TML / Studies / Tik-110.501 / Topics

Seminar on Network Security

Introduction of the topics and some material for the session of

Existing and future networks

---

GSM and GPRS Security

Tutor: Kaisa Nyberg

The purpose of this topic is to give an overview of the GSM security as defined by the specifications:

[1] GSM 01.04 (ETR 100): "Digital cellular telecommunications system (Phase 2); Definitions, abbreviations and acronyms".
[2] GSM 02.02 (ETS 300 501): "Digital cellular telecommunications system (Phase 2); Bearer Services (BS) supported by a GSM Public Land Mobile Network (PLMN)".
[3] GSM 02.03 (ETS 300 502): "Digital cellular telecommunications system (Phase 2); Teleservices supported by a GSM Public Land Mobile Network (PLMN)".
[4] GSM 03.20 (ETS 300 534): "Digital cellular telecommunications system (Phase 2); Security related network functions".
[5] GSM 11.11 (ETS 300 608): "Digital cellular telecommunications system (Phase 2); Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface".

The student is also given a couple of useful tutorial papers on GSM security.

Also GPRS security should be addressed.

Experiences in Mobile Phone fraud

Tutor: Tuomas Aura

Required prior skills:
Ability to search literature independently and to write a readable synthesis.

In developing and evaluating security technology, it is important to understand the threats against which we want to protect. In commercial systems, security failures may even be tolerated as long as the damage remains lower than the cost of fixing the problems. Moreover, new systems are always designed with the failures of the previous generation in mind. The security features of current networks can, therefore, be understood only in the light of what has gone wrong in in past.

The seminar paper should

• overview attacks against existing (analog and digital) mobile phone networks, focusing on attacks that have had real consequences to the operators or users,
• describe countermeasures to these attacks and explain how newer networks have been designed to prevent the attacks, and
• explain why some security features (e.g. end-to-end authentication) have not been seen as necessary.

A good starting point:
Michael J. Riezenman, Cellular security: better, but foes still lurk, IEEE Spectrum, 37 (6), June 2000, pp. 39-42.

Search Google or Altavista for "cellular fraud". While most stuff on the web is about American analog networks, it would be nice if you can find details of attacks against the NMT phones.

Access security in the third generation mobile networks

Tutor: Kaisa Nyberg

The task is to present an overview of the access security functions and protocols specified by the 3GPP and other UMTS standardization bodies.

SOME SECURITY PRINCIPLES AND OBJECTIVES LISTED IN DOCUMENT 3G TS 33.120

Weaknesses in Second Generation security

The following weaknesses in the security of GSM (and other second generation systems) will be corrected in 3G security:

1. active attacks using a "false base station" are possible;
2. cipher keys and authentication data are transmitted in clear between and within networks;
3. encryption does not extend far enough towards the core network resulting in the cleartext transmission of user and signalling data across microwave links (in GSM, from the BTS to the BSC);
4. user authentication using a previously generated cipher key (where user authentication using RAND, SRES and A3/8 is not provided) and the provision of protection against channel hijack rely on the use of encryption, which provides implicit user authentication. However, encryption is not used in some networks, leaving opportunities for fraud;
5. data integrity is not provided. Data integrity defeats certain false BTS attacks and, in the absence of encryption, provides protection against channel hijack;
6. the IMEI is an unsecured identity and should be treated as such;
7. fraud and LI were not considered in the design phase of second generation systems but as afterthoughts to the main design work;
8. there is no HE knowledge or control of how an SN uses authentication parameters for HE subscribers roaming in that SN;
9. second generation systems do not have the flexibility to upgrade and improve security functionality over time.

New Security Features and the Security of New Service Features

The environment in which new services will be developed can be characterised by (but is not limited to) the following aspects:

• there will be new and different providers of services. For example: content providers, data service providers, HLR only service providers;
• 3G mobile systems will be positioned as the preferred means of communications for users. They will be preferable to fixed line systems;
• there will be a variety of prepaid and pay-as-you-go services which may be the rule rather than the exception. A long-term subscription between the user and a network operator may not be the paradigm. (3G security will provide satisfactory security for such systems and will not be content with insecure systems such as GSM Advice of Charge);
• there will be increased control for the user over their service profile (which they might manage over the Internet) and over the capabilities of their terminal (it will be possible to download new services and functions using systems such as MExE and SAT);
• there will be active attacks on users. (In active attacks, equipment is used to impersonate parts of the network to actively cause lapses in security. In passive attacks, the attacker is outside the system and listens in, hoping security lapses will occur);
• non-voice services will be as important as, or more important than, voice services;
• the terminal will be used as a platform for e-commerce and other applications. Multi-application smartcards where the USIM is one application among many can be used with the terminal. The smartcard and terminal will support environments such as Java to allow this. The terminal may support personal authentication of the user using biometric methods.

3G SECURITY OBJECTIVES

In addition to the above principles for 3G security, there are the high level objectives given below. These will be expanded upon in 3G TS 21.133 :

1. to ensure that information generated by or relating to a user is adequately protected against misuse or misappropriation;
2. to ensure that the resources and services provided by serving networks and home environments are adequately protected against misuse or misappropriation;
3. to ensure that the security features standardised are compatible with world-wide availability. (There shall be at least one ciphering algorithm that can be exported on a world-wide basis (in accordance with the Wassenaar agreement));
4. to ensure that the security features are adequately standardised to ensure world-wide interoperability and roaming between different serving networks;
5. to ensure that the level of protection afforded to users and providers of services is better than that provided in contemporary fixed and mobile networks (including GSM);
6. to ensure that the implementation of 3GPP security features and mechanisms can be extended and enhanced as required by new threats and services.

End-to-end security of mobile data in GSM

Tutor: Catharina Candolin

End-to-end (E2E) security aka end-to-end encryption (EEE) in GSM means that the data channel from the terminal to the (3rd party) content server is encrypted. Normally the WTLS encrypted data channel is from the terminal to WAP gateway.

Purpose of this study is to describe the challenges of EEE and the two possible solutions. The options to provide terminal->WAP gateway->3rd party content server EEE are:

1. Redirect data to to content server at the operator WAP gateway. Problem: needs agreenment between the operator and service provider.
2. WSG, WMLScript Crypto library. Encrypt the data at terminal using public key of the 3rd party content server. Problem: terminal needs to get the public key somehow.

Also weaknesses of legacy solutions might be discussed (e.g. Sonera SmartTrust).

---

This page is maintained by Network Security teaching staff, E-mail: netsec@tml.hut.fi.
The page has been last updated on September 27, 2000
URL: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/intro/networks.html