![Page 1: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/1.jpg)
SecurityofWirelessNetworks
SrdjanČapkunDepartmentofComputerScience
ETHZurich
Some material adapted from Hubaux, Buttyan, “Security and Cooperation in Wireless Networks”
![Page 2: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/2.jpg)
NetworkAccess GSM/UMTS
![Page 3: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/3.jpg)
SecurityofWirelessNetworks,AS2010
GSM
GSM(GlobalSystemforMobileCommunica?ons)iss?llthemostwidelyusedcellularstandard• >600millionusers,mostlyinEuropeandAsia;limited
coverageandsupportinUSA• BasedonTDMAradioaccessandPCMtrunking• UseSS7signallingwithmobile-specificextensions• Providesauthen?ca?onandencryp?oncapabili?es• Thirdgenera?on(3G)andfuture(4G)
![Page 4: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/4.jpg)
SecurityofWirelessNetworks,AS2010
GSM
900MHz(or1800MHz)band• uplinkfrequencyband890-915MHz• downlinkfrequencybandis935-960MHz• 25MHzsubdividedinto124carrierfrequencychannels,
each200kHzapartTimedivisionmul?plexing(TDMA)• allows8speechchannelsperradiofrequencychannel• Channeldatarateis270.833kbps• Voicetransmi`edat13kbpsHandsetpowermax.2wa`sinGSM850/900and1wa`inGSM1800/1900Cellsizeupto35km
![Page 5: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/5.jpg)
SecurityofWirelessNetworks,AS2010
GSMArchitecture
Mobile Stations Base Station Subsystem
Exchange System
Network Management
Subscriber and terminal equipment databases
BSC MSC VLR
HLR
EIR
AUC
OMC BTS
BTS
BTS
EIR - Equipment Identity Register AC = Authentication center
HLR = Home Location Register VLR = Visitor Location Register
MSC (Mobile Switching Center) sets up and releases the end-to-end connection, handles mobility and hand-over requirements during the call and takes care of charging and real time pre-paid account monitoring.
![Page 6: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/6.jpg)
SecurityofWirelessNetworks,AS2010
GSMSecurityGoals
Operators• Billsrightpeople• Avoidfraud• ProtectServicesCustomers• Privacy• AnonymityMakeasystematleastsecureasPSTN?
![Page 7: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/7.jpg)
SecurityofWirelessNetworks,AS2010
GSMSecurityGoals
ConfidenIalityandAnonymityontheradiopathStrongclientauthen*ca*ontoprotecttheoperatoragainstthebillingfraudPreven?onofoperatorsfromcompromisingofeachothers’security• Inadvertently• Compe??onpressure
![Page 8: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/8.jpg)
SecurityofWirelessNetworks,AS2010
mygrandgrandma...
Twoissues:• Talkingforfree:Howdoyouprovethatyouarethe
costumerofanetwork?• Talkingonsomeoneelse’sexpense:Howdoyoudiffer
betweentwocostumers?
=>weneedawaytodis?nguishbetweenusers(authenIcaIon)
![Page 9: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/9.jpg)
SecurityofWirelessNetworks,AS2010
SIM(SubscriberIden?fica?onModule)
SubscriberIden?fica?onModule(SIM)• SmartCard–asinglechipcomputercontainingOS,File
System,Applica?ons• Ownedbyoperator(i.e.trusted)
![Page 10: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/10.jpg)
SecurityofWirelessNetworks,AS2010
SIMCards
Typicalspecifica?on• 8bitCPU• 16KROM• 256bytesRAM• 4KEEPROM• Cost:$5-50SmartCardTechnology• BasedonISO7816defining• Cardsize,contactlayout,electricalcharacteris?cs• I/OProtocols: byte/blockbased• FileStructure
![Page 11: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/11.jpg)
SecurityofWirelessNetworks,AS2010
GSMMobile
MobileEquipment(ME)• Physicalmobiledevice• Iden?fiers
• IMEI–Interna?onalMobileEquipmentIden?tySubscriberIden?tyModule(SIM)• SmartCardcontainingkeys,iden?fiersandalgorithms• Iden?fiers
• Ki–SubscriberAuthen?ca?onKey• IMSI–Interna?onalMobileSubscriberIden?ty• TMSI–TemporaryMobileSubscriberIden?ty• MSISDN–MobileSta?onInterna?onalService
DigitalNetwork• PIN–PersonalIden?tyNumberprotec?ngaSIM• LAI–loca?onareaiden?ty
![Page 12: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/12.jpg)
SecurityofWirelessNetworks,AS2010
TheKeyisintheCard
Ki–SubscriberAuthen?ca?onKey• Shared128bitkeyusedforauthen?ca?onofsubscriber
bytheoperator
KeyStorage• Subscriber’sSIM(ownedbyoperator,i.e.trusted)• Operator’sHomeLocatorRegister(HLR)ofthe
subscriber’shomenetwork
![Page 13: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/13.jpg)
SecurityofWirelessNetworks,AS2010
GSMUserAuthen?ca?on
A3
Mobile phone Radio Link GSM Operator
A8
A5
A3
A8
A5
Ki Ki
Challenge RAND
Kc Kc
mi Encrypted Data mi
SIM
Signed response (SRES) SRES SRES
Fn Fn
Authentication: are SRES values equal?
![Page 14: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/14.jpg)
SecurityofWirelessNetworks,AS2010
GSMUserAuthen?ca?on
AuC–Authen?ca?onCenter• Providesparametersforauthen?ca?onandencryp?on
func?ons(RAND,SRES,Kc)HLR–HomeLoca?onRegister• ProvidesMSC(MobileSwitchingCenter)withtriples
(RAND,SRES,Kc)• HandlesMSloca?onVLR–VisitorLoca?onRegister• StoresgeneratedtriplesbytheHLRwhenasubscriber
isnotinhishomenetwork• Oneoperatordoesn’thaveaccesstosubscriberkeysof
theanotheroperator.
![Page 15: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/15.jpg)
SecurityofWirelessNetworks,AS2010
A3andA8(Authen?ca?onandSessionKey)BothA3andA8algorithmsareimplementedontheSIM• Operatorcandecide,whichalgorithmstouse.• Algorithmimplementa?onisindependentofHWand
operators.• A8wasnevermadepublic
A3
RAND (128 bit)
Ki (128 bit)
SRES (32 bit)
A8
RAND (128 bit)
Ki (128 bit)
KC (64 bit)
COMP128
RAND (128 bit)
Ki (128 bit)
128 bit output SRES 32 bit and Kc 54 bit
LogicalimplementaIonofA3andA8
COMP128isakeyedhashfuncIon
![Page 16: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/16.jpg)
SecurityofWirelessNetworks,AS2010
A5(Confiden?ality)A5isastreamcipher• ImplementedveryefficientlyonhardwareDesignwasnevermadepublic• LeakedtoRossAndersonandBruceSchneierVariants:A5/1–thestrongversion,A5/2–theweakversion,A5/3GSMAssocia?onSecurityGroupand3GPPdesignBasedonKasumialgorithmusedin3Gmobilesystems
A5
Kc (64 bit) Fn (22 bit)
114 bit
XOR Data (114 bit)
A5
Kc (64 bit) Fn (22 bit)
114 bit
XOR Ciphertext (114 bit) Data (114 bit)
Mobile Station BTS
![Page 17: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/17.jpg)
SecurityofWirelessNetworks,AS2010
A`ackHistory(Authen?ca?onandConfiden?ality)
1991:FirstGSMimplementa?on.April1998• TheSmartcardDeveloperAssocia?on(SDA)togetherwith
U.C.BerkeleyresearcherscrackedCOMP128algorithmstoredinSIMandsucceededtogetKiwithinseveralhours.TheydiscoveredthatKcusesonly54bits.
August1999• TheweakA5/2wascrackedusingasinglePCwithin
seconds.December1999• AlexBiryukov,AdiShamirandDavidWagnerhavepublished
theschemebreakingthestrongA5/1algorithm.Withintwominutesofinterceptedcallthea`ack?mewasonly1second.
May2002
![Page 18: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/18.jpg)
SecurityofWirelessNetworks,AS2010
A`ack:Extrac?ngtheKeyfromtheSIMcard
A`ackGoal• KistoredonSIMcard• KnowingKiit’spossibletocloneSIMCardinalPrinciple• Relevantbitsofallintermediatecyclesandtheirvalues
shouldbesta?s?callyindependentoftheinputs,outputs,andsensi?veinforma?on.
A`ackIdea• Findaviola?onoftheCardinalPrinciple,i.e.side
channelswithsignalsdoesdependoninput,outputsandsensi?veinforma?on
• Trytoexploitthesta?s?caldependencyinsignalstoextractasensi?veinforma?on
![Page 19: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/19.jpg)
SecurityofWirelessNetworks,AS2010
A`ack:Extrac?ngtheKeyfromtheSIMcard
Traditional Cryptographic
Attacks
Input Crypto Processing
Sensitive Information
Output
![Page 20: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/20.jpg)
SecurityofWirelessNetworks,AS2010
A`ack:Extrac?ngtheKeyfromtheSIMcard
Side Channels • Power Consumption • Electromagnetic radiation • Timing • Errors • Etc.
Side Channel Attacks
Input Crypto Processing
Sensitive Information
Output
![Page 21: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/21.jpg)
SecurityofWirelessNetworks,AS2010
A`ack:FakeBS
• IMSIcatcherbyLawEnforcement• Interceptmobileoriginatedcalls• Canbeusedforover-the-aircloning
Usedtobe...
Today: USRP,OpenBTS
![Page 22: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/22.jpg)
SecurityofWirelessNetworks,AS2010
SignalingSecurity
MobilenetworksprimarilyuseSignalingSystemno.7(SS7)forcommunica?onbetweennetworksforsuchac?vi?esasauthen?ca?on,loca?onupdate,andsupplementaryservicesandcallcontrol.Themessagesuniquetomobilecommunica?onsareMAPmessages.
ThesecurityoftheglobalSS7networkasatransportsystemforsignalingmessagese.g.authen?ca?onandsupplementaryservicessuchascallforwardingisopentomajorcompromise.
TheproblemwiththecurrentSS7systemisthatmessagescanbealtered,injectedordeletedintotheglobalSS7networksinanuncontrolledmanner
![Page 23: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/23.jpg)
SecurityofWirelessNetworks,AS2010
LowTechFraud
Frauds• Callforwardingtopremiumratenumbers• Bogusregistra?ondetails• Roamingfraud• Terminalthep• Mul?pleforwarding,conferencecallsCountermeasures:• Mul?plecallsatthesame?me,• Largevaria?onsinrevenuebeingpaidtootherpar?es,• Largevaria?onsinthedura?onofcalls• Changesincustomerusage• Monitortheusageofacustomercloselyduringa
'proba?onaryperiod'
![Page 24: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/24.jpg)
NetworkAccess GSM/UMTS
![Page 25: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/25.jpg)
SecurityofWirelessNetworks,AS2010
UMTS
UMTS(UniversalMobileTelecommunica?onsSystem)UsesW-CDMA,• 1885-2025MHzforthemobile-to-base(uplink)and
2110-2200MHzforthebase-to-mobile(downlink)• supportsupto14Mbps(intheory)(withHSDPA),• usersindeployednetworkscanexpectupto384kbit/s
forR99handsets,and3.6Mbit/sforHigh-SpeedDownlinkPacketAccess(HSDPA)handsets
![Page 26: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/26.jpg)
SecurityofWirelessNetworks,AS2010
UMTSSecurity
Reuseof2ndgenera?onsecurityprinciples(GSM):• Removablehardwaresecuritymodule
• InGSM:SIMcard• In3GPP:USIM(UserServicesIden?tyModule)
• Radiointerfaceencryp?on• LimitedtrustintheVisitedNetwork• Protec?onoftheiden?tyoftheenduser• Correc?onofthefollowingweaknessesoftheprevious
genera?on:• ATacksfromafakedbasestaIon• CipherkeysandauthenIcaIondatatransmiTedin
clearbetweenandwithinnetworks• EncrypIonnotusedinsomenetworks• Dataintegritynotprovided
![Page 27: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/27.jpg)
SecurityofWirelessNetworks,AS2010
UMTSAuthen?ca?on(withaVisitedNetwork)
Generation of cryptographic material
Home Environment Visited Network Mobile Station Sequence number (SQN) RAND(i)
Authentication vectors
K: User’s secret key
IMSI/TMSI User authentication request
Verify AUTN(i) Compute RES(i)
User authentication response RES(i)
Compare RES(i) and XRES(i)
Select CK(i) and IK(i)
Compute CK(i) and IK(i)
K
K
RAND(i)||AUTN(i)
![Page 28: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/28.jpg)
SecurityofWirelessNetworks,AS2010
Genera?onofAuthen?ca?onVectors (bytheHomeEnvironment)
Generate SQN
Generate RAND
f1 f2 f3 f4 f5
K
AMF
MAC (Message Authentication
Code)
XRES (Expected
Result)
CK (Cipher Key)
IK (Integrity
Key)
AK (Anonymity
Key)
AMF: Authentication and Key Management Field
Authentication token: AUTN = (SQN⊕AK)|| AMF|| MAC
Authentication vector: AV = RAND|| XRES ||CK || IK || AUTN
![Page 29: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/29.jpg)
SecurityofWirelessNetworks,AS2010
UserAuthen?ca?onFunc?onsinUSIM
USIM: User Services Identity Module
f1 f2 f3 f4
K
XMAC (Expected MAC)
RES (Result)
CK (Cipher
Key)
IK (Integrity
Key)
f5
RAND
AK
SQN
AMF MAC
AUTN
• Verify MAC = XMAC • Verify that SQN is in the correct range
![Page 30: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/30.jpg)
SecurityofWirelessNetworks,AS2010
MoreAboutAuthen?ca?onandKeyGenera?on
Inaddi?ontof1,f2,f3,f4andf5,twomorefunc?onsaredefined:f1*andf5*,usedincasetheauthen?ca?onproceduregetsdesynchronized(detectedbytherangeofSQN).
f1,f1*,f2,f3,f4,f5andf5*areoperator-specificHowever,3GPPprovidesadetailedexampleofalgorithmset,calledMILENAGE
MILENAGEisbasedontheRijndaelblockcipherInMILENAGE,thegenera?onofallsevenfunc?onsf1…f5*isbasedontheRijndaelalgorithm
![Page 31: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/31.jpg)
SecurityofWirelessNetworks,AS2010
Authen?ca?onandKeyGenera?on Func?ons(f1...f5*)
rotate by r4
OPc
c4
EK
OPc
rotate by r2
OPc
c2
EK
OPc
rotate by r3
OPc
c3
EK
OPc
rotate by r5
OPc
c5
EK
OPc
rotate by r1
OPc
c1
EK
OPc
EK
SQN||AMF OPc EK OP OPc
f1 f1* f5 f2 f3 f4 f5*
RAND
OP: operator-specific parameter r1,…, r5: fixed rotation constants c1,…, c5: fixed addition constants
EK : Rijndael block cipher with 128 bits text input and 128 bits key
![Page 32: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/32.jpg)
SecurityofWirelessNetworks,AS2010
SignalingIntegrityProtec?on
f9
MAC-I
IK
SIGNALLING MESSAGE
COUNT-I
FRESH
DIRECTION
Sender (Mobile Station or
Radio Network Controller)
f9
XMAC-I
IK
SIGNALLING MESSAGE
COUNT-I
FRESH
DIRECTION
Receiver (Radio Network Controller
or Mobile Station)
FRESH: random input
![Page 33: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/33.jpg)
SecurityofWirelessNetworks,AS2010
f9integrityfunc?on
COUNT || FRESH || MESSAGE ||DIRECTION||1|| 0…0
KASUMI IK KASUMI IK KASUMI IK KASUMI IK
KASUMI IK KM
PS0 PS1 PS2 PSBLOCKS-1
MAC-I (left 32-bits)
• KASUMI: block cipher (64 bits input, 64 bits output; key: 128 bits) • PS: Padded String • KM: Key Modifier
![Page 34: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/34.jpg)
SecurityofWirelessNetworks,AS2010
Encryp?on
48
f8
KEYSTREAM BLOCK
CK
BEARER
COUNT-C
LENGTH
DIRECTION
PLAINTEXT BLOCK
f8
KEYSTREAM BLOCK
CK
BEARER
COUNT-C
LENGTH
DIRECTION
PLAINTEXT BLOCK
CIPHERTEXT BLOCK
Sender (Mobile Station or
Radio Network Controller)
Receiver (Radio Network Controller
or Mobile Station)
BEARER: radio bearer identifier COUNT-C: ciphering sequence counter
![Page 35: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/35.jpg)
SecurityofWirelessNetworks,AS2010
f8keystreamgenerator
KASUMI KASUMI KASUMI KASUMI KASUMI CK KASUMI CK KASUMI CK KASUMI CK
KASUMI CK KM
KS[0]…KS[63]
Register
KS[64]…KS[127] KS[128]…KS[191]
BLKCNT=0 BLKCNT=1 BLKCNT=2 BLKCNT=BLOCKS-1
COUNT || BEARER || DIRECTION || 0…0 KM: Key Modifier KS: Keystream
![Page 36: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/36.jpg)
SecurityofWirelessNetworks,AS2010
ConclusiononUMTSSecurity
Someimprovementwithrespectto2ndgenera?onCryptographicalgorithmsarepublishedIntegrityofthesignalingmessagesisprotectedQuiteconserva?vesolu?on2nd/3rdgeneraIoninteroperaIonwillbecomplicatedandmightopensecuritybreachesAllthatcanhappentoafixedhostaTachedtotheInternetcouldhappentoa3GterminalPrivacy/anonymityoftheusernotcompletelyprotected:IMSIissentincleartextwhentheuserisregisteringforthefirst?meintheservingnetwork(trustedthirdpartycanbeasolu?on)Ausercanbeen?cedtocamponafalseBS.OncetheusercampsontheradiochannelsofafalseBS,theuserisoutofreachofthepagingsignalsofSNHijackingoutgoing/incomingcallsinnetworkswithdisabledencryp?onispossible.Theintruderposesasaman-in-the-middleanddropstheuseroncethecallisset-up
![Page 37: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/37.jpg)
SecurityofWirelessNetworks,AS2010
OtherTopics
• DoSa`acks,SMSsecurity,...• Reference:
P.Traynor,P.McDanielandT.LaPorta,SecurityforTelecommunicaIonsNetworks.Springer,Series:AdvancesinInformaIonSecurity,August,2008.ISBN:978-0-387-72441-6.) FreelyavailableviatheETHlibrary(Springer)
• ModernMobilePhoneSystemSecurity(Android/iOS/Symbian,...)
![Page 38: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/38.jpg)
SecurityofWirelessNetworks,AS2010
SS7security
https://www.sans.org/reading-room/whitepapers/critical/fall-ss7--critical-security-controls-help-36225
![Page 39: Security of Wireless Networks - ETH Z...Security of Wireless Networks, AS 2010 GSM GSM (Global System for Mobile Communica?ons) is s?ll the most widely used cellular standard • >](https://reader030.vdocuments.site/reader030/viewer/2022040822/5e6b9ed28711a92ffc4f8d26/html5/thumbnails/39.jpg)
SecurityofWirelessNetworks,AS2010
SS7security