Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

MSC

advertisement 
Security of Cellular Networks:
Man-in-the Middle Attacks
Mario Čagalj
University of Split
2013/2014.
‘Security in the GSM system’ by Jeremy Quirke, 2004
Introduction
 Nowadays, mobile phones are used by 80-90% of the
world’s population (billion of users)
 Evolution
 1G: analog cellular networks
GSM security specifications
 2G: digital cellular networks with GSM (Global System for Mobile
Communications) beign the most popular and the most widely used
standard (circuit switching)
 other 2G: technologies IS-95 – CDMA based (US), PDC (Japan), etc.
 2.5G: GPRS (General Packet Radio Service) – packet switching
 2.75G: EDGE – faster data service
 3G: UMTS (CDMA based), HSPA for data traffic (e.g., 5-10 Mbps)
 other 3G: CDMA2000 (US, S. Korea)
 4G: LTE (OFDM based), peak data rates of 100Mbps
2
Cellular Network Architecture
A high level view
Databases
(e.g., Home
Location Register)
Mobile
Station
Base
Station
Mobile
Switching
Center
External
Network
Cellular Network
EPFL, JPH
3
Cellular Network Architecture
Registration Process
Nr: 079/4154678
Tune on the strongest signal
EPFL, JPH
4
Cellular Network Architecture
Service Request
079/4154678
079/8132627
EPFL, JPH
079/4154678
079/8132627
5
Cellular Network Architecture
Paging Broadcast (locating a particular mobile station in case of mobile
terminated call)
079/8132627?
079/8132627?
079/8132627?
079/8132627?
Note: paging makes sense only over a small area
EPFL, JPH
6
Cellular Network Architecture
Response
079/8132627
079/8132627
EPFL, JPH
7
Cellular Network Architecture
Channel Assignement
Channel
47
Channel
47
Channel
68
Channel
68
EPFL, JPH
8
Cellular Network Architecture
Conversation
EPFL, JPH
9
Cellular Network Architecture
Handover (or Handoff)
EPFL, JPH
10
Cellular Network Architecture
Message Sequence Chart
Base
Station
Caller
Base
Station
Switch
Periodic registration
Service request
Paging broadcast
Tune to Ch.47
Ring indication
Stop ring indication
EPFL, JPH
Callee
Periodic registration
Service request
Page request
Page request
Paging broadcast
Assign Ch. 47
Paging response
Paging response
Assign Ch. 68
Tune to Ch. 68
Alert tone
Ring indication
Stop ring indication
User response
User response
11
GSM System Architecture
Based on ‘Mobile Communications: Wireless
Telecommunication Systems’
Architecture of the GSM system
 GSM is a PLMN (Public Land Mobile Network)
 several providers setup mobile networks following the GSM
standard within each country
 components
 MS (mobile station)
 BS (base station)
 MSC (mobile switching center)
 LR (location register)
 subsystems
 RSS (radio subsystem): covers all radio aspects
 NSS (network and switching subsystem): call forwarding, handover,
switching
 OSS (operation subsystem): management of the network
13
Please check http://gsmfordummies.com/architecture/arch.shtml
GSM: overview
OMC, EIR,
AUC
HLR
NSS
with OSS
VLR
MSC
GMSC
VLR
fixed network
MSC
BSC
BSC
RSS
14
GSM: system architecture
radio
subsystem
MS
network and switching
subsystem
fixed
networks
MS
ISDN
PSTN
MSC
BTS
BSC
EIR
SS7
BTS
HLR
VLR
BTS
BSC
BTS
BSS
MSC
IWF
ISDN
PSTN
PSPDN
CSPDN
15
System architecture: radio subsystem
radio
subsystem
MS
network and switching
subsystem
 Components
 MS (Mobile Station)
MS
 BSS (Base Station Subsystem):
consisting of
 BTS (Base Transceiver Station):
BTS
BTS
BSC
MSC
BSC
MSC
BTS
BTS
sender and receiver
 BSC (Base Station Controller):
controlling several transceivers
BSS
16
Radio subsystem
 The Radio Subsystem (RSS) comprises the cellular mobile
network up to the switching centers
 Components
 Base Station Subsystem (BSS):
 Base Transceiver Station (BTS): radio components including sender,
receiver, antenna - if directed antennas are used one BTS can cover
several cells
 Base Station Controller (BSC): switching between BTSs, controlling BTSs,
managing of network resources, mapping of radio channels onto
terrestrial channels
 Mobile Stations (MS)
17
GSM: cellular network
segmentation of the area into cells
possible radio coverage of the cell
cell
idealized shape of the cell
 use of several carrier frequencies
 not the same frequency in adjoining cells
 cell sizes vary from some 100 m up to 35 km depending on user density,
geography, transceiver power etc.
 hexagonal shape of cells is idealized (cells overlap, shapes depend on
geography)
 if a mobile user changes cells
 handover of the connection to the neighbor cell
18
System architecture: network and
switching subsystem
network
subsystem
fixed partner
networks
ISDN
PSTN
MSC
SS7
EIR
HLR
VLR
MSC
IWF
ISDN
PSTN
PSPDN
CSPDN
Components
 MSC (Mobile Services Switching Center)
 IWF (Interworking Functions)




ISDN (Integrated Services Digital Network)
PSTN (Public Switched Telephone Network)
PSPDN (Packet Switched Public Data Net.)
CSPDN (Circuit Switched Public Data Net.)
Databases
 HLR (Home Location Register)
 VLR (Visitor Location Register)
 EIR (Equipment Identity Register)
19
Network and switching subsystem
 NSS is the main component of the public mobile network GSM
 switching, mobility management, interconnection to other networks,
system control
 Components
 Mobile Services Switching Center (MSC)
controls all connections via a separated network to/from a mobile terminal
within the domain of the MSC - several BSC can belong to a MSC
 Databases (important: scalability, high capacity, low delay)
 Home Location Register (HLR)
central master database containing user data, permanent and semi-permanent
data of all subscribers assigned to the HLR (one provider can have several HLRs)
 Visitor Location Register (VLR)
local database for a subset of user data, including data about all user currently in
the domain of the VLR
20
Mobile Services Switching Center
 The MSC (mobile switching center) plays a central role in
GSM
 switching functions
 additional functions for mobility support
 management of network resources
 interworking functions via Gateway MSC (GMSC)
 integration of several databases
21
Operation subsystem
 The OSS (Operation Subsystem) enables centralized operation,
management, and maintenance of all GSM subsystems
 Components
 Authentication Center (AUC)
 generates user specific authentication parameters on request of a VLR
 authentication parameters used for authentication of mobile terminals and
encryption of user data on the air interface within the GSM system
 Equipment Identity Register (EIR)
 registers GSM mobile stations and user rights
 stolen or malfunctioning mobile stations can be locked and sometimes even
localized
 Operation and Maintenance Center (OMC)
 different control capabilities for the radio subsystem and the network subsystem
22
Please check http://gsmfordummies.com/gsmevents/mobile_terminated.shtml
Mobile Terminated Call
1: calling a GSM subscriber
HLR
2: forwarding call to GMSC
3 6
3: signal call setup to HLR
4, 5: request MSRN (roaming
number) from VLR
calling
station
1
PSTN
2
GMSC
6: forward responsible
MSC to GMSC
7: forward call to
current MSC
8, 9: get current status of MS
10, 11: paging of MS
4
5
10
7
VLR
8 9
14 15
MSC
10 13
16
10
BSS
BSS
BSS
11
11
11
11 12
17
MS
12, 13: MS answers
14, 15: security checks
16, 17: set up connection
23
Mobile Originated Call
1, 2: connection request
3, 4: security check
VLR
5-8: check resources (free circuit)
9-10: set up call
3 4
PSTN
6
GMSC
7
5
8
MS
1
10
MSC
2 9
BSS
24
Mobile Terminated and Mobile Originated Calls
MS
MTC
BTS
MS
MOC
BTS
paging request
channel request
channel request
immediate assignment
immediate assignment
paging response
service request
authentication request
authentication request
authentication response
authentication response
ciphering command
ciphering command
ciphering complete
ciphering complete
setup
setup
call confirmed
call confirmed
assignment command
assignment command
assignment complete
assignment complete
alerting
alerting
connect
connect
connect acknowledge
connect acknowledge
data/speech exchange
data/speech exchange
25
Security in GSM
Based on:
‘Security in the GSM system’ by Jeremy Quirke
‘The GSM Standard (An overview of its security)’ by SANS Institute
InfoSec Reading Room
‘Mobile Communications: Wireless Telecommunication Systems’
Security Services in GSM
 Access control/authentication
x
 user <-- -- SIM (Subscriber Identity Module): secret PIN (personal
identification number)
x
 SIM <-- -- network: challenge response method
 Confidentiality
 voice and signaling encrypted on the wireless link (after successful
authentication)
 Anonymity
 temporary identity TMSI (Temporary Mobile Subscriber Identity)
 newly assigned at each new location update (LUP)
 encrypted transmission
27
Security Services in GSM
Authentication
 SIM (Subscriber Identity Module) card
 smartcard inserted into a mobiel phone
 contains all necessary details to obtain access to an account
 unique IMSI (International Mobile Subscriber Identity)
 Ki - the individual subscriber authentication key (128bit, used to generate all
other encryption and authentication keying GSM material)

highly protected – the mobile phone never learns this key, mobile only forwards
any required material to the SIM

known only to the SIM and network AUC (Authentication Center)
 SIM unlocked using a PIN or PUK
 authentication (A3 algorithm) and key generation (A8 algorithm)
is performed in the SIM
 SIM contains a microprocessor
28
Security Services in GSM
Authentication
SIM
mobile network
Ki
AC
RAND
128 bit
RAND
128 bit
RAND
128 bit
A3
Ki
128 bit
A3
SIM
SRES* 32 bit
MSC
SRES* =? SRES
SRES 32 bit
SRES
32 bit
SRES
Ki: individual subscriber authentication key SRES: signed response
29
Security Services in GSM
Authentication
Kc: Session encryption key generated together with SRES
30
Security Services in GSM
Encryption
MS with SIM
mobile network (BTS)
Ki
AC
RAND
128 bit
RAND
128 bit
RAND
128 bit
A8
cipher
key
BTS
Ki
128 bit
SIM
A8
Kc
64 bit
Kc
64 bit
data
A5
encrypted
data
SRES
data
A5
MS
31
Security Services in GSM
Authentication and Encryption
 A3 and A8 algorithms are both run in SIM at the same time on the
same input (RAND, Ki)
 A3A8 = COMP128v1, COMP128v2, COMP123v3 (serious weaknesses known)
 not used in UMTS
 Encryption algorithm A5
 symmetric encryption algorithm
 voice/data encryption performed by a phone using generated encryption key Kc
32
Security Services in GSM
Encryption
 A5 algorithms
 A5/0 – no encryption used
 A5/1 and A5/2 developed far from public domain and later found
flawed
 stream ciphers based on linear feedback shift registers
 A5/2 completely broken (not used anymore in GSM)
 A5/1 is a bit stronger but also broken by many researchers
 A5/3 – is a block cipher based on Kasumi encryption algorithm
 used in UMTS, GSM, and GPRS mobile communications systems
 public and reasonably secure (at least at the moment)
33
Security Services in GSM
Summary
34
Security Weaknesess in GSM
 A mobile phone does not authenticate the base station!
 only mobile authenticate to BS (one-way authentication)
 fake BS and man-in-the middle attacks possible
 attacker does not have to know authentication key Ki
 A5/0 - No Encryption algorithm is a valid choice in GSM
 for voice, SMS, GPRS, EDGE services
 Many weaknesses in A5 family of encryption algorithms
35
Security Weaknesess in GSM
36
Security Services in GSM
Anonymity
 Preventing eavesdropper (listening attacker) from determining if a
particular subscriber is/was in the given area
 location privacy
 thanks to long ranges a very powerful attack
 attacker uses IMSI (International Mobile Subscriber Identity)
 IMSI Catchers
 To preserve location privacy GSM defines TMSI (Temporary Mobile
Subscriber Identity)
 when a phone turned on, IMSI from SIM transmitted in clear to the AUC
 after this TMSI is assigned to this user for location privacy
 after each location update or a predefined time out, a new TMSI is assigned to the
mobile phone
 a new TMSI is sent encrypted (whenever possible)
 VLR database contains mapping TMSI to IMSI
37
Security Services in GSM
Anonymity
38
Security Services in GSM
Anonymity
39
Security Weaknesess in GSM
Attack Against the Anonymity Service
 GSM provisions for situation when the network somhow
loses track of a particular TMSI
 in this case the network must ask the subscriber its IMSI over the radio link
using the IDENTITY REQUEST and IDENTITY RESPONSE mechanism
 however, the connection cannot be encrypted if the network does not know
the IMSI and so the IMSI is sent in plain text
 the attacker can use this to map known TMSI and unknown and user-specific
IMSI
40
Countermeasures: UMTS
 UMTS defines 2-way authentication and mandates the
use of stronger encryption and authentication primitives
 prevents MITM attacks by a fake BS, but be cautious...
 Still many reasons to worry about
 most mobiles support < 3G standards (GPRS, EDGE)
 when signal is bad, hard to supprot UMTS rates
 mobile providers already invested a lot of money and do not give up upon
‘old’ BSS equippment
 femtocells
41
Many Reason to Worry About Your Privacy
 http://www.theregister.co.uk/2008/05/20/tracking_phones/
 http://www.theregister.co.uk/2011/10/31/met_police_datong_mo
bile_tracking/ (check also http://www.pathintelligence.com)
 http://docs.google.com/viewer?url=https%3A%2F%2Fmedia.black
hat.com%2Fbh-dc-11%2FPerez-Pico%2FBlackHat_DC_2011_PerezPico_Mobile_Attacks-Slides.pdf
 http://docs.google.com/viewer?url=http%3A%2F%2Ffemto.sec.t-
labs.tu-berlin.de%2Fbh2011.pdf
42
Related documents
GSM
GSM
Lal Joshi, Head of Outreach and Partner Liaison, GSM London
Lal Joshi, Head of Outreach and Partner Liaison, GSM London
Service Concept in GSM/DCS Supplementary services
Service Concept in GSM/DCS Supplementary services
SIM hunting
SIM hunting
SIM Hunting - 2N Telekomunikace a.s
SIM Hunting - 2N Telekomunikace a.s
GSM cracking
GSM cracking
HWg-Ares12
HWg-Ares12
Download
advertisement