GSM. Global System for Mobile Communications, Security in mobile phones. System used all over the world. Sikkerhed04, Aften Trusler
|
|
- Stephany Griffith
- 8 years ago
- Views:
Transcription
1 GSM Global System for Mobile Communications, 1992 Security in mobile phones System used all over the world 1
2 GSM: Threat Model What Cloning Eavesdropping Tracking Who Criminals Secret Services Why Break Confidentiality Free phone calls Reveal whereabouts How Break Crypto Exploit bad design 2
3 GSM: Security Policy Security Objectives Authentication No tracking Confidential Calls Strategy Crypto SIM PIN codes 3
4 GSM-system SIM PIN IMSI K i Base station HLR VLR 4
5 PIN SIM (phone) SRES K c = E Ki (RAND) SRES GSM: mechanisms RAND authentication Comp128 IMSI Base station IMSI RAND SRES K c RAND SRES K c VLR IMSI HLR 5
6 GSM: mechanisms No tracking When SIM registers on network TMSI temporary/anonymous IMSI But IMSI must still be sent initially 6
7 GSM: mechanisms Confidentiality All conversation encrypted Key: Kc Algoritme: among others, A5 (was secret, like Comp128) 7
8 GSM: attack1 on authentication SIM (phone) VLR SRES K c = E Ki (RAND) SRES RAND cleartext! IMSI IMSI RAND SRES K c RAND SRES K c IMSI Base station HLR 8
9 GSM: attack2 on authentication Access to SIM well chosen challenges Exploit weaknesses in Comp128 Find K i 9
10 GSM: attack/tracking When SIM registers on network TMSI temporary/anonymous IMSI But IMSI sent initially IMSI-catcher Strong signal Pretend not to understand TMSI SIM sends IMSI 10
11 GSM: attack on Confidentiality All conversation encrypted Key: Kc Algorithm: A5 and others(originally secret, like Comp128) A5 and the way it is used has weaknesses Attack can be done within minutes 11
12 GSM: what can we learn? Krypto the weakest link?! Kerchhoffs principle (Comp128 og A5 secret) Misunderstanding of architecture Transmission of keys in cleartext Was GSM security a succes or a failure? for who? 12
13 Buffer overflows Very popular securitybreach Microsoft estimates internal expense of $ pr. patch Problem caused by bad code and languages that do not protect against it C, C++ Change to Java, C#,,? Does t always help, many OS s are written in C 13
14 Stack overruns void foo(char* input){ char buf[3]; strcpy(buf, input); } void bar(void){ printf( Gotcha! ); } 0008 push buf int main(int argc, char* argv[]) { 0009 push input foo(argv[1]) return 0; } Compiled program Addr Code 0001 main: 0002 push argv[0] 0003 goto foo 0004 pop 0005 goto exit 0006 foo: 0007 allocate buf 0010 goto strcpy 0011 return 0012 bar: 0013 push Gotcha! 0014 goto printf 0015 pop 0016 return 14
15 Program.exe baz Stack Addr Data b buf a z ret adr foo 5608 b 5609 a 5610 z Addr Code 0001 main: 0002 push argv[0] 0003 goto foo 0004 pop 0005 goto exit 0006 foo: 0007 allocate buf 0008 push buf 0009 push input 0010 goto strcpy 0011 return 0012 bar: 0013 push Gotcha! 0014 goto printf 0015 pop 0016 return 15
16 Program.exe baz12 Stack Addr Data b buf a z ret adr foo 5608 b 5609 a 5610 z Addr Code 0001 main: 0002 push argv[0] 0003 goto foo 0004 pop 0005 goto exit 0006 foo: 0007 allocate buf 0008 push buf 0009 push input 0010 goto strcpy 0011 return 0012 bar: 0013 push Gotcha! 0014 goto printf 0015 pop 0016 return 16
17 What was wrong? We copied into buf and did not check if we had room Values outside were changed=> program behavior changed! 17
18 Solution? Change Language :) Not (always) an option :( Write better code!!! Education Secure libraries 18
19 Buffer overflows: morale Attacks that directly target the Trusted Computing Base Serious! Undermines most security policies Solution primarily to write robust code. 19
Theory and Practice. IT-Security: GSM Location System Syslog XP 3.7. Mobile Communication. December 18, 2001. GSM Location System Syslog XP 3.
Participant: Hack contacting... IT-Security: Theory and Practice Mobile Communication December 18, 2001 Uwe Jendricke uwe@iig.uni-freiburg.de Lecture Homepage: http://www.informatik.uni-freiburg.de/~softech/teaching/ws01/itsec/
More informationGSM and UMTS security
2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages
More informationSoftware Vulnerabilities
Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in
More informationMobile Phone Security. Hoang Vo Billy Ngo
Mobile Phone Security Hoang Vo Billy Ngo Table of Content 1. Introduction Page 2 1.1 Analog Network Page 2 1.2 Digital Network Page 2 2. Security Protocols Page 4 2.1 Analog Page 4 2.2 Digital Page 5 3.
More informationSecurity features include Authentication and encryption to protect data and prevent eavesdropping.
What is a SIM card? A SIM card, also known as a subscriber identity module, is a subscriber identity module application on a smartcard that stores data for GSM/CDMA Cellular telephone subscribers. Such
More informationGSM Databases. Virginia Location Area HLR Vienna Cell Virginia BSC. Virginia MSC VLR
Update ( Update Procedure) Network Mobiles Maryland Maryland Other Rockville Bethesda Maryland Mobile Mobile Cell Cell HLR Vienna Cell 12-Jun-14 22:48 (Page 1) This sequence diagram was generated with
More informationPM ASSIGNMENT. Security in Mobile Telephony and Voice over IP
PM ASSIGNMENT Security in Mobile Telephony and Voice over IP Christian Wallin Christian.wallin.7513@student.uu.se Danlu Fu danlu.fu.6095@student.uu.se David Alfonso david.alfonso.5823@student.uu.se 1.
More informationAutomotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri
Automotive Ethernet Security Testing Alon Regev and Abhijit Lahiri 1 Automotive Network Security Cars are evolving Number of ECUs, sensors, and interconnects is growing Moving to Ethernet networks utilizing
More informationSolution for Non-Repudiation in GSM WAP Applications
Solution for Non-Repudiation in GSM WAP Applications CRISTIAN TOMA, MARIUS POPA, CATALIN BOJA Economic Informatics Department Academy of Economic Studies Romana Square No. 6, Bucharest ROMANIA cristian.toma@ie.ase.ro
More informationAuthentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography
ISSN (Online): 1694-0784 ISSN (Print): 1694-0814 10 Authentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography Wilayat Khan 1 and Habib Ullah 2 1 Department of Electrical
More informationPrivacy through Pseudonymity in Mobile Telephony Systems
Privacy through Pseudonymity in Mobile Telephony Systems Eike Ritter University of Birmingham Joint work with Myrto Arapinis, Loretta Mancini and Mark Ryan Eike Ritter Privacy in Mobile Telephony Systems
More informationGSM Research. Chair in Communication Systems Department of Applied Sciences University of Freiburg 2010
Chair in Communication Systems Department of Applied Sciences University of Freiburg 2010 Dennis Wehrle, Konrad Meier, Dirk von Suchodoletz, Klaus Rechert, Gerhard Schneider Overview 1. GSM Infrastructure
More informationMobile Office Security Requirements for the Mobile Office
Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used
More informationSecurity of phone communications
Security of phone communications Authentication, identification and mobile security Matej Kovačič (CC) 2015 This work is published under Creative Commons licence: AttributionNonCommercial-ShareAlike 2.5
More informationMobile Security. Practical attacks using cheap equipment. Business France. Presented the 07/06/2016. For. By Sébastien Dudek
Mobile Security Practical attacks using cheap equipment Presented the 07/06/2016 Business France By Sébastien Dudek For Content Security measures Recent publications in the hacking community Practical
More informationNetwork Security. Chapter 14. Security Aspects of Mobile Communications
Network Security Chapter 14 Security Aspects of Mobile Communications Network Security (WS 2002): 14 Security Aspects of Mobile Communications 1 Security Aspects of Mobile Communication Mobile communication
More informationUMTS security. Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003
UMTS security Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003 Contents UMTS Security objectives Problems with GSM security UMTS security mechanisms
More informationAn Example of Mobile Forensics
An Example of Mobile Forensics Kelvin Hilton K319 kchilton@staffsacuk k.c.hilton@staffs.ac.uk www.soc.staffs.ac.uk/kch1 Objectives The sources of evidence The subscriber The mobile station The network
More informationSecurity in the GSM Network
Security in the GSM Network Ammar Yasir Korkusuz 2012 Bogazici University, Electrical-Electronics Engineering Department, MSc. Student EE 588 NETWORK SECURITY TERM PROJECT Abstract: GSM is the biggest
More informationIMSI Catcher. Daehyun Strobel. 13.Juli 2007. Seminararbeit Ruhr-Universität Bochum. Chair for Communication Security Prof. Dr.-Ing.
IMSI Catcher Daehyun Strobel 13.Juli 2007 Seminararbeit Ruhr-Universität Bochum Chair for Communication Security Prof. Dr.-Ing. Christof Paar Contents 1 Introduction 1 2 GSM (Global System for Mobile
More informationMobile network security report: Poland
Mobile network security report: Poland GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin February 2015 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationInternational Journal of Computing and Business Research (IJCBR)
AN INVESTIGATION OF GSM ARCHITECTURE AND OVERLAYING WITH EFFICIENT SECURITY PROTOCOL Karun Madan, Surya World Institute of Engg. & Technology, Rajpura, Punjab ABSTRACT The Global System for Mobile Communications
More informationSecure Programming with Static Analysis. Jacob West jacob@fortify.com
Secure Programming with Static Analysis Jacob West jacob@fortify.com Software Systems that are Ubiquitous Connected Dependable Complexity U Unforeseen Consequences Software Security Today The line between
More informationGlobal System for Mobile Communications (GSM)
Global System for Mobile Communications (GSM) Nguyen Thi Mai Trang LIP6/PHARE Thi-Mai-Trang.Nguyen@lip6.fr UPMC/PUF - M2 Networks - PTEL 1 Outline Principles of cellular networks GSM architecture Security
More informationDefending mobile phones. Karsten Nohl, nohl@srlabs.de Luca Melette, luca@srlabs.de
Defending mobile phones Karsten Nohl, nohl@srlabs.de Luca Melette, luca@srlabs.de GSM networks provide the base for various attacks SS7 Phone Base station GSM backend network User database (HLR) Vulnerability
More informationGSM security country report: USA
GSM security country report: USA GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin August 2013 Abstract. GSM networks differ widely in their protection capabilities against common attacks.
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Program Security: Buffer Overflow 1 Buffer Overflow BO Basics Stack smashing Other buffer overflow
More informationGlobal System for Mobile Communication Technology
Global System for Mobile Communication Technology Mobile Device Investigations Program Technical Operations Division DHS - FLETC GSM Technology Global System for Mobile Communication or Groupe Special
More informationEncrypted SMS, an analysis of the theoretical necessities and implementation possibilities
Radboud University Nijmegen Bachelor Thesis Encrypted SMS, an analysis of the theoretical necessities and implementation possibilities Author: Lars Lockefeer Supervisors: Engelbert Hubbers Roel Verdult
More informationHabanero Extreme Scale Software Research Project
Habanero Extreme Scale Software Research Project Comp215: Java Method Dispatch Zoran Budimlić (Rice University) Always remember that you are absolutely unique. Just like everyone else. - Margaret Mead
More informationBetween Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications
Between Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications Jun Wang, Xi Xiong, Peng Liu Penn State Cyber Security Lab 1 An inherent security limitation
More informationChapter 15 Operating System Security
Operating Systems: Internals and Design Principles Chapter 15 Operating System Security Eighth Edition By William Stallings System Access Threats System access threats fall into two general categories:
More informationSoftware security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
More informationAdvanced IBM AIX Heap Exploitation. Tim Shelton V.P. Research & Development HAWK Network Defense, Inc. tshelton@hawkdefense.com
Advanced IBM AIX Heap Exploitation Tim Shelton V.P. Research & Development HAWK Network Defense, Inc. tshelton@hawkdefense.com Introduction Our society has become dependent on computers and network systems.
More informationMobile network security report: Belgium
Mobile network security report: Belgium GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin December 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationWhat is a Smart Card?
An Introduction to Smart Cards and RFIDs Prof. Keith E. Mayes Keith.Mayes@rhul.ac.uk Director of the ISG - Smart Card Centre www.scc.rhul.ac.uk Learning Objectives (MSc MSc) Identify the various types
More informationHacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail All materials is licensed under a Creative Commons Share Alike license http://creativecommonsorg/licenses/by-sa/30/ # whoami Ali
More informationDefending Computer Networks Lecture 3: More On Vulnerabili3es. Stuart Staniford Adjunct Professor of Computer Science
Defending Computer Networks Lecture 3: More On Vulnerabili3es Stuart Staniford Adjunct Professor of Computer Science Enrollment Logis;cs Send request to cs- course- enroll@cornell.edu Cc me (sgs235@cornell.edu)
More informationSECURITY ISSUES AND CHALLENGES IN MOBILE COMPUTING AND M-COMMERCE
SECURITY ISSUES AND CHALLENGES IN MOBILE COMPUTING AND M-COMMERCE ABSTRACT Krishna Prakash and Balachandra Department of Information and Communication Technology, MIT Manipal Mobile computing and Mobile
More informationTail call elimination. Michel Schinz
Tail call elimination Michel Schinz Tail calls and their elimination Loops in functional languages Several functional programming languages do not have an explicit looping statement. Instead, programmers
More informationMobile network security report: Netherlands
Mobile network security report: Netherlands GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin July 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationGSM Security Claude Castelluccia INRIA
GSM Security Claude Castelluccia INRIA Technology behind GSM 900 MHz (or 1800 MHz) band uplink frequency band 890-915 MHz downlink frequency band is 935-960 MHz 25 MHz subdivided into 124 carrier frequency
More informationMobile network security report: Greece
Mobile network security report: Greece GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin October 2012 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationTransparent Monitoring of a Process Self in a Virtual Environment
Transparent Monitoring of a Process Self in a Virtual Environment PhD Lunchtime Seminar Università di Pisa 24 Giugno 2008 Outline Background Process Self Attacks Against the Self Dynamic and Static Analysis
More informationMobile network security report: Germany
Mobile network security report: Germany GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin December 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationMobile network security report: Poland
Mobile network security report: Poland GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin October 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationSecurity Measures and Weaknesses of the GPRS Security Architecture
Security Measures and Weaknesses of the GPRS Security Architecture Christos Xenakis Security Group, Communication Networks Laboratory, Department of Informatics & Telecommunications, University of Athens,
More informationNAVAL POSTGRADUATE SCHOOL THESIS
NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS SHORT MESSAGE SERVICE (SMS) SECURITY SOLUTION FOR MOBILE DEVICES by Yu Loon Ng December 2006 Thesis Advisor: Co-Advisor: Gurminder Singh John Gibson
More informationA study of user authentication using mobile phone
A study of user authentication using mobile phone Steffen Gullikstad Hallsteinsen Master of Science in Communication Technology Submission date: June 2007 Supervisor: Van Thanh Do, ITEM Co-supervisor:
More informationEAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server
Application Note EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server Introduction The demand for wireless LAN (WLAN) access to the public IP network is growing rapidly. It is only
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationGSM security country report: Germany
GSM security country report: Germany GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin December 2013 Abstract. GSM networks differ widely in their protection capabilities against common attacks.
More information!!! "# $ % & & # ' (! ) * +, -!!. / " 0! 1 (!!! ' &! & & & ' ( 2 3 0-4 ' 3 ' Giuseppe Bianchi
!!! "# $ % & & # ' (! ) * +, -!!. / " 0! 1 (!!! ' &! & & & ' ( 2 3 0-4 ' 3 ' "#$!!% "&'! #&'!%! () *+,, 3 & 5 &,! #-!*! ' & '.! #%!* //!! & (0)/!&/, 6 5 /, "! First system: NMT-450 (Nordic Mobile Telephone)
More informationCellular Networks: Background and Classical Vulnerabilities
Cellular Networks: Background and Classical Vulnerabilities Patrick Traynor CSE 545 1 Cellular Networks Provide communications infrastructure for an estimated 2.6 billion users daily. The Internet connects
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationGSM Risks and Countermeasures
GSM Risks and Countermeasures STI Group Discussion and Written Project Authors: Advisor: Johannes Ullrich Accepted: February 1, 2010 Abstract Recent research has shown that GSM encryption can be cracked
More informationREMOVING THE MYSTERY OF SECURITY ENGINES AND THEIR EFFECT ON YOUR NETWORK
REMOVING THE MYSTERY OF SECURITY ENGINES AND THEIR EFFECT ON YOUR NETWORK Philip Trainor Senior Manager Applications and Security Ixia Communications Session ID: SPO-T02 Session Classification: Intermediate
More informationSome Anti-Worm Efforts at Microsoft. Acknowledgements
Some Anti-Worm Efforts at Microsoft Helen J. Wang System and Networking Research Group Microsoft Research Oct 29, 2004 1 Acknowledgements Matt Braverman, Opher Dubrovsky, John Dunagan, Louis Lafreniere,
More informationFormat string exploitation on windows Using Immunity Debugger / Python. By Abysssec Inc WwW.Abysssec.Com
Format string exploitation on windows Using Immunity Debugger / Python By Abysssec Inc WwW.Abysssec.Com For real beneficiary this post you should have few assembly knowledge and you should know about classic
More informationIron Chef: John Henry Challenge
Iron Chef: John Henry Challenge Brian Chess Pravir Chandra Black Hat 3/27/2008 Amsterdam Sean Fay Jacob West Concept We love Iron Chef. We can t cook. Concept Compare tools and manual code review in head-tohead
More informationCh 2.3.3 GSM PENN. Magda El Zarki - Tcom 510 - Spring 98
Ch 2.3.3 GSM In the early 80 s the European community decided to work together to define a cellular system that would permit full roaming in all countries and give the network providers freedom to provide
More informationMobile Banking in Developing Countries: Secure Framework for Delivery of SMS-banking Services MASTER THESIS
Mobile Banking in Developing Countries: Secure Framework for Delivery of SMS-banking Services MASTER THESIS Author: Abunyang Emmanuel Student Number: s0535249 Radboud University Nijmegen. The Netherlands
More informationOff-by-One exploitation tutorial
Off-by-One exploitation tutorial By Saif El-Sherei www.elsherei.com Introduction: I decided to get a bit more into Linux exploitation, so I thought it would be nice if I document this as a good friend
More informationMobile network security report: Norway
Mobile network security report: Norway GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin August 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationSIM Card Security. Sheng He 108005239797. Seminar Work. Chair for Communication Security Prof. Dr.-Ing. Christof Paar
SIM Card Security Sheng He 108005239797 Seminar Work at Chair for Communication Security Prof. Dr.-Ing. Christof Paar advised through Thomas Eisenbarth 12.07.2007 Ruhr-University of Bochum Contents 1 Overview...3
More informationGSM BASICS GSM HISTORY:
GSM BASICS GSM HISTORY: In 1982 the Nordic PTTs sent a proposal to CEPT (Conference of European Postal & telegraph Administration) to study and to improve digital cellular technology by forming a team
More informationBuffer Overflows. Security 2011
Buffer Overflows Security 2011 Memory Organiza;on Topics Kernel organizes memory in pages Typically 4k bytes Processes operate in a Virtual Memory Space Mapped to real 4k pages Could live in RAM or be
More informationETSI TS 133 102 V3.6.0 (2000-10)
TS 133 102 V3.6.0 (2000-10) Technical Specification Universal Mobile Telecommunications System (UMTS); 3G Security; Security Architecture (3GPP TS 33.102 version 3.6.0 Release 1999) 1 TS 133 102 V3.6.0
More informationChapter 15: Security
Chapter 15: Security Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing Security Defenses Firewalling
More informationChapter 18: System Security
Chapter 18: System Security Chapter 18: System Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing Security Defenses
More informationUsing an approximated One-Time Pad to Secure Short Messaging Service (SMS)
Using an approximated One-Time Pad to Secure Short Messaging Service (SMS) N.J Croft and M.S Olivier Information and Computer Security Architectures (ICSA) Research Group Department of Computer Science
More informationCellphone Security. David Wagner U.C. Berkeley
Cellphone Security David Wagner U.C. Berkeley Û ºÖÐݺ٠1 Organization Analog cellphones: historical notes US digital cellphones European digital cellphones (GSM) 2 In the beginning... Earliest cellphones
More information2 System introduction
2 System introduction Objectives After this chapter the student will: be able to describe the different nodes in a GSM network. be able to describe geographical subdivision of a GSM network. be able to
More informationParallelization: Binary Tree Traversal
By Aaron Weeden and Patrick Royal Shodor Education Foundation, Inc. August 2012 Introduction: According to Moore s law, the number of transistors on a computer chip doubles roughly every two years. First
More informationStudy Paper on Security Accreditation Scheme for SIM
May 2014 MOBILE Study Paper on Security Accreditation Scheme for SIM TEC TELECOMMUNICATION ENGINEERING CENTRE KHURSHID LAL BHAWAN, JANPATH NEW DELHI - 110001 INDIA 1 Introduction... 4 2 Security Threats...
More informationRoadmap for Establishing Interoperability of Heterogeneous Cellular Network Technologies -3-
Roadmap for Establishing Interoperability of Heterogeneous Cellular Network Technologies -3- Hasni Neji Innov COM Lab, Higher School of Communications of Tunis, Sup Com University of Carthage, Tunis, Tunisia
More informationMobile Terminal Security
Mobile Terminal Security Olivier Benoit 1, Nora Dabbous 2, Laurent Gauteron 1, Pierre Girard 1 Helena Handschuh 2, David Naccache 2, Stéphane Socié 1, Claire Whelan 3 1. Gemplus Innovation 2. Gemplus Innovation
More informationBuffer Overflows. Code Security: Buffer Overflows. Buffer Overflows are everywhere. 13 Buffer Overflow 12 Nov 2015
CSCD27 Computer and Network Security Code Security: Buffer Overflows 13 Buffer Overflow CSCD27 Computer and Network Security 1 Buffer Overflows Extremely common bug. First major exploit: 1988 Internet
More informationMobile Application Threat Analysis
The OWASP Foundation http://www.owasp.org Mobile Application Threat Analysis Ari Kesäniemi Nixu Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under
More informationThe GSM Standard (An overview of its security)
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. The
More informationSecurity Principles. Related to. Handset Theft
Security Principles Related to Handset Theft Table of Contents TABLE OF CONTENTS...2 GLOSSARY OF TERMS...3 1. INTRODUCTION...4 1.1 IMPORTANCE OF IMEI INTEGRITY...4 1.2 IMPROVED IMEI INTEGRITY PRINCIPLES...4
More informationCommunication Infrastructure: GSM Communication
Communication Infrastructure: GSM Communication Andreas Schöffl and Michael Irger Abstract. In this Paper we describe the GSM Standard of Mobile Phones. The Global System for Mobile communications is the
More informationSECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014
SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security
More informationMore effective protection for your access control system with end-to-end security
More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT
More informationMSc Computer Science Dissertation
University of Oxford Computing Laboratory MSc Computer Science Dissertation Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities Author: Sean Heelan Supervisor: Dr. Daniel
More informationSPYTEC 3000 The system for GSM communication monitoring
SPYTEC 3000 The system for GSM communication monitoring The SPYTEC 3000 system is intended for passive (if system encryption is absent of if A5.2 encryption is used) or semi-active (if A5.1 encryption
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More information9.1 Introduction. 9.2 Roaming
9 Location Updating Objectives After this chapter the student will: be able to define the concepts of roaming and location updating. be able to name the different types of location updating and why they
More informationDirectory and File Transfer Services. Chapter 7
Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major
More informationWHITE PAPER. August, 2002. Contacts: Christopher Wingert Mullaguru Naidu
C D M A 1 X R T T S E C U R I T Y WHITE PAPER O V E R V I E W August, 2002 Contacts: Christopher Wingert Mullaguru Naidu T A B L E O F C O N T E N T S 1. Executive Summary 2 2. Security CDMA Networks 3
More informationHow To Understand The Gsm And Mts Mobile Network Evolution
Mobile Network Evolution Part 1 GSM and UMTS GSM Cell layout Architecture Call setup Mobility management Security GPRS Architecture Protocols QoS EDGE UMTS Architecture Integrated Communication Systems
More informationLecture 21: Buffer Overflow Attack. Lecture Notes on Computer and Network Security. by Avi Kak (kak@purdue.edu)
Lecture 21: Buffer Overflow Attack Lecture Notes on Computer and Network Security by Avi Kak (kak@purdue.edu) April 2, 2015 3:58pm c 2015 Avinash Kak, Purdue University Goals: Services and ports A case
More informationImproving Software Security at the. Source
Improving Software Security at the Source Greg Snyder Privacy & Security RIT January 28, 2006 Abstract While computer security has become a major focus of information technology professionals due to patching
More informationSS7 & LTE Stack Attack
SS7 & LTE Stack Attack Ankit Gupta Black Hat USA 2013 akg0x11@gmail.com Introduction With the evolution of IP network, Telecom Industries are using it as their core mode of communication for their network
More informationMOBILE COMPUTING AND M- COMMERCE SECURITY ISSUES
MOBILE COMPUTING AND M- COMMERCE SECURITY ISSUES Krishna Prakash 1 and Balachandra 2 1,2 Department of Information and Communication Technology, MIT Manipal 1 kkp_prakash@yahoo.com, 2 bala_muniyal@yahoo.com
More informationDesign of a secure system. Example: trusted OS. Bell-La Pdula Model. Evaluation: the orange book. Buffer Overflow Attacks
Stware Security Holes and Defenses Design a secure system Follows a ring design. Every object has an associated security attribute. Every subject has a security clearance. Least secure Highest security
More informationtelnetd exploit FreeBSD Telnetd Remote Exploit Für Compass Security AG Öffentliche Version 1.0 Januar 2012
telnetd exploit FreeBSD Telnetd Remote Exploit Für Compass Security AG Öffentliche Version 1.0 Januar 2012 Content Part I Info Bug Telnet Exploit Part II Advanced Exploitation Meta Information Disclosed
More informationQuiz I Solutions MASSACHUSETTS INSTITUTE OF TECHNOLOGY. 6.858 Fall 2012. Department of Electrical Engineering and Computer Science
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2012 Quiz I Solutions 30 Grade for q1 25 20 15 10 5 0 0 10 20 30 40 50 60 70 80 90 100 Histogram
More informationProvides a communication link between MS and MSC; Manages DB for MS location. Controls user connection. Transmission.
Provides a communication link between MS and MSC; Manages DB for MS location Controls user connection CM MM RR Transmission Several RR functions considered in previous part!"# Surprise! handover is part
More information