1 / 52

Using GSM/UMTS for Single Sign-On

Using GSM/UMTS for Single Sign-On. 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell. Agenda. Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions. Agenda. Introduction to SSO. Review of GSM security.

sheba
Download Presentation

Using GSM/UMTS for Single Sign-On

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using GSM/UMTS forSingle Sign-On 28th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell

  2. Agenda • Introduction to SSO. • Review of GSM security. • How to SSO using GSM. • Some Attacks. • Conclusions.

  3. Agenda • Introduction to SSO. • Review of GSM security. • How to SSO using GSM. • Some Attacks. • Conclusions.

  4. Why do we need SSO ? Current Situation: Network users interact with multiple service providers.

  5. Why do we need SSO ? Problems: Usability, security, privacy…

  6. What is SSO ? A mechanism that allows users to authenticate themselves to multiple service providers, using only one identity.

  7. SSO – How ? Establish trust relationships, common security infrastructure (e.g. PKI), sign contractual agreements…

  8. SSO – some examples • Kerberos • TTP = Kerberos server • 1) Authenticates user (password), issues “ticket”. • 2) User shows ticket to service provider. • Microsoft Passport • TTP = www.passport.com • 1) Authenticates user (password), installs encrypted cookie. • 2) Service Provider reads the cookie. • Liberty Alliance • TTP = “Identity Provider” • 1) Authenticates user, issues “assertion” (XML). • 2) Assertion is shown to service provider.

  9. Agenda • Introduction to SSO. • Review of GSM security. • How to SSO using GSM. • Some Attacks. • Conclusions.

  10. Review of GSM Security

  11. Review of GSM Security

  12. Review of GSM Security

  13. Review of GSM Security

  14. Review of GSM Security

  15. Review of GSM Security

  16. Review of GSM Security

  17. Review of GSM Security

  18. Review of GSM Security

  19. Review of GSM Security If the visited network can decrypt, then the SIM is authentic (IMSI matches Ki) Encrypted under Kc

  20. Agenda • Introduction to SSO. • Review of GSM security. • How to SSO using GSM. • Some Attacks. • Conclusions.

  21. Architecture - before

  22. Architecture – after (1)

  23. Architecture – after (2)

  24. Architecture

  25. Architecture Service providers form trust relationships with the home network.

  26. Architecture Singe Sign-On using SIM (IMSI) !

  27. SSO Protocol

  28. SSO Protocol

  29. SSO Protocol

  30. SSO Protocol

  31. SSO Protocol

  32. SSO Protocol

  33. SSO Protocol

  34. SSO Protocol

  35. SSO Protocol

  36. Agenda • Introduction to SSO. • Review of GSM security. • How to SSO using GSM. • Some Attacks. • Conclusions.

  37. Replay Attack Attacker could capture this message and replay it later in order to impersonate the user identified by the IMSI.

  38. Replay Attack At the time of replay another RAND will be selected by the service provider and the protocol will fail. fresh ! X old !

  39. Reflection Attack The service provider SP “A” is malicious. It wants to impersonate the user to SP “B”.

  40. Reflection Attack

  41. Reflection Attack

  42. Reflection Attack

  43. Reflection Attack

  44. Reflection Attack

  45. Reflection Attack

  46. Reflection Attack X

  47. Other Attacks • SIM theft / cloning • SIM PIN is optional! • Need two-factor user authentication. • Home network server is SPoF • Vulnerable to DoS attack. • It is assumed that it is well-protected. • Attacks on the SP-home network link • Link must be integrity-protected and encrypted. • SSL/TLS, VPN, IPSec, etc…

  48. Agenda • Introduction to SSO. • Review of GSM security. • How to SSO using GSM. • Some Attacks. • Conclusions.

  49. Advantages • no user interaction is required. • protocol can be repeated many times. • simple single logoff. • no sensitive information is sent. • no major computational overheads. • no changes in deployed GSM infrastructure. • fraud management extends to SSO. • can easily be extended to enable LBS.

  50. Disadvantages • works only for GSM subscribers. • global identifier (IMSI). • might incur costs for service providers.

More Related