1 / 19

Chapter 4

Chapter 4. Application Level Security in Cellular Networks. Generations of Cellular Networks (1). 1G 2G and 2.5G High-Speed Circuit-Switched Data (HSCSD) General Packet Radio Service (GPRS) Enhanced Data Rates for GSM Evolution (EDGE) Cellular Digital Packet Data (CDPD) 3G.

trent
Download Presentation

Chapter 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 4 Application Level Security in Cellular Networks

  2. Generations of Cellular Networks (1) • 1G • 2G and 2.5G • High-Speed Circuit-Switched Data (HSCSD) • General Packet Radio Service (GPRS) • Enhanced Data Rates for GSM Evolution (EDGE) • Cellular Digital Packet Data (CDPD) • 3G

  3. Generations of Cellular Networks (2) • 4G • Push and Pull Services • Location-based Services • Entertainment Services

  4. Security Issues and Attacks in Cellular Networks (1) • Cellular Network limitations • Open wireless medium • Limited bandwidth • System Complexity • Limited Power • Limited Processing Power • Relativity Unreliable Network Connection

  5. Security Issues and Attacks in Cellular Networks (2) • Security Issues in Cellular network • Authentication • Integrity • Confidentiality • Access Control • OS in Mobile Devices • Location Detection • Viruses and Malware

  6. Security Issues and Attacks in Cellular Networks (3) • Downloaded Contents • Device Security • Attacks on Cellular Networks • Denial of Service (DoS) • Distributed Denial of Service (DDoS) • Channel Jamming • Unauthorized Access • Eavesdropping

  7. Security Issues and Attacks in Cellular Networks (4) • Message Forgery • Message Replay • Man-in-the-Middle Attack • Session Hijacking

  8. GSM Security for Applications (1) • GSM Architecture • GSM Security Features • Anonymity or Subscriber Identity Confidentiality • Subscriber Identity Authentication • Encryption of User Traffic and User Control Data • Use of SIM as Security Module

  9. GSM Security for Applications (2) • GSM Security Attacks • SIM/MS Interface Tapping • Attacks on the Algorithm A3/8 • Flaws in A5/1 and A5/2 Algorithms • Attacks on the SIM Card • False Base Station

  10. GSM Security for Applications (3) • GSM Security Solutions • GSM – Newer A3/A8 Implementation • GSM – A5/3 Ciphering • Public Key Infrastructure in Mobile Systems • Secure Browsing • Access to Enterprise Networks • Mobile Payment Authentication • Access Control

  11. GSM Security for Applications (4) • Digital Signatures on Mobile Transactions • Messaging • Content Authentication • Digital ID

  12. GPRS Security for Applications (1) • Security Issues in GPRS • Related to ME and SIM card • Between ME and SGSN • Between SGSN and GGSN • Among different operators • Between GGSN and external connected networks (Internet)

  13. GPRS Security for Applications (2) • Security Threats to the GPRS • Unauthorized Access to the data • Threats to Integrity • DoS • Attack from valid network • Randomly Changing Source Address • Unauthorized Access to Services

  14. GPRS Security for Applications (3) • GPRS Security Solutions • Ciphering based on KASUMI added to GPRS called GEA3 • Performed in higher layer LLC (Logical Link Control) • MAC messages are not ciphered • UMTS ciphering occurs at MAC layer

  15. UMTS Security for Applications (1) • 5 different sets of security features • Network Access Security • Network Domain Security • User Domain Security • Application Security • Visibility and Configurability of security

  16. UMTS Security for Applications (2) • UMTS AKA Security Mechanism • UMTS Authentication and Key Agreement (UMTS AKA) • Authentication and Key Agreement using challenge/response mechanism • See figure 4.9 UMTS AKA Protocol • UMTS Network Authentication to Phone

  17. 3G Security for Applications (1) • 3G Attacks • DoS • Overbilling Attack • Spoofed PDP Context • Signaling-level attacks • Some Security Solutions for 3G • A new authentication scheme with anonymity for wireless networks

  18. 3G Security for Applications (2) • Manual authentication for wireless devices • Elliptic Curve Cryptography for Wireless Security • Channel Surfing and Spatial Retreats

  19. Some of Security and Authentication Solutions • Protocol of Gong et al. • GSM User Authentication Protocol (GUAP) • One-time Password Schemes • Mobile ATP • ATP using GSM • OTP using GPRS • Web/Mobile Authentication System with OTP • Location-based Encryption • BioPasswords

More Related