ICT Expo presentation 3 G and GSM security

8/7/2019 ICT Expo presentation 3 G and GSM security

1/35

Security in GSM and 3G networks

Charles Bizimungu Omara

Uganda Kampala October 2010


2/35

Agenda

Background

Overview of the GSM and 3G networks

Security Requirements

Security Framework for Telecommunications

Examples of attacks on the GSM Networks Examples of attacks on the 3G networks

Securing the GSM & 3G Networks


3/35

Background

Traditional telecommunication systems relied only on physical security

(locks etc.)

One would need physical access to the switches, devices and wires in

order to become a threat to the switches

1st Generation GSM was the earliest cellular system to be developed

(1978 1st GSM in USA)

1st G GSM was purely analogue and used for voice call only First generation analogue phones (1980 onwards) were horribly

insecure

Eavesdropping in 1G was very easy , all you have to do is tune a radio

receiver until you can hear someone talking

2G GSM networks were the logical next stage in the development of

wireless systems after 1st G

2nd Generation GSM provides a basic range of security features to

protect both the operator and the customer such as Anonymity,

Authentication, and Users and data signaling protection


4/35

Background

2nd G is the most successful Telephone network with more than

800million users world wide today

3G mobile telephone networks are the latest stage in the development

of wireless communications technology today

3G systems support much higher data transmission rates and offer

increased capacity,

3G systems use packet-switching technology, which is more efficientand faster than the traditional circuit-switched system

3G mobile phones can offer subscribers a wide range of data services,

such as mobile Internet access and multimedia applications as well as

voice services

3G makes mobiles Telecommunication systems to become computer

and network based. Wide spread access and loose coupling of interconnected

telecommunication and IT systems are a primary source of widespread

vulnerability

Operators must now seek cost-effective comprehensive security

solutions that can be applied to various types of networks, services and

applications


5/35

Overview of GSM Network

GSM network has the following components

Mobile Station: This is carried by the subscriber. It is made up of the

Mobile Equipment (ME) also known as the terminal, and smart card

known as subscriber Identity Module(SIM)


6/35

GSM Network .

B

ase Transceiver Station (B

TS). Physically composed of antennas andtowers. It provides connectivity between the network and the mobile

station via the radio interface.

Radio Network Controller (RNC) orBase Station Controller (BSC):

Takes care of all the central function and controls a set of BTS via the radio

interface

Mobile Station Centre (MSC): The MSC controls a large number of BSC. MSC is very similar to a digital telephone exchange or a switch and it

handle the routing of incoming and outgoing calls

Home Location Register (HLR): The HLR is a data repository that stores

the subscribers specific parameters of large number of subscribers

The most important parameters of a subscriber like Ki and IMSI is stored on

the HLR Authentication Centre (AUC): AUC has as a key component a database

of Identification and Authentication Information for each subscriber and in

most cases an integral part of HLR.


7/35

Visitors Location Register(VLR) : The VLR like HLR contains also

subscriber information ,

VLR contains only information for those subscriber who roam in the

area for which the VLR is responsible

When a subscriber roam away form the network of his/her own service

provider, information is forwarded from subscriber home HLR to visitorVLR of the serving network in order to complete the authentication

process

When a subscriber moves out of the VLR, the HLR takes care of the

relocation of the VLR to the new VLR.

Signaling Network: Signaling System 7 (SS7) protocol for exchangeof information between telecommunication nodes and networks on an

out of band basis

GSM Network .


8/35

Problems with GSM security

Only provides access securitycommunications andsignaling traffic in the fixed network are not protected.

Does not address active attacks, whereby some network

elements (e.g. BTS: Base Station) may be faked

Only as secure as the fixed networks to which they connect

Lawful interception only considered as an after-thought

Terminal theft cannot be controlled

Lack of user visibility (e.g. doesnt know if encrypted or not)


9/35

2.5/3G Mobile Networks

Myagmar, Gupta UIUC 2001

Circuit/SignalingGateway

2.5G2G

IN Services

CallAgent

FeatureServer(s)

RNC

BTS

Data +PacketVoice

CircuitSwitch

CircuitNetwork

Intranet

Packet

Gateway

Radio AccessControl

Voice

MobilityManager

IP Core

Network

IP RAN

3G


10/35

2.5 moving to 3G Network..

As mobile operators moves to 3G networks, they are for most part not

deploying new networks but they are instead leveraging on their

existing 2.5 G network infrastructure.

Radio Network controller (RNC): Schedule packet transmission on the

air interface and manage hand offs between BTSs.

IP core network provides gateway between the access network and theinternet or private corporate network. It provides Authorization,

authentication, accounting (AAA) services, provide access to network

services, IP mobility and manage IP address

3G systems support much higher data transmission rates and offer

increased capacity

More service is nowavailable such as mobile Internet access and

multimedia application


11/35

GPRS/UMTS Network Structure


12/35

The figure illustrate the structure of GPRS/UMTS used in 2.5/3G

network to connect the GSM network and internet or corporatenetworks

A subscriber using high speed IP based data service connects to other

networks through Serving GPRS Support Node (SGSN) using GPRS

tunneling protocol (GTP) to GPRS Gateway Support node(GGSN),.

SGSN user GTP to activate a session on the subscribers behalf. This

is called PDP context activation. The PDP context is a data structure which contains information such

as the mobile IP address, tunnel identifier for the GTP session on both

the GGSN and the subscriber IMSI number

However GTP does not implement any kind of authentication, data

integrity check or confidentiality protection,

which means that it could be compromised by an attacker.

GTP is used in several GSM based mobile operators network with the

following interfaces:

Gn interface connecting SGSN and GGSN

Gp interface connecting other operators networks

Gi interface connection GGSN to the internet.

3 G/2.5 G Interface to other Networks


13/35

3G PP Signaling and Application IMS

network

The 3GPP (and 3GPP2 for CDMA networks) has a defined standard based

networks that sits on top of the emerging wireless 3G network. The IP Multimedia System(IMS) is a framework for delivering Internet protocol

Multimedia services .

The Home subscriber System (HSS) serve a similar role like the HLR in IMS

implementation

The Session Initiation Protocol (SIP) is the signaling protocol used in IMS to

provide voice over IP service


14/35

SIP itself is vulnerable to attack such as buffer over

flow.

By attacking the SIP the attacker could

compromise or disable the operators voice service Other application servers on the IMS could also be

subjected to Denial of service attack

Signaling and Application IMS network


15/35

Opening Up

Mobile data networks are being opened up in two senses.

Interconnections to other networks, such as the public internet,

other mobile operators networks, private network (including

company LANS), content servers etc.

Multiple device types: Symbian smart phones, RIM Blackbery and

Windows mobile based, personal data assistant. notebookcomputers, and data capable feature phones.

From a security perspective, this newfound openness is a problem

because there are now far more elements which are vulnerable.

For example , the majority of 3G mobile equipment: Provides

multimedia messaging, content downloads, web browsing, network

based games, office applications, TV and virtual private networking to

subscribers.

Malware can propagate through many of these mediums.

MS Equipment are more open to uses modifications because of

storage cards, synching with PCs, Internet Connectivity, Blue tooth and

Wi-Fi


16/35

Evolution of cellular network


17/35

General Security Requirements

There is need to protect the telecommunication assets for the followingparties:

Subscribers /customers who need confidence in the network and

the services offered, including availability of services , especially

emergency services

Public community/Authorities who demands security by directives

or legislations

The telecommunication assets which include;

The communication and computing devices

The personnel who operate telecommunication devices

Voice and data including the software that supports the

telecommunication devices

Customer who subscribes for different services in the

telecommunication networks


18/35

Security Framework in Telecommunication Networks

The first step in securing the Telecommunication Networks is for operators to

recognize their new found role as an ISP.

This means implementing a layered defense on their networks that: Make changes to security policies and practice to reflect the new threats.

Protect end users by implementing security on their device and in the networks e.g. antivirus,

firewalls, content scanning that provides file level security.

Deploy security products such as firewall, Virtual Private Networks, and Intrusion Detection Systemsat the appropriate point on the networks, which provide packet level, application level and sessionlevel protection.

Ensure that appropriate security is provided for services provided in the network example ensure onlyvalid persons are associated with provisioning service in the network


19/35

GSM Security Features

Authentication network operator can verify the identity of the subscriber making it infeasible to clone

someone elses mobile phone

Confidentiality

protects voice, data and sensitive signalling information (e.g. dialled digits) againsteavesdropping on the radio path

Anonymity protects against someone tracking the location of the user or identifying calls made to

or from the user by eavesdropping on the radio path

Data on the radio path is encrypted between the Mobile Equipment (ME) and the BaseTransceiver Station (BTS)

protects user traffic and sensitive signalling data against eavesdropping extends the influence of authentication to the entire duration of the call

Uses the encryption key (Kc) derived during authentication


20/35

GSM Security Problems

The GSM cipherA5/2 A5/2 is now so weak that the cipher key can be discovered in near

real time using a very small amount of known plaintext

Accessing Signaling network

No requirement of

decrypting skills Need an instrument that

captures microwave

Gain control of

communication between MS

and intended receiver


21/35

Attacks on the GSM networks

Cloning:

Cloning refers to the ability of an intruder to determine information about a personalterminal and clone it i.e. create a duplicate copy, of that personal terminal using the

information collected

This can be done using physical copying of the card using a card reader device

the intruder eavesdrops signaling and data connections associated with other users

Cloning can take two forms

Physical cloning: Mounting this attack requires apart from having physical access tothe target SIM, an off the shelf smart card reader and a computer to direct theoperation:

A simple counter measure is to change the hash function used for authentication to astrong one. It should be noted that a COMPO 128-2 a new version of COMP 128 hasremedied the issue present in the original COM128. Its however not known to whatextend the new algorithm has been adopted by the operators:

Cloning over the Air: Cloning over the air can be accomplished using a rogue base station(RBTS), apart from RBTS, the attacker need to know the target IMSI or TMSI . Whenthese resources are available the attacker starts capturing some MS after a channelshas been allocated the RBTS then execute a procedure to clone the MS phone

- The defense against cloning over the air is to limit the number of time aSIM can be authenticated to a number significantly smaller than150,000.


22/35

Theft of Service equipment

Theft of equipment or service is a very serious problem in

mobile personal communication.

The network subsystem doesnt care whether a call has

originated from a legitimate or form s stolen terminal as long as

it bills the call to correct amount. To avoid this all personal equipment must have unique

identification information that reduce the potential of the stolen

equipment to be reused.

This may take the form of tamper resistance identifier

permanently plugged in the terminal.


23/35

Rogue BTS

Man-in-the-middle. This is the capability whereby the intruder puts

itself in between the target user and a genuine network and has the

ability to eavesdrop, modify, delete, re-order, replay, and spoofsignaling and user data messages exchanged between the two

parties. The required equipment is Rougue BTS in conjunction with

a modified MS.


24/35

Compromised cipher key

An attack that requires a modified BTS and the possession by theintruder of a compromised authentication vectorand thus exploitsthe weakness that the user has no control upon the cipher key.

The tar get user is enticed to camp on the false BTS/MS. When acall is set-up the false BTS/MS forces the use of a compromised

cipher key on the mobile user.

3G: The presence of a sequence number in the challenge allowsthe USIM to verify the freshness of the cipher key to help guardagainst forced re-use of a compromised authentication vector.However, the architecture does not protect against force use of

compromised authentication vectors which have not yet been usedto authenticate the USIM.

Thus, the network is still vulnerable to attacks using compromisedauthentication vectors which have been intercepted betweengeneration in the authentication center and use or destruction inthe serving network.


25/35

Location update spoofing

An attack that requires a modified MS and exploits the weakness

that the network cannot authenticate the messages it receives over

the radio interface.

The user spoofs a location update request in a different location

area from the one in which the user is roaming.

The network registers in the new location area and the target user

will be paged in that new area.

The user is subsequently unreachable for mobile terminated

services.

3G. Integrity protection of critical signaling messages protectsagainst this attack. More specifically, data authentication and

replay inhibition of the location update request allows the serving

network to verify that the location update request is legitimate.


26/35

Hijacking incoming calls in networks

with encryption enabled

This attack requires a modified BTS/MS. In addition to the previous

attack this time the intruder has to suppress encryption.

3G: Integrity protection of critical signalling messages protects

against this attack. More specifically, data authentication and

replay inhibition of the MS station classmark and the connection

accept message helps prevent suppression of encryption and

allows the serving network to verify that the connection accept is

legitimate.


27/35

3G vs. GSM

A change was made to defeat the false base station attack. The

security mechanisms include a sequence number that ensures that

the mobile can identify the network.

Key lengths were increased to allow for the possibility of stronger

algorithms for encryption and integrity.

Mechanisms were included to support security within and between

networks.

Security is based within the switch rather than the base station as

in GSM. Therefore links are protected between the base station

and switch.

Integrity mechanisms for the terminal identity (IMEI) have beendesigned in from the start, rather than that introduced late into

GSM.


28/35

Types ofAttack on 3G networks

Type of Attack Target Purpose

1 Worms, virus, Trojan, SMS/MMS

Spam

Other users,

Network elements

(content)

Harassment/denial

of service/service

interruption.

2 Denial of service; application layer

attack, SIP flooding, etc

HLR, AAA, content

server, signaling

nodes

Attack ability to

provide service

3 Over billing attack Operator

management

elements(AAA, HLR,

VLR, etc)

Fraud

4 Spoofed PDP context Users session Service theft

5 Signaling level attack Signaling nodes Attack ability to

provide service

Denial of Service

Make use brute force attacks to overwhelm the target system with data so thatthe response from the target is system is either slowed down or stopped

are often remotely controlled by the organization orchestrating the attack

Overbilling Attack:

malicious user hijacks a subscribers IP address and then using that connection

to initiate fee based downloads or simply use that connection for their ownpurpose. The legitimate subscriber pays the bill


29/35

Attacks on the 3G networks

Spoofed PDP context

Attack exploits weaknesses in the GTP (GPRS tunnelingprotocol);

Spoofed Delete PDP context packets , which would causeservice loss or interruption to end users

Spoofed create PDP context packets , which would result inunauthorized or illegal access to the internet or customer data

networks GTP packet floods which is a kind of denial of service


30/35

3G Security Model

o estr tu /Ser i gStr tu

SIM

Tr s ortstr tu

M

S

A

A lic tiostr tu

ser A lic tio ro ider A lic tio

(IV)

(III)

(II)

(I)

(I)

(I)

(I)

(I)


31/35

3G Security Model

Network access security (I): the set of security features that provide

users with secure access to 3G services, and which in particular

protect against attacks on the (radio) access link;

Network domain security (II): the set of security features that enable

nodes in the provider domain to securely exchange signalling data, and

protect against attacks on the wireline network; User domain security (III): the set of security features that secure

access to mobile stations

Application domain security (IV): the set of security features that

enable applications in the user and in the provider domain to securely

exchange messages.

V

isibility and configurability of security (V

): the set of features thatenables the user to inform himself whether a security feature is in

operation or not and whether the use and provision of services should

depend on the security feature.


32/35

Defense Against specific attackType of Attack Target Defense

1 Worms, virus, Trojan, SMS/MMS Spam Other users, Network

elements (content)

Device and network

anti-virus, content

scanning

2 Denial of service; application layer attack,

SIP flooding, etc

HLR, AAA, content

server, signaling nodes

Firewall , signaling

scanning and IDP

3 Over billing attack Operator management

elements(AAA, HLR,

VLR, etc)

Intrusion prevention

and protection

4 Spoofed PDP context Users session Signaling firewalls

5 Signaling level attack Signaling nodes Fire wall, signaling

firewalls and IDP


33/35

Fire wall and IDP defense


34/35

Thanks

[email protected]


35/35

References

3G TS 33.120 Security Principles and Objectiveshttp://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300.pdf

3G TS 33.120 Security Threats and Requirements

http://www.arib.or.jp/IMT-2000/ARIB-spec/ARIB/21133-310.PDF

Michael Walker On the Security of 3GPP Networks

http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/mike_walker.pdf

3G TR 33.900 A Guide to 3rd Generation Security

ftp://ftp.3gpp.org/TSG_SA/WG3_Security/_Specs/33900-120.pdf

3G TS 33.102 Security Architecture

ftp://ftp.3gpp.org/Specs/2000-12/R1999/33_s/33102-370.zip GSM-Security: a Survey and Evaluation of the Current Situation,

Paul Yousef, Masters thesis, Linkoping Institute of Technology, March 2004

GSM: Security, Services, and the SIM Klaus Vedder, LNCS 1528, pp. 224-240,Springer-Verlag 1998

ICT Expo presentation 3 G and GSM security

Documents

Transcript of ICT Expo presentation 3 G and GSM security