09-11-2012, 06:03 PM
GSM and 3G Security
[attachment=38856]
GSM: Introduction
GSM is the most widely used cellular standard
Over 600 million users, mostly in Europe and Asia
Limited coverage and support in USA
Based on TDMA radio access and PCM trunking
Use SS7 signalling with mobile-specific extensions
Provides authentication and encryption capabilities
Today’s networks are 2G evolving to 2.5G
Third generation (3G) and future (4G)
Low-tech Fraud
Call forwarding to premium rate numbers
Bogus registration details
Roaming fraud
Terminal theft
Multiple forwarding, conference calls
Countermeasures for low-tech fraud
Fraud Management systems look for:
Multiple calls at the same time,
Large variations in revenue being paid to other parties,
Large variations in the duration of calls, such as very short or long calls,
Changes in customer usage, perhaps indicating that a mobile has been stolen or is being abused,
Monitor the usage of a customer closely during a 'probationary period'
Problems with GSM security
Only provides access security – communications and signalling traffic in the fixed network are not protected.
Does not address active attacks, whereby some network elements (e.g. BTS: Base Station)
Only as secure as the fixed networks to which they connect
Lawful interception only considered as an after-thought
Terminal identity cannot be trusted
Difficult to upgrade the cryptographic mechanisms
Lack of user visibility (e.g. doesn’t know if encrypted or not)
Attacks on GSM networks
Eavesdropping. This is the capability that the intruder eavesdrops signalling and data connections associated with other users. The required equipment is a modified MS.
Impersonation of a user. This is the capability whereby the intruder sends signalling and/or user data to the network, in an attempt to make the network believe they originate from the target user. The required equipment is again a modified MS.
Impersonation of the network. This is the capability whereby the intruder sends signalling and/or user data to the target user, in an attempt to make the target user believe they originate from a genuine network. The required equipment is modified BTS.
Location update spoofing
An attack that requires a modified MS and exploits the weakness that the network cannot authenticate the messages it receives over the radio interface.
The user spoofs a location update request in a different location area from the one in which the user is roaming.
The network registers in the new location area and the target user will be paged in that new area.
The user is subsequently unreachable for mobile terminated services.
3G: Integrity protection of critical signalling messages protects against this attack. More specifically, data authentication and replay inhibition of the location update request allows the serving network to verify that the location update request is legitimate.
Compromised cipher key
An attack that requires a modified BTS and the possession by the intruder of a compromised authentication vector and thus exploits the weakness that the user has no control upon the cipher key.
The target user is enticed to camp on the false BTS/MS. When a call is set-up the false BTS/MS forces the use of a compromised cipher key on the mobile user.
3G: The presence of a sequence number in the challenge allows the USIM to verify the freshness of the cipher key to help guard against forced re-use of a compromised authentication vector. However, the architecture does not protect against force use of compromised authentication vectors which have not yet been used to authenticate the USIM.
Thus, the network is still vulnerable to attacks using compromised authentication vectors which have been intercepted between generation in the authentication center and use or destruction in the serving network.
[attachment=38856]
GSM: Introduction
GSM is the most widely used cellular standard
Over 600 million users, mostly in Europe and Asia
Limited coverage and support in USA
Based on TDMA radio access and PCM trunking
Use SS7 signalling with mobile-specific extensions
Provides authentication and encryption capabilities
Today’s networks are 2G evolving to 2.5G
Third generation (3G) and future (4G)
Low-tech Fraud
Call forwarding to premium rate numbers
Bogus registration details
Roaming fraud
Terminal theft
Multiple forwarding, conference calls
Countermeasures for low-tech fraud
Fraud Management systems look for:
Multiple calls at the same time,
Large variations in revenue being paid to other parties,
Large variations in the duration of calls, such as very short or long calls,
Changes in customer usage, perhaps indicating that a mobile has been stolen or is being abused,
Monitor the usage of a customer closely during a 'probationary period'
Problems with GSM security
Only provides access security – communications and signalling traffic in the fixed network are not protected.
Does not address active attacks, whereby some network elements (e.g. BTS: Base Station)
Only as secure as the fixed networks to which they connect
Lawful interception only considered as an after-thought
Terminal identity cannot be trusted
Difficult to upgrade the cryptographic mechanisms
Lack of user visibility (e.g. doesn’t know if encrypted or not)
Attacks on GSM networks
Eavesdropping. This is the capability that the intruder eavesdrops signalling and data connections associated with other users. The required equipment is a modified MS.
Impersonation of a user. This is the capability whereby the intruder sends signalling and/or user data to the network, in an attempt to make the network believe they originate from the target user. The required equipment is again a modified MS.
Impersonation of the network. This is the capability whereby the intruder sends signalling and/or user data to the target user, in an attempt to make the target user believe they originate from a genuine network. The required equipment is modified BTS.
Location update spoofing
An attack that requires a modified MS and exploits the weakness that the network cannot authenticate the messages it receives over the radio interface.
The user spoofs a location update request in a different location area from the one in which the user is roaming.
The network registers in the new location area and the target user will be paged in that new area.
The user is subsequently unreachable for mobile terminated services.
3G: Integrity protection of critical signalling messages protects against this attack. More specifically, data authentication and replay inhibition of the location update request allows the serving network to verify that the location update request is legitimate.
Compromised cipher key
An attack that requires a modified BTS and the possession by the intruder of a compromised authentication vector and thus exploits the weakness that the user has no control upon the cipher key.
The target user is enticed to camp on the false BTS/MS. When a call is set-up the false BTS/MS forces the use of a compromised cipher key on the mobile user.
3G: The presence of a sequence number in the challenge allows the USIM to verify the freshness of the cipher key to help guard against forced re-use of a compromised authentication vector. However, the architecture does not protect against force use of compromised authentication vectors which have not yet been used to authenticate the USIM.
Thus, the network is still vulnerable to attacks using compromised authentication vectors which have been intercepted between generation in the authentication center and use or destruction in the serving network.