1 / 24

Security in Wide Area Networks

Security in Wide Area Networks. Basic Idea. Currently, the only technology that provides this type of coverage is satellite and cell phones. Although satellite technology provides truly global coverage, the current cost makes it impractical for common use.

jmolly
Download Presentation

Security in Wide Area Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Wide Area Networks

  2. Basic Idea • Currently, the only technology that provides this type of coverage is satellite and cell phones. • Although satellite technology provides truly global coverage, the current cost makes it impractical for common use. • Cell phone technology, on the other hand, is practically ubiquitous and much more affordable

  3. Low-power cells share frequencies and use spread-spectrum technology allowing multiple users per channel per cell. • High redundancy allows voice quality to be maintained. • Handoffs from one cell to another occur as the mobile unit passes out of one cell’s coverage area and into another’s. (Actually, multiple base stations are received at once, and the strongest is used.) • While many locations have poor or no coverage, cellular wireless networks provide the closest approximation to ubiquitous connectivity this side of satellite phones.

  4. Initially, cellular networks just carried voice. • The next step was to use these networks to carry data to provide Internet connectivity through the cell phone.

  5. digital data over a cellular network.

  6. efficient way to send digital data over a cellular network.

  7. CDMA • CMDA is a spread-spectrum technique. The transmitter uses a code, shared by both endpoints, to send each bit of data across a large frequency range. • The receiver uses the code to reconstruct the original data from the spread-spectrum signal. This frequency-spreading technique makes it very difficult to intercept the signal unless the code is known. • While CDMA had been developed originally for military applications, its commercial goal was its larger capacity over TDMA-based systems rather than security. • CDMA’s relatively strong security property comes from the low probability of interception (LPI) of the data because of the encoding used for spread spectrum as compared with GSM’s weak(er) encryption of its data [CDMA].

  8. GSM • Global systems for mobile communication (GSM) is one type of cellular phone network, and it has security mechanisms that provide authentication and encryption. • GSM is based on TDMA; thus, intercepting the signals is much easier than in CDMA. • Therefore, GSM has separate security mechanisms to encrypt the data it transmits.

  9. GSM security mechanisms are based on a shared secret between the home location register (HLR) and the subscriber identity module (SIM)—in other words, the security modules in the phone and the central station. • A subscriber identity module is a removable hardware device that provides security, is managed by network operators, and is independent of the terminal device in which it resides. • GSM provides mechanisms for authentication and encryption.

  10. GSM authentication

  11. The shared secret Ki is a 128-bit key. Authentication is performed when the HLR or base station sends a 128-bit random number called a challenge to the mobile station (MS), i.e., the phone. • The MS calculates the response, a 32-bit signed response (SRES), by using the A3 algorithm feeding the challenge and the shared secret as input. • The base station then compares the SRES received from the MS with the expected value.

  12. GSM encryption

  13. The MS and base station use a 64-bit session key Kc for data encryption of the over-the-air channel. • They calculate Kc by using Ki and a 128-bit random number, which are the same numbers used to calculate the SRES. • Instead of using the A8 algorithm as was originally specified, however, most manufacturers use the A3 algorithm to calculate Kc as well. • This is done to reduce the number of cryptographic algorithms to encode in the telephone firmware.

  14. The session key is not used to encrypt the data directly. • Instead, it is used to generate the key stream that encrypts the data. • Basic stream encryption algorithm works by XORing the Data stream with a key stream generated by a pseudorandom-number generator (PRNG) provided with an initial seed. • In this case, the seed is Kc, and the PRNG is the A5 algorithm. Actually, the seed is Kc and the frame number.

  15. Problems with GSM Security • Session life • The first problem is the long life of authenticated sessions. • While the mobile station may be requested to reauthenticate at the beginning of each call, typically this is not done. • This means that the same session key Kc is used for days. The longer a session key is used, the weaker it becomes.

  16. Weak encryption algorithm • Traffic is encrypted via the A5 algorithm only over the air between the mobile and base stations. • The data are decrypted when they arrive at the base station and are sent from the base station to the operator’s backbone network in plaintext. • Almost all GSM implementations use the COMP-128 algorithm for both A3 and A8 algorithms

  17. Encryption between mobile host and base station only. • Limits to the secret key • Other problems • There are several other GSM problems. No data integrity algorithm is used; therefore, data could be modified and the receiver could not detect it. • Authentication is performed in only one direction, from the user to the network. • No mechanism exists to identify the network to the user. • Also, there is no indication to the user that encryption is being used.

  18. 3G • 3G security is based on GSM but is designed to fix its shortcomings. • The security mechanisms of 3G provide authentication, confidentiality, and encryption.

  19. Authentication • GSM authentication provides protection from unauthorized service access and is based on the A3 algorithm, which is known to have limitations. • Encryption is used to protect both the user data and the signaling data. • The A8 and A5 algorithms are used but are not strong enough.

  20. Confidentiality • Confidentiality is provided by identifying users with a permanent identity, called the international mobile subscriber identity (IMSI) and a temporary mobile subscriber identity (TMSI). • Transmission of the IMSI is not protected; it is sent as plaintext. • Therefore, a more secure mechanism is needed. The user and network agree on the cipher key and algorithm during the AKA phase.

  21. Attacker Capabilities • In order to perform an attack, an attacker must have one or more of the following capabilities: eavesdropping, impersonation of a user, impersonation of a network, “man in the middle,” or compromising authentication vectors in the network.

  22. Eavesdropping. This capability allows the intruder to receive signaling, data, and control information associated with other users. This requires a modified mobile station. • Impersonation of a user. This capability allows the intruder to send signaling, control, and data information such that it appears to originate from a different user. This requires a modified mobile station.

  23. “Man in the middle.” This capability allows the intruder to place himself between the target user and the network. Being a “man in the middle” allows the intruder to eavesdrop, modify, delete, reorder, replay, and fake signaling, control, and data messages between the user and the network. This requires a modified base station in conjunction with a modified mobile station.

  24. Impersonation of a network. This capability allows the intruder to send signaling, control, and data information such that it appears to originate from a different network or system component. This requires a modified base station.

More Related