Version 1'1

1 / 15

About This Presentation

Title:

Description:

Number of Views:50

Avg rating:3.0/5.0

Slides: 16

Provided by: jonathan76

Transcript and Presenter's Notes

Title: Version 1'1

1
Security and Fraud in mobile networks

2
Context of assignment

You will be expected to include discussions of
the physical limitations/implications of the
technologies, suitability of devices, and
security of data and safety issues in the context
of the research task
And so some consideration of security measures
for the scenario is expected

3
Mobile security why a target?

usually to eavesdrop on user data
send the user information that he subsequently
believes to originate from a genuine network
user with whom he is connected through that
network
Malware downloads

4
Issues with mobile security

5
Solutions include

Theft of devices
The kill pill to wipe the device
This may not be as easy as it sounds
Device may have to communicate with the mobile
server
If the SIM is taken out then the device is out of
contact with the server
Encryption on the mobile device and
communications between the device and mobile
server
Choice of encryption software?
Example Pointsec see picture passwords and the
diagrams are of interest the product can be
customised as well

6
Mobile Security 1g to 3g

First generation analogue mobile
simple electronic serial number to confirm that
the terminal should be allowed access to the
service
It was not long before the protection afforded to
this number was broken
Second generation systems such as GSM were
designed from the beginning with security in mind
The Home Environment operator can control the use
of the system by the provision of the Subscriber
Identity Module (SIM) which contains a user
identity and authentication key
The security model can be detailed as
Authentication
Charging
Privacy

7
GSM/GPRS security measures

Authentication
one-way authentication based on long-term shared
key between user's SIM card and the home network
Charging
network operator is trusted to charge correctly
based on user authentication
Privacy various techniques available
Data - link-level encryption over the air
identity/location/movements
use of temporary identifiers (TMSI) reduce the
ability of an eavesdropper to track movements
within a Public Land Mobile Network (PLMN)
network can ask the mobile to send its real
identity (IMSI) on synchronization failure, on
database failure, or on entering a new PLMN
network can also page for mobiles using IMSI
(IMEI sim card equivalent)
An IMSI is usually fifteen digits long. The first
three digits are the Mobile Country Code, and the
next digits are the Mobile Network Code.
http//www.theregister.co.uk/2001/03/27/imei_numbe
rs_no_antidote/ discount the use of the IMEI as
being effective

8
3G UMTS enhancements

The 3G system has developed a new security
architecture specifically to be used in UMTS
the successor to GPRS
Authentication
support for mutual authentication
Charging
same as in GSM/GPRS
Privacy (more detail available from this source
ltLinkgt
data
some support for securing core network signaling
data
increased key sizes
identity/location/movements
enhanced user identity confidentiality using
"group keys"
a group key is shared by a group of users

9
Types of security attacks

Impersonation of a user.
intruder sends signalling and/or user data to the
network, in an attempt to make the network
believe they originate from the target user.
Impersonation of the network.
the intruder sends signalling and/or user data to
the target user, in an attempt to make the target
user believe they originate from a genuine
network.
Man-in-the-middle.
the intruder puts itself in between the target
user and a genuine network and has the ability to
eavesdrop, modify, delete, re-order, replay, and
spoof signalling and user data messages exchanged
between the two parties.
Compromising authentication vectors in the
network.
The intruder possesses a compromised
authentication vector, which may include
challenge/response pairs, cipher keys and
integrity keys. This data may have been obtained
by compromising network nodes or by intercepting
signalling messages on network links.

10
Contd - Smishing

Phishing equivalent on mobile devices
Text message suggesting user has signed up for a
service and will be charged until they cancel
using a web site
Web site prompts the user to click on a link
which triggers the download of a trojan horse
Link

11
Contd Denial of service

12
Contd Identity catching

An attack that requires a modified MS and
exploits the weakness that the network may
sometimes request the user to send its identity
in clear text.
The use of temporary identities allocated by the
serving network makes passive eavesdropping
inefficient since the user must wait for a new
registration or a mismatch in the serving network
database before he can capture the users
permanent identity in plain text.
The 3G techniques mentioned earlier counteracts
this attack by using an encryption key shared by
a group of users to protect the user identity in
the event of new registrations or temporary
identity database failure in the serving network.

13
Management of Communications security

Access Control to prevent any access to any
session requester unless identified and
authenticated
Accountability and Audit
generate a security log containing information
sufficient for after-the-fact investigation of
loss or impropriety
Access to Home Location Register (HLV),
Authentication Centre (AuC) and Mobile Switching
Centre (MSC) should be limited
The management of potential fraud is covered in
the section for this week on the MCCS schedule.

14
Conclusion

Mobile security issues are concentrate on the
Integrity, confidentiality and authentication of
the networks and users.
Access and use of service to avoid or reduce a
legitimate charge.
Loss of confidentiality or integrity of a users
or operators data
Denial of a specific users access to their
service or denial of access by all users to a
service

15
Other references