Transcript Stepanek
Cellular Network Security Secure Systems Administration Spring 2011 Ryan Stepanek A brief history of cellular networks Cellular networks have been deployed for the last three decades 1G networks had maxspeeds of about 9.6 kbs [1] As network technology evolved, two standards emerged: CDMA and GSM Modern cellular networks operate in the third and fourth generation, reaching theoretical speeds up to 100 Mbit/s Challenges of Cellular Networks Open Access Wireless – No physical connection necessary! Bandwidth Limitations – Everyone has to share the network. System Complexity – The larger the implementation of the system the more difficult it is to maintain security. Confidentiality – Private data needs to be encrypted. Integrity – Must minimize data loss; more services being sent through the network. Authentication With Other Networks – Companies need to play nice with each other. Security Issue for Cellular Networks Operating systems on mobile devices – Android, Windows, iPhone Web services – Potential for abuse through the addition of new services; DOS. Location Detection – Keep the location of the user private! Spyware; malware – Phones and network may be vulnerable. Phone OS by Market Share Phone OS Market Share – US, UK, China I-Security Mobile OS – left open to viruses and malware History of being slow to patch Users can jailbreak and run their own code SMS virus – over two months to patch! Spreading the virus required only the victims phone number Spread through memory corruption in iPhone[6] Potentially detrimental to host network Dangerously popular – In December 2009 AT&T was forced to halt iPhone sales in New York[5] Can you hear me now? Network load became too great for existing infrastructure Blackberries Very good encryption Relies on security through obscurity Vulnerable through third party apps Causes conflicts with governments on the grounds of national security i.e. India 2009[7] i.e. the Webkit browser was used at this year’s Pwn2Own hacking expo.[8] Blackberry Enterprise Server(BES) Commonly used in business and government, compromising the server could allow access to phone information Fairly secure if configured correctly(EAL 4+)[10] Android Open source Incredibly threatening to network profit/security i.e. free WiFi tethering Rooting Allows greater control over the phone Creates a natural conflict between the service provider and customer Also increases vulnerability to viruses i.e. custom ROMs will not receive updates from the service provider Companies now actively trying to hinder rooting i.e. Motorola[8] GSM vs CDMA GSM More than 3.8 billion people worldwide Far more common outside of North America More than 89 percent of market share[4] More than more than 212 countries and territories[3] Interferes with some electronics CDMA Transmits data signal modulated with pseudorandom code Generally allows for larger transmission cells Allows users to share frequencies 3G – Network Components Radio Access Network Towers Radio Network Controllers Core Network Packet Switched Network Circuit Switched Network SGSN – Handles Access Control and Route Management GGSN – Gateway to the Internet 3G – Implementation Attacks on Cellular Neworks DOS/DDOS – Probably the most common. Jamming iPhones Services and bandwidth usage seems to be increasing faster than network infrastrucure More achievable now through infecting phones Highly localized, similar in effect to DOS Eavesdropping Man in the Middle attacks Session hijacking 3G - Defensive Measures Network Access Security Utilizes secret keys and secret key ciphers to maintain confidentiality Uses a temporary International Mobile User Identity to protect the user’s identity. Challenge Response System Used when Authenticating Occurs when user first connects to network, when the network receives a service request, when a location update is sent, on attach/detatch request, etc..[1] 3G-Integrity and Confidentiality Signaling communications between mobile station and network F9 algorithm used to calculate 32-bit MAC-I for data integrity then compared to a calculated XMAC-I F8 used to keep data confidential, utilizes a cipher key that comes from the mobile device; output is then XORed with the original data stream Both F8 and F9 rely on KASUMI cipher Based on feistel structure to create 64bit data blocks and a 128 bit key F8 – Confidentiality Algorithm 3G-Internet Security Wireless Application Protocol Protocol that handles wireless devices connecting to the web Independent of underlying OS WAP2 – puts devices into direct communication with servers Uses layers similar to standard networks IPv6 and IPv4 3G allows for circuit switched and packet switched network nodes 4G is packet switched nodes only; completely IPv6 compatible Cellular Network Security – Factors to Consider Liability Quantity and nature of data Potential harm from data Lawsuits Profits Bandwidth is not free Capability of devices vs. popularity of devices Risk for every network expansion Sources [1] “Security in Wireless Cellular Networks” Gardezi, Ali. http://docs.google.com/viewer?a=v&q=cache:mFeuQOB24gwJ:www1.cse.wustl.edu/~jain/cse5 7406/ftp/cellular_security.pdf+cellular+network+security&hl=en&gl=us&pid=bl&srcid=ADGEESg k1O3TVCFitfU0KCDfZp2FIogPvw0bjkw767GFdWlAOyWm866YcuCt8IEn2uag617WAW0S3 2eIhFbaoMgQiJh_WJi5QYE2RIwkizPeTRzmsFcBNMtESgBQNA9NmF5VgqtrQBe0&sig=AHIEt bR683Y3fhGxdHQa47sZCueMwq3jsA [2] “Exploiting Vulnerabilities and Security Mechanisms in Internet Based SMS Capable Cellular Networks” Azim, Akramul. http://docs.google.com/viewer?a=v&q=cache:AmTvXrmYVNoJ:citeseerx.ist.psu.edu/viewdoc/d ownload%3Fdoi%3D10.1.1.121.2158%26rep%3Drep1%26type%3Dpdf+cellular+network+secu rity&hl=en&gl=us&pid=bl&srcid=ADGEESiJC2Zrk8fOWOH70HSEDwahX_x1pJXZOS2AndHNcBqh0Qm3xcBlkqiVgOW0spQM0aqzoMxYkuT hzhKiHCKxOa8nc8slQ_qDM1a5OQ_zO0qnBL3Y_9zylwEMLPYr8ORC5mXftkM&sig=AHIEt bQjQIcq5LnEbumpqWogCCN3u0uXVA Sources - Countinued [3] “CDMA vs. GSM – Which One is the BestYou?” http://www.cellutips.com/gsm-vs-cdmawhich-one-is-the-best-for-you/ [4] “GSM: Global System for Mobile Communications” http://www.3gamericas.org/index.cfm?fuseaction=page§ionid=242 [5] “AT&T apparently resumes online iPhone sales in New York City” http://articles.cnn.com/2009-12-28/tech/iphone.sales.nyc_1_iphone-sales-online-sales-at-tservice?_s=PM:TECH [6] “First iPhone Virus Found Using SMS Testing” http://ironmill.wordpress.com/2009/07/30/iphone-virus/ [7] “BlackBerry encryption 'too secure': National security vs. consumer privacy” http://www.zdnet.com/blog/igeneration/blackberry-encryption-too-secure-national-securityvs-consumer-privacy/5732 [8] “BlackBerry security breached at Pwn2Own 2011” http://crackberry.com/blackberrysecurity-breached-pwn2own-2011 [9] “Are the Days of Rooting Android Phones Coming to an End?” http://www.droidlife.com/2011/04/04/are-the-days-of-rooting-android-phones-coming-to-an-end/ [10] “Approvals and Certifications” http://us.blackberry.com/ataglance/security/certifications.jsp