Mobile network security
Mobile network security
|Title||Mobile network security|
|Lecture date||2015/04/17 0915-1200|
|presented||by Josef Noll|
|Objective||This lecture will provide details of the security architecture of mobile systems, from NMT, GSM, UMTS to LTE.|
|Learning outcomes|| Having followed the lecture, you
|Pensum (read before)|
|References (further info)||Dieter Gollmann, "Computer Security", Ch. 19. http://www.wiley.com/college/gollmann|
|Keywords||NMT, GSM, UMTS, LTE, Network Security, Mobile Security|
- Media:UNIK4250-L7-MobileSecurity.pdf - slides
- Media:UNIK4250-MobileSecurity_Notes_v15.pdf - notes
- Remote connection through Video_conference, Call UNIK at room IP 301: IP adresse 184.108.40.206;
Lecture Notes earlier years
- 2013: Media:UNIK4250-MobileSecurity-Handouts.pdf - Lecture Notes
- 2014 Media:UNIK4250-MobileSecurity-v14.pdf - Lecture Notes
- UNIK4250 Mobile Network Security
- Josef Noll
- Mobile network security
⌘ Notes on the learning outcomes
- The security architecture of a mobile system
- consists of system components and security services. The system components carry credentials being used to identify the user and establish an encrypted communication, while the security services provide the algorithms to countermeasure threats.
- The main threats being relevant for mobile systems
- include cloning, spying, and charging fraud. Access security includes the capability of the operator to ensure that the person who makes the phone call can be charged, and that nobody else can phone on his costs.
- With Smartphones and application stores being on the market, a major threat came from hostile code segments being deployed through smartphone apps. These threats contain a.o. overprised SMS and spyware on mobile phones. As mobile phones have severe battery limitations, anti-virus technologies known from PCs can't be applied to smart phones.
- With the upcoming All-IP architecture on the mobile phones we will have mobile phones being available on the network all the time, and thus also being subject to security attacks.
⌘ Security elements in NMT and GSM
- The principle differences between the security elements of NMT, GSM, UMTS and LTE
- NMT had the focus on providing a communication service, with no encryption of the voice. Thus someone operating on the same frequency would be able to listen to the communication. A scrambler was introduced at a later stager to ensure some kind of spying protection.
- GSM introduced a subscriber authentication and an encrypted communication from the subscriber to the base station. As encryption standards were not available all over the world, it is possible to force the mobile to send data being not encrypted. The threat was not that imminent in the early years of GSM, as only operators would have the competancy (and money) to establish a fake base station working using the SS7 signalling system. As this was operator-only signalling, the approach is often titulated as security by obscourity.
⌘ Security elements in UMTS and LTE
- UMTS introduced mutual authentication of both the user and the network. Thus it eliminated the threat of fake base stations asking a GSM phone to register to it, and thus proving information about the Ki key. As most users have their phone on combined GSM and UMTS mode, it is possible to spam the UMTS radio band and thus force all mobile phones to fall-back to GSM operations.
- LTE introduced an All-IP security architecture, thus applying well known security standards to the formerly
⌘ SIM card
- The SIM card
- is the major security element for mobile systems. It carries a.og. a secret subscriber key Ki, the algorithms A3 and A8, and the international mobile subscriber identity (IMSI), and a tempory mobile subscriber identity (TMSI). All these elements are used in the subscriber identification to the network and the encryption of the communication with the network.
- During purchase of the SIM a link between the Ki and the IMSI is performed in the authentication center (AUC), allowing to decouple the phone number of the user from the identity of the SIM.
- A modern SIM card, including the near-field-communication (NFC) pin and a high-speed (8-12 Mbit/s) USB interface, can act as (i) payment and access card and (ii) decrypt multimedia content on the SIM card.
⌘ Major security algorithms
- The main functionality of the three major security algorithms A3, A5 and A8
- A3 is used as an authentication algorithm, authenticating the SIM card (the user) to the network. This is done through generating a response based on a random RAND number from the network and combine it with the Ki key through the A3 algorithm. The resulting SRES is then sent back to the network to check if the results calculated in the network matches the result calculated in the SIM.
- A5 for signalling data and user data encryption. The A5/1 algorithm is a stream cipher and was kept confidential, not even exported to regions in Eastern Europe.
- A8 is a ciphering key generating algorithm and is used to generate the session key used by the A5 algorithm to encrypt communication between a mobile phone and the base station.
⌘ A5 security algorithm
- The A5 algorithm exists in various forms
- When GSM was introduced in 1993, there was little confidence that the A5 algorithms would be used only for operator purposes. Thus the A5/1 algorithm was introduced first only for the "Western World" (EU and USA), thus trying to avoid governments in the former eastern parts of Europe to listen to traffic on western European networks. For other regions the A5/2 algorithms were published. Most operators have the A5/3 algorithm ready to be used, but wait until they see serious threats to GSM traffic.