Mobile network security

Jump to: navigation, search

Mobile network security

Course UNIK4250
Title Mobile network security
Lecture date 2015/04/17 0915-1200
presented by Josef Noll
Objective This lecture will provide details of the security architecture of mobile systems, from NMT, GSM, UMTS to LTE.
Learning outcomes Having followed the lecture, you
  • will be able to explain a security architecture of a mobile system
  • mention threats being relevant for mobile systems
  • can point to the principle differences between the security elements of NMT, GSM, UMTS and LTE
  • can describe the importance of the SIM card for the security architecture of GSM and UMTS
  • know why a user can get a new SIM card, but keep his mobile phone number.
  • can point our the main functionality of the three major security algorithms A3, A5 and A8
  • explain why the A5 algorithm exists in various forms
Pensum (read before)
References (further info) Dieter Gollmann, "Computer Security", Ch. 19.
Keywords NMT, GSM, UMTS, LTE, Network Security, Mobile Security

this page was created by Special:FormEdit/Lecture, and can be edited by Special:FormEdit/Lecture/Mobile network security.

Lecture slides

  • Remote connection through Video_conference, Call UNIK at room IP 301: IP adresse;

Lecture Notes earlier years

UNIK4250 Mobile Network Security
Josef Noll
Mobile network security

⌘ Notes on the learning outcomes

The security architecture of a mobile system
consists of system components and security services. The system components carry credentials being used to identify the user and establish an encrypted communication, while the security services provide the algorithms to countermeasure threats.
The main threats being relevant for mobile systems
include cloning, spying, and charging fraud. Access security includes the capability of the operator to ensure that the person who makes the phone call can be charged, and that nobody else can phone on his costs.
With Smartphones and application stores being on the market, a major threat came from hostile code segments being deployed through smartphone apps. These threats contain a.o. overprised SMS and spyware on mobile phones. As mobile phones have severe battery limitations, anti-virus technologies known from PCs can't be applied to smart phones.
With the upcoming All-IP architecture on the mobile phones we will have mobile phones being available on the network all the time, and thus also being subject to security attacks.

⌘ Security elements in NMT and GSM

The principle differences between the security elements of NMT, GSM, UMTS and LTE
NMT had the focus on providing a communication service, with no encryption of the voice. Thus someone operating on the same frequency would be able to listen to the communication. A scrambler was introduced at a later stager to ensure some kind of spying protection.
GSM introduced a subscriber authentication and an encrypted communication from the subscriber to the base station. As encryption standards were not available all over the world, it is possible to force the mobile to send data being not encrypted. The threat was not that imminent in the early years of GSM, as only operators would have the competancy (and money) to establish a fake base station working using the SS7 signalling system. As this was operator-only signalling, the approach is often titulated as security by obscourity.

⌘ Security elements in UMTS and LTE

UMTS introduced mutual authentication of both the user and the network. Thus it eliminated the threat of fake base stations asking a GSM phone to register to it, and thus proving information about the Ki key. As most users have their phone on combined GSM and UMTS mode, it is possible to spam the UMTS radio band and thus force all mobile phones to fall-back to GSM operations.
LTE introduced an All-IP security architecture, thus applying well known security standards to the formerly

⌘ SIM card

The SIM card
is the major security element for mobile systems. It carries a.og. a secret subscriber key Ki, the algorithms A3 and A8, and the international mobile subscriber identity (IMSI), and a tempory mobile subscriber identity (TMSI). All these elements are used in the subscriber identification to the network and the encryption of the communication with the network.
During purchase of the SIM a link between the Ki and the IMSI is performed in the authentication center (AUC), allowing to decouple the phone number of the user from the identity of the SIM.
A modern SIM card, including the near-field-communication (NFC) pin and a high-speed (8-12 Mbit/s) USB interface, can act as (i) payment and access card and (ii) decrypt multimedia content on the SIM card.

⌘ Major security algorithms

The main functionality of the three major security algorithms A3, A5 and A8
A3 is used as an authentication algorithm, authenticating the SIM card (the user) to the network. This is done through generating a response based on a random RAND number from the network and combine it with the Ki key through the A3 algorithm. The resulting SRES is then sent back to the network to check if the results calculated in the network matches the result calculated in the SIM.
A5 for signalling data and user data encryption. The A5/1 algorithm is a stream cipher and was kept confidential, not even exported to regions in Eastern Europe.
A8 is a ciphering key generating algorithm and is used to generate the session key used by the A5 algorithm to encrypt communication between a mobile phone and the base station.

⌘ A5 security algorithm

The A5 algorithm exists in various forms
When GSM was introduced in 1993, there was little confidence that the A5 algorithms would be used only for operator purposes. Thus the A5/1 algorithm was introduced first only for the "Western World" (EU and USA), thus trying to avoid governments in the former eastern parts of Europe to listen to traffic on western European networks. For other regions the A5/2 algorithms were published. Most operators have the A5/3 algorithm ready to be used, but wait until they see serious threats to GSM traffic.