Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001
Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used for Network Access Security Requirements Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 2
Mobile Networks Security Concepts in Mobile Networks GSM WAP UMTS Applications in Mobile Networks Mobile Terminal used for Network Access Security Requirements Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 3
Security Concepts in GSM mobile / fixed network Air Interface BTS BTS BSC MSC/VLR PLMN/PSTN HLR/AuC BSC encrypted BTS AuC HLR BTS BSC MSC VLR Authentication Center Home Location Register Base Transceiver Station Base Station Controller Mobile Switching Center Visitor Location Register subscriber authentication encrypted air interface anonymous identity Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 4
Authentication in GSM MSC/VLR PLMN/PSTN MS ME SIM Air Interface signed response ciphering key 3 2 BTS 1 challenge BSC =? RAND SRES Kc A3 A8 3 HLR/AuC Ki Ki A8 A3 Authentication triplets generated in AuC and collected in MSC: RAND SRES Kc random number, signed response, ciphering key Ki ME MS SIM Individual secret Key Mobile Equipment Mobile Station = ME+SIM Subscriber Identity Module Challenge/response authentication from MSC to SIM Enter ciphering mode without transmitting Kc on the air Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 5
Transport encryption in WAP WAP gateway Web server WAP browser mobile network WTLS Internet SSL Main risks handled: eavesdropping on the air and in the Internet Internet and Mobile Network encrypted WTLS: network-independent technology Operates on GSM, CDMA, GPRS, Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 6
UMTS network Node B RNC 3G MSC/VLR Circuit Core Network 3G SGSN 3G GGSN UICC: USIM,... Node B IP intranet IP Network MSC RNC SGSN GGSN UICC USIM circuit traffic packet traffic Mobile Switching Center Radio Network Controller Serving GPRS Support Node Gateway GPRS Support Node UMTS Integrated Circuit Card User Service Identity Module Improved network security New interfaces to be secured: Internet and Multimedia Services Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 7
Security Concepts in UMTS Compatibility with GSM security features and network Address the security weaknesses of GSM: access security only: security between mobile and switch, i.e. microwave links now encrypted subscriber authentication only: mutual authentication of subscriber and network vulnerable for active attacks: encrypted signaling messages short keys: increased key length clear transmission of cipher keys and authentication values within and between networks in case of roaming: session keys for roaming (transport security) lack of confidence in cryptographic algorithms: well-studied open algorithms Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 8
Mobile Network Summary GSM - GSM + plain text transmitted in the network subscriber authentic. encrypted air interface no end-to-end WAP security full transport layer encr. WAP choice of algorithms, no end-to-end security elliptic curve cryptogr. efficient for mobiles plain text in WAP UMTS gateway network authentication UMTS exposed to attacks from the Internet data privacy problem in location based services Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 9 protected access network encrypted messages increased key lengths secure interface between networks
Mobile Applications Security Concepts in Mobile Networks Applications in Mobile Networks Application in the Terminal: WAP or SAT Application in PDA or Notebook Mobile Terminal used for Network Access Security Requirements Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 10
Applications in the terminal SMS, USSD GSM 11.14 SAT: SIM Application Toolkit Mobile is used as a primitive I/O-terminal Interface between mobile and SIM standardized, i.e. independent from mobile equipment Communication uses SMS or USSD for transport Applications are specific for the card used, programming by experts only Applications limited in size by card memory and performance SAT browser incl. security plug-ins instead of WAP Mature technology, widely supported by terminals Slow transmission: mainly for small messages SMS USSD Short Message Service Unstructured Supplementary Service Data Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 11
Applications in the terminal SMS, USSD JavaCard SMS USSD GSM 11.14 Short Message Service Unstructured Supplementary Service Data Mobile terminal is an Internet access terminal which can be used for phone calls in special cases, Mobile is used as a primitive I/O-terminal Performance of Smart Cards rapidly increasing In addition to the SIM application, e.g. Java Interpreter and (remotely) loaded Java applets can execute in the Smart Card User interactive applications run on the Card Functionality of the mobile terminal can be controlled by the Smart Card Payload in a SMS is sent to the Smart Card without user intervention Serious security issues to be solved (signed applets, verification of arriving applets ) Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 12
Network Access Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used for Network Access Security Requirements Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 13
Mobile Terminal used as Network Access Ca. 500 Mio. GSM terminals in use world-wide can be always online, i.e. 3 times more than Internet hosts Network access from PDA or Notebook via mobile terminal using cable, Infrared, Bluetooth, ad-hoc-networks Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 14
Mobile Terminal used as Network Access Bluetooth: local wireless connection to devices, speed: up and down 433 kbits/s each or up 58 kbits/s and down 721 kbits/s, 8 devices, multipoint Bluetooth security symmetric payload encryption (8 128 bits key length) optional authorization (permission to use services) challenge-response authentication to check that both sides of a pair of devices use the same encryption key frequency hopping Bluetooth provides basic security for simple networks needs application level support and end-to-end security for serious, security sensitive work Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 15
Mobile Terminal used as Network Access IrDA: point-to-point ad-hoc transmissions for up to ca. 1m with at up to 4 Mbits/s (16 Mbits/s under development) requires optical visibility uses the same upper layer protocol as Bluetooth for point-and-shoot style of operation in a narrow angle (ca. 30 ), easy choice of recipient IrDa security: no link layer security relies on application level security security mechanisms Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 16
Mobile Equipment used as Network Access Wireless LAN (IEEE 802.11b) security frequency hopping; access control lists data security: Wired Equivalent Privacy (WEP) encrypts data, but leaves the headers intact, weak algorithm 40 bits RC4, shared key; this is not an end-to-end privacy challenge-response authentication no access barriers inside the network defined shares the same vulnerabilities with wired LAN (Internet access, sniffing, ) plus vulnerability for jamming (Denial of Service attack) Internet requires careful handling of security issues on upper layers Access Point Intranet Appli. Server Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 17
Ad-hoc networks Ad-hoc networks: mutual communication among wireless clients no network structure Ad-hoc network security: Authenticity to be implemented by signed certificates Access control lists sophisticated key agreement necessary to defend eavesdropping during the key agreement phase (secure authentication and encryption) Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 18
Security Requirements Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used for Network Access Security Requirements Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 19
Security Requirements Challenge Security threats for the Mobile Office are not new, but PDAs, WAP, Bluetooth present unique and urgent security challenges when connected to critical/sensitive enterprise systems or used for commercial transactions how to guarantee secure host access and secure transactions from mobile terminals using a variety of protocols? Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 20
Security Requirements for the Mobile Office Mandatory security requirements confidentiality cryptography authentication certificates integrity signatures non-repudiation signatures+certificates easy and strong user authentication explicit transaction authorization end-to-end encryption accepted log-on security (biometrics ) instead of several PINs, passwords, etc. intrusion detection and audit-trail Define a security policy that states the rules for access and plan mechanisms and countermeasures Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 21
Summary Standard challenges of e-commerce Denial-of-Service attacks virus code modification, replay, etc. in gateway systems Additional challenges for m-commerce easy eavesdropping on air interface Denial-of-Service attacks : jamming limited performance of mobile devices in terms of memory and throughput means limited cryptographic performance variety of protocols to be supported high risk that mobile equipment is stolen or lost, i.e. user authentication is critical and the shared secret should not be compromised in that case Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 22
Summary Authentication and end-to-end encryption crucial Problem of secure key handling to be solved without complicating the handling Networks provide at best basic security; PKI (Public Key Infrastructure) required for commercial use and for access to sensitive data: cryptography, digital signatures, digital certificates: under defin. by Radicchio, Msign, GMCIG, Met,... SIM+SIM Application Toolkit, Java Card or UICC with security applications can host security software in a mobile terminal; smart card and cryptographic software to be used in a PDA or notebook Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 23
Recommendations build security in from the beginning build a complete security solution incl. intrusion detection, anti-virus scanners (content), firewalls, access control, logging, handle gateways (e.g. WAP gateway) as if they were application servers fully support wireless networks by central IT or outsource the construction of a secure infrastructure to avoid creation of distributed less secure networks monitor security regularly (operate and maintain (!) intrusion detection, process access logs, ) and prepare to react Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 24
Alcatel s role Alcatel is a network manufacturer covering the complete range of products Alcatel offers consulting services Alcatel is a partner in cooperations e.g. with KeySoft for mobile-based Extranet access solutions based on the MOBEX product: mobile access to mail, files, calendar, secured applications, etc. Gemplus to guarantee the compatibility of the USIM smart card with the UMTS network Certicom, RSA et al. for security technology used in mobile, VPN and PABX solutions Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 25
contact: alcatel.consulting@alcatel.de Alcatel SEL AG, S. Rupp Mobile Office - Anforderungen an die Sicherheit 26