SlideShare a Scribd company logo

Privacy & Security Aspects in Mobile Networks

Download as PPTX, PDF
DefCamp
DefCamp

This document summarizes a presentation on privacy and security aspects in mobile networks from 1G to 5G. It discusses how mobile network architectures and security have evolved with each generation, from basic access control and authentication in 2G to longer encryption keys, mutual authentication, and new key hierarchies in 4G and 5G. It provides examples of past attacks on mobile networks and how they have become easier to carry out as tools have become more widely available. Specifically, it discusses how subscriber identification methods have changed from sending IMSI in cleartext in 2G to concealed SUPI in 5G. The presentation emphasizes that securing systems is difficult and that we must learn from past mistakes as new technologies are developed.

Technology
1 of 43
Downloaded 18 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
University of Bucharest, Romania Norwegian University of Science and Technology, Norway Ruxandra F. Olimid Privacy & Security Aspects in Mobile Networks March 21st, 2019 Ladies in Cybersecurity, Bucharest
I will take you … … in a brief journey from 1G to 5G … … with focus on privacy & security aspects
Who am I
I know… I have… I am…
I am … ... a former employee (almost 10 years) *This presentation is facilitated by Orange Romania Thanksforthistalk!
I have …  ... background in Math & CS and Telecom
2008 2009 2010 2013 2006 2015 Orange BSc. Maths & CS BSc. Telecom MSc. Distr.Systems Phd. Crypto PostDoc Crypto PostDoc Mobile Security Academic Position 2018 Academic Position
Cryptanalysis of Public Key Encryption Systems BSc. (Maths & CS)2008 Security of GSM and UMTS Networks BSc. (Telecom)2009 Secret Sharing Schemes 2010 MSc. Group Key Establishment based on Secret Sharing 2013 Phd. Secret Sharing Schemes and their Applications to Multiparty Cryptographic Protocols 2015 PostDoc Mobile Communication Security 2018 PostDoc
Ruxandra F. Olimid ruxandra.olimid@fmi.unibuc.ro www.ruxandraolimid.weebly.com
I know …
From 1G to 5G
Mobile Networks Evolution [Source:http://europa.eu/rapid/press-release_MEMO-14-129_en.htm]
[Source: http://europa.eu/rapid/press-release_MEMO-14-129_en.htm ] From 1G to 4G…
… and looking forward 5G [Source:http://europa.eu/rapid/press-release_MEMO-14-129_en.htm]
Mobile Networks General Architecture [Source: http://emfguide.itu.int/emfguide.html ] • User equipment • Access network • Radio link • Core network
Privacy & Security
Privacy & Security in Mobile Networks Security Requirements Security Principles Security Architecture Vulnerabilities Attacks
Wireless vs. Wired Goal: GSM should be as secure as the wired network (PSTN) … …but, security mechanisms should not have a negative impact on the usability of the system Sounds familiar? ... Wired Equivalence Privacy (WEP) Wireless: Easy / direct access to the medium (radio) – MitM, jamming Difficulty to detect passive attacks (privacy concerns) Broadcast communication Dynamicity (roaming, mobility, etc.) Constraint devices and capabilities (computational power, energy consumption)
Security Improvements 2G 3G 4G 5G + Access control to the MS (PIN) + Anonymity of subscribers (TMSI) + Authentication of subscribers (SIM) + Confidentiality (encryption) Secret algorithms, short keys, limited encryption Unilateral authentication
Security Improvements 2G 3G 4G 5G + Access control to the MS (PIN) + Anonymity of subscribers (TMSI) + Authentication of subscribers (SIM) + Confidentiality (encryption) + New facilities (USIM) + Longer crypto keys (128 bits) + Expand the encrypted communication (until RNC) + SQN no. (for freshness and mitigate replay attacks) + Integrity (MACs) + Mutual authentication Weaknesses (MitM) End-to-end security?
Security Improvements 2G 3G 4G 5G + Access control to the MS (PIN) + Anonymity of subscribers (TMSI) + Authentication of subscribers (SIM) + Confidentiality (encryption) + New facilities (USIM) + Longer crypto keys (128 bits) + Expand the encrypted communication (until RNC) + SQN no. (for freshness and mitigate replay attacks) + Integrity (MACs) + Mutual authentication + Physical security for eNodeB + New key hierarchy + Crypto improvements
Security Improvements 2G 3G 4G 5G + Access control to the MS (PIN) + Anonymity of subscribers (TMSI) + Authentication of subscribers (SIM) + Confidentiality (encryption) + New facilities (USIM) + Longer crypto keys (128 bits) + Expand the encrypted communication (until RNC) + SQN no. (for freshness and mitigate replay attacks) + Integrity (MACs) + Mutual authentication + Physical security for eNodeB + New key hierarchy + Crypto improvements + Public-key crypto + … (isolation, )
Security Improvements 2G 3G 4G 5G Security improvements WEP WPA WPA2 WPA3 Breaking is easy! Securing is hard! Sounds familiar?
[Source: https://www.krackattacks.com/ ] Attacks in the wireless world
[Source: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/] Attacks in the wireless world
[Source: https://rayzone.com/products/piranha-2g-3g-and-4g-imsi-catcher/ ] Attacks (?!) in the wireless world
[Source: https://www.enisa.europa.eu/publications/annual-report-telecom-security-incidents-2017 ] Attacks in the wireless world Incidents caused by malicious actions are rare: Only a small percentage of reported incidents (2.5% in 2017) was categorized as caused by malicious actions. This percentage reduced by half compared to the previous year (5.1% in 2016).
One specific example
Subscriber’s Identification IMSI Identification
Evolution 2G 3G 4G 5G Security improvements Increased technical capabilities for the large public Simpler attacks More difficult to obtain the tools More advanced attacks Easiest to obtain the tools
Evolution More difficult to obtain the tools Easiest to obtain the tools Increased technical capabilities for the large public
Low-cost tools available at large scale Easy to obtain the tools Easy to obtain the tools Facilitates attacks Facilitates experimentation
Evolution 2G 3G 4G 5G Security improvements Simpler attacks More advanced attacks Unilateral authentication Mutual authentication
Evolution 2G 3G 4G 5G Security improvements Increased technical capabilities for the large public Easy to make the phone accept a fake tower… But difficult to get the tools for it More difficult to make the phone accept a fake tower… But easy to obtain the necessary tools
Subscriber’s Identification IMSI Identification IMSI TMSI1 TMSI2
Identity Request Identity Request (IMSI) Identity Response (IMSI) [. . . ] requests the user to send its permanent identity. The user's response contains the IMSI in cleartext. This represents a breach in the provision of user identity confidentiality. [Source: ETSI TS 133 401 V14.4.0 (2017-10)] 2G 3G 4G 5G
Experimental Work UE eNodeB Identity Request (IMSI) Identity Response (IMSI)
Experimental Work [Source: http://ruxandraolimid.weebly.com/uploads/2/0/1/0/20109229/final_lte.pdf ]
5G - Identity Request Identity Request Identity Response (never: SUPI) “In response to the Identifier Request message, the UE never sends the SUPI.” . [Source: ETSI TS 133 501 V15.2.0 (2018-09)] 2G 3G 4G 5G
5G – SUPI Concealment [Source: ETSI TS 133 501 V15.2.0 (2018-09) ] Eph. private key 1> Eph. key pair generation 2> Key agreement Eph. shared key 3> Key derivation 4> Symmetric encryption Eph. public key Public key of HN Plaintext block Cipher- text value Eph. enc. key, ICB Final output = Eph. public key || Ciphertext || MAC tag [|| any other parameter] Eph. mac key MAC-tag value 5> MAC function
Message to take home
Learn from the mistakes Consider technological evolution Do we really need so much digitalization / automation / …? Speed of development vs. security Still many aspects not referred to in this talk … Breaking is easy! Securing is hard! … but we need to do our best [Source: https://youtu.be/nwPtcqcqz00 ]
Thank you!

More Related Content

What's hot (20)

PPT
Security in wireless cellular network
Awais Mansoor Chohan
 
PDF
CRYPTOGRAPHY & NETWORK SECURITY
Jyothishmathi Institute of Technology and Science Karimnagar
 
PDF
A Security Overview of Wireless Sensor Network
IJCSIS Research Publications
 
PPTX
WLAN Attacks and Protection
Chandrak Trivedi
 
PDF
Securing the Use of Wireless Fidelity (WiFi) in Libraries
Philippine Association of Academic/Research Librarians
 
PPT
Network security and protocols
Online
 
PDF
Cit877[1]
poonamjindal6
 
PPTX
Mobile slide
Aman singh
 
PPT
Wireless security presentation
Muhammad Zia
 
PDF
Network Security & Attacks
Netwax Lab
 
PPTX
WLAN SECURITY BY SAIKIRAN PANJALA
Saikiran Panjala
 
PPT
Network security
Vikas Jagtap
 
PPTX
Network security ppt
OECLIB Odisha Electronics Control Library
 
PDF
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
 
PDF
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
IRJET Journal
 
PDF
www.ijerd.com
IJERD Editor
 
PDF
Security in MANET based on PKI using fuzzy function
IOSR Journals
 
PDF
Wireless Lan Security
SANDEEPONSLIDESHARE
 
PDF
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Dr. Amarjeet Singh
 
PDF
Security Key Management Model for Low Rate Wireless Personal Area Networks
CSCJournals
 
Security in wireless cellular network
Awais Mansoor Chohan
 
CRYPTOGRAPHY & NETWORK SECURITY
Jyothishmathi Institute of Technology and Science Karimnagar
 
A Security Overview of Wireless Sensor Network
IJCSIS Research Publications
 
WLAN Attacks and Protection
Chandrak Trivedi
 
Securing the Use of Wireless Fidelity (WiFi) in Libraries
Philippine Association of Academic/Research Librarians
 
Network security and protocols
Online
 
Cit877[1]
poonamjindal6
 
Mobile slide
Aman singh
 
Wireless security presentation
Muhammad Zia
 
Network Security & Attacks
Netwax Lab
 
WLAN SECURITY BY SAIKIRAN PANJALA
Saikiran Panjala
 
Network security
Vikas Jagtap
 
Network security ppt
OECLIB Odisha Electronics Control Library
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
IRJET Journal
 
www.ijerd.com
IJERD Editor
 
Security in MANET based on PKI using fuzzy function
IOSR Journals
 
Wireless Lan Security
SANDEEPONSLIDESHARE
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Dr. Amarjeet Singh
 
Security Key Management Model for Low Rate Wireless Personal Area Networks
CSCJournals
 

Similar to Privacy & Security Aspects in Mobile Networks (20)

PDF
Nt1310 Unit 6 Powerpoint
Janet Robinson
 
PPTX
Automotive security (cvta)
Alan Tatourian
 
PDF
B010331019
IOSR Journals
 
PDF
Signaling security essentials. Ready, steady, 5G!
PositiveTechnologies
 
PPT
Security in bluetooth, cdma and umts
Ankit Gupta
 
PPT
Security in bluetooth, cdma and umts
Ankit Gupta
 
PDF
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PROIDEA
 
PPTX
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
JM code group
 
PPT
Cryptographysecurity 1222867498937700-9
muthulx
 
PPTX
Secrity project keyvan
itrraincity
 
PDF
Positive approach to security of Core networks
PositiveTechnologies
 
PDF
Iaetsd network security and
Iaetsd Iaetsd
 
PPT
Yared Hankins Wireless Key
solvecore
 
PPT
Voice securityprotocol review
Fabio Pietrosanti
 
PPTX
Mobile computing security
Zachariah Pabi
 
PDF
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Djadja Sardjana
 
PPTX
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Bryan Len
 
PDF
VoIP security
Mile Blenton
 
PDF
International Refereed Journal of Engineering and Science (IRJES)
irjes
 
PDF
A Review Study on Secure Authentication in Mobile System
Editor IJCATR
 
Nt1310 Unit 6 Powerpoint
Janet Robinson
 
Automotive security (cvta)
Alan Tatourian
 
B010331019
IOSR Journals
 
Signaling security essentials. Ready, steady, 5G!
PositiveTechnologies
 
Security in bluetooth, cdma and umts
Ankit Gupta
 
Security in bluetooth, cdma and umts
Ankit Gupta
 
PLNOG20 - Piotr Gruszczyński - Bezpieczeństwo sieci komórkowej
PROIDEA
 
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
JM code group
 
Cryptographysecurity 1222867498937700-9
muthulx
 
Secrity project keyvan
itrraincity
 
Positive approach to security of Core networks
PositiveTechnologies
 
Iaetsd network security and
Iaetsd Iaetsd
 
Yared Hankins Wireless Key
solvecore
 
Voice securityprotocol review
Fabio Pietrosanti
 
Mobile computing security
Zachariah Pabi
 
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Djadja Sardjana
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Bryan Len
 
VoIP security
Mile Blenton
 
International Refereed Journal of Engineering and Science (IRJES)
irjes
 
A Review Study on Secure Authentication in Mobile System
Editor IJCATR
 
Ad

More from DefCamp (20)

PDF
Remote Yacht Hacking
DefCamp
 
PDF
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
DefCamp
 
PPTX
The Charter of Trust
DefCamp
 
PPTX
Internet Balkanization: Why Are We Raising Borders Online?
DefCamp
 
PPTX
Bridging the gap between CyberSecurity R&D and UX
DefCamp
 
PPTX
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp
 
PPTX
Drupalgeddon 2 – Yet Another Weapon for the Attacker
DefCamp
 
PPTX
Economical Denial of Sustainability in the Cloud (EDOS)
DefCamp
 
PPTX
Trust, but verify – Bypassing MFA
DefCamp
 
PPTX
Threat Hunting: From Platitudes to Practical Application
DefCamp
 
PPTX
Building application security with 0 money down
DefCamp
 
PPTX
Implementation of information security techniques on modern android based Kio...
DefCamp
 
PPTX
Lattice based Merkle for post-quantum epoch
DefCamp
 
PPTX
The challenge of building a secure and safe digital environment in healthcare
DefCamp
 
PPTX
Timing attacks against web applications: Are they still practical?
DefCamp
 
PPTX
Tor .onions: The Good, The Rotten and The Misconfigured
DefCamp
 
PPTX
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
PPTX
We will charge you. How to [b]reach vendor’s network using EV charging station.
DefCamp
 
PPTX
Connect & Inspire Cyber Security
DefCamp
 
PPTX
The lions and the watering hole
DefCamp
 
Remote Yacht Hacking
DefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
DefCamp
 
The Charter of Trust
DefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
DefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
DefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
DefCamp
 
Trust, but verify – Bypassing MFA
DefCamp
 
Threat Hunting: From Platitudes to Practical Application
DefCamp
 
Building application security with 0 money down
DefCamp
 
Implementation of information security techniques on modern android based Kio...
DefCamp
 
Lattice based Merkle for post-quantum epoch
DefCamp
 
The challenge of building a secure and safe digital environment in healthcare
DefCamp
 
Timing attacks against web applications: Are they still practical?
DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
DefCamp
 
Connect & Inspire Cyber Security
DefCamp
 
The lions and the watering hole
DefCamp
 
Ad

Recently uploaded (20)

PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
July Patch Tuesday
Ivanti
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PPTX
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PPTX
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
July Patch Tuesday
Ivanti
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 

Privacy & Security Aspects in Mobile Networks