Security model evaluation of 3 g
Download as PPTX, PDF0 likes704 views
The document evaluates the security model of 3G wireless networks. It begins with an overview of 1G and 2G wireless technologies and their limitations. It then describes the key security principles of 3G networks, which were designed to address issues with previous generations like weak encryption algorithms and lack of data integrity. The document outlines both the security architecture and new features of 3G, such as network authentication and stronger encryption, that provide improved security compared to earlier standards.
Security model evaluation of 3 g
- 1. SECURITY MODEL EVALUATION OF 3G WIRELESS NETWORKS MERCY J ABINAYA K 1
- 2. OVERVIEW • Abstract • Wireless Network • 3G Wireless Network • Security Principles for 3 G • References • Conclusion 2
- 3. ABSTRACT • 3G mobile phone networks are currently the most widely used wireless telephone networks in the world. • While being an improvement over earlier analog systems, active attacks, authentication, encryption, channel hijack, inflexibility • 3G mobile phone standards have been designed to address the issues in 2G and provide a better security model. • Overview of security in 3G networks along with pointing out the known problems. • Security features of 3G systems are presented and solved . 3
- 4. 1G WIRELESS TECHNOLOGY Developed in 1980s and completed in early 1990’s 1G was old analog system and supported the 1st generation of analog cell phones speed up to 2.4kbps Advance mobile phone system (AMPS) was first launched by the US and is a 1G mobile system Allows users to make voice calls in 1 country 4
- 5. 2G phones using global system for mobile communications (GSM) were first used in Europe. GSM provides voice and limited data services and uses digital modulation for improved audio quality. Digital AMPS , CDMA were some of the 2G systems. 5
- 6. To meet the growing demand in network capacity, rates required for high speed data transfer and multimedia applications , 3G standards started evolving. It is based on the International Telecommunication Union (ITU) family of standards. 3G technologies enable network operators to offer users a wider range of more advanced services. Services include wide-area wireless voice telephony, video-calls and broadband wireless data , all in a mobile environment. The data are sent through the technology called Packet switching.Voice calls are interpreted through circuit switching. 6
- 7. FEATURES INCLUDES 7
- 8. 3G Network Security Architecture Circuit Network Circuit/ Signaling Gateway Mobility Manager Feature Circuit IN Services Server(s) Switch RNC Call Agent Voice Data + Packet IP Core Voice RAC Network Packet Network (Internet) Packet Gateway IP RAN 2G 2G/2.5G 3G 8
- 9. 3G Security Principles • Build on GSM security • Correct problems with GSM security • Add new security features Source: 3GPP 9
- 10. GSM Security Architecture 10 10
- 11. GSM Security Elements, 1 Key functions: privacy, integrity and confidentiality Authentication Protect from unauthorized service access Based on the authentication algorithm A3(Ki, RAND)=> SRES Problems with inadequate algorithms Encryption Scramble bit streams to protect signaling and user data Ciphering algorithm A8(Ki, RAND) => Kc A5(Kc, Data) => Encrypted Data Need stronger encryption Confidentiality Prevent intruder from identifying users by IMSI Temporary MSI Need more secure mechanism 11
- 12. GSM Security Elements, 2 SIM A removable hardware security module Manageable by network operators Terminal independent Secure Application Layer Secure application layer channel between subscriber module and home network Transparency Security features operate without user assistance Needs greater user visibility Minimized Trust Requires minimum trust between HE and SN 12
- 13. Problems with GSM Security, 1 Active Attacks Impersonating network elements such as false BTS is possible Key Transmission Cipher keys and authentication values are transmitted in clear within and between networks (IMSI, RAND, SRES, Kc) Limited Encryption Scope Encryption terminated too soon at edge of network to BTS Communications and signaling in the fixed network portion aren’t protected Designed to be only as secure as the fixed networks Channel Hijack Protection against radio channel hijack relies on encryption. However, encryption is not used in some networks. 13
- 14. Problems with GSM Security, 2 • Implicit Data Integrity No integrity algorithm provided • Unilateral Authentication Only user authentication to the network is provided. No means to identify the network to the user. • Weak Encryption Algorithms Key lengths are too short, while computation speed is increasing Encryption algorithm COMP 128 has been broken Replacement of encryption algorithms is quite difficult • Unsecured Terminal IMEI is an unsecured identity Integrity mechanisms for IMEI are introduced late 14
- 15. Problems with GSM Security, 3 Lawful Interception & Fraud Considered as afterthoughts Lack of Visibility No indication to the user that encryption is on No explicit confirmation to the HE that authentication parameters are properly used in SN when subscribers roam Inflexibility Inadequate flexibility to upgrade and improve security functionality over time 15
- 16. New Security Features, 1 Network Authentication The user can identify the network Explicit Integrity Data integrity is assured explicitly by use of integrity algorithms Also stronger confidentiality algorithms with longer keys Network Security Mechanisms to support security within and between networks Switch Based Security Security is based within the switch rather than the base station IMEI Integrity Integrity mechanisms for IMEI provided from the start 16
- 17. New Security Features, 2 Secure Services Protect against misuse of services provided by SN and HE Secure Applications Provide security for applications resident on USIM Fraud Detection Mechanisms to combating fraud in roaming situations Flexibility Security features can be extended and enhanced as required by new threats and services Visibility and Configurability Users are notified whether security is on and what level of security is available Users can configure security features for individual services 17
- 18. New Security Features, 3 Compatibility Standardized security features to ensure world-wide interoperability and roaming At least one encryption algorithm exported on world-wide basis Lawful Interception Mechanisms to provide authorized agencies with certain information about subscribers 18
- 19. Evolution to 3G Drivers: Capacity, Data Speed, Cost Expected market share TDMA EDGE EDGE Evolution 3GPP Core GSM GPRS Network 90% WCDMA HSDPA/HSUPA PDC cdmaOne CDMA2000 10% 1x CDMA2000 CDMA2000 1x EV/DO EV/DO Rev A 2G First Step into 3G 3G phase 1 Evolved 3G 19
- 20. CONCLUTION This paper presented a survey of three generations of mobile phone systems from a security perspective 3G networks standards were evaluated within availability confidentiality- integrity framework and found to not be secure Hence New Security Features has been presented and solved. Finally, there is no experimental data supporting the claim that 3G systems aren’t secure. Future work can be geared toward filling those gaps.
- 21. References • 3G TS 33.120 Security Principles and Objectives http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300.pdf • 3G TS 33.120 Security Threats and Requirements http://www.arib.or.jp/IMT-2011/ARIB-spec/ARIB/21133-310.PDF • Michael Walker “On the Security of 3GPP Networks” http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/mike_walker.pdf • Redl, Weber, Oliphant “An Introduction to GSM” Artech House, 2010 • Joachim Tisal “GSM Cellular Radio Telephony” John Wiley & Sons, 2009 • Lauri Pesonen “GSM Interception” http://www.dia.unisa.it/ads.dir/corso-security/www/CORSO-9900/a5/Netsec/netsec.html • 3G TR 33.900 A Guide to 3rd Generation Security ftp://ftp.3gpp.org/TSG_SA/WG3_Security/_Specs/33900-120.pdf • 3G TS 33.102 Security Architecture ftp://ftp.3gpp.org/Specs/2000-12/R1999/33_series/33102-370.zip • 3G TR 21.905 Vocabulary for 3GPP Specifications http://www.quintillion.co.jp/3GPP/Specs/21905-010.pdf 21
- 22. Are Their Any Questions??