1 / 21

Cellular Network Security

Secure Systems Administration Spring 2011. Cellular Network Security. Ryan Stepanek. A brief history of cellular networks. Cellular networks have been deployed for the last three decades 1G networks had maxspeeds of about 9.6 kbs [1]

Download Presentation

Cellular Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Secure Systems Administration Spring 2011 Cellular Network Security Ryan Stepanek

  2. A brief history of cellular networks • Cellular networks have been deployed for the last three decades • 1G networks had maxspeeds of about 9.6 kbs [1] • As network technology evolved, two standards emerged: CDMA and GSM • Modern cellular networks operate in the third and fourth generation, reaching theoretical speeds up to 100 Mbit/s

  3. Challenges of Cellular Networks • Open Access Wireless – No physical connection necessary! • Bandwidth Limitations – Everyone has to share the network. • System Complexity – The larger the implementation of the system the more difficult it is to maintain security. • Confidentiality – Private data needs to be encrypted. • Integrity – Must minimize data loss; more services being sent through the network. • Authentication With Other Networks – Companies need to play nice with each other.

  4. Security Issue for Cellular Networks • Operating systems on mobile devices – Android, Windows, iPhone • Web services – Potential for abuse through the addition of new services; DOS. • Location Detection – Keep the location of the user private! • Spyware; malware – Phones and network may be vulnerable.

  5. Phone OS by Market Share

  6. Phone OS Market Share – US, UK, China

  7. I-Security • Mobile OS – left open to viruses and malware • Users can jailbreak and run their own code • History of being slow to patch • SMS virus – over two months to patch! • Spreading the virus required only the victims phone number • Spread through memory corruption in iPhone[6] • Potentially detrimental to host network • Dangerously popular – In December 2009 AT&T was forced to halt iPhone sales in New York[5] • Can you hear me now? Network load became too great for existing infrastructure

  8. Blackberries • Very good encryption • Causes conflicts with governments on the grounds of national security • i.e. India 2009[7] • Relies on security through obscurity • Vulnerable through third party apps • i.e. the Webkit browser was used at this year’s Pwn2Own hacking expo.[8] • Blackberry Enterprise Server(BES) • Commonly used in business and government, compromising the server could allow access to phone information • Fairly secure if configured correctly(EAL 4+)[10]

  9. Android • Open source • Incredibly threatening to network profit/security • i.e. free WiFi tethering • Rooting • Allows greater control over the phone • Creates a natural conflict between the service provider and customer • Also increases vulnerability to viruses i.e. custom ROMs will not receive updates from the service provider • Companies now actively trying to hinder rooting i.e. Motorola[8]

  10. GSM vs CDMA • GSM • More than 3.8 billion people worldwide • Far more common outside of North America • More than 89 percent of market share[4] • More than more than 212 countries and territories[3] • Interferes with some electronics • CDMA • Transmits data signal modulated with pseudorandom code • Generally allows for larger transmission cells • Allows users to share frequencies

  11. 3G – Network Components • Radio Access Network • Towers • Radio Network Controllers • Core Network • Packet Switched Network • Circuit Switched Network • SGSN – Handles Access Control and Route Management • GGSN – Gateway to the Internet

  12. 3G – Implementation

  13. Attacks on Cellular Neworks • DOS/DDOS – Probably the most common. • iPhones • Services and bandwidth usage seems to be increasing faster than network infrastrucure • More achievable now through infecting phones • Jamming • Highly localized, similar in effect to DOS • Eavesdropping • Man in the Middle attacks • Session hijacking

  14. 3G - Defensive Measures • Network Access Security • Utilizes secret keys and secret key ciphers to maintain confidentiality • Uses a temporary International Mobile User Identity to protect the user’s identity. • Challenge Response System • Used when Authenticating • Occurs when user first connects to network, when the network receives a service request, when a location update is sent, on attach/detatch request, etc..[1]

  15. 3G-Integrity and Confidentiality • Signaling communications between mobile station and network • F9 algorithm used to calculate 32-bit MAC-I for data integrity then compared to a calculated XMAC-I • F8 used to keep data confidential, utilizes a cipher key that comes from the mobile device; output is then XORed with the original data stream • Both F8 and F9 rely on KASUMI cipher • Based on feistel structure to create 64bit data blocks and a 128 bit key

  16. F8 – Confidentiality Algorithm

  17. 3G-Internet Security • Wireless Application Protocol • Protocol that handles wireless devices connecting to the web • Independent of underlying OS • WAP2 – puts devices into direct communication with servers • Uses layers similar to standard networks • IPv6 and IPv4 • 3G allows for circuit switched and packet switched network nodes • 4G is packet switched nodes only; completely IPv6 compatible

  18. Cellular Network Security – Factors to Consider • Liability • Quantity and nature of data • Potential harm from data • Lawsuits • Profits • Bandwidth is not free • Capability of devices vs. popularity of devices • Risk for every network expansion

  19. Sources • [1] “Security in Wireless Cellular Networks” Gardezi, Ali. http://docs.google.com/viewer?a=v&q=cache:mFeuQOB24gwJ:www1.cse.wustl.edu/~jain/cse574-06/ftp/cellular_security.pdf+cellular+network+security&hl=en&gl=us&pid=bl&srcid=ADGEESgk1O3TVCFitfU0KCDfZp2FIogPvw0bjkw767GFdWlAOyWm866YcuCt8IEn2uag617WAW0S32eIhFbaoMgQiJh_WJi5QYE2RIwkizPeTRzmsFcBNMtESgBQNA9NmF5VgqtrQBe0&sig=AHIEtbR683Y3fhGxdHQa47sZCueMwq3jsA • [2] “Exploiting Vulnerabilities and Security Mechanisms in Internet Based SMS Capable Cellular Networks” Azim, Akramul. http://docs.google.com/viewer?a=v&q=cache:AmTvXrmYVNoJ:citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.121.2158%26rep%3Drep1%26type%3Dpdf+cellular+network+security&hl=en&gl=us&pid=bl&srcid=ADGEESiJC2Zr-k8fOWOH70HSEDwahX_x1pJXZOS2AndHNcBqh0Qm3xcBlkqiVgOW0spQM0aqzoMxYkuThzhKiHCKxOa8nc8slQ_qDM1a5OQ_zO0qnBL3Y_9zylwEMLPYr8ORC5mXftkM&sig=AHIEtbQjQIcq5LnEbumpqWogCCN3u0uXVA

  20. Sources - Countinued • [3] “CDMA vs. GSM – Which One is the BestYou?” http://www.cellutips.com/gsm-vs-cdma-which-one-is-the-best-for-you/ • [4] “GSM: Global System for Mobile Communications” http://www.3gamericas.org/index.cfm?fuseaction=page&sectionid=242 • [5] “AT&T apparently resumes online iPhone sales in New York City” http://articles.cnn.com/2009-12-28/tech/iphone.sales.nyc_1_iphone-sales-online-sales-at-t-service?_s=PM:TECH • [6] “First iPhone Virus Found Using SMS Testing” http://ironmill.wordpress.com/2009/07/30/iphone-virus/ • [7] “BlackBerry encryption 'too secure': National security vs. consumer privacy” http://www.zdnet.com/blog/igeneration/blackberry-encryption-too-secure-national-security-vs-consumer-privacy/5732 • [8] “BlackBerry security breached at Pwn2Own 2011” http://crackberry.com/blackberry-security-breached-pwn2own-2011 • [9] “Are the Days of Rooting Android Phones Coming to an End?” http://www.droid-life.com/2011/04/04/are-the-days-of-rooting-android-phones-coming-to-an-end/ • [10] “Approvals and Certifications” http://us.blackberry.com/ataglance/security/certifications.jsp

More Related