PM ASSIGNMENT. Security in Mobile Telephony and Voice over IP
|
|
- Amber Henry
- 8 years ago
- Views:
Transcription
1 PM ASSIGNMENT Security in Mobile Telephony and Voice over IP Christian Wallin Danlu Fu David Alfonso
2 1. Security of Mobile Telephony 1.1 Zero Generation Mobile radio telephone system were the predecessor of the first generation of cellular telephones. So it s sometimes referred as 0G (zero generation) systems. Four technologies are used in this system: PTT (Push to Talk or manual), MTS (Mobile Telephone System), IMTS (Improved Mobile Telephone Service), and AMTS (Advanced Mobile Telephone System) systems. The mobile telephone of this generation were usually mounted in cars or trucks. It s not a real mobile telephony system in definition. 1.2 First Generation First Generation (1G) are analog cellphone standards introduces in the 1980s. They include three main standards: NMT (Nordic Mobile Telephone), AMPS (Advanced Mobile Phone System) and TACS (Total Access Communications System). These are all analog standard, so it is very susceptible to static and noise and has no protection from eavesdropping using a scanner. In the 1990s, "cloning" was an epidemic that cost the industry millions of dollars. An unscrupulous eavesdropper with specialized equipment can intercept a handset's ESN (Electronic Serial Number), which is a packet of data sent by the handset to the cellular system for billing purposes. If a ESN is intercepted, it could then be cloned onto a different phone and used in other areas for making calls without paying. 1.3 Second Generation(include 2.5G) The main difference between 1G and 2G is that the radio signals that 1G networks use are analog, while 2G networks are digital. Global System for Mobile communications (GSM) and cdmaone (brand name of Interim Standard 95 (IS-95)) is two main technologies in this generation. And General Packet Radio Service (GPRS) and Enhanced Data rates for GSM Evolution (EDGS) are extended on 2G, which are referred as 2.5G for market purpose Security of GSM We will talk mainly about GSM in this section.
3 Figure 1 GSM architecture(from Figure 2 security elements store on different platforms( the gray one shows it will change with the time, the white one never changes) (from zhangfz.ppt?phpsessid=6d63982a64f114d8ede3e1e4b09c1120) Anonymity or Subscriber Identity Confidentiality. IMSI (International Mobile Subscriber Identity) is a unique number stored in the Subscriber Identity Module (SIM) inside the phone and is sent by the phone to the network. In order to avoid the subscriber being identified and tracked by eavesdroppers on the radio interface, the IMSI is sent as rarely as possible and a TMSI is sent instead. The Temporary Mobile Subscriber Identity (TMSI) is the identity that is most commonly sent between the mobile
4 and the network.. It is a randomly allocated number that is given to the mobile, the moment it is switched on. VLR will store the relation between TMSI and IMSI. Subscriber identity authentication. AuC will give a random number RAND and use algorithm A3 and A8 to produce Vector(RAND,SRES,Kc). When MSC/VLR need vectors, it will send a request MAP-SEND-AUTHENTICATION-INFO to HLR (it will include the IMSI).VLR/MSC receive the vectors and store it. When the MS register on this VLR, it will give one of the RANDS to MS (and other Vectors will be invalid). MS receive the RAND and use the A3,A8 in SIM card to compute the SRES and Kc. A3 is for SRES and A8 is for Kc. It send SRES to VLR/MSC, if SRES equal to the SRES stored in VLR/MSC, this MS complete the authentication. Kc in AuC and SIM will never sent over air. It s calculated by Ki with A8. Key Ki is stored in encryption form in SIM and AuC. See Figure 3. Encryption of user traffic and user control data. When the authentication has completed, MSC send the Kc in vector to BTS. This make the wireless tunnel between MS and BTS can use encrypt way to send sata. This can avoid eavesdropping. MS will use Kc (64 bit) and Fn (22 bit, the frame counter) as parameters of A5, to get the keystream. And use the keystream to encrypt the data.then it send the data to BTS. BTS get the data and use the same keystream to decrypt. The A5/1 and A5/2 stream ciphers are two kinds of A5. A5/1 was developed first and is a stronger algorithm used within Europe and the United States; A5/2 is weaker and used in other countries. The weakness of them will be introduced in the following section. See Figure 3. Figure 3 Authentication and Encryption Scheme(fromwww.cs.huji.ac.il/~sans/students_lectures/GSM%20Security.ppt ) A3,A8,A5,Ki,Kc will all not be transported in network, this make the system more secure. See figure Third Generation 3G is the third generation of mobile phone standards and technology, after 2G. It is based on the International Telecommunication Union (ITU) family of standards under the International Mobile Telecommunications program, "IMT-
5 2000". it supports greater numbers of voice and data customers especially in urban areas and higher data rates at lower incremental cost than 2G. Universal Mobile Telecommunications System (UMTS) is one of the thirdgeneration (3G) cell phone technologies. Currently, W-CDMA is used most commonly. Compared with GSM security, 3G have these new security features: For the encryption of data transport: The system define 11 secure algorithm. Key is 128 bit, it s much longer than GSM s. And the algorithm is no more fixed. For the integrity protect: GSM have not but 3G have. User authentication: A new block cipher algorithm called Kasumi is used. IMSI is no more send by cleartext. It will use EUIC to authenticate the user. 1.5Fourth Generation 4G (a.k.a. beyond 3G), an acronym for Fourth-Generation Communications System, is a term used to describe the next step in wireless communications. There is no formal definition for what 4G is; however, there are certain objectives that are projected for 4G. These objectives include: that 4G will be a fully IP-based integrated system. This will be achieved after wired and wireless technologies converge and will be capable of providing 100 Mbit/sec and 1 Gbit/sec speeds both indoors and outdoors, with premium quality and high security. 4G will offer all types of services at an affordable cost. We can not confirm which security mechanism will 4G use now, but it will concerns lot about IP security. reference wikipedia (2007),Mobile Phone< University of Waterloo, Introduction to Mobile Security, < > Dr. S. Muhammad Siddique, Muhammad Amir, GSM Security Issues and Challenges, University of Engineering and Technology Peshawar Pakistan Geir M. Køien and Thomas Haslestad, Security Aspects of 3G-WLAN Interworking, Telenor R&D, Norway
6 2. Security problems with GSM The first security problem with GSM is that the algorithms where held secret so they couldn t be studied. But in 1999 Briceno used a mobile phone and reversed engineered the design of the A5/1 and A5/2 algorithms. Since the basic security of these algorithms are based on that the shared key in the SIM card and the mobile station are kept secret the whole system is vulnerable to anyone who can get their hands on this key. If you get access to the a SIM card you can use a smartcard reader and a normal computer and by brute force calculate the secret key in 8hours with a reader that can make 6.25 queries/sec. After getting the key you can make your own SIM card and make your own calls using the account of the other SIM card. However the operators have a defense mechanism that disables the account if more than one person tries to use the same account at the same time. But this doesn t protect against someone using this information only to listen to calls made by the real SIM card. Getting access to a card for 8hours might be hard once the card is delivered but any corrupted person selling SIM cards could easy make copy of the keys and then listen to calls made by the purchaser. The A5/1 is the most common used algorithm in the western world and is also the most secure of the two. One problem with this is that the key used is still only 64bit long and also the 10 least significant bits are always zero in the deployed versions. There are several attacks today that require different lengths of data and different amount of hard disk space. The most effective attacks use pre computed tables of the initial states of the A5/1 algorithm and then try to match the intercepted output to these tables and then derive the key from the initial state. In a document from 2000 available on site [1] they state different kind of attacks into a table which look like following: Attack Type Preprocessing steps Available data Number of 73GB disks Attack time Biased Birthday attack (1) Biased Birthday attack (2) minutes 4 1 second minutes 2 1 second Random Subgraph attack seconds 4 minutes At the time this document was written 73 GB was the largest available hard disks. Today you will be able to fit all these tables in a single disk and you will even be able to double the size of the biggest table. Since the time of the
7 attacks where calculated based on what computing power was available, also the attack time of these attacks would be a lot less. By increasing the table you can minimize the required data and still have a good chance of finding a match between the pre computed initial states and the intercepted data. Another problem with the standard SIM cards is that you only authenticate the user to the network not the network to the user. Yet another possible problem is that stated on site [2] the operators backbone network is not encrypted at all, so if you manage to get access to their network you will be able to see the key in clear text and also listen to the calls without any encryption. Improvements There is a new USIM card developed that uses a longer key and also make a mutual authentication between the user and the network. This together with an update of the key-function inside the phone will make it much harder to obtain the key from the SIM card. With a longer key there will be much harder to get any information about the key from the encrypted data but these require an update of the A5 algorithm. Another easy way to improve the security is to make the operators encrypt their internal traffic which would take away one more possible attack. Sources: [1] [2] /1999/papers/gsminterception/netsec.html [3] [4]
8 3. Security in Voice over IP Before the voice worked over computer networks, conventional voice also had its own problems. These problems were: 1. Steal of identity: Someone can make a call and he can be identified with a false identity. 2. Illegal listening: An intruder can interfere your conversations. 3. Imprecise costs: This are caused by bad intentioned parts that charge you more money than the real cost. 4. Not requested calls: Is a way of telephone spam. What changed with voice over IP: Something obvious is that when voice came into computer s world, it took all the security problems of this area. The most common attacks are: 1. Denial of Service: With this attack, someone can make the server temporarily unavailable by generating a lot of false requirements and collapsing the server. 2. Attacks that only produce damage to the system: Attacker get into the system and destroy or modify something inside.. 3. Steal: The main purpose of this attack is to steal information or money. It can be done getting or modifying private information. Coming back to VoIP, we can see that things have not changed at all. 1. Steal of identity: The most important point is how can we know who is the person making the call. To do this, the most used protocol is the Session Initiation Protocol (SIP). This protocol can work in three different ways: - With an User Agent (UA). In this case exists an user in the FQDN (Fully Qualified Domain Name), that usually is the telephone number and a password that is used when asking for a connection. A disadvantage is that this process is done using clear text, so the user can be supplanted easily. - Another way is to register using an username, a password, and a telephone number. This system is safer, specially when some information is sent using MD5, but anyway it continues being vulnerable, because it uses security technologies that can be easily broken. - The most insecure system is when sending information without a previous register. Also there had been attempts to use different techniques, such as Access Lists, but it continued being insecure. The safest option is the use of AAA (Authentication, Authorization and Accounting). But it is not a native option in all the systems, and combining it with MD5 is the safest way for preventing this attacks.
9 Only the most expensive systems have this option, the rest make a sip request to a proxy, and this proxy makes the AAA request to a radius, but the call can be intercepted before it reaches the proxy, and there is no security in it. Another protocol that we can use is H323. The most common ways to authenticate a person with this protocol are with a H323 ID, using AAA, using the IP address, using a set of numbers, or combining some of this methods. Although one of the advantages of H323 is that it doesn t send plain text, the safest thing of this method is AAA and the use of H323 ID. Another important point is that in the implementation of H323 we can find the protocol H235, which uses algorithms such as Diffie-Hellman to provide confidentiality between servers and endpoints. 2. Illegal listening: Here we have to say that as voice is sent like data, all the security systems available for data, are also used when sending voice. Is very important the use of VPN, MPLS networks with QoS and this kind of technologies. The problem using this technologies is that we need more headers and we need more bandwidth. Some people are working in a RTP codified protocol, that will help in solving this problem. 3. Imprecise costs: In this area there is no a specific regulation, so users must trust their communication companies. We can note some differences if we use SIP or H323. Using SIP is more difficult to trust in the fare system, because in standard SIP we don t have a complete control of the traffic. It requires that all traffic should go through the server, and it supposes a big amount of work to it. In the case of H323, in the basic implementation is designed that all endpoints should send their status to the gatekeeper, so it can control in a good way the time of the calls and send it to an AAA server in order that price can be charged to a credit card or a similar service. 4. Not requested calls: SIP protocol can accept calls in the endpoints without authentication and is very easy to have access to them only knowing their IP. A thing that we can do to protect against this is to create black or white lists in our systems. Also we can use in H323 a password to have access to our gatekeeper, but it is only available in the most expensive systems. Sources:
GSM Risks and Countermeasures
GSM Risks and Countermeasures STI Group Discussion and Written Project Authors: Advisor: Johannes Ullrich Accepted: February 1, 2010 Abstract Recent research has shown that GSM encryption can be cracked
More informationMobile Phone Security. Hoang Vo Billy Ngo
Mobile Phone Security Hoang Vo Billy Ngo Table of Content 1. Introduction Page 2 1.1 Analog Network Page 2 1.2 Digital Network Page 2 2. Security Protocols Page 4 2.1 Analog Page 4 2.2 Digital Page 5 3.
More informationMobile Office Security Requirements for the Mobile Office
Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used
More informationGSM and UMTS security
2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages
More informationWHITE PAPER. August, 2002. Contacts: Christopher Wingert Mullaguru Naidu
C D M A 1 X R T T S E C U R I T Y WHITE PAPER O V E R V I E W August, 2002 Contacts: Christopher Wingert Mullaguru Naidu T A B L E O F C O N T E N T S 1. Executive Summary 2 2. Security CDMA Networks 3
More informationSecurity in the GSM Network
Security in the GSM Network Ammar Yasir Korkusuz 2012 Bogazici University, Electrical-Electronics Engineering Department, MSc. Student EE 588 NETWORK SECURITY TERM PROJECT Abstract: GSM is the biggest
More informationGSM v. CDMA: Technical Comparison of M2M Technologies
GSM v. CDMA: Technical Comparison of M2M Technologies Introduction Aeris provides network and data analytics services for Machine-to- Machine ( M2M ) and Internet of Things ( IoT ) applications using multiple
More informationUMTS security. Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003
UMTS security Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003 Contents UMTS Security objectives Problems with GSM security UMTS security mechanisms
More informationHow To Understand The Gsm And Mts Mobile Network Evolution
Mobile Network Evolution Part 1 GSM and UMTS GSM Cell layout Architecture Call setup Mobility management Security GPRS Architecture Protocols QoS EDGE UMTS Architecture Integrated Communication Systems
More informationAuthentication and Security in IP based Multi Hop Networks
7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER 2002 1 Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security
More informationDevelopment of Wireless Networks
Development of Wireless Networks Cellular Revolution In 1990 mobile phone users populate 11 million. By 2004 the figure will become 1 billion Phones are most obvious sign of the success of wireless technology.
More informationSecurity Evaluation of CDMA2000
Security Evaluation of CDMA2000 L. Ertaul 1, S. Natte 2, and G. Saldamli 3 1 Mathematics and Computer Science, CSU East Bay, Hayward, CA, USA 2 Mathematics and Computer Science, CSU East Bay, Hayward,
More informationGlobal System for Mobile Communications (GSM)
Global System for Mobile Communications (GSM) Nguyen Thi Mai Trang LIP6/PHARE Thi-Mai-Trang.Nguyen@lip6.fr UPMC/PUF - M2 Networks - PTEL 1 Outline Principles of cellular networks GSM architecture Security
More informationTheory and Practice. IT-Security: GSM Location System Syslog XP 3.7. Mobile Communication. December 18, 2001. GSM Location System Syslog XP 3.
Participant: Hack contacting... IT-Security: Theory and Practice Mobile Communication December 18, 2001 Uwe Jendricke uwe@iig.uni-freiburg.de Lecture Homepage: http://www.informatik.uni-freiburg.de/~softech/teaching/ws01/itsec/
More informationWireless Mobile Telephony
Wireless Mobile Telephony The Ohio State University Columbus, OH 43210 Durresi@cis.ohio-state.edu http://www.cis.ohio-state.edu/~durresi/ 1 Overview Why wireless mobile telephony? First Generation, Analog
More informationGSM Databases. Virginia Location Area HLR Vienna Cell Virginia BSC. Virginia MSC VLR
Update ( Update Procedure) Network Mobiles Maryland Maryland Other Rockville Bethesda Maryland Mobile Mobile Cell Cell HLR Vienna Cell 12-Jun-14 22:48 (Page 1) This sequence diagram was generated with
More informationAuthentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography
ISSN (Online): 1694-0784 ISSN (Print): 1694-0814 10 Authentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography Wilayat Khan 1 and Habib Ullah 2 1 Department of Electrical
More informationMobile Communications TCS 455
Mobile Communications TCS 455 Dr. Prapun Suksompong prapun@siit.tu.ac.th Lecture 26 1 Office Hours: BKD 3601-7 Tuesday 14:00-16:00 Thursday 9:30-11:30 Announcements Read the following from the SIIT online
More informationMobile network security report: Poland
Mobile network security report: Poland GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin February 2015 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationGSM Research. Chair in Communication Systems Department of Applied Sciences University of Freiburg 2010
Chair in Communication Systems Department of Applied Sciences University of Freiburg 2010 Dennis Wehrle, Konrad Meier, Dirk von Suchodoletz, Klaus Rechert, Gerhard Schneider Overview 1. GSM Infrastructure
More information!!! "# $ % & & # ' (! ) * +, -!!. / " 0! 1 (!!! ' &! & & & ' ( 2 3 0-4 ' 3 ' Giuseppe Bianchi
!!! "# $ % & & # ' (! ) * +, -!!. / " 0! 1 (!!! ' &! & & & ' ( 2 3 0-4 ' 3 ' "#$!!% "&'! #&'!%! () *+,, 3 & 5 &,! #-!*! ' & '.! #%!* //!! & (0)/!&/, 6 5 /, "! First system: NMT-450 (Nordic Mobile Telephone)
More informationAuthentication and Security in Mobile Phones
Authentication and Security in Mobile Phones Greg Rose QUALCOMM Australia ggr@qualcomm.com ABSTRACT Mobile telephone systems have a checkered reputation regarding security and authentication features after
More informationWireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com
Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract
More informationSS7 & LTE Stack Attack
SS7 & LTE Stack Attack Ankit Gupta Black Hat USA 2013 akg0x11@gmail.com Introduction With the evolution of IP network, Telecom Industries are using it as their core mode of communication for their network
More informationUsing an approximated One-Time Pad to Secure Short Messaging Service (SMS)
Using an approximated One-Time Pad to Secure Short Messaging Service (SMS) N.J Croft and M.S Olivier Information and Computer Security Architectures (ICSA) Research Group Department of Computer Science
More informationMobile Wireless Overview
Mobile Wireless Overview A fast-paced technological transition is occurring today in the world of internetworking. This transition is marked by the convergence of the telecommunications infrastructure
More informationSecurity Measures and Weaknesses of the GPRS Security Architecture
Security Measures and Weaknesses of the GPRS Security Architecture Christos Xenakis Security Group, Communication Networks Laboratory, Department of Informatics & Telecommunications, University of Athens,
More informationMobile Security. Practical attacks using cheap equipment. Business France. Presented the 07/06/2016. For. By Sébastien Dudek
Mobile Security Practical attacks using cheap equipment Presented the 07/06/2016 Business France By Sébastien Dudek For Content Security measures Recent publications in the hacking community Practical
More informationGlobal System for Mobile Communication Technology
Global System for Mobile Communication Technology Mobile Device Investigations Program Technical Operations Division DHS - FLETC GSM Technology Global System for Mobile Communication or Groupe Special
More informationThe GSM and GPRS network T-110.300/301
The GSM and GPRS network T-110.300/301 History The successful analog 1:st generation mobile telephone systems proved that there is a market for mobile telephones ARP (AutoRadioPuhelin) in Finland NMT (Nordic
More informationCS5490/6490: Network Security- Lecture Notes - November 9 th 2015
CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter
More informationdect provides high protection against unauthorized access
dect provides high protection against unauthorized access BACKGROUND 2 Wireless communication for voice and data is growing worldwide. The amount of DECT (Digital Enhanced Cordless Telecommunications)
More informationInternational Journal of Computing and Business Research (IJCBR)
AN INVESTIGATION OF GSM ARCHITECTURE AND OVERLAYING WITH EFFICIENT SECURITY PROTOCOL Karun Madan, Surya World Institute of Engg. & Technology, Rajpura, Punjab ABSTRACT The Global System for Mobile Communications
More informationSecurity and Risk Analysis of VoIP Networks
Security and Risk Analysis of VoIP Networks S.Feroz and P.S.Dowland Network Research Group, University of Plymouth, United Kingdom e-mail: info@network-research-group.org Abstract This paper address all
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationWireless Access of GSM
Wireless Access of GSM Project Report FALL, 1999 Wireless Access of GSM Abstract: Global System for Mobile communications (GSM) started to be developed by Europeans when the removal of many European trade
More informationAsymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt)
Encryption keys Symmetrical keys Same key used for encryption and decryption Exchange of symmetrical keys between parties difficult without risk of interception Asymmetrical keys One key for encryption
More informationCOPYRIGHTED MATERIAL. Contents. Foreword. Acknowledgments
Contents Foreword Preface Acknowledgments 1 Introduction 1 1.1 Motivation for Network Convergence 1 1.2 The Core Network 2 1.3 Legacy Service Requirements 4 1.4 New Service Requirements 5 1.5 Architectures
More informationLecture overview. History of cellular systems (1G) GSM introduction. Basic architecture of GSM system. Basic radio transmission parameters of GSM
Lecture overview History of cellular systems (1G) GSM introduction Basic architecture of GSM system Basic radio transmission parameters of GSM Analogue cellular systems 70 s In the early 70 s radio frequencies
More informationMobility and cellular networks
Mobility and cellular s Wireless WANs Cellular radio and PCS s Wireless data s Satellite links and s Mobility, etc.- 2 Cellular s First generation: initially debuted in Japan in 1979, analog transmission
More informationMobile Network Security
Mobile Network Security Refik MOLVA Institut Eurécom B.P. 193 06904 Sophia Antipolis Cedex - France Refik.Molva@eurecom.fr Institut Eurecom 2005 Outline Wireless LAN 802.11 (WiFi) Mobile Telecommunications
More informationVOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com
VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP
More informationGSM. Global System for Mobile Communications, 1992. Security in mobile phones. System used all over the world. Sikkerhed04, Aften Trusler
GSM Global System for Mobile Communications, 1992 Security in mobile phones System used all over the world 1 GSM: Threat Model What Cloning Eavesdropping Tracking Who Criminals Secret Services Why Break
More informationGSM security country report: Germany
GSM security country report: Germany GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin December 2013 Abstract. GSM networks differ widely in their protection capabilities against common attacks.
More informationSolution for Non-Repudiation in GSM WAP Applications
Solution for Non-Repudiation in GSM WAP Applications CRISTIAN TOMA, MARIUS POPA, CATALIN BOJA Economic Informatics Department Academy of Economic Studies Romana Square No. 6, Bucharest ROMANIA cristian.toma@ie.ase.ro
More informationAnat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology
Unregister Attack in SIP Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology Unregister Attack We present a new VoIP Denial Of
More information2 System introduction
2 System introduction Objectives After this chapter the student will: be able to describe the different nodes in a GSM network. be able to describe geographical subdivision of a GSM network. be able to
More informationToolkit for vulnerability assessment in 3G networks. Kameswari Kotapati The Pennsylvania State University University Park PA 16802
Toolkit for vulnerability assessment in 3G networks Kameswari Kotapati The Pennsylvania State University University Park PA 16802 Contents Motivation Solution Overview Methodology Overview 3G Attack Graph
More informationAlexandre Weffort Thenorio - Data. IP-Telephony
Alexandre Weffort Thenorio - Data IP-Telephony 1. Introduction... 3 2. What is it?... 4 3. Why IP-Telephony?... 4 3.1. Advantages... 4 3.1.1. Cost... 4 3.1.2. Functionality and Mobility... 4 3.2. Disadvantages...
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationGSM security country report: USA
GSM security country report: USA GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin August 2013 Abstract. GSM networks differ widely in their protection capabilities against common attacks.
More informationA Model-based Methodology for Developing Secure VoIP Systems
A Model-based Methodology for Developing Secure VoIP Systems Juan C Pelaez, Ph. D. November 24, 200 VoIP overview What is VoIP? Why use VoIP? Strong effect on global communications VoIP will replace PSTN
More informationOverview of Network Architecture Alternatives for 3GPP2 Femto Cells Jen M. Chen, et al. QUALCOMM Incorporated
3GPP2 Workshop, Boston, MA Title: Source: Contact: Overview of Network Architecture Alternatives for 3GPP2 Femto Cells Jen M. Chen, et al. QUALCOMM Incorporated Jen M. Chen QUALCOMM Incorporated 858-658-2543
More informationIMSI Catcher. Daehyun Strobel. 13.Juli 2007. Seminararbeit Ruhr-Universität Bochum. Chair for Communication Security Prof. Dr.-Ing.
IMSI Catcher Daehyun Strobel 13.Juli 2007 Seminararbeit Ruhr-Universität Bochum Chair for Communication Security Prof. Dr.-Ing. Christof Paar Contents 1 Introduction 1 2 GSM (Global System for Mobile
More informationMobile network security report: Netherlands
Mobile network security report: Netherlands GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin July 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationWireless Cellular Networks: 1G and 2G
Wireless Cellular Networks: 1G and 2G Raj Jain Professor of Computer Science and Engineering Washington University in Saint Louis Saint Louis, MO 63130 Audio/Video recordings of this lecture are available
More informationMobile network security report: Belgium
Mobile network security report: Belgium GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin December 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationLTE Security How Good Is It?
LTE Security How Good Is It? Michael Bartock IT Specialist (Security) National Institute of Standards & Technology Jeffrey Cichonski IT Specialist (Security) National Institute of Standards & Technology
More informationMobile network security report: Germany
Mobile network security report: Germany GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin December 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationSecurity Architecture in UMTS Third Generation Cellular Networks Tomás Balderas-Contreras René A. Cumplido-Parra
Security Architecture in UMTS Third Generation Cellular Networks Tomás Balderas-Contreras René A. Cumplido-Parra Reporte Técnico No. CCC-04-002 27 de febrero de 2004 Coordinación de Ciencias Computacionales
More informationNetwork Access Security in Mobile 4G LTE. Huang Zheng Xiong Jiaxi An Sihua 2013.07
Network Access Security in Mobile 4G LTE Huang Zheng Xiong Jiaxi An Sihua 2013.07 Outline Mobile Evolution About LTE Overview of LTE System LTE Network Access Security Conclusion Mobile Evolution Improvements
More informationWireless security (WEP) 802.11b Overview
Wireless security (WEP) 9/01/10 EJ Jung 802.11b Overview! Standard for wireless networks Approved by IEEE in 1999! Two modes: infrastructure and ad hoc IBSS (ad hoc) mode Independent Basic Service Set
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationMobile Communications Chapter 4: Wireless Telecommunication Systems slides by Jochen Schiller with modifications by Emmanuel Agu
Mobile Communications Chapter 4: Wireless Telecommunication Systems slides by Jochen Schiller with modifications by Emmanuel Agu Market GSM Overview Services Sub-systems Components Prof. Dr.-Ing. Jochen
More informationMobile Communications
October 21, 2009 Agenda Topic 2: Case Study: The GSM Network 1 GSM System General Architecture 2 GSM Access network. 3 Traffic Models for the Air interface 4 Models for the BSS design. 5 UMTS and the path
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationSECURITY ISSUES AND CHALLENGES IN MOBILE COMPUTING AND M-COMMERCE
SECURITY ISSUES AND CHALLENGES IN MOBILE COMPUTING AND M-COMMERCE ABSTRACT Krishna Prakash and Balachandra Department of Information and Communication Technology, MIT Manipal Mobile computing and Mobile
More informationEAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server
Application Note EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server Introduction The demand for wireless LAN (WLAN) access to the public IP network is growing rapidly. It is only
More informationWireless Encryption Protection
Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost
More informationWireless Security: Token, WEP, Cellular
Wireless Security: Token, WEP, Cellular 27 May 2015 Lecture 9 Some slides adapted from Jean-Pierre Seifert (TU Berlin) 27 May 2015 SE 425: Communication and Information Security 1 Topics for Today Security
More information1G to 4G. Overview. Presentation By Rajeev Bansal Director(Mobile-1) Telecommunication Engineering Centre
1G to 4G Overview Presentation By Rajeev Bansal Director(Mobile-1) Telecommunication Engineering Centre Mobile Networks differentiated from each other by the word Generation 1G, 2G, 2.5G, 2.75G, 3G milestones
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationMobile network security report: Poland
Mobile network security report: Poland GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin October 2014 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationWIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able
More informationCellular Networks: Background and Classical Vulnerabilities
Cellular Networks: Background and Classical Vulnerabilities Patrick Traynor CSE 545 1 Cellular Networks Provide communications infrastructure for an estimated 2.6 billion users daily. The Internet connects
More informationChapter 3: WLAN-GPRS Integration for Next-Generation Mobile Data Networks
Chapter 3: WLAN-GPRS Integration for Next-Generation Mobile Data Networks IEEE Wireless Communication, Oct. 2002 Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National
More informationThe 3GPP and 3GPP2 Movements Towards an All IP Mobile Network. 1 Introduction
The 3GPP and 3GPP2 Movements Towards an All IP Mobile Network Girish Patel Wireless Solutions Nortel Networks Richardson, TX grpatel@nortelnetworks.com Steven Dennett Personal Communications Sector Motorola
More informationAn Example of Mobile Forensics
An Example of Mobile Forensics Kelvin Hilton K319 kchilton@staffsacuk k.c.hilton@staffs.ac.uk www.soc.staffs.ac.uk/kch1 Objectives The sources of evidence The subscriber The mobile station The network
More informationCHAPTER 1 INTRODUCTION
CHAPTER 1 INTRODUCTION 1.1 Overview Steganography is the process of hiding secret data inside other, normally transmitted data. In other words, as defined by [40] steganography means hiding of a secret
More informationCh 2.3.3 GSM PENN. Magda El Zarki - Tcom 510 - Spring 98
Ch 2.3.3 GSM In the early 80 s the European community decided to work together to define a cellular system that would permit full roaming in all countries and give the network providers freedom to provide
More informationFMC (Fixed Mobile Convergence)
FMC (Fixed Mobile Convergence) What About Security? Vancouver June 2008 Franck Veysset, Orange Labs Firstname.lastname at orange-ftgroup dot com Agenda Introduction - FMC? WIFI-SIP overview UMA overview
More informationDelivery of Voice and Text Messages over LTE
Delivery of Voice and Text Messages over LTE 1. The Market for Voice and SMS! 2. Third Party Voice over IP! 3. The IP Multimedia Subsystem! 4. Circuit Switched Fallback! 5. VoLGA LTE was designed as a
More informationIP Telephony Deployment Models
CHAPTER 2 Sections in this chapter address the following topics: Single Site, page 2-1 Multisite Implementation with Distributed Call Processing, page 2-3 Design Considerations for Section 508 Conformance,
More informationWhat is telecommunication? electronic communications? What is telephony?
What is telecommunication? Telecommunication: Any transmission, emission or reception of signs, signals, writing, images and sounds or intelligence of any nature by wire, radio, optical or other electromagnetic
More informationMobile Devices Security: Evolving Threat Profile of Mobile Networks
Mobile Devices Security: Evolving Threat Profile of Mobile Networks SESSION ID: MBS-T07 Anand R. Prasad, Dr.,ir., Selim Aissi, PhD Objectives Introduction Mobile Network Security Cybersecurity Implications
More informationDefending mobile phones. Karsten Nohl, nohl@srlabs.de Luca Melette, luca@srlabs.de
Defending mobile phones Karsten Nohl, nohl@srlabs.de Luca Melette, luca@srlabs.de GSM networks provide the base for various attacks SS7 Phone Base station GSM backend network User database (HLR) Vulnerability
More informationChapter 10 VoIP for the Non-All-IP Mobile Networks
Chapter 10 VoIP for the Non-All-IP Mobile Networks Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University Outline 10.1 GSM-IP: VoIP Service for GSM 256
More informationVoice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005
Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationMobile Networking Concepts and Protocols CNT 5517
Mobile Networking Concepts and Protocols CNT 5517 Some slides are adapted from Dr. Dave Johnson Notes Dr. Sumi Helal, Ph.D. Professor Computer & Information Science & Engineering Department University
More informationInternet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011
Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice
More informationSPYTEC 3000 The system for GSM communication monitoring
SPYTEC 3000 The system for GSM communication monitoring The SPYTEC 3000 system is intended for passive (if system encryption is absent of if A5.2 encryption is used) or semi-active (if A5.1 encryption
More information2G/3G Mobile Communication Systems
2G/3G Mobile Communication Systems Winter 2012/13 Integrated Communication Systems Group Ilmenau University of Technology Outline 2G Review: GSM Services Architecture Protocols Call setup Mobility management
More informationWhat is telecommunication? electronic communications. service?
What is telecommunication? Telecommunication: Any transmission, emission or reception of signs, signals, writing, images and sounds or intelligence of any nature by wire, radio, optical or other electromagnetic
More informationConnecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP
Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual
More informationSecurity in Wireless Local Area Network
Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June
More informationSecurity and Authentication Concepts
Security and Authentication Concepts for UMTS/WLAN Convergence F. Fitzek M. Munari V. Pastesini S. Rossi L. Badia Dipartimento di Ingegneria, Università di Ferrara, via Saragat 1, 44100 Ferrara, Italy
More information