Defending mobile phones. Karsten Nohl, Luca Melette,
|
|
- Russell Norman
- 8 years ago
- Views:
Transcription
1 Defending mobile phones Karsten Nohl, Luca Melette,
2 GSM networks provide the base for various attacks SS7 Phone Base station GSM backend network User database (HLR) Vulnerability -> attack vector User naiveté -> Phishing OS bugs -> Malware Lack of network authentication -> Fake base stations Weak encryption, predictable plaintext -> Intercept Irregular authentication -> Mobile impersonation HLR leaks -> User tracking Covered in this lecture 1
3 Agenda HAR2009 / 26C3 Mobile impersonation GSM network defenses GSM self-defense GSM encryption can be cracked with GPUs
4 Premium number/sms fraud is on the rising
5 Fraud can happen through mobile impersonation Legitimate transactions authenticated with TMSI, KC Illegitimate transaction Send premium SMS Access voice mail Circumvent caller-id-based authentication Phone knows: 1. TMSI ( temporary user name) 2. KC ( temporary password) Osmocom phone sniffs legitimate transaction Attacker breaks KC within seconds Decrypting the transaction with KC reveals the current TMSI Phone programmed with authenticators emulates target phone Intercept attack Impersonation attack 4
6 Agenda 27C3 Mobile impersonation GSM network defenses GSM self-defense GSM network wish list 1.SMS home routing 2.Randomized padding 3.Rekeying before each call and SMS 4.Frequent TMSI changes 5.Frequency hopping 5
7 Cracking GSM requires both a weak cipher and predictable transactions A5/1 cracking A5/1 key steam Plaintext 1 GSM weakness: Plaintext is often predictable A5/1 key steam 2 GSM weakness: Encryption is breakable This weakness could quickly disappear, putting GSM crackers out of business
8 Some network defenses can be deployed within weeks GSM weakness Mitigations Measures Cost Deployment time GSM crackers rely on 2 GSM weaknesses 1 Predictable plaintext 2 Stream cipher with small state 3 Padding randomization SI randomization A5/3 A5/4 Software update (free to a few millions $) New base station controllers (tens to hundreds of millions $) Weeks 1-2 years Statistical weaknesses
9 GSM transaction are often highly predictable SDCCH trace d b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b e 02 ea 81 5c b 2b 2b d 9f 6d b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b a a e 0d 02 d b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b Mitigations Padding randomization was standardized in 2008 (TS44.006) SI5/SI6 randomization standardized in 2011 (TS ) Do not encrypt predictable control messages being standardized, however not backward-compatible with existing phones (GP and GP ) 8
10 Randomizing control messages can win the arms race against A5/1 crackers GSM security upgrades 1. Basic network randomization 2. Full network randomization 3a. A5/3 encryption OR 3b. Uplink randomiz. Effect Current A5/1 black boxes drop to < 30% success rate Current black boxes drop to < 5% for long-range (passive) sniffing Current black boxes are defeated, even in short-range and active operations Popularity Patches available Standardization finalized Select networks plan A5/3 upgrades Roll-outs in some networks Select operators test proprietary ideas A5/3 available on new phones (but buggy on at least one!) Randomization available on latest chips, seen on 1 phone 9
11 Network operators greatly differ in protection, none implements all available security Select European networks ordered by their protection against impersonation* Example best-inclass networks Example weak networks... Authenticated Randomization calls, % Padding SI HLR blocking** No network currently implements all available protection measures * Based on the SRLabs GSM security metric v0.6, ** Parameter not relevant for mobile impersonation 10
12 The GSM security metric quantifies the protection against 3 attacks relative to best practices Relevant attacks Impersonation Example security parameters Encryption Authentication frequency Reference network 2011 A5/1 100% Intercept Padding randomization SI randomization Tracking HLR blocking TMSI change 100% Reference will be updated yearly to reflect ongoing technology evolution
13 Help us create transparency around networks defense abilities gsmmap.org network comparison Please help in collecting data for the rest of the world and in keeping the map up to date All you need is an Osmoconcapable phone
14 Agenda Mobile impersonation GSM network defenses 26C3 GSM self-defense Fake BTS
15 IMSI catcher attacks can be detected Fake base stations ( IMSI catchers ) are used towards three illegitimate purposes 1 Phone inventory Phone and SIM card identifier (IMEI, IMSI) are harvested to build location profiles Fake base stations leave suspicious traces Evidence on phone Location rejects Evidence in network Unusual location update queries 2 Pinpointing The phone is forced into a silent call that is tracked as a radio token Silent call at highest send power 3 Man-in-themiddle Calls and SMS are routed through the fake base station and intercepted Unencrypted transactions Authentication delays (for encrypting attacks) The CatcherCatcher project detects this evidence on Osmocom phones 14
16 Questions? GSM map, Osmocom patches CatcherCatcher project Mailing lists (gsmmap, CatcherCatcher) gsmmap.org opensource.srlabs.de lists.srlabs.de Karsten Nohl Luca Melette
Mobile network security report: Poland
Mobile network security report: Poland GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin February 2015 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationGSM security country report: Germany
GSM security country report: Germany GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin December 2013 Abstract. GSM networks differ widely in their protection capabilities against common attacks.
More informationGSM security country report: USA
GSM security country report: USA GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin August 2013 Abstract. GSM networks differ widely in their protection capabilities against common attacks.
More informationMobile network security report: Germany
Mobile network security report: Germany GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin December 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationMobile network security report: Belgium
Mobile network security report: Belgium GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin December 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationMobile network security report: Netherlands
Mobile network security report: Netherlands GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin July 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationMobile network security report: Poland
Mobile network security report: Poland GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin October 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationMobile network security report: Greece
Mobile network security report: Greece GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin October 2012 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationMobile network security report: Norway
Mobile network security report: Norway GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin August 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationGSM Research. Chair in Communication Systems Department of Applied Sciences University of Freiburg 2010
Chair in Communication Systems Department of Applied Sciences University of Freiburg 2010 Dennis Wehrle, Konrad Meier, Dirk von Suchodoletz, Klaus Rechert, Gerhard Schneider Overview 1. GSM Infrastructure
More informationMobile self- defense. Karsten Nohl <nohl@srlabs.de> SRLabs Template v12
Mobile self- defense Karsten Nohl SRLabs Template v12 Agenda SS7 a0acks 3G security Self- defense opfons 2 SS7 network enables exchange of SMS and cryptographic keys Mobile operator Exchange
More informationGSM Risks and Countermeasures
GSM Risks and Countermeasures STI Group Discussion and Written Project Authors: Advisor: Johannes Ullrich Accepted: February 1, 2010 Abstract Recent research has shown that GSM encryption can be cracked
More informationKarsten Nohl, karsten@srlabs.de. Breaking GSM phone privacy
arsten Nohl, karsten@srlabs.de Breaking GSM phone privacy GSM is global, omnipresent and wants to be hacked 80% of mobile phone market 200+ countries 5 billion users! GSM encryption introduced in 1987
More informationMonitoring mobile communication network, how does it work? How to prevent such thing about that?
Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘 維 亞 周 明 哲 劉 子 揚 (P78017058) (P48027049) (N96011156) 1 Contents How mobile communications work Why monitoring?
More informationSecurity of phone communications
Security of phone communications Authentication, identification and mobile security Matej Kovačič (CC) 2015 This work is published under Creative Commons licence: AttributionNonCommercial-ShareAlike 2.5
More information(U)SimMonitor: A Mobile Application for Security Evaluation of Cellular Networks
(U)SimMonitor: A Mobile Application for Security Evaluation of Cellular Networks Christos Xenakis, Christoforos Ntantogian, Orestis Panos Department of Digital Systems, University of Piraeus Piraeus, Greece
More informationWireless Phone GSM tracking. Denis Foo Kune, John Koelndorfer, Nick Hopper, Yongdae Kim
Wireless Phone GSM tracking Denis Foo Kune, John Koelndorfer, Nick Hopper, Yongdae Kim Can someone track your phone? GPS Need access to phone Cell network trilateration/triangulation Multiple base stations
More informationReviving smart card analysis
Reviving smart card analysis Christopher Tarnovsky Karsten Nohl chris@flylogic.net nohl@srlabs.de Executive summary Modern smart cards should be analyzed 1. Smart card chips provide the trust base for
More informationGSM and UMTS security
2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages
More informationRADIUS. Brief brochure. Product Purpose
Product Purpose The Product is designed for searching, intercepting, registering and analyzing of communication sessions as well as service information circulating in cellular GSM networks without encryption
More informationSecurity in cellular-radio access networks
Security in cellular-radio access networks Ravishankar Borgaonkar, Oxford University 5G Security Workshop Stockholm, Sweden 11 May 2016 Outline Radio Access Network Layered Security Emerging low cost attacks
More informationUMTS security. Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003
UMTS security Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003 Contents UMTS Security objectives Problems with GSM security UMTS security mechanisms
More informationSPYTEC 3000 The system for GSM communication monitoring
SPYTEC 3000 The system for GSM communication monitoring The SPYTEC 3000 system is intended for passive (if system encryption is absent of if A5.2 encryption is used) or semi-active (if A5.1 encryption
More informationKarsten Nohl University of Virginia. Henryk Plötz HU Berlin
Karsten Nohl University of Virginia Henryk Plötz HU Berlin Radio Frequency IDentification Tiny computer chips Passively Powered Karsten Nohl, Henryk Plötz - RFID Security 2 Constant monitoring is already
More informationSecurity in the GSM Network
Security in the GSM Network Ammar Yasir Korkusuz 2012 Bogazici University, Electrical-Electronics Engineering Department, MSc. Student EE 588 NETWORK SECURITY TERM PROJECT Abstract: GSM is the biggest
More informationUsing an approximated One-Time Pad to Secure Short Messaging Service (SMS)
Using an approximated One-Time Pad to Secure Short Messaging Service (SMS) N.J Croft and M.S Olivier Information and Computer Security Architectures (ICSA) Research Group Department of Computer Science
More informationHow to hack your way out of home detention
How to hack your way out of home detention About me William @Amm0nRa Turner @Assurance Disclaimer: I own this system (and 0wn it) The following information is for academic purposes only Don t use this
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationCellular Analysis for Legal Professionals Larry E. Daniel Digital Forensic Examiner and Cellular Analyst EnCE, DFCP, BCE, ACE, CTNS, AME
Cellular Analysis for Legal Professionals Larry E. Daniel Digital Forensic Examiner and Cellular Analyst EnCE, DFCP, BCE, ACE, CTNS, AME Copyright 2015, Guardian Digital Forensics Cellular Telephone Easy
More informationKarsten Nohl, Chris Paget 26C3, Berlin GSM SRSLY?
Karsten Nohl, Chris Paget 26C3, Berlin GSM SRSLY? Summary: GSM Encryption needs to be shown insecure GSM is constantly under attack: A5/1 cipher shown insecure repeatedly Lack of network authentication
More information(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation
(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation DR. C. NTANTOGIAN 1, DR. C. XENAKIS 1, DR. G. KAROPOULOS 2 1 DEPT. O F DIGITAL SYST EMS,
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationSecurity of mobile TAN on smartphones
Security of mobile TAN on smartphones A risk analysis for the ios and Android smartphone platforms Master thesis Author: University: Faculty: Course: Laurens Koot (s4035186) Radboud University Nijmegen
More informationSS7 & LTE Stack Attack
SS7 & LTE Stack Attack Ankit Gupta Black Hat USA 2013 akg0x11@gmail.com Introduction With the evolution of IP network, Telecom Industries are using it as their core mode of communication for their network
More informationPM ASSIGNMENT. Security in Mobile Telephony and Voice over IP
PM ASSIGNMENT Security in Mobile Telephony and Voice over IP Christian Wallin Christian.wallin.7513@student.uu.se Danlu Fu danlu.fu.6095@student.uu.se David Alfonso david.alfonso.5823@student.uu.se 1.
More informationCh 2.3.3 GSM PENN. Magda El Zarki - Tcom 510 - Spring 98
Ch 2.3.3 GSM In the early 80 s the European community decided to work together to define a cellular system that would permit full roaming in all countries and give the network providers freedom to provide
More informationIAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner johannes.feichtner@iaik.tugraz.at IAIK
Motivation 2 Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at What you have heard last time Mobile devices: Short history, features Technical evolution, major OS,
More informationGSM Databases. Virginia Location Area HLR Vienna Cell Virginia BSC. Virginia MSC VLR
Update ( Update Procedure) Network Mobiles Maryland Maryland Other Rockville Bethesda Maryland Mobile Mobile Cell Cell HLR Vienna Cell 12-Jun-14 22:48 (Page 1) This sequence diagram was generated with
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationLTE security and protocol exploits
LTE security and protocol exploits Roger Piqueras Jover Wireless Security Research Scientist Security Architecture Bloomberg LP ShmooCon January 2016 About me Wireless Security Researcher (aka Security
More informationWorldwide attacks on SS7 network
Worldwide attacks on SS7 network P1 Security Hackito Ergo Sum 26 th April 2014 Pierre-Olivier Vauboin (po@p1sec.com) Alexandre De Oliveira (alex@p1sec.com) Agenda Overall telecom architecture Architecture
More information10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011
10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s
More informationAn Example of Mobile Forensics
An Example of Mobile Forensics Kelvin Hilton K319 kchilton@staffsacuk k.c.hilton@staffs.ac.uk www.soc.staffs.ac.uk/kch1 Objectives The sources of evidence The subscriber The mobile station The network
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationBusiness Phone Security. Threats to VoIP and What to do about Them
Business Phone Security Threats to VoIP and What to do about Them VoIP and Security: What You Need to Know to Keep Your Business Communications Safe Like other Internet-based applications, VoIP services
More informationVerfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014
Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution
More information2 System introduction
2 System introduction Objectives After this chapter the student will: be able to describe the different nodes in a GSM network. be able to describe geographical subdivision of a GSM network. be able to
More informationMobile Security. Practical attacks using cheap equipment. Business France. Presented the 07/06/2016. For. By Sébastien Dudek
Mobile Security Practical attacks using cheap equipment Presented the 07/06/2016 Business France By Sébastien Dudek For Content Security measures Recent publications in the hacking community Practical
More informationMobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager
Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime
More informationIMSI Catcher. Daehyun Strobel. 13.Juli 2007. Seminararbeit Ruhr-Universität Bochum. Chair for Communication Security Prof. Dr.-Ing.
IMSI Catcher Daehyun Strobel 13.Juli 2007 Seminararbeit Ruhr-Universität Bochum Chair for Communication Security Prof. Dr.-Ing. Christof Paar Contents 1 Introduction 1 2 GSM (Global System for Mobile
More informationMobile Phone Network Security
Mobile Phone Network Security Internet Security [1] VU Adrian Dabrowski, Markus Kammerstetter, Georg Merzdovnik, Stefan Riegler and Aljosha Judmayer inetsec@seclab.tuwien.ac.at Mobile phone networks 1G
More informationAchieving Truly Secure Cloud Communications. How to navigate evolving security threats
Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.
More informationInformation Security. Be Aware, Secure, and Vigilant. https://www.gosafeonline.sg/ Be vigilant about information security and enjoy using the internet
Be Aware, Secure, and Vigilant Information Security Use the Internet with Confidence Be vigilant about information security and enjoy using the internet https://www.gosafeonline.sg/ The Smartphone Security
More informationEvaluating GSM A5/1 security on hopping channels
Evaluating GSM A5/1 security on hopping channels Bogdan Diaconescu v1.0 This paper is a practical approach on evaluating A5/1 stream cipher on a GSM hopping network air interface called Um. The end goal
More informationLTE and IMSI catcher myths
LTE and IMSI catcher myths Ravishankar Borgaonkar, Altaf Shaik, N. Asokan, ValAeri Niemi, Jean- Pierre Seifert Blackhat EU, Amsterdam, Netherlands 13 November 2015 Outline Fake base stamons in GSM/3G LTE/4G
More informationGSM. Global System for Mobile Communications, 1992. Security in mobile phones. System used all over the world. Sikkerhed04, Aften Trusler
GSM Global System for Mobile Communications, 1992 Security in mobile phones System used all over the world 1 GSM: Threat Model What Cloning Eavesdropping Tracking Who Criminals Secret Services Why Break
More informationTheory and Practice. IT-Security: GSM Location System Syslog XP 3.7. Mobile Communication. December 18, 2001. GSM Location System Syslog XP 3.
Participant: Hack contacting... IT-Security: Theory and Practice Mobile Communication December 18, 2001 Uwe Jendricke uwe@iig.uni-freiburg.de Lecture Homepage: http://www.informatik.uni-freiburg.de/~softech/teaching/ws01/itsec/
More informationTELE 301 Network Management. Lecture 16: Remote Terminal Services
TELE 301 Network Management Lecture 16: Remote Terminal Services Haibo Zhang Computer Science, University of Otago TELE301 Lecture 16: Remote Terminal Services 1 Today s Focus Remote Terminal Services
More informationSS7: Locate. Track. Manipulate.
You have a remote-controlled tracking device in your pocket Tobias Engel @2b_as 2 Signalling System #7 Protocol suite used by most telecommunications network operators throughout the world
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationMobile Communications
October 21, 2009 Agenda Topic 2: Case Study: The GSM Network 1 GSM System General Architecture 2 GSM Access network. 3 Traffic Models for the Air interface 4 Models for the BSS design. 5 UMTS and the path
More information9.1 Introduction. 9.2 Roaming
9 Location Updating Objectives After this chapter the student will: be able to define the concepts of roaming and location updating. be able to name the different types of location updating and why they
More informationWHITE PAPER Security in M2M Communication What is secure enough?
WHITE PAPER Security in M2M Communication What is secure enough? Motivation Wireless Machine-To-Machine (M2M) communication has grown dramatically over the past decade and is still growing rapidly. In
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationWireless Security: Token, WEP, Cellular
Wireless Security: Token, WEP, Cellular 27 May 2015 Lecture 9 Some slides adapted from Jean-Pierre Seifert (TU Berlin) 27 May 2015 SE 425: Communication and Information Security 1 Topics for Today Security
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationDistributed Denial of Service Attack Tools
Distributed Denial of Service Attack Tools Introduction: Distributed Denial of Service Attack Tools Internet Security Systems (ISS) has identified a number of distributed denial of service tools readily
More informationHouse intercoms attacks
House intercoms attacks When frontdoors become backdoors Presented the 02/07/2016 NDH 2016 By Sébastien Dudek For About me Company: Synacktiv Interests: radio-communications (Wi-Fi, RFID, GSM, PLC...),
More informationAttacking Automatic Wireless Network Selection. Dino A. Dai Zovi and Shane A. Macaulay {ddaizovi,smacaulay1}@bloomberg.com
Attacking Automatic Wireless Network Selection Dino A. Dai Zovi and Shane A. Macaulay {ddaizovi,smacaulay1}@bloomberg.com We made Slashdot! Hackers, Meet Microsoft "The random chatter of several hundred
More informationDirty use of USSD codes in cellular networks
.. Dirty use of USSD codes in cellular networks Ravishankar Borgaonkar Security in Telecommunications, Technische Universität Berlin TelcoSecDay, Heidelberg, 12th March 2013 Agenda USSD codes and services
More informationGlobal System for Mobile Communications (GSM)
Global System for Mobile Communications (GSM) Nguyen Thi Mai Trang LIP6/PHARE Thi-Mai-Trang.Nguyen@lip6.fr UPMC/PUF - M2 Networks - PTEL 1 Outline Principles of cellular networks GSM architecture Security
More informationHow To Protect A Wireless Lan From A Rogue Access Point
: Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other
More informationGSM Security Claude Castelluccia INRIA
GSM Security Claude Castelluccia INRIA Technology behind GSM 900 MHz (or 1800 MHz) band uplink frequency band 890-915 MHz downlink frequency band is 935-960 MHz 25 MHz subdivided into 124 carrier frequency
More informationA Security Survey of Strong Authentication Technologies
A Security Survey of Strong Authentication Technologies WHITEPAPER Contents Introduction... 1 Authentication Methods... 2 Classes of Attacks on Authentication Mechanisms... 5 Security Analysis of Authentication
More informationintroduction to femtocells
.. introduction to femtocells Kévin Redon Technische Universität Berlin, Security in Telecommunications femtocell@sec.t-labs.tu-berlin.de OsmoDevCon 2012, Berlin, 24th March 2012 UMTS architecture SecT
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationWIRELESS NETWORK SECURITY
WIRELESS NETWORK SECURITY Much attention has been focused recently on the security aspects of existing Wi-Fi (IEEE 802.11) wireless LAN systems. The rapid growth and deployment of these systems into a
More informationUsing TEMS Pocket. Johan Montelius
Using TEMS Pocket Johan Montelius Introduction In this laboration you will get acquainted with the TEMS Pocket tool. You will examine both the Monaco network and a commercial network. Since this is your
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationHow CA Arcot Solutions Protect Against Internet Threats
TECHNOLOGY BRIEF How CA Arcot Solutions Protect Against Internet Threats How CA Arcot Solutions Protect Against Internet Threats we can table of contents executive summary 3 SECTION 1: CA ArcotID Security
More informationNational Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research
National Information Security Group The Top Web Application Hack Attacks Danny Allan Director, Security Research 1 Agenda Web Application Security Background What are the Top 10 Web Application Attacks?
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationAuthentication Concerns for Tape Drive Encryption Key Wrapping
Authentication Concerns for Tape Drive Encryption Key Wrapping To: INCITS T10 Committee From: Greg Wheeless, Symantec Background: There are currently proposals in development to provide a secure method
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationEncrypted SMS, an analysis of the theoretical necessities and implementation possibilities
Radboud University Nijmegen Bachelor Thesis Encrypted SMS, an analysis of the theoretical necessities and implementation possibilities Author: Lars Lockefeer Supervisors: Engelbert Hubbers Roel Verdult
More informationPICKPOCKETING MWALLETS. A guide to looting mobile financial services
PICKPOCKETING MWALLETS A guide to looting mobile financial services THE GRUGQ Info Sec researcher since 1999 Experience Telcoms Info Sec Banking Info Sec Leads to Mobile Financial Security MOBILE FINANCIAL
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationPrivacy through Pseudonymity in Mobile Telephony Systems
Privacy through Pseudonymity in Mobile Telephony Systems Eike Ritter University of Birmingham Joint work with Myrto Arapinis, Loretta Mancini and Mark Ryan Eike Ritter Privacy in Mobile Telephony Systems
More informationWIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able
More informationGSM BASICS GSM HISTORY:
GSM BASICS GSM HISTORY: In 1982 the Nordic PTTs sent a proposal to CEPT (Conference of European Postal & telegraph Administration) to study and to improve digital cellular technology by forming a team
More informationGSM Channels. Physical & Logical Channels. Traffic and Control Mutltiframing. Frame Structure
GSM Channels Physical & Logical Channels Traffic and Control Mutltiframing Frame Structure Engr. Mian Shahzad Iqbal Lecturer Department of Telecommunication Engineering Radio Interface The radio interface
More informationCommon Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/
Common Pitfalls in Cryptography for Software Developers OWASP AppSec Israel July 2006 Shay Zalalichin, CISSP AppSec Division Manager, Comsec Consulting shayz@comsecglobal.com Copyright 2006 - The OWASP
More informationMichael Seltzer COMP 116: Security Final Paper. Client Side Encryption in the Web Browser Mentor: Ming Chow
Michael Seltzer COMP 116: Security Final Paper Client Side Encryption in the Web Browser Mentor: Ming Chow 1 Abstract Web service providers generally look to encryption as a means of ensuring data privacy
More informationTwo-Factor Authentication and Swivel
Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationSecurity Issues with the Military Use of Cellular Technology Brad Long, Director of Engineering, IFONE, Inc.
Security Issues with the Military Use of Cellular Technology Brad Long, Director of Engineering, IFONE, Inc. Executive Summary IFONE provides securable private cellular networks. It presents this paper
More informationSecureCom Mobile s mission is to help people keep their private communication private.
About SecureCom Mobile SecureCom Mobile s mission is to help people keep their private communication private. We believe people have a right to share ideas with each other, confident that only the intended
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationiscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi
iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent
More informationSound-Proof: Usable Two-Factor Authentication Based on Ambient Sound
Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound Nikos Karapanos, Claudio Marforio, Claudio Soriente and Srdjan Čapkun ETH Zurich USENIX Security 2015 Web Authentication Supplementing
More information