Analysis of 2G and 3G Mobile Security

Roy Campbell

Participants

• UIUC: • Roy Campbell • Dennis Mickunas, • Jalal Al-Muhtadi• Sarosh Havewala

• Motorola: • Bruce Briley • John Wang• Rong Wang • Lily Chen

Contents

• Motorola study of wireless security protocols – Present– Proposed

• Approach

• Other UIUC SRG security and mobile system research

GSM Security

• Analysis of – existing 2nd Generation (2G) CDMA and GSM

security frameworks.– 3rd Generation (3G) CDMA and GSM

network security proposals.

• Analyzing various aspects of 3G encryption and authentication techniques and their impact upon performance.

Internet Security

• IP/TCP/application layer security mechanisms effectiveness and performance over wireless networks

• Comparative performance analyses of the various security mechanisms (literature versus our studies)

• Security threat evaluation

2G GSM Security• Private Key

– A3 Key Negotiation – A8 Key Generation– A5 Encryption– Private Key encrypts message to server– Server generates random number for session

key

3G GSM Security Scenarios• Integration with Internet

• Web Access

• Multimedia

• QoS

• Network Applications

• Levels of Service

• Bandwidth

The effect of deploying security

mechanisms under different

scenarios and the impact on

performance and security

Security Features within different Components

• User

• Subscriber

• UMTS terminal equipment

• Network operator

• Service provider

Studying existing security features

and their effectiveness

under different traffic scenarios

and QoP.

User Security Features

• location confidentiality

• identity confidentiality

• traffic confidentiality

• traffic integrity

• non-repudiation

• user events, numbering, service profile

• access control

Subscriber Security Features

• Subscriber access to service profile

• user action authorization

• incontestable charging

• privacy of charging data

• integrity of charging data

• charging limitation

Terminal Equipment

• Location confidentiality

• Authentication of user to terminal

• Access control to terminal

• Terminal numbering

Network Operator Security

• Databases

• Re-authentication

• Blacklisting

• Tracing of users

• User action authorization

• Subscription authorization

• Tracing of terminal equipment

User Security Features Cont.

• Signaling and control data– confidentiality– origin authentication– integrity

• Authentication– user to user– network operator to user– service provider to user

Plan of Action

• Using “Simulation” software to model wireless communications networks, protocols, mobile devices, and various security mechanisms.

• Existing Simulators: OPNET, OMNET++, C++Sim (others)

• Alternatively, implementing our own simulator.

Evaluating Performance over Wireless Links

BaseBase BaseBase

InternetInternet

GatewayGatewayEvaluating different

authentication &

encryptionmechanisms

Evaluating different

authentication &

encryptionmechanisms

i1000plus

Java VirtualBase

Java VirtualBase

Modeling Wireless Communication

Java VirtualBase

Java VirtualBase

InternetInternet

GatewayGatewaySimulating A wireless link over TCP/IP

Simulating A wireless link over TCP/IP

Java Virtual Cell phone

Java Virtual Cell phone

Java Virtual Cell phone

Java Virtual Cell phone

Security plug-ins

UIUC SRG Security and Mobile System Research:

Secure Active Network• Seraphim interoperable secure active

networks

• Role based access control policies

• Dynamic security enforcement using active capability

CORBA Security Services• Standard object interfaces

for accessing security services

• Authentication, non-repudiation, and access control

• Interoperability between different security mechanisms

• Interoperability among different policy domains

AA BB

*interceptorinterceptor

Client

ORBORB ORBORB

requ

est

Object Implementation

Use & generate security information in the IOR

SecIOP

SESAME

Active Capability/Certificates

Network TransportNetwork Transport

Dynamic Policies

Dynamic Policies BOABOA

Security MechanismsSecurity Mechanisms

Application Client

ORBStubStub

Active Capability/Certificates

Application Server

Security Components

2k: Global Distributed Mobile Object System

• Mobile users, resources, dynamic networks

• Infrastructure for smart spaces

• Network-centric user-oriented view

• Components

• Security

• Distributed object solutions

Env.Service

ProfileService

QoS

NamingService

A Light-Weight Security Mechanism: A Light-Weight Security Mechanism: Tiny UIUC SESAMETiny UIUC SESAME

IDL InterfaceIDL InterfaceIDL InterfaceIDL InterfaceGSS-APIGSS-APIGSS-APIGSS-API

TinyTinySESAMESESAME

TinyTinySESAMESESAME

Dynamic Security Policy with Risk Values

• Policy representation framework supports:– Discretionary Access Control(DAC)– Double DAC– Role Base Access Control– Assignment of Risk values to different entities and

dynamically changing them– Non-Discretionary Access Control including

Mandatory Access Control(MAC)– GUI for building and administrating policies

PalmPilot Integration in 2K

EnvironmentService

ProfileServer

Environment ImplementationRepository

Camera

2K Camera Device Driver

1

2

3

4

5

6

7

System Bootstrapping

System Utilization

Streaming Video to Palm Pilot

Video ProxyVideo Proxy

MPEG Stream

Compressed Bitmap Stream

• Palm Pilot – lacks processing power to

decode MPEG

• Video proxy – transforms MPEG streams

– reduces• frame rate, color depth, size

– sends compressed bitmaps

Loadable Protocols

• Transparently change CORBA networking

• Dynamically loadable transport protocols

• Supports multi-protocol applications

• IP multicast protocol module (IPM)

• Multicast used for discovery/allocation

TAO

GIOP

TCP/IIOP UDPLDP IP Multicast