GSM Mobile Security

advertisement
GSM Mobile Security
Prepared by:
Leen F. Arikat
Introduction
With GSM, systems for mobile communication
reached a global scale. In the western world, it
seems everyone has their own mobile phone, and
GSM has taken more and more of the market.
GSM allows users to roam seamlessly between
networks, and separate the user identity from the
phone equipment. In addition the GSM system
provides the functional basis for the 3rd generation
mobile system, UMTS.
Some GSM Facts
Nearly 1 billion subscribers worldwide
Estimated that worldwide mobile phone fraud will reach
$40 billion dollars
US Law enforcement agents have found that 80% of
drug dealers arrested in US using cloned mobile phones.
Ironically, Pablo Escobar the top Columbian drug dealer
was tracked down by monitoring his mobile phone
activity.
Two aspects relevant to a Forensic Analyst


Has the phone been used for a criminal act?
Can the phone be used to secure a conviction?
Some GSM Facts
The European Telecommunication Standards
Institute (ETSI) regulates the GSM standard
(all 4000 pages of it!).
Any equipment used on a GSM network has
to have approval by the ETSI.
All MS’s are independent from any network.
What are the components of a
GSM network?
Subscriber Equipment
The Mobile Station (MS) is the user
equipment in GSM. It is what the user can
see of the GSM system.
The station consists of two entities:
• The Mobile Equipment (the phone itself)
• The Subscriber Identity Module (SIM)
Components of a GSM network
(cont..)
The Switching System (SS)
 Home Location Register (HLR) - A database which stores data about
GSM subscribers, including the Individual Subscriber Authentication
Key (Ki) for each Subscriber Identity Module (SIM).
 Mobile Services Switching Center (MSC) - The network element
which performs the telephony switching functions of the GSM
network.
 Visitor Location Register (VLR) - A database which stores temporary
information about roaming GSM subscribers.
 Authentication Center (AUC) - A database which contains the
International Mobile Subscriber Identity (IMSI) the Subscriber
Authentication key (Ki), and the defined algorithms for encryption.
 Equipment Identity Register (EIR) - A database which contains
information about the identity of mobile equipment in order to
prevent calls from stolen, unauthorized, or defective mobile stations.
Components of a GSM network
(cont..)
The Base Station System (BSS)
 Base Station Controller (BSC) - The network element
which provides all the control functions and physical links
between the MSC and BTS. The BSC provides functions
such as handover, cell configuration data, and control of
radio frequency (RF) power levels in Base Transceiver
Stations.
 Base Transceiver Station (BTS) - The network element
which handles the radio interface to the mobile station.
The BTS is the radio equipment (transceivers and
antennas) needed to service each cell in the network.
Components of a GSM network
(cont..)
The Operation and Support System (OSS)
 Message Center (MXE) - A network element
which provides Short Message Service (SMS),
voice mail, fax mail, email, and paging.
 Gateway Mobile Services Switching Center
(GMSC) - A network element used to
interconnect two GSM networks.
The Subscriber
How to Identify a Subscriber
Every mobile subscriber
is issued with a smart
card called a Subscriber
Identity Module (SIM)
As physical evidence
the SIM provides details
printed on the surface
of;


Name of the Network
Provider
Unique ID Number
Electronic Access to the SIM
Every SIM can be protected by a Personal
Identification Number (PIN)




Set at point of manufacture
Can be changed by the Subscriber
Four digit code
Usually 3 attempts before phone is blocked
Bypassing the PIN requires the Pin Unblocking
Key (PUK)



8 digit code
Set by manufacturer
Maximum 10 attempts before phone is permanently
blocked
What Can Be Extracted From A
SIM?
As SIM is a smart card it has


A processor
Non-volatile memory
Processor is used for providing access to the
data and security
To access the data we need;


Standard smart card reader
SIM access Software
Data stored in binary files
What Can Be Extracted From A
SIM?
Ideally an Analyst would download an image of the
contents and compute a hash value of the contents as a
means of validating originality of content
At present files are downloaded traditionally

Software
Sim Manager Pro
ChipIt
SimScan

Cards4Labs only available to Law Enforcement Agencies
Produces a text report of content rather than downloading.
29 files stored on a SIM
Location Information File
File
Purpose
LOCI Location Information
Size
11 bytes
The bytes 5-9 of the LOCI contain the network
Location Area Identifier (LAI) code
Network Operator specific
This data is retained when the MS is powered down
Updated as MS moves from one location to another
Analyst can determine which location the MS was
present in when last used.
Location Areas can contain many cells.
LOCI DOES NOT DETAIL WHICH CELL!
Cell data not stored on SIM.
Serial Number
File
Purpose
Size
ICCID
Serial Number
10 bytes
Integrated Circuit Card Identifier
Corresponds to the number printed on the
surface of the SIM
Identifies the SIM
Subscriber Identifier
File
IMSI
Purpose
Subscriber ID
Size
9 bytes
International Mobile Subscriber Identity
As stored in the HLR/VLR’s on the networks
Unique ID for every subscription on the
Operator’s network
Phone Number
File
Purpose
MSISDN
Phone Number
Size
variable
Mobile Station International ISDN number
Text Message Data (SMS)
File
SMS
SMSP
SMSS
Purpose
The text messages
Message parameters
Status of the message
Size
n * 176 bytes
variable
variable
Short Message Service is a popular
communication method
Most SIM’s have 12 slots for storing messages

Modern MS’s allow storage on the device as well
Text Message Data (SMS) Status
Value
00000000
00000001
00000011
00000101
00000111
Interpretation
Unused
Mobile terminated message, read
Mobile terminated message, unread
Mobile originated message, sent
Mobile originated message, not sent
When user deletes a message only the status
flag is changed

Therefore, providing the message has not been
overwritten any message in a slot can be recovered
and translated using software
Threats to SIM Data
Knowledgeable criminals will be aware of the properties
of the SIM and thus manipulate them.
Greater threat is that of cloning SIM data for illicit use
 Two key pieces of data
IMSI
The data encryption key (Ki)
 IMSI can be obtained;
Directly from the SIM using a scanning software
Eaves-dropping on the networks for unencrypted
transmission of the IMSI
 Ki cannot normally be obtained directly as it is derived
from an encryption algorithm stored on the SIM
However, if the encryption algorithm is weak then it
is possible to feed numbers
Threats to SIM Data
Obtaining blank SIMs
 These cards can be ordered from the same
source where network providers get their
cards.
 The card must then be programmed with a
special tool for programming of fresh cards.
Such a tool is distributed together with the
Sim-Scan package.
 An attacker could also get hold of a generic
smart card and smart card programmer, and
then program the card to act as a SIM.
The Equipment
Generic Properties
All MS’s have GSM standards on how they access and
communicate with the network and SIM card
Every MS has a unique ID called the International Mobile
Equipment Identity (IMEI)
Everything else is manufacturer dependent




File system
Features
Interface
Etc.
Have to request the SIM PIN if activated
May have optional MS PIN
MS Data
Very much dependent on the model, may include;











IMEI
Short Dial Numbers
Text/Multimedia Messages
Settings (languge, date/time, tone/volume etc)
Stored Audio Recordings
Stored images/multimedia
Stored Computer Files
Logged incoming calls and dialled numbers
Stored Executable Progams (eg J2ME)
Stored Calendar Events
GPRS, WAP and Internet settings
Threats to MS Data
Tools such as Flashers and Data Suites can be
used to directly manipulate MS data
Common threat is removing the Service Provider
Lock (SP-Lock) limiting the MS to a single
networked.
Changing the IMEI on stolen phones
 Networks blacklist stolen IMEI’s in the EIR.
 Can also be used to avoid tracing an MS.

Detecting changes to the IMEI
Compare the electronic IMEI with that printed on the inside of
the device
The Network
Network Operator Data
The Network Operators can provide detailed data on
calls made/received, message traffic, data transferred
and connection location/timing
The HLR can provide;









Customer name and address
Billing name and address (if other than customer)
User name and address (if other than customer)
Billing account details
Telephone Number (MSISDN)
IMSI
SIM serial number (as printed on the SIM-card)
PIN/PUK for the SIM
Subscriber Services allowed
The Call Data Records (CDR’s)
Produced in the originating MSC transferred to
the OMC


Every call
Every message
Each CDR contains;






Originating MSISDN
Terminating MSISDN
Originating and terminating IMEI
Duration of call
Type of Service
Initial serving Base Station (BTS) (not subsequent
BTSs after handover)
Threats to Network Operator
GSM not immune to interception
It is possible for the network to order the MS to switch on and off
encryption at times of high loading

This signal can be spoofed using a man-in-the-middle attack
1. Attempt to register using encryption
2. Passes on the registration request
4. Passes on authentication
3. Authenticates
5. Dials a number
6. Requests MS switch off encryption
7. Encrypts then passes on the call request
8. Call proceeds wit MIM eavesdropping
Legitimate Subscriber
Spoofing BTS
Spoofing MS
Man-in-themiddle
Operator BTS
GSM Security Operation
GSM networks utilize encryption for three
purposes:
Authentication
Encryption
Key generation
GSM Security Operation (Cont..)
GSM provides authentication of users and encryption of
the traffic across the air interface.
This is accomplished by giving the user and network a
shared secret, called Ki. This 128-bit number is stored
on the SIM-card, and is not directly accessible to the
user.
Each time the mobile connects to the network, the
network authenticates the user by sending a random
number (challenge) to the mobile.
The SIM then uses an authentication algorithm to
compute an authentication token SRES using the
random number and Ki.
GSM Security Operation (Cont..)
The mobile sends the SRES back to the network
which compares the value with an independently
computed SRES.
At the same time, an encryption key Kc is
computed. This key is used for encryption of
subsequent traffic across the air interface.
Thus, even if an attacker listening to the air
traffic could crack the encryption key Kc, the
attack would be of little value, since this key
changes each time the authentication procedure
is performed
Forensics Tools
SIMIS
 SIM card Interrogation System is the world's
leading forensic tool for examining SIM cards
forensically.
 Used throughout the world since 1997, SIMIS
has become an integral tool for law enforcement
and digital investigators.
 The SIMIS desktop software has been evaluated
by the DoD, and is complimented by a mobile
handheld device for data collection in the field
Forensics Tools
Cell Seizure:
Paraben Cell Seizure is a piece of
software that serves the main purpose of
collection and examining data pulled from
various types of cell phones.
Cell Seizure Tool
The main goal of Cell Seizure is to
organize and report various types of files.
Cell Seizure is able to generate
comprehensive HTML reports of acquired
data.
The software is able to retrieve deleted
files and check for file integrity.
Advantages of Cell Seizure
 It is designed not to change the data
stored on the SIM card or cell phone. In
other words, all of the data can be
examined while keeping the process
undetected.
 In fact, even some forensic software warns
of possible data loss. Cell Seizure does
not allow data to be changed on the
phone.
Disadvantages of Cell Seizure
 It does not support all models of cell
phones. However, this application can
acquire information from most models
made by the following companies: Nokia,
LG, Samsung, Siemens, Motorola, SonyEriccson, and can also acquire GSM SIM
Cards.
 Another disadvantage would be that the
format of acquired data can sometimes be
confusing. The data is not organized nice
and neat and given to the user in a way
that they can easily understand what they
are seeing.
Cell Seizure Features
Supports GSM, TDMA, and CDMA cell phones
Acquires text messages, address books, call logs, etc.
Acquires complete GSM SIM card
Recovers deleted data and full flash downloads
Supports multiple languages
Contains comprehensive HTML reporting and other
reporting formats
Provides advanced searching including text & hex values
Contains viewers for proprietary media file formats
Allows viewing of multiple workspaces at one time
Conclusion
The sources of evidence
 The subscriber
 The mobile station
 The network
Since GSM is the worlds largest system
for mobile communication today and also
lay the foundation for the future UMTS, it
is important to recognize the need to study
the methods and tools for forensic analysis
of the GSM system.
Download