPv6 and IPv4 3G allows for circuit switched and packet switched

network nodes 4G is packet switched nodes only; completely IPv6

compatible

Page 18: Cellular Network Security
Page 19: Cellular Network Security

Cellular Network Security – Factors to Consider

Liability Quantity and nature of data Potential harm from data Lawsuits

Profits Bandwidth is not free Capability of devices vs. popularity of devices Risk for every network expansion

Page 20: Cellular Network Security

Sources [1] “Security in Wireless Cellular Networks” Gardezi, Ali.

http://docs.google.com/viewer?a=v&q=cache:mFeuQOB24gwJ:www1.cse.wustl.edu/~jain/cse574-06/ftp/cellular_security.pdf+cellular+network+security&hl=en&gl=us&pid=bl&srcid=ADGEESgk1O3TVCFitfU0KCDfZp2FIogPvw0bjkw767GFdWlAOyWm866YcuCt8IEn2uag617WAW0S32eIhFbaoMgQiJh_WJi5QYE2RIwkizPeTRzmsFcBNMtESgBQNA9NmF5VgqtrQBe0&sig=AHIEtbR683Y3fhGxdHQa47sZCueMwq3jsA

[2] “Exploiting Vulnerabilities and Security Mechanisms in Internet Based SMS Capable Cellular Networks” Azim, Akramul. http://docs.google.com/viewer?a=v&q=cache:AmTvXrmYVNoJ:citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.121.2158%26rep%3Drep1%26type%3Dpdf+cellular+network+security&hl=en&gl=us&pid=bl&srcid=ADGEESiJC2Zr-k8fOWOH70HSEDwahX_x1pJXZOS2AndHNcBqh0Qm3xcBlkqiVgOW0spQM0aqzoMxYkuThzhKiHCKxOa8nc8slQ_qDM1a5OQ_zO0qnBL3Y_9zylwEMLPYr8ORC5mXftkM&sig=AHIEtbQjQIcq5LnEbumpqWogCCN3u0uXVA

Page 21: Cellular Network Security

Sources - Countinued [3] “CDMA vs. GSM – Which One is the BestYou?”

http://www.cellutips.com/gsm-vs-cdma-which-one-is-the-best-for-you/ [4] “GSM: Global System for Mobile Communications”

http://www.3gamericas.org/index.cfm?fuseaction=page&sectionid=242 [5] “AT&T apparently resumes online iPhone sales in New York City”

http://articles.cnn.com/2009-12-28/tech/iphone.sales.nyc_1_iphone-sales-online-sales-at-t-service?_s=PM:TECH

[6] “First iPhone Virus Found Using SMS Testing” http://ironmill.wordpress.com/2009/07/30/iphone-virus/

[7] “BlackBerry encryption 'too secure': National security vs. consumer privacy” http://www.zdnet.com/blog/igeneration/blackberry-encryption-too-secure-national-security-vs-consumer-privacy/5732

[8] “BlackBerry security breached at Pwn2Own 2011” http://crackberry.com/blackberry-security-breached-pwn2own-2011

[9] “Are the Days of Rooting Android Phones Coming to an End?” http://www.droid-life.com/2011/04/04/are-the-days-of-rooting-android-phones-coming-to-an-end/

[10] “Approvals and Certifications” http://us.blackberry.com/ataglance/security/certifications.jsp