Analysis of 2G and 3G Mobile Security

1
Analysis of 2G and 3G Mobile Security

• Roy Campbell

2
Participants

• UIUC
• Roy Campbell
• Dennis Mickunas,
• Jalal Al-Muhtadi
• Sarosh Havewala

• Motorola
• Bruce Briley
• John Wang
• Rong Wang
• Lily Chen

3
Contents

• Motorola study of wireless security protocols
• Present
• Proposed
• Approach
• Other UIUC SRG security and mobile system
  research

4
GSM Security

• Analysis of
• existing 2nd Generation (2G) CDMA and GSM
  security frameworks.
• 3rd Generation (3G) CDMA and GSM network
  security proposals.
• Analyzing various aspects of 3G encryption and
  authentication techniques and their impact upon
  performance.

5
Internet Security

• IP/TCP/application layer security mechanisms
  effectiveness and performance over wireless
  networks
• Comparative performance analyses of the various
  security mechanisms (literature versus our
  studies)
• Security threat evaluation

6
2G GSM Security

• Private Key
• A3 Key Negotiation
• A8 Key Generation
• A5 Encryption
• Private Key encrypts message to server
• Server generates random number for session key

7
3G GSM Security Scenarios

• Integration with Internet
• Web Access
• Multimedia
• QoS
• Network Applications
• Levels of Service
• Bandwidth

The effect of deploying security mechanisms
under different scenarios and the impact on
performance and security
8
Security Features within different Components
Studying existing security features and their
effectiveness under different traffic scenarios
and QoP.

• User
• Subscriber
• UMTS terminal equipment
• Network operator
• Service provider

9
User Security Features

• location confidentiality
• identity confidentiality
• traffic confidentiality
• traffic integrity
• non-repudiation
• user events, numbering, service profile
• access control

10
Subscriber Security Features

• Subscriber access to service profile
• user action authorization
• incontestable charging
• privacy of charging data
• integrity of charging data
• charging limitation

11
Terminal Equipment

• Location confidentiality
• Authentication of user to terminal
• Access control to terminal
• Terminal numbering

12
Network Operator Security

• Databases
• Re-authentication
• Blacklisting
• Tracing of users
• User action authorization
• Subscription authorization
• Tracing of terminal equipment

13
User Security Features Cont.

• Signaling and control data
• confidentiality
• origin authentication
• integrity
• Authentication
• user to user
• network operator to user
• service provider to user

14
Plan of Action

• Using Simulation software to model wireless
  communications networks, protocols, mobile
  devices, and various security mechanisms.
• Existing Simulators OPNET, OMNET, CSim
  (others)
• Alternatively, implementing our own simulator.

15
Evaluating Performance over Wireless Links
i1000plus
Internet
Evaluating different authentication
encryption mechanisms
Base
Base
Gateway
16
Modeling Wireless Communication
Security plug-ins
Internet
Java Virtual Cell phone
Java Virtual Cell phone
Simulating A wireless link over TCP/IP
Gateway
Java Virtual Base
Java Virtual Base
17
UIUC SRG Security and Mobile System
ResearchSecure Active Network

• Seraphim interoperable secure active networks
• Role based access control policies
• Dynamic security enforcement using active
  capability

18
CORBA Security Services

• Standard object interfaces for accessing security
  services
• Authentication, non-repudiation, and access
  control
• Interoperability between different security
  mechanisms
• Interoperability among different policy domains

Object Implementation
Client
A
B
request
?

interceptor
ORB
ORB
SecIOP
SESAME
Use generate security information in the IOR
19
Security Components
Application Client
Application Server
Active Capability/Certificates
Active Capability/Certificates
BOA
Stub
ORB
Dynamic Policies
Security Mechanisms
Network Transport
20
2k Global Distributed Mobile Object System

• Mobile users, resources, dynamic networks
• Infrastructure for smart spaces
• Network-centric user-oriented view
• Components
• Security
• Distributed object solutions

21
(No Transcript)
22
A Light-Weight Security Mechanism Tiny UIUC
SESAME
23
Dynamic Security Policy with Risk Values

• Policy representation framework supports
• Discretionary Access Control(DAC)
• Double DAC
• Role Base Access Control
• Assignment of Risk values to different entities
  and dynamically changing them
• Non-Discretionary Access Control including
  Mandatory Access Control(MAC)
• GUI for building and administrating policies

24
PalmPilot Integration in 2K
2k
System Bootstrapping
System Utilization
2
1
3
4
5
6

Camera
7
25
Streaming Video to Palm Pilot
MPEG Stream

• Palm Pilot
• lacks processing power to decode MPEG
• Video proxy
• transforms MPEG streams
• reduces
• frame rate, color depth, size
• sends compressed bitmaps

Video Proxy
Compressed Bitmap Stream
26
Loadable Protocols

• Transparently change CORBA networking
• Dynamically loadable transport protocols
• Supports multi-protocol applications
• IP multicast protocol module (IPM)
• Multicast used for discovery/allocation

TAO
GIOP
TCP/IIOP
UDP
LDP
IP Multicast