mobile computing security

Download Mobile computing security

Post on 28-Jan-2015

106 views

Category:

Education

0 download

Embed Size (px)

DESCRIPTION

An overview on the present mobile computing security. the security in GSM, UMTS, WLAN and MANETs are review in this document.

TRANSCRIPT

  • 1. FACULTY OF ELECTRICAL AND COMPUTER ENGINEERINGDEPARTMENT OF ELECTRICAL/ELECTRONIC ENGINEERING
    SEMINAR TOPIC;
    OVERVIEWON SECURITYIN PRESENT MOBILE COMPUTING NETWORKS
    ByGARIBA, Zachariah Pabi
    MPHIL Telecommunication Engineering; Candidate
    Emails-
    garibazp@ieee.org,zpgariba.coe@st.knust.edu.gh
    Supervisor-
    K. O. BOATENG,(PhD)
    April 14th , 2010

2. PRESENTATION OUTLINE
Introduction
GSM-UMTS security
IEEE 802.11 security
Wired Equivalent Protocol (WEP)
Wi-Fi Protected Access (WPA)
MANETs security

  • Conclusions

3. ReferencesApril 14th , 2010
4. INTRODUCTION
Mobile computing is a generic term describing one's ability to use wireless computing technology whilst moving. The devices that utilize mobile computing give access to resources like the internet and range from laptops to handhelds.
Mobile computing devices include;
Laptops
PDAs and handheld PC
Smart and mobile phones
Pagers
Mobile Computing security;
Device security
Network security
April 14th , 2010
5. MOBILE COMPUTING SECURITY
Secure communication within mobile computing network provides the following facilities to users:

  • Confidentiality, Integrity, authentication and nonrepudiation

Table 1 Mobile computing security requirements
April 14th , 2010
6. MOBILE COMPUTING SECURITY
Confidentiality, integrity, and authentication are arguably the big three issues in network security.
Table 2 Solutions to security requirements
April 14th , 2010
7. MOBILE COMPUTING SECURITY
Security attacks
A useful means of classifying security attacks is in terms of passive attacks and active attacks.
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted.
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
April 14th , 2010
8. SECURITY IN GSM NETWORKS
9. Security in GSM networks
Figure 1 is the complete architecture of GSM (2G) networks.
The security mechanisms of GSM are implemented in three different elements;
the Subscriber Identity Module (SIM)
the GSM handset or MS
the GSM network.
Fig 1.1 GSM physical architecture
April 14th , 2010
10. Security in GSM networks
Security features distributionfor the three elements in 2G networks is shown in figure 1.2. The distribution of these security credentials provide an additionalmeasure of security both in ensuring the privacy of cellular telephone conversations and prevention of cellular telephone fraud.
Fig 1.2: Security features distribution in GSM
April 14th , 2010
11. Security in GSM networks
Security in GSM consists of the following aspects: subscriber identity authentication, subscriber identity confidentiality, signaling data confidentiality, and user data confidentiality.
The figure1.3 gives the distribution of security algorithms and keys in the2G network.
The SIM contains the IMSI, the individual subscriber authentication key (Ki), the ciphering key generating algorithm (A8), the authentication algorithm (A3), as well as a Personal Identification Number (PIN). The GSM handset contains the ciphering algorithm (A5).
Fig 1.3.Algorithm andKey distribution in GSM
April 14th , 2010
12. (a)
(b)
Fig 1.4. (a) Authentication components(b)General mechanism
13. Fig 1.5b:Kc generation
Fig 1.5a:SRES Generation
April 14th , 2010
14. Security in GSM networks
The process of encryption occurs between the BTS and ME without involving the home network. For achieving seamless roaming between different networks all service providers use the same encryption algorithm which is A5 specified by the GSM standard.
In a similar manner to the authentication process, the computation of the ciphering key (Kc) takes place internally within theSIM.
Fig 1.6.Ciphering mode initiation mechanism
April 14th , 2010
15. Security in GSM (2G) networks
The TMSI is sent to the mobile station after the authentication and encryption procedures have taken place. The mobile station responds by confirming reception of the TMSI. The TMSI is valid in the location area in which it was issued.
Fig 1.7Subscriber confidentiality
April 14th , 2010
16. SECURITY IN 2.5G NETWORKS
17. Security in 2.5G networks
General Packet Radio Service (GPRS) was basically intended to provide the ME with data-connectivity to various web servers.
GPRS transfers the responsibility of encryption and decryption on the network side from the BTS to the Server GPRS Service Node (SGSN). The SGSN is the equivalent of the VLR and MSC. This means that the GPRS architecture effectively prevents or protects against eavesdropping on the backbone between the BTS and the SGSN too.
Fig 1.8 2.5G architecture
18. Security in 2.5G networks
Wireless Application Protocol (WAP) is an open specification that offers a standard method to access Internet-based content and services from wireless devices such as mobile phones and Personal Digital Assistants (PDAs). The information content meant for the ME is formatted suitably for the MEs small screen.
Fig 1.9(a) WAP overview (b) WAP architecture
April 14th , 2010
19. Security in 2.5G networks
In this new operating environment, securing just the last link is not enough. This end-to-end security is achieved by the Wireless Transport Layer Security (WTLS) layer in the WAP stack.
Fig 1.10TLS in WAP
April 14th , 2010
20. SECURITY IN UMTS(3G) NETWORKS
21. Security in UMTS (3G)
UMTS architecture provides provisions for encrypting any signaling or subscriber data that might reveal the subscribers identity.
Anonymity in UMTS
VLRo/VLRn
IMSI/TMSI
Sequence Number (SQN)
AK
April 14th , 2010
22. Security in UMTS (3G)
Fig 1.11 UMTS physical architecture
23. Security in UMTS
The authentication procedure is mutual; that is, the network authenticates the subscriber (USIM) and the subscriber (USIM) authenticates the network.
The UMTS authentication vector is actually a security quintet which consists of five numbers: RAND (a 128-bit random number), XRES (the 32-bit expected signed response to the RAND), CK (a 128-bit session cipher or encryption key), IK (a 128-bit integrity key) and AUTN (a 128-bit network authentication token).
Fig 1.12 UMTSauthentication
April 14th , 2010
24. Security in UMTS (3G)
Fig 1.13b:Response generation atUSIM
Fig 1.13a:Authentication vector generation
April 14th , 2010
25. Security in UMTS (3G)
The UMTS encryption algorithm is known as KASUMI and uses a 128-bit session key CK. The KASUMI algorithm is more secure than A5 and one of the reasons for this is simply the use of longer keys for encryption.
Fig 1.14 UMTSencryption
April 14th , 2010
26. Security in UMTS (3G)
UMTSintegrity key IK is derived using the authentication process.
The receiver then compares the computed XMAC to the received MAC.
Fig 1.15 UMTSintegrity
April 14th , 2010
27. Security in UMTS (3G)
The UMTS designers have limited their scope to securing the mobile specific part of the network, which is known as the Mobile Application Part (MAP). UMTS specifies the MAPSEC protocol, which works at the application layer to protect MAP messages cryptographically.
The Key Administration Center (KAC) is a new entity introduced by MAPSEC. To establish a SA, the KACs use the Internet Key Exchange (IKE) protocol. The designers provided a method not only for securing MAP in SS7 networks (MAPSEC) but also for using MAP over IP-based networks which may be protected by the already well-established IPSec protocol.
Fig 1.16 (a) MAPSEC (b) MAP over IP-based Networks
April 14th , 2010
28. 2.SECURITY IN IEEE 802.11 NETWORKS
29. Security in IEEE 802.11
IEEE 802.11 defines two classes of security algorithms for : algorithms for creating and using an Robust Security Network Association (RSNA) , called RSNA algorithms and pre-RSNA algorithms. Pre-RSNA security comprises Wired Equivalent Privacy (WEP) and IEEE 802.11 entity authentication.
The RSNA security comprises Temporal Key Integrity Protocol (TKIP), CCMP, RSNA establishment and termination procedures, including use of IEEE 802.1X authentication, and Key management procedures.
April 14th , 2010
30. Security in WEP

  • Key establishment

IEEE 802.11 relies on preshared keys between the mobile nodes or stations (STAs) and the Access Points (APs). key establishment is outside the scope of WEP. The absence of any key management protocol led to multiple problem.

  • Anonymity

However, given the IP address, it is extremely difficult to determine the identity of the subscriber.
IP addresses are dynamically assigned using protocols like DHCP.
the widespread use of Network Address Translation (NAT) adds another layer of identity protection.
April 14th , 2010
31. Security in WEP
Authentication
For a station to connect to a wireless local area network (WLAN), the station must find out which networks it currently has access to.
Only after this authentication is complete can the station be connect to. APs periodically broadcast beacons.
Each beacon contains a Service Set Identifier (SSID), also called the network name, which uniquely identifies

Recommended

View more >