Mobile Devices Security: Evolving Threat Profile of Mobile Networks

Similar documents
Mobile Devices Security: Evolving Threat Profile of Mobile Networks

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

Network Access Security in Mobile 4G LTE. Huang Zheng Xiong Jiaxi An Sihua

LTE transport network security Jason S. Boswell Head of Security Sales, NAM Nokia Siemens Networks

3GPP SAE/LTE Security

LTE Overview October 6, 2011

LTE Security How Good Is It?

Security in the Evolved Packet System

4G Mobile Networks At Risk

Practical Security Testing for LTE Networks BlackHat Abu Dhabi December 2012 Martyn Ruks & Nils

Security Testing 4G (LTE) Networks 44con 6th September 2012 Martyn Ruks & Nils

UMTS security. Helsinki University of Technology S Security of Communication Protocols

An Oracle White Paper December The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks

Security Analysis of LTE Access Network

FIGHTING FRAUD ON 4G. Neutralising threats in the LTE ecosystem

Mobile Office Security Requirements for the Mobile Office

Long-Term Evolution. Mobile Telecommunications Networks WMNet Lab

On LTE Security: Closing the Gap Between Standards and Implementation

How To Understand The Gsm And Mts Mobile Network Evolution

Optimization Handoff in Mobility Management for the Integrated Macrocell - Femtocell LTE Network

Delivery of Voice and Text Messages over LTE

Diameter in the Evolved Packet Core

Oracle s Secure HetNet Backhaul Solution. A Solution Based on Oracle s Network Session Delivery and Control Infrastructure

3GPP Long Term Evolution: Architecture, Protocols and Interfaces

Mobile IPv6 deployment opportunities in next generation 3GPP networks. I. Guardini E. Demaria M. La Monaca

TEPZZ 68575_A_T EP A1 (19) (11) EP A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art.

Long Term Evolution - LTE. A short overview

NTT DOCOMO Technical Journal. Core Network Infrastructure and Congestion Control Technology for M2M Communications

LTE Security. EventHelix.com. Encryption and Integrity Protection in LTE. telecommunication design systems engineering real-time and embedded systems

Evolutionary Trends towards Beyond 3G Mobile Networks

WHITE PAPER. WiMAX Security for Real-World Network Service Provider Deployments

Architecture Overview NCHU CSE LTE - 1

Detailed Description about course module wise:

Security Requirements for Wireless Networking

EETS 8316 Wireless Networks Fall 2013

IP-based Mobility Management for a Distributed Radio Access Network Architecture. helmut.becker@siemens.com

Trends in Mobile Network Architectures 3GPP LTE Mobile WiMAX Next Generation Mobile Networks Dr.-Ing. Michael Schopp, Siemens Networks

UNDERSTANDING CORE TELECOM SECURITY

Authentication and Security in IP based Multi Hop Networks

Chapter 6 Wireless and Mobile Networks

Chapter 3: WLAN-GPRS Integration for Next-Generation Mobile Data Networks

How To Use A Femtocell (Hbn) On A Cell Phone (Hbt) On An Ipad Or Ipad (Hnt) On Your Cell Phone On A Sim Card (For Kids) On The Ipad/Iph

The future of mobile networking. David Kessens

Overview of the Evolved packet core network

Mobile Services (ST 2010)

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation

Introduction to Evolved Packet Core

Evolution of the 3GPP Network Architecture, (the Evolved Packet Core)

Secure distribution of the device identity in mobile access network. Konstantin Shemyak senior security specialist, Nokia Siemens Networks

LTE Performance and Analysis using Atoll Simulation

3GPP Femtocells: Architecture and Protocols. by Gavin Horn

Just as the ecommerce companies have

EE5406 Wireless Network Protocols Network Architectures

LTE CDMA Interworking

Protocol Signaling Procedures in LTE

2G/3G Mobile Communication Systems

Contents. Preface. Acknowledgement. About the Author. Part I UMTS Networks

Securing the Interconnect Signaling Network Security

trends in mobile malware and importance of network based user protection

GSM services over wireless LAN

Single Radio Voice Call Continuity. (SRVCC) with LTE. White Paper. Overview. By: Shwetha Vittal, Lead Engineer CONTENTS

Authentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography

SS7 & LTE Stack Attack

Top tips for improved network security

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Nokia Siemens Networks Flexi Network Server

A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols

Single Radio Voice Call Continuity (SRVCC) Testing Using Spirent CS8 Interactive Tester

Guideline on Safe BYOD Management

Certified Ethical Hacker Exam Version Comparison. Version Comparison

IP Multimedia System: general aspects and migration perspectives

Network Security: Introduction

LTE and the Evolution to 4G Wireless

Mobility Management for All-IP Core Network

LTE Control Plane on Intel Architecture

Security and Authentication Concepts

Security in cellular-radio access networks

Security Architecture Standardization and Services in UMTS

IPv6 and 4G. Christian Bonnet Michelle Wetterwald Institut Eurécom

Wireless & Mobile. Working Group

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

INTERNATIONAL TELECOMMUNICATION UNION

Defending Against Data Beaches: Internal Controls for Cybersecurity

Supporting mobility in the RAN cloud

Evolution of GSM in to 2.5G and 3G

Global System for Mobile Communication Technology

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

Promoting Network Security (A Service Provider Perspective)

ASMONIA. Attack analysis and Security concepts for MObile Network infrastructures, supported by collaborative Information exchange

Telecommunication Services Engineering (TSE) Lab. Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC)

2G Mobile Communication Systems

Product Description. HiLink E3531 HSPA+ USB Stick V100R001 HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

From GSM to LTE-Advanced. An Introduction to Mobile Networks and Mobile Broadband. Revised Second Edition

Marble & MobileIron Mobile App Risk Mitigation

The Key to Secure Online Financial Transactions

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Security considerations for IMS access independence

Transcription:

Mobile Devices Security: Evolving Threat Profile of Mobile Networks MBS-W07 Selim Aissi, PhD

Objectives Mobile Security Threat Landscape Mobile Network Security Cybersecurity Implications, Mitigations & Future Developments 2

THREAT LANDSCAPE 3

Current Threat Landscape Players Amateur Hacker Cyber Activist Cyber Criminal Organized Crime Global Terrorism Nation-State Objectives Notoriety Harassment Fraud Economic Disruption Fear/Panic Global Power Basic Hacking Social Engineering Capabilities Denial of Service Phishing Advanced Malware Malware Insider Threads Targets DDOS Attack Bank Large Global Bank Supply Chain Critical National Infrastructure Peer Group Regulated Banks Financial Services Industry Leaders DoD

Top 15 Mobile Device Threats ID Mobile Threat Threat Description 1 Malware Targeting Mobile Platforms 2 Mobile Spoofing Malicious software such as viruses, Trojan horses, spyware, and malicious active content. A malicious person or program could misrepresent as another in order to acquire sensitive personal information 3 Infected Applications Application Downloads containing malicious software 4 Web Browser Attacks 5 SMS Redirection, SMS Hijack or SMS Exploit Forwarding 6 Vendor Breach Exploitation of malicious web applications to steal credentials, perform fraudulent transactions or compromise information. An SMS message can be used to redirect a mobile web browser to a malicious website Compromise of a vendor s infrastructure could result in the loss of confidential information. Now includes Carriers 7 Transport/ Protocol Gap Weakness in network or transport layer could allow eavesdropping or takeover 8 User Device Control Mobile device could be lost, stolen or inappropriately borrowed or misused 9 Platform/Device Attacks Utilization of known platform/device specific weaknesses to perpetrate malicious activities 10 Limited Control on App Stores Market place enforces less constraints on applications hosted (Application that can automatically track spouse) 11 Cloning of Mobile Devices Cloned smartphone/tablet mobile device built using feature phone/feature tablet ingredients. 12 Social Engineering of Mobile Device Data Leveraging user s behavior of creating consistent username and password for all accounts, 13 Side-Load Physical Attacks Leverage wired IO interfaces and wireless interfaces to launch side-loading attacks. 14 Rootkit Specific Anti-Virus/Anti- Malware Attacks Kernel rootkit type attacks are increasing on the PC as well as the mobile device 15 Uncontrolled Context-Awareness Data Gathering Limited control is enforced on applications accessing sensors.

MOBILE NETWORK SECURITY 6

Mobile Network Security Helicopter View Service Service Layer O&M, OSS/BSS Subscriber Identity Module (SIM) Mobile Equipment (ME) Radio Network Core Network Foreign Network User Equipment (UE) Internet Home subscriber subsystem (HSS) Other network e.g. WiFi New radio network Legacy radio networks Control plane User plane 7 Security, standardized or otherwise

UMTS Security: Architecture Service (IV) Service Layer K HSS & USIM CK IK ME & Radio network ME (III) User Equipment (I) USIM (I) (I) Radio Network Mutual authentication, confidentiality (optional) & integrity Separate keys for confidentiality & integrity Same keys for user and control planes (I) Core Network (I) (II) HSS Network access security (I) Network domain security (II) User domain security (III) Application domain security (IV) Visibility and configurability of security (V) HSS: Home Subscriber Subsystem; ME: Mobile Equipment; USIM: Universal Subscriber Identity Module 8

LTE Security: Architecture Service (IV) Service Layer USIM (I) (I) (III) (II) ME User Equipment (I) (I) (I) Radio Network (I) (II) Core Network HSS Network access security (I) Network domain security (II) User domain security (III) Mutual authentication, confidentiality (optional) & integrity Separate keys for each purpose Application domain security (IV) Visibility and configurability of security (V) USIM: Universal Subscriber Identity Module; ME: Mobile Equipment; HSS: Home Subscriber Subsystem 9

LTE Security: Mobility aspects Element 1 LTE Core Network Element 2 UMTS Core Network Base-Station Cell 1 Cell 2 Forward & backward security: Cryptographically separate keys derived at each handover Keys mapped between different types of networks LTE: Long-Term Evolution 10

Security Considerations Over-the-top services Service control, Authentication center, O&M, OSS/BSS etc. 1. Subscriber privacy 2. Fraudulent charging Core network 3. Protocol attack 4. Attack on network elements Radio network 5. Finding network topology 6. Overload network (DoS, DDoS): with botnets, malware, home made terminals etc. BSS: Billing Support System; DoS: Denial of Service; DDoS: Distributed DoS; O&M: Operations and Management; OSS: Operations Support System 11

CYBERSECURITY IMPLICATIONS, MITIGATIONS, AND FUTURE DEVELOPMENTS 12

Cybersecurity Implications GSM GPRS UMTS SAE/LTE Security Services Ciphering User authentication Equivalent to wired Ciphering User authentication Ciphering & integrity Mutual auth. Ciphering & integrity Mutual auth. Authentication Authentication: 3 values UMTS-AKA: 5 values EPS-AKA: 5 values Keys Derivation of a ciphering key after auth. Derivation of CK & IK Separate keys for each purpose Key Length Shared key 128 bits for auth. Derived 64 bits out of which 54 used for ciphering Shared key 128 bits for auth. Derived 64 bits for ciphering 128 bits 128 bits Key handling Changed on authentication Changed on each handover Algorithm A5/1 / 2 /3; specification is confidential. A5/3 is based on Kasumi GPRS Encryption Algorithm (GEA): GEA0/GEA1/GEA2/ GEA3 Kasumi from Rel. 4 SNOW 3G, AES and ZUC End-Point Security BTS SGSN RNC / SGSN enb for UP & RRC MME for NAS Network Security None None initially MAPsec and IPsec IPsec 13

Cybersecurity Implications Threat landscape and computational power have evolved much faster, with no significant updates in the overall security architecture Local DoS attack against the cell service Heterogeneous networks (Metrocells, Femtocells and WiFi) Local radio jamming attacks Complex DDoS threats targeting essential EPC elements, such as the HSS 14

Cybersecurity Implications Attack Mode Local (Femto/RAN/eNB/WiFi) EPC (Core) PDN (Global) DoS 1. Jamming Attack DL-LP UL-LP Femto-based 2. BS Vulnerabilities 1. Femto-based Attack 2. Core Network Vulnerabilities in GW, MME 1. APT 2. Malware DDoS 1. LP Jamming Attack 2. BS saturation with SMS 3. Protocol Misbehavior 1. Botnet of MEs 2. Amplification Attacks 3. HSS Saturation 4. EPC Saturation 1. Botnet of MEs 2. Attack against Internet Nodes Insider 1. Jamming with a BS 2. BS Shutdown 1. Node Damage 2. HSS Saturation 3. EPC Saturation 1. HSS Saturation 15

Mitigations & Future Developments Flexible/Distributed Load Balancing (SDN) Flexible/Adaptive Management of the EPC (SDN) Advanced Anti-Jamming Techniques (e.g., Multi-Antenna Jamming Mitigation) Distribution/Optimization of EPC Functions Optimization of Radio Resource Management Advanced Data Mining Techniques to Detect Attacks HSS Saturatio n Attacks X EPC Amplificati on Attacks X Scalabilit y Attacks X X X X X Jamming Attacks X X X X X X 16

Summary Mobile Network Security Cybersecurity Implications Mitigations & Future Developments 17

Q&A Selim Aissi: saissi@visa.com

APPENDICES Page 19

References Security for Mobile Networks and Platforms, Selim Aissi, Nora Dabbous and Anand R. Prasad, Artech House, July 2006. Security in Next Generation Mobile Networks: SAE/LTE and WiMAX, Anand R. Prasad and Seung-Woo Seo, River Publishers, August 2011. 3GPP TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security". 3GPP TS 33.401: "3GPP System Architecture Evolution (SAE); Security architecture". 3GPP TS 33.102: "3G security; Security architecture.

Definitions Definitions APT BS BTS DDoS DL DoS EDGE EPC GERAN GPRS GSM GW enb Advanced Persistent Threat Base Station Base Transceiver Station Distributed Denial of Service (Attack) Down Link Denial of Service (Attack) Enhanced Data rates for GSM Evolution Evolved Packet Core GSM EDGE Radio Access Network General Packet Radio Service Global System for Mobile Communications Gateway Evolved NodeB 21

Definitions Definitions EPS IMS KDF LP LTE ME MME NAS NCC NGMN NH Evolved Packet System IP Multimedia Subsystem Key Derivation Function Low Power Long Term Evolution Mobile Equipment Mobility Management Entity Non-Access Stratum Next hop Chaining Counter Next Generation Mobile Networks Next Hop 22

Definitions Definitions PCI PDG PDN PLMN PSTN RAT RNC RRC SAE SGSN SIM SMS Physical Cell Identity Packet Data Gateway Packet Data Network Public and Mobile Network Public Switched Telephone Network Radio Access Technology Radio Network Controller Radio Resource Control System Architecture Evolution (3GPP) Serving GPRS Support Node Subscriber Identity Module Short Message Service 23

Definitions Definitions UE UL UMTS USIM UTRAN User Equipment Upward Link Universal Mobile Telecommunications System Universal Subscriber Identity Module Universal Terrestrial Radio Access Network WiFi Wireless Fidelity, Wi-Fi is a trademarked term meaning IEEE 802.11x WLAN Wireless Local Area Network 24

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information