1

Using GSM/UMTS forSingle Sign-On

28th October 2003SympoTIC 2003

Andreas Pashalidis and Chris J. Mitchell

2

Agenda

Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

3

Agenda

Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

4

Why do we need SSO ?Current Situation:

Network users interact with multiple service providers.

5

Why do we need SSO ?Problems:

Usability, security, privacy…

6

What is SSO ?

A mechanism that allows users to authenticate themselves to

multiple service providers, using only one identity.

7

SSO – How ?Establish trust relationships, common security

infrastructure (e.g. PKI), sign contractual agreements…

8

SSO – some examples Kerberos

TTP = Kerberos server 1) Authenticates user (password), issues “ticket”. 2) User shows ticket to service provider.

Microsoft Passport TTP = www.passport.com 1) Authenticates user (password), installs encrypted cookie. 2) Service Provider reads the cookie.

Liberty Alliance TTP = “Identity Provider” 1) Authenticates user, issues “assertion” (XML). 2) Assertion is shown to service provider.

9

Agenda

Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

10

Review of GSM Security

11

Review of GSM Security

12

Review of GSM Security

13

Review of GSM Security

14

Review of GSM Security

15

Review of GSM Security

16

Review of GSM Security

17

Review of GSM Security

18

Review of GSM Security

19

Review of GSM Security

Encrypted under Kc

If the visited network can decrypt, then the SIM is authentic (IMSI matches Ki)

20

Agenda

Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

21

Architecture - before

22

Architecture – after (1)

23

Architecture – after (2)

24

Architecture

25

Architecture

Service providers form trust relationships with the home

network.

26

Architecture

Singe Sign-On using SIM (IMSI) !

27

SSO Protocol

28

SSO Protocol

29

SSO Protocol

30

SSO Protocol

31

SSO Protocol

32

SSO Protocol

33

SSO Protocol

34

SSO Protocol

35

SSO Protocol

36

Agenda

Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

37

Replay Attack

Attacker could capture this

message and replay it later in

order to impersonate the user identified

by the IMSI.

38

Replay Attack

At the time of replay another

RAND will be selected by the service provider and the protocol

will fail.

fresh !

old ! X

39

Reflection Attack

The service provider SP “A” is malicious.

It wants to impersonate the user to SP “B”.

40

Reflection Attack

41

Reflection Attack

42

Reflection Attack

43

Reflection Attack

44

Reflection Attack

45

Reflection Attack

46

Reflection Attack

X

47

Other AttacksSIM theft / cloning SIM PIN is optional! Need two-factor user authentication.

Home network server is SPoF Vulnerable to DoS attack. It is assumed that it is well-protected.

Attacks on the SP-home network link Link must be integrity-protected and encrypted. SSL/TLS, VPN, IPSec, etc…

48

Agenda

Introduction to SSO. Review of GSM security. How to SSO using GSM. Some Attacks. Conclusions.

49

Advantages

50

Disadvantages

51

Extension for UMTS

52

Thanks!Questions?