ict expo presentation 3 g and gsm security
TRANSCRIPT
-
8/7/2019 ICT Expo presentation 3 G and GSM security
1/35
Security in GSM and 3G networks
Charles Bizimungu Omara
Uganda Kampala October 2010
-
8/7/2019 ICT Expo presentation 3 G and GSM security
2/35
Agenda
Background
Overview of the GSM and 3G networks
Security Requirements
Security Framework for Telecommunications
Examples of attacks on the GSM Networks Examples of attacks on the 3G networks
Securing the GSM & 3G Networks
-
8/7/2019 ICT Expo presentation 3 G and GSM security
3/35
Background
Traditional telecommunication systems relied only on physical security
(locks etc.)
One would need physical access to the switches, devices and wires in
order to become a threat to the switches
1st Generation GSM was the earliest cellular system to be developed
(1978 1st GSM in USA)
1st G GSM was purely analogue and used for voice call only First generation analogue phones (1980 onwards) were horribly
insecure
Eavesdropping in 1G was very easy , all you have to do is tune a radio
receiver until you can hear someone talking
2G GSM networks were the logical next stage in the development of
wireless systems after 1st G
2nd Generation GSM provides a basic range of security features to
protect both the operator and the customer such as Anonymity,
Authentication, and Users and data signaling protection
-
8/7/2019 ICT Expo presentation 3 G and GSM security
4/35
Background
2nd G is the most successful Telephone network with more than
800million users world wide today
3G mobile telephone networks are the latest stage in the development
of wireless communications technology today
3G systems support much higher data transmission rates and offer
increased capacity,
3G systems use packet-switching technology, which is more efficientand faster than the traditional circuit-switched system
3G mobile phones can offer subscribers a wide range of data services,
such as mobile Internet access and multimedia applications as well as
voice services
3G makes mobiles Telecommunication systems to become computer
and network based. Wide spread access and loose coupling of interconnected
telecommunication and IT systems are a primary source of widespread
vulnerability
Operators must now seek cost-effective comprehensive security
solutions that can be applied to various types of networks, services and
applications
-
8/7/2019 ICT Expo presentation 3 G and GSM security
5/35
Overview of GSM Network
GSM network has the following components
Mobile Station: This is carried by the subscriber. It is made up of the
Mobile Equipment (ME) also known as the terminal, and smart card
known as subscriber Identity Module(SIM)
-
8/7/2019 ICT Expo presentation 3 G and GSM security
6/35
GSM Network .
B
ase Transceiver Station (B
TS). Physically composed of antennas andtowers. It provides connectivity between the network and the mobile
station via the radio interface.
Radio Network Controller (RNC) orBase Station Controller (BSC):
Takes care of all the central function and controls a set of BTS via the radio
interface
Mobile Station Centre (MSC): The MSC controls a large number of BSC. MSC is very similar to a digital telephone exchange or a switch and it
handle the routing of incoming and outgoing calls
Home Location Register (HLR): The HLR is a data repository that stores
the subscribers specific parameters of large number of subscribers
The most important parameters of a subscriber like Ki and IMSI is stored on
the HLR Authentication Centre (AUC): AUC has as a key component a database
of Identification and Authentication Information for each subscriber and in
most cases an integral part of HLR.
-
8/7/2019 ICT Expo presentation 3 G and GSM security
7/35
Visitors Location Register(VLR) : The VLR like HLR contains also
subscriber information ,
VLR contains only information for those subscriber who roam in the
area for which the VLR is responsible
When a subscriber roam away form the network of his/her own service
provider, information is forwarded from subscriber home HLR to visitorVLR of the serving network in order to complete the authentication
process
When a subscriber moves out of the VLR, the HLR takes care of the
relocation of the VLR to the new VLR.
Signaling Network: Signaling System 7 (SS7) protocol for exchangeof information between telecommunication nodes and networks on an
out of band basis
GSM Network .
-
8/7/2019 ICT Expo presentation 3 G and GSM security
8/35
Problems with GSM security
Only provides access securitycommunications andsignaling traffic in the fixed network are not protected.
Does not address active attacks, whereby some network
elements (e.g. BTS: Base Station) may be faked
Only as secure as the fixed networks to which they connect
Lawful interception only considered as an after-thought
Terminal theft cannot be controlled
Lack of user visibility (e.g. doesnt know if encrypted or not)
-
8/7/2019 ICT Expo presentation 3 G and GSM security
9/35
2.5/3G Mobile Networks
Myagmar, Gupta UIUC 2001
Circuit/SignalingGateway
2.5G2G
IN Services
CallAgent
FeatureServer(s)
RNC
BTS
Data +PacketVoice
CircuitSwitch
CircuitNetwork
Intranet
Packet
Gateway
Radio AccessControl
Voice
MobilityManager
IP Core
Network
IP RAN
3G
-
8/7/2019 ICT Expo presentation 3 G and GSM security
10/35
2.5 moving to 3G Network..
As mobile operators moves to 3G networks, they are for most part not
deploying new networks but they are instead leveraging on their
existing 2.5 G network infrastructure.
Radio Network controller (RNC): Schedule packet transmission on the
air interface and manage hand offs between BTSs.
IP core network provides gateway between the access network and theinternet or private corporate network. It provides Authorization,
authentication, accounting (AAA) services, provide access to network
services, IP mobility and manage IP address
3G systems support much higher data transmission rates and offer
increased capacity
More service is nowavailable such as mobile Internet access and
multimedia application
-
8/7/2019 ICT Expo presentation 3 G and GSM security
11/35
GPRS/UMTS Network Structure
-
8/7/2019 ICT Expo presentation 3 G and GSM security
12/35
The figure illustrate the structure of GPRS/UMTS used in 2.5/3G
network to connect the GSM network and internet or corporatenetworks
A subscriber using high speed IP based data service connects to other
networks through Serving GPRS Support Node (SGSN) using GPRS
tunneling protocol (GTP) to GPRS Gateway Support node(GGSN),.
SGSN user GTP to activate a session on the subscribers behalf. This
is called PDP context activation. The PDP context is a data structure which contains information such
as the mobile IP address, tunnel identifier for the GTP session on both
the GGSN and the subscriber IMSI number
However GTP does not implement any kind of authentication, data
integrity check or confidentiality protection,
which means that it could be compromised by an attacker.
GTP is used in several GSM based mobile operators network with the
following interfaces:
Gn interface connecting SGSN and GGSN
Gp interface connecting other operators networks
Gi interface connection GGSN to the internet.
3 G/2.5 G Interface to other Networks
-
8/7/2019 ICT Expo presentation 3 G and GSM security
13/35
3G PP Signaling and Application IMS
network
The 3GPP (and 3GPP2 for CDMA networks) has a defined standard based
networks that sits on top of the emerging wireless 3G network. The IP Multimedia System(IMS) is a framework for delivering Internet protocol
Multimedia services .
The Home subscriber System (HSS) serve a similar role like the HLR in IMS
implementation
The Session Initiation Protocol (SIP) is the signaling protocol used in IMS to
provide voice over IP service
-
8/7/2019 ICT Expo presentation 3 G and GSM security
14/35
SIP itself is vulnerable to attack such as buffer over
flow.
By attacking the SIP the attacker could
compromise or disable the operators voice service Other application servers on the IMS could also be
subjected to Denial of service attack
Signaling and Application IMS network
-
8/7/2019 ICT Expo presentation 3 G and GSM security
15/35
Opening Up
Mobile data networks are being opened up in two senses.
Interconnections to other networks, such as the public internet,
other mobile operators networks, private network (including
company LANS), content servers etc.
Multiple device types: Symbian smart phones, RIM Blackbery and
Windows mobile based, personal data assistant. notebookcomputers, and data capable feature phones.
From a security perspective, this newfound openness is a problem
because there are now far more elements which are vulnerable.
For example , the majority of 3G mobile equipment: Provides
multimedia messaging, content downloads, web browsing, network
based games, office applications, TV and virtual private networking to
subscribers.
Malware can propagate through many of these mediums.
MS Equipment are more open to uses modifications because of
storage cards, synching with PCs, Internet Connectivity, Blue tooth and
Wi-Fi
-
8/7/2019 ICT Expo presentation 3 G and GSM security
16/35
Evolution of cellular network
-
8/7/2019 ICT Expo presentation 3 G and GSM security
17/35
General Security Requirements
There is need to protect the telecommunication assets for the followingparties:
Subscribers /customers who need confidence in the network and
the services offered, including availability of services , especially
emergency services
Public community/Authorities who demands security by directives
or legislations
The telecommunication assets which include;
The communication and computing devices
The personnel who operate telecommunication devices
Voice and data including the software that supports the
telecommunication devices
Customer who subscribes for different services in the
telecommunication networks
-
8/7/2019 ICT Expo presentation 3 G and GSM security
18/35
Security Framework in Telecommunication Networks
The first step in securing the Telecommunication Networks is for operators to
recognize their new found role as an ISP.
This means implementing a layered defense on their networks that: Make changes to security policies and practice to reflect the new threats.
Protect end users by implementing security on their device and in the networks e.g. antivirus,
firewalls, content scanning that provides file level security.
Deploy security products such as firewall, Virtual Private Networks, and Intrusion Detection Systemsat the appropriate point on the networks, which provide packet level, application level and sessionlevel protection.
Ensure that appropriate security is provided for services provided in the network example ensure onlyvalid persons are associated with provisioning service in the network
-
8/7/2019 ICT Expo presentation 3 G and GSM security
19/35
GSM Security Features
Authentication network operator can verify the identity of the subscriber making it infeasible to clone
someone elses mobile phone
Confidentiality
protects voice, data and sensitive signalling information (e.g. dialled digits) againsteavesdropping on the radio path
Anonymity protects against someone tracking the location of the user or identifying calls made to
or from the user by eavesdropping on the radio path
Data on the radio path is encrypted between the Mobile Equipment (ME) and the BaseTransceiver Station (BTS)
protects user traffic and sensitive signalling data against eavesdropping extends the influence of authentication to the entire duration of the call
Uses the encryption key (Kc) derived during authentication
-
8/7/2019 ICT Expo presentation 3 G and GSM security
20/35
GSM Security Problems
The GSM cipherA5/2 A5/2 is now so weak that the cipher key can be discovered in near
real time using a very small amount of known plaintext
Accessing Signaling network
No requirement of
decrypting skills Need an instrument that
captures microwave
Gain control of
communication between MS
and intended receiver
-
8/7/2019 ICT Expo presentation 3 G and GSM security
21/35
Attacks on the GSM networks
Cloning:
Cloning refers to the ability of an intruder to determine information about a personalterminal and clone it i.e. create a duplicate copy, of that personal terminal using the
information collected
This can be done using physical copying of the card using a card reader device
the intruder eavesdrops signaling and data connections associated with other users
Cloning can take two forms
Physical cloning: Mounting this attack requires apart from having physical access tothe target SIM, an off the shelf smart card reader and a computer to direct theoperation:
A simple counter measure is to change the hash function used for authentication to astrong one. It should be noted that a COMPO 128-2 a new version of COMP 128 hasremedied the issue present in the original COM128. Its however not known to whatextend the new algorithm has been adopted by the operators:
Cloning over the Air: Cloning over the air can be accomplished using a rogue base station(RBTS), apart from RBTS, the attacker need to know the target IMSI or TMSI . Whenthese resources are available the attacker starts capturing some MS after a channelshas been allocated the RBTS then execute a procedure to clone the MS phone
- The defense against cloning over the air is to limit the number of time aSIM can be authenticated to a number significantly smaller than150,000.
-
8/7/2019 ICT Expo presentation 3 G and GSM security
22/35
Theft of Service equipment
Theft of equipment or service is a very serious problem in
mobile personal communication.
The network subsystem doesnt care whether a call has
originated from a legitimate or form s stolen terminal as long as
it bills the call to correct amount. To avoid this all personal equipment must have unique
identification information that reduce the potential of the stolen
equipment to be reused.
This may take the form of tamper resistance identifier
permanently plugged in the terminal.
-
8/7/2019 ICT Expo presentation 3 G and GSM security
23/35
Rogue BTS
Man-in-the-middle. This is the capability whereby the intruder puts
itself in between the target user and a genuine network and has the
ability to eavesdrop, modify, delete, re-order, replay, and spoofsignaling and user data messages exchanged between the two
parties. The required equipment is Rougue BTS in conjunction with
a modified MS.
-
8/7/2019 ICT Expo presentation 3 G and GSM security
24/35
Compromised cipher key
An attack that requires a modified BTS and the possession by theintruder of a compromised authentication vectorand thus exploitsthe weakness that the user has no control upon the cipher key.
The tar get user is enticed to camp on the false BTS/MS. When acall is set-up the false BTS/MS forces the use of a compromised
cipher key on the mobile user.
3G: The presence of a sequence number in the challenge allowsthe USIM to verify the freshness of the cipher key to help guardagainst forced re-use of a compromised authentication vector.However, the architecture does not protect against force use of
compromised authentication vectors which have not yet been usedto authenticate the USIM.
Thus, the network is still vulnerable to attacks using compromisedauthentication vectors which have been intercepted betweengeneration in the authentication center and use or destruction inthe serving network.
-
8/7/2019 ICT Expo presentation 3 G and GSM security
25/35
Location update spoofing
An attack that requires a modified MS and exploits the weakness
that the network cannot authenticate the messages it receives over
the radio interface.
The user spoofs a location update request in a different location
area from the one in which the user is roaming.
The network registers in the new location area and the target user
will be paged in that new area.
The user is subsequently unreachable for mobile terminated
services.
3G. Integrity protection of critical signaling messages protectsagainst this attack. More specifically, data authentication and
replay inhibition of the location update request allows the serving
network to verify that the location update request is legitimate.
-
8/7/2019 ICT Expo presentation 3 G and GSM security
26/35
Hijacking incoming calls in networks
with encryption enabled
This attack requires a modified BTS/MS. In addition to the previous
attack this time the intruder has to suppress encryption.
3G: Integrity protection of critical signalling messages protects
against this attack. More specifically, data authentication and
replay inhibition of the MS station classmark and the connection
accept message helps prevent suppression of encryption and
allows the serving network to verify that the connection accept is
legitimate.
-
8/7/2019 ICT Expo presentation 3 G and GSM security
27/35
3G vs. GSM
A change was made to defeat the false base station attack. The
security mechanisms include a sequence number that ensures that
the mobile can identify the network.
Key lengths were increased to allow for the possibility of stronger
algorithms for encryption and integrity.
Mechanisms were included to support security within and between
networks.
Security is based within the switch rather than the base station as
in GSM. Therefore links are protected between the base station
and switch.
Integrity mechanisms for the terminal identity (IMEI) have beendesigned in from the start, rather than that introduced late into
GSM.
-
8/7/2019 ICT Expo presentation 3 G and GSM security
28/35
Types ofAttack on 3G networks
Type of Attack Target Purpose
1 Worms, virus, Trojan, SMS/MMS
Spam
Other users,
Network elements
(content)
Harassment/denial
of service/service
interruption.
2 Denial of service; application layer
attack, SIP flooding, etc
HLR, AAA, content
server, signaling
nodes
Attack ability to
provide service
3 Over billing attack Operator
management
elements(AAA, HLR,
VLR, etc)
Fraud
4 Spoofed PDP context Users session Service theft
5 Signaling level attack Signaling nodes Attack ability to
provide service
Denial of Service
Make use brute force attacks to overwhelm the target system with data so thatthe response from the target is system is either slowed down or stopped
are often remotely controlled by the organization orchestrating the attack
Overbilling Attack:
malicious user hijacks a subscribers IP address and then using that connection
to initiate fee based downloads or simply use that connection for their ownpurpose. The legitimate subscriber pays the bill
-
8/7/2019 ICT Expo presentation 3 G and GSM security
29/35
Attacks on the 3G networks
Spoofed PDP context
Attack exploits weaknesses in the GTP (GPRS tunnelingprotocol);
Spoofed Delete PDP context packets , which would causeservice loss or interruption to end users
Spoofed create PDP context packets , which would result inunauthorized or illegal access to the internet or customer data
networks GTP packet floods which is a kind of denial of service
-
8/7/2019 ICT Expo presentation 3 G and GSM security
30/35
3G Security Model
o estr tu /Ser i gStr tu
SIM
Tr s ortstr tu
M
S
A
A lic tiostr tu
ser A lic tio ro ider A lic tio
(IV)
(III)
(II)
(I)
(I)
(I)
(I)
(I)
-
8/7/2019 ICT Expo presentation 3 G and GSM security
31/35
3G Security Model
Network access security (I): the set of security features that provide
users with secure access to 3G services, and which in particular
protect against attacks on the (radio) access link;
Network domain security (II): the set of security features that enable
nodes in the provider domain to securely exchange signalling data, and
protect against attacks on the wireline network; User domain security (III): the set of security features that secure
access to mobile stations
Application domain security (IV): the set of security features that
enable applications in the user and in the provider domain to securely
exchange messages.
V
isibility and configurability of security (V
): the set of features thatenables the user to inform himself whether a security feature is in
operation or not and whether the use and provision of services should
depend on the security feature.
-
8/7/2019 ICT Expo presentation 3 G and GSM security
32/35
Defense Against specific attackType of Attack Target Defense
1 Worms, virus, Trojan, SMS/MMS Spam Other users, Network
elements (content)
Device and network
anti-virus, content
scanning
2 Denial of service; application layer attack,
SIP flooding, etc
HLR, AAA, content
server, signaling nodes
Firewall , signaling
scanning and IDP
3 Over billing attack Operator management
elements(AAA, HLR,
VLR, etc)
Intrusion prevention
and protection
4 Spoofed PDP context Users session Signaling firewalls
5 Signaling level attack Signaling nodes Fire wall, signaling
firewalls and IDP
-
8/7/2019 ICT Expo presentation 3 G and GSM security
33/35
Fire wall and IDP defense
-
8/7/2019 ICT Expo presentation 3 G and GSM security
34/35
Thanks
-
8/7/2019 ICT Expo presentation 3 G and GSM security
35/35
References
3G TS 33.120 Security Principles and Objectiveshttp://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300.pdf
3G TS 33.120 Security Threats and Requirements
http://www.arib.or.jp/IMT-2000/ARIB-spec/ARIB/21133-310.PDF
Michael Walker On the Security of 3GPP Networks
http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/mike_walker.pdf
3G TR 33.900 A Guide to 3rd Generation Security
ftp://ftp.3gpp.org/TSG_SA/WG3_Security/_Specs/33900-120.pdf
3G TS 33.102 Security Architecture
ftp://ftp.3gpp.org/Specs/2000-12/R1999/33_s/33102-370.zip GSM-Security: a Survey and Evaluation of the Current Situation,
Paul Yousef, Masters thesis, Linkoping Institute of Technology, March 2004
GSM: Security, Services, and the SIM Klaus Vedder, LNCS 1528, pp. 224-240,Springer-Verlag 1998