Network Security. Chapter 14. Security Aspects of Mobile Communications



Similar documents
CHAPTER 1 INTRODUCTION

Theory and Practice. IT-Security: GSM Location System Syslog XP 3.7. Mobile Communication. December 18, GSM Location System Syslog XP 3.

Compter Networks Chapter 9: Network Security

GSM and UMTS security

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

UMTS security. Helsinki University of Technology S Security of Communication Protocols

Wireless Sensor Networks Chapter 14: Security in WSNs

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Wireless Networks. Welcome to Wireless

How To Write A Transport Layer Protocol For Wireless Networks

SSL A discussion of the Secure Socket Layer

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Authentication and Security in IP based Multi Hop Networks

Wireless Encryption Protection

1 Introduction. 2 Assumptions. Implementing roaming for OpenBTS

Security and Privacy Issues in Wireless Sensor Networks for Healthcare

VPN Technologies: Definitions and Requirements

SecureCom Mobile s mission is to help people keep their private communication private.

Tema 5.- Seguridad. Problemas Soluciones

Mobility Management 嚴 力 行 高 雄 大 學 資 工 系

Chapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption

Configuring Wireless Security on ProSafe wireless routers (WEP/WPA/Access list)

EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server

Mobile Office Security Requirements for the Mobile Office

Security Goals Services

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

How To Secure Wireless Networks

GPRS Network Security

IY2760/CS3760: Part 6. IY2760: Part 6

Chap. 1: Introduction

Mobile network security report: Greece

Mobile network security report: Norway

Tor Anonymity Network & Traffic Analysis. Presented by Peter Likarish

Introduction. -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services

Using etoken for SSL Web Authentication. SSL V3.0 Overview

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

Wireless Network Security

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Own your LAN with Arp Poison Routing

Cellular Networks: Background and Classical Vulnerabilities

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

The GSM and GPRS network T /301

Security for 802 Access Networks: A Problem Statement

How To Use Kerberos

VPN. Date: 4/15/2004 By: Heena Patel

E Mail Encryption End User Guide

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Authentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

SpiderCloud E-RAN Security Overview

Secure Voice v 1.1 Mobile conversation encryption for Symbian Smartphones

Content Teaching Academy at James Madison University

VPN Configuration Guide. Dell SonicWALL

Computer Networks. Secure Systems

Notes on Network Security - Introduction

Your Wireless Network has No Clothes

NXC5500/2500. Application Note w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

CS Cellular and Mobile Network Security: GSM - In Detail

GSM GPRS. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides)

TELE 301 Network Management. Lecture 16: Remote Terminal Services

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG

SSLPost Electronic Document Signing

TOPIC HIERARCHY. Distributed Environment. Security. Kerberos

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

GSM Databases. Virginia Location Area HLR Vienna Cell Virginia BSC. Virginia MSC VLR

The Basics of Wireless Local Area Networks

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Key Management and Distribution

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Introduction to Cryptography

Multimedia Communication in the Internet. SIP: Advanced Topics. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS

GeoMatrix. Positioning of Mobile Phones System

Network Security. Chapter 9 Integrating Security Services into Communication Architectures

International Journal of Computing and Business Research (IJCBR) INSECURE GSM NETWORK AND SECURITY SOLUTIONS FOR MOBILE BANKING

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification

Synology QuickConnect

MAP/C SEND ROUTING INFO FOR SM. Destination Mobile Number. Obtain the SS7 address of the MSC VLR currently serving the specified Mobile Number


SS7 & LTE Stack Attack

Transcription:

Network Security Chapter 14 Security Aspects of Mobile Communications Network Security (WS 2002): 14 Security Aspects of Mobile Communications 1

Security Aspects of Mobile Communication Mobile communication faces all threats that does its fixed counterpart: Masquerade, eavesdropping, authorization violation, loss or modification of transmitted information, repudiation of communication acts, forgery of information, sabotage Thus, similar measures like in fixed networks have to be taken However, there are some specific issues arising out of mobility of users and / or devices: Some already existing threats get more dangerous: Wireless communications is more accessible for eavesdropping The lack of a physical connection makes it easier to access services Some new difficulties for realizing security services: Authentication has to be re-established when the mobile device moves Key management gets harder as peer identities can not be predetermined One completely new threat: The location of a device / user becomes a more important information that is worthwhile to eavesdrop on and thus to protect Network Security (WS 2002): 14 Security Aspects of Mobile Communications 2

Location Privacy in Mobile Networks (1) There is no appropriate location privacy in today s mobile networks: GSM / UMTS: Active attackers can collect IMSIs on the air interface Visited network s operators can partially track the location of users Home network operators can fully track the location of users However, at least communicating end systems can not learn about the location of a mobile device Wireless LAN: No location privacy, as the (world-wide unique) MAC address is always included in the clear in every MAC frame Mobile IP: Standard Mobile IP: HA can fully / FA can partially track MNs Mobile IP with AAA: no location privacy on air interface, foreign AAA infrastructure can partially / home AAA server can fully track MNs Mobile IP with route optimization: even CNs can track an MN from everywhere around the world if the MN wishes to use the optimization Network Security (WS 2002): 14 Security Aspects of Mobile Communications 3

Location Privacy in Mobile Networks (2) The basic location privacy design problem: A mobile device should be reachable No (single) entity in the network should be able to track the location of a mobile device Some fundamental approaches to this problem [Müller99a]: Broadcast of messages: Every message is sent to every possible receiver If confidentiality is needed, the message is encrypted asymmetrically This approach does not scale well for large networks / high load Temporary pseudonyms: Mobile devices use pseudonyms which are changed regularly However, to be able to reach the mobile device this needs a mapping entity which can track the mobile s history of pseudonyms Mix networks: Messages are routed via various entities (mixes) and every entity can only learn a part of the message route (see below) Network Security (WS 2002): 14 Security Aspects of Mobile Communications 4

Location Privacy in Mobile Networks (3) Addressing schemes for location privacy with broadcast: Explicit addresses: Every entity that sees an explicit address is able to determine the addressed entity Implicit addresses: An implicit address does not identify a specific device or location, it just names an entity without any further meaning attached to the name Visible implicit addresses: Entities that see multiple occurrences of an address can check for equality Invisible implicit addresses: Only the addressed entity can check for equality of the address This requires public key operations: ImplAddr A = {r B, r A } +KA where r A is chosen by the addressed entity and r B is a random value created by an entity B which wants to invisibly make reference to entity A Network Security (WS 2002): 14 Security Aspects of Mobile Communications 5

Location Privacy in Mobile Networks (4) Temporary Pseudonyms: The location of a device A is no longer stored with its identification ID A but with a changing pseudonym P A (t) Example: VLRs in GSM might just know and store the TMSI (which is kind of a temporary pseudonym) The mapping of an ID A to the current pseudonym P A (t) is stored in a trustworthy device Example: GSM HLRs might be realized as trustworthy devices When an incoming call has to be routed to the current location of device A: The network provider of device A asks the trustworthy device for the current pseudonym P A (t) The network then routes the call to the current location of A by looking up the temporary pseudonym in a location database It is important, that the entities that route a call can not learn about the original address of the call setup message ( implicit addresses) The use of mixes (see below) can provide additional protection against attacks from colluding network entities Network Security (WS 2002): 14 Security Aspects of Mobile Communications 6

Location Privacy in Mobile Networks (5) Communication mixes: The concept was invented in 1981 by D. Chaum for untraceable email communication A mix hides the communication relations between senders and receivers: It buffers incoming messages which are asymmetrically encrypted so that only the mix can decrypt them It changes the appearance of messages by decrypting them It changes the order of messages and relays them in batches However, if the mix is compromised an attacker can learn everything Security can be increased by cascading mixes Example: A sends a message m to B via two mixes M1 and M2 A M1: {r 1,{r 2, {r 3, m} +KB } +KM2 } +KM1 M1 M2: {r 2, {r 3, m} +KB } +KM2 M2 B: {r 3, m} +KB It is important, that the mixes process enough messages This concept can be applied to mobile communications [Müller99a] Network Security (WS 2002): 14 Security Aspects of Mobile Communications 7

Additional References [Müller99a] G. Müller, K. Rannenberg (Ed.). Multilateral Security in Communications. Addison-Wesley-Longman, 1999. Network Security (WS 2002): 14 Security Aspects of Mobile Communications 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information