<<  CCH Federal Taxation Comprehensive Topics Central Line-Associated Bloodstream Infections (CLABSI) in Non-Intensive Care Unit (non-ICU) Settings Toolkit  >>
Cellular Network Security
Cellular Network Security
A brief history of cellular networks
A brief history of cellular networks
Challenges of Cellular Networks
Challenges of Cellular Networks
Security Issue for Cellular Networks
Security Issue for Cellular Networks
Phone OS by Market Share
Phone OS by Market Share
Phone OS Market Share  US, UK, China
Phone OS Market Share US, UK, China
I-Security
I-Security
Blackberries
Blackberries
Android
Android
GSM vs CDMA
GSM vs CDMA
3G  Network Components
3G Network Components
3G  Implementation
3G Implementation
Attacks on Cellular Neworks
Attacks on Cellular Neworks
3G - Defensive Measures
3G - Defensive Measures
3G-Integrity and Confidentiality
3G-Integrity and Confidentiality
F8  Confidentiality Algorithm
F8 Confidentiality Algorithm
3G-Internet Security
3G-Internet Security
Cellular Network Security
Cellular Network Security
Liability Quantity and nature of data Potential harm from data
Liability Quantity and nature of data Potential harm from data
Sources
Sources
Sources - Countinued
Sources - Countinued

: Cellular Network Security. : ryan-watts. : Cellular Network Security.ppt. zip-: 935 .

Cellular Network Security

Cellular Network Security.ppt
1 Cellular Network Security

Cellular Network Security

Secure Systems Administration Spring 2011

Ryan Stepanek

2 A brief history of cellular networks

A brief history of cellular networks

Cellular networks have been deployed for the last three decades 1G networks had maxspeeds of about 9.6 kbs [1] As network technology evolved, two standards emerged: CDMA and GSM Modern cellular networks operate in the third and fourth generation, reaching theoretical speeds up to 100 Mbit/s

3 Challenges of Cellular Networks

Challenges of Cellular Networks

Open Access Wireless No physical connection necessary! Bandwidth Limitations Everyone has to share the network. System Complexity The larger the implementation of the system the more difficult it is to maintain security. Confidentiality Private data needs to be encrypted. Integrity Must minimize data loss; more services being sent through the network. Authentication With Other Networks Companies need to play nice with each other.

4 Security Issue for Cellular Networks

Security Issue for Cellular Networks

Operating systems on mobile devices Android, Windows, iPhone Web services Potential for abuse through the addition of new services; DOS. Location Detection Keep the location of the user private! Spyware; malware Phones and network may be vulnerable.

5 Phone OS by Market Share

Phone OS by Market Share

6 Phone OS Market Share  US, UK, China

Phone OS Market Share US, UK, China

7 I-Security

I-Security

Mobile OS left open to viruses and malware Users can jailbreak and run their own code History of being slow to patch SMS virus over two months to patch! Spreading the virus required only the victims phone number Spread through memory corruption in iPhone[6] Potentially detrimental to host network Dangerously popular In December 2009 AT&T was forced to halt iPhone sales in New York[5] Can you hear me now? Network load became too great for existing infrastructure

8 Blackberries

Blackberries

Very good encryption Causes conflicts with governments on the grounds of national security i.e. India 2009[7] Relies on security through obscurity Vulnerable through third party apps i.e. the Webkit browser was used at this years Pwn2Own hacking expo.[8] Blackberry Enterprise Server(BES) Commonly used in business and government, compromising the server could allow access to phone information Fairly secure if configured correctly(EAL 4+)[10]

9 Android

Android

Open source Incredibly threatening to network profit/security i.e. free WiFi tethering Rooting Allows greater control over the phone Creates a natural conflict between the service provider and customer Also increases vulnerability to viruses i.e. custom ROMs will not receive updates from the service provider Companies now actively trying to hinder rooting i.e. Motorola[8]

10 GSM vs CDMA

GSM vs CDMA

GSM More than 3.8 billion people worldwide Far more common outside of North America More than 89 percent of market share[4] More than more than 212 countries and territories[3] Interferes with some electronics CDMA Transmits data signal modulated with pseudorandom code Generally allows for larger transmission cells Allows users to share frequencies

11 3G  Network Components

3G Network Components

Radio Access Network Towers Radio Network Controllers Core Network Packet Switched Network Circuit Switched Network SGSN Handles Access Control and Route Management GGSN Gateway to the Internet

12 3G  Implementation

3G Implementation

13 Attacks on Cellular Neworks

Attacks on Cellular Neworks

DOS/DDOS Probably the most common. iPhones Services and bandwidth usage seems to be increasing faster than network infrastrucure More achievable now through infecting phones Jamming Highly localized, similar in effect to DOS Eavesdropping Man in the Middle attacks Session hijacking

14 3G - Defensive Measures

3G - Defensive Measures

Network Access Security Utilizes secret keys and secret key ciphers to maintain confidentiality Uses a temporary International Mobile User Identity to protect the users identity. Challenge Response System Used when Authenticating Occurs when user first connects to network, when the network receives a service request, when a location update is sent, on attach/detatch request, etc..[1]

15 3G-Integrity and Confidentiality

3G-Integrity and Confidentiality

Signaling communications between mobile station and network F9 algorithm used to calculate 32-bit MAC-I for data integrity then compared to a calculated XMAC-I F8 used to keep data confidential, utilizes a cipher key that comes from the mobile device; output is then XORed with the original data stream Both F8 and F9 rely on KASUMI cipher Based on feistel structure to create 64bit data blocks and a 128 bit key

16 F8  Confidentiality Algorithm

F8 Confidentiality Algorithm

17 3G-Internet Security

3G-Internet Security

Wireless Application Protocol Protocol that handles wireless devices connecting to the web Independent of underlying OS WAP2 puts devices into direct communication with servers Uses layers similar to standard networks IPv6 and IPv4 3G allows for circuit switched and packet switched network nodes 4G is packet switched nodes only; completely IPv6 compatible

18 Cellular Network Security
19 Liability Quantity and nature of data Potential harm from data

Liability Quantity and nature of data Potential harm from data

Lawsuits Profits Bandwidth is not free Capability of devices vs. popularity of devices Risk for every network expansion

Cellular Network Security Factors to Consider

20 Sources

Sources

[1] Security in Wireless Cellular Networks Gardezi, Ali. http://docs.google.com/viewer?a=v&q=cache:mFeuQOB24gwJ:www1.cse.wustl.edu/~jain/cse574-06/ftp/cellular_security.pdf+cellular+network+security&hl=en&gl=us&pid=bl&srcid=ADGEESgk1O3TVCFitfU0KCDfZp2FIogPvw0bjkw767GFdWlAOyWm866YcuCt8IEn2uag617WAW0S32eIhFbaoMgQiJh_WJi5QYE2RIwkizPeTRzmsFcBNMtESgBQNA9NmF5VgqtrQBe0&sig=AHIEtbR683Y3fhGxdHQa47sZCueMwq3jsA [2] Exploiting Vulnerabilities and Security Mechanisms in Internet Based SMS Capable Cellular Networks Azim, Akramul. http://docs.google.com/viewer?a=v&q=cache:AmTvXrmYVNoJ:citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.121.2158%26rep%3Drep1%26type%3Dpdf+cellular+network+security&hl=en&gl=us&pid=bl&srcid=ADGEESiJC2Zr-k8fOWOH70HSEDwahX_x1pJXZOS2AndHNcBqh0Qm3xcBlkqiVgOW0spQM0aqzoMxYkuThzhKiHCKxOa8nc8slQ_qDM1a5OQ_zO0qnBL3Y_9zylwEMLPYr8ORC5mXftkM&sig=AHIEtbQjQIcq5LnEbumpqWogCCN3u0uXVA

21 Sources - Countinued

Sources - Countinued

[3] CDMA vs. GSM Which One is the BestYou? http://www.cellutips.com/gsm-vs-cdma-which-one-is-the-best-for-you/ [4] GSM: Global System for Mobile Communications http://www.3gamericas.org/index.cfm?fuseaction=page&sectionid=242 [5] AT&T apparently resumes online iPhone sales in New York City http://articles.cnn.com/2009-12-28/tech/iphone.sales.nyc_1_iphone-sales-online-sales-at-t-service?_s=PM:TECH [6] First iPhone Virus Found Using SMS Testing http://ironmill.wordpress.com/2009/07/30/iphone-virus/ [7] BlackBerry encryption 'too secure': National security vs. consumer privacy http://www.zdnet.com/blog/igeneration/blackberry-encryption-too-secure-national-security-vs-consumer-privacy/5732 [8] BlackBerry security breached at Pwn2Own 2011 http://crackberry.com/blackberry-security-breached-pwn2own-2011 [9] Are the Days of Rooting Android Phones Coming to an End? http://www.droid-life.com/2011/04/04/are-the-days-of-rooting-android-phones-coming-to-an-end/ [10] Approvals and Certifications http://us.blackberry.com/ataglance/security/certifications.jsp

Cellular Network Security
http://900igr.net/prezentacija/anglijskij-jazyk/cellular-network-security-102678.html
c

29
900igr.net > > > Cellular Network Security