gsm network security ‘s research project by: jamshid rahimi sisouvanh vanthanavong 1 friday,...

GSMNetwork Security ‘s Research ProjectBy:

Jamshid RahimiSisouvanh Vanthanavong 1

Friday, February 20, 2009

LOGO


Contents

1

• GSM Overview• GSM Architecture • GSM Security Architecture

• Anonymity• Authentication• Confidentiality

• GSM Authentication Protocol • GSM Security Flaws

• Crypto Flaws• Invalid Assumptions• SIM Attacks• Fake base station

• GSM Conclusions2

LOGO


GSM OverviewGSM introduction & History

1

- GSM: Global System for Mobile communication- GSM frequency is used the 2G and 3G network- 1982 Beginning of GSM (Groupe Spéciale Mobile) - 1986 GSM radio standard - 1987 Groupe Spéciale Mobile (in French) changed to Global System for Mobile communication - 1989 The European Telecommunications Standards Institute accepted GSM as the digital cellular telephony standard. - 1990 Phase 1 GSM 900 specification - 1991 First GSM 900 demonstrated - 1994 First GSM networks in Africa - 1995 GSM phase 2 standardization is completed - 1999 First GPRS network - 2001 more than 500 million people are GSM users

Source: http://www.cellular.co.za/gsmhistory.htm3

LOGO


GSM Architecture

1

- The mobile is a cell phone - The air interface (a wireless network that transmission from the cell phone to a base station. - The visited network includes multiple base stations and a base station controller.

4

LOGO


GSM Architecture

1

-The PSTN is also referred to as “land lines” to distinguish it from the wireless network.-The home network includes a home location registry or HLR-The authentication center or AuC maintains the crucial billing information for all mobiles for which this particular home network is home

Continued…

5

LOGO


GSM ArchitectureContinued…

1

6

LOGO


GSM Architecture

1

-GSM mobile phone contains Subscriber Identity Module or SIM.-SIM includes a International Mobile Subscriber ID or IMSI.-The SIM also contains a 128-bit key. this key is universally knows as Ki

Continued…

7

LOGO


GSM security architecture

1

The primary security goals set forth by the designers of GSM were:

-Make GSM as secure as ordinary telephones-Prevent cell phone cloning

•GSM was not designed to resist an active attack. At the time, active attacks were considered infeasible. •The designers of GSM considered the biggest threats to be insecure billing, corruption, and similar low-tech attacks

8

LOGO


GSM security architecture

1

GSM consists of 3 security issues:- Anonymity:The anonymity goal for GSM is to prevent intercepted traffic from being used to identify the caller.- Authentication:Correct authentication is necessary for proper billing. Cloning problems is one of the failures- Confidentiality:Calls over the air interface is important to customers and company.

9

LOGO


Anonymity

1

-GSM provides a very limited form of anonymity-IMSI is used to initially identify the caller then a Temporary Mobile Subscriber ID (TMSI), is assigned to the caller-TMSI is subsequently used to identify the caller-Net effect is that if an attacker captures the initial part of the call, where the IMSI is passed-But practically filtering of IMSI not easy.

10

LOGO


Authentication

1

•In GSM, the caller is authenticated to the base station, but the authentication is not mutual.•GSM authentication employs a challenge-response mechanism•Mobile -> BS -> LHR•Ki is known to LHR which corresponds to caller IMSI•HLR generate RAND and computes the “expected response,” XRES = A3(RAND, Ki)•BS sends RAND to Mobile•Mobile responses as SRES•LHR computes XRES=SRES•Ki never lease the LHR

11

LOGO


Confidentiality

• GSM uses a stream cipher to encrypt the data.

• High error rate, which is typically about 1 in 1,000 bits, in the cell phone environment.

• Block cipher, each transmission error causes one or two entire plaintext blocks to be garbled (depending on the mode), while a stream cipher garbles only those plaintext bits corresponding to the specific ciphertext bits that are in error.

• Encryption symbol is Kc12

LOGO


Authentication & Encryption

11 & 2.IMSI3. Kc = A8(RAND, Ki) (Encryption Algorithm) XRES = A3(RAND,Ki) (Authentication … )5. Mobile Computes Kc and Ki to generate SRES 6. A5(Kc) is shared symmetric key

13

LOGO


GSM Security Flaws

There are cryptographic flawsThere are protocol flaws as well. Attacks on GSM are due to invalid

security assumptions made by the original designers of GSM

14

LOGO


GSM Security Flaws

HashesA3 andA8 both rely on a hash function known as COMP128 can be broken by 150,000 chosen plaintexts

A seller can determine Ki before selling and clone later

Crypto Flaws

15

LOGO


GSM Security Flaws

A GSM phone call is encrypted between the mobile and the base station but not from the base station to the base station controller

Nowadays link between BS and BSC is over a microwave link

Since microwave is a wireless media, it is possible for an attacker to eavesdrop on unprotected calls over this link

Invalid Assumptions

16

LOGO


GSM Security Flaws

Ki is the concern hereOne known as optical fault

induction, an attacker could force a SIM card to divulge its Ki by using an ordinary flashbulb [209].

Partitioning attacks

SIM Attacks

17

LOGO


GSM Security Flaws

1st: There is no mutual authentication

2nd: BS decides whether to encrypt voice or not.

Fake Base station

18

LOGO


GSM Conclusions

GSM is a security failure— though it is certainly a commercial success

But GSM achieved its security design goals on PSTN

First goal eliminate the cloning and secure as PSTN 2nd goal is that GSM air interface has the fake base

station problem but PSTN has wire-taping The real problem with GSM security is that the initial

design goals were too limited The major insecurities in GSM include weak crypto,

SIM issues, the fake base station attack, and a total lack of replay protection.

19

Comments.

20


gsm network security ‘s research project by: jamshid rahimi sisouvanh vanthanavong 1 friday,...

Documents

designers of gsm

gsm phase

gsm networks

gsm userssource

gsm architecturecontinued1

gsm security architecture1gsm

gsm radio standard

gsm architecture1the