mobile network security refik molva institut eurécom b.p. 193 … · 2005-05-11 · mobile network...
TRANSCRIPT
Mob
ile N
etw
ork
Secu
rity
Ref
ik M
OLV
AIn
stitu
t Eur
écom
B.P
. 193
0690
4 S
ophi
a A
ntip
olis
Ced
ex-F
ranc
eR
efik
.Mol
va@
eure
com
.fr
In
stitu
tEur
ecom
200
5
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
1
Out
line
•Wire
less
LA
N•8
02.1
1 (W
iFi)
•Mob
ile T
elec
omm
unic
atio
ns S
ecur
ity•G
SM
Sec
urity
Fea
ture
s•3
GP
P S
ecur
ity A
rchi
tect
ure
•CD
PD
Key
agr
eem
ent a
nd a
uthe
ntic
atio
n•F
raud
man
agem
ent
•Mob
ile IP
•IP
sec-
base
d so
lutio
n•F
irew
alls
vs.
Mob
ile IP
vs.
Pac
ket F
ilter
ing
→
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
2
802.
11 W
irele
ss N
etw
orks
Ad
Hoc
Mod
e
Infra
stru
ctur
e M
ode
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
3
Ass
ocia
tion
Esta
blis
hmen
t in
Infr
astru
ctur
e M
ode
Clie
nt
A
cces
s P
oint
Pro
be R
eque
st (S
SID
)
Bea
con(
SS
ID)
OR
Aut
hent
icat
ion
Ass
ocia
tion
Res
pons
e
Ass
ocia
tion
Req
uest
Dea
ssoc
iate
OR
Dea
uthe
ntic
ate
Var
ious
Alte
rnat
ives
Dat
a
Clie
nt is
ass
ocia
ted
Clie
nt is
not
ass
ocia
ted
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
4
Spec
ific
Vul
nera
bilit
ies a
nd
Thre
ats
•lac
k of
phy
sica
l pro
tect
ion
•eav
esdr
oppi
ng a
nd s
poof
ing
are
easi
er th
an w
ith w
ired
netw
orks
•den
ial o
f (da
ta li
nk la
yer)
com
mun
icat
ion
serv
ice
is
feas
ible
Mai
n at
tack
s:•e
aves
drop
ping
•man
in th
e m
iddl
e•d
enia
l of s
ervi
ce
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
5
Eave
sdro
ppin
g
•80
2.11
is v
iew
ed a
s a
stan
dard
Eth
erne
t bu
t –m
edia
is s
hare
d as
opp
osed
to s
witc
hed
–ea
ch n
ode
can
rece
ive
all f
ram
es
•tra
ffic
can
be e
aves
drop
ped
from
few
ki
lom
eter
s aw
ay u
sing
app
ropr
iate
equi
pmen
t
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
6
Man
in th
e M
iddl
e A
ttack
Vic
tim
A
cces
s P
oint
Dea
ssoc
iate
(Vic
tim’s
MA
C@
)
Vic
tim is
not
ass
ocia
ted
Atta
cker
Bea
con
as A
cces
s P
oint
on d
iffer
ent c
hann
elA
ssoc
iatio
n R
eq. (
Vic
tim’s
MA
C@
) Vic
tim’s
dat
a tra
ffic
Ass
ocia
tion
Res
p.
Ass
ocia
tion
Req
. (V
ictim
’s M
AC
@)
Ass
ocia
tion
Res
p.
Vic
tim’s
dat
a tra
ffic
Mai
n re
ason
why
this
atta
ck w
orks
: Man
agem
ent f
ram
es (a
ssoc
iate
,dea
ssoc
iate
) ar
e no
t aut
hent
icat
ed e
xcep
t in
802.
11i.
AP
Vic
tim
Man
in th
e M
iddl
eac
ts a
s
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
7
Den
ialo
f Ser
vice
•Ja
mm
ing
•V
irtua
l car
rier-
sens
e at
tack
•S
poof
ing
of d
eaut
hent
icat
ion/
deas
soci
atio
n m
essa
ges
•D
e-sy
nchr
oniz
atio
n at
tack
s
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
8
Secu
rity
Req
uire
men
ts•
no id
entif
icat
ion
base
d on
the
phys
ical
acc
ess
→P
eer E
ntity
Aut
hent
icat
ion
→D
ata
Orig
in A
uthe
ntic
atio
n
•ea
se o
f dis
clos
ure
and
tam
perin
g w
ith d
ata
→D
ata
Con
fiden
tialit
y an
d In
tegr
ity→
Priv
acy
(Ano
nym
ity)
•ea
se o
f acc
ess
to c
omm
unic
atio
n m
edia
→A
cces
s C
ontro
l (da
ta li
nk la
yer)
→D
oSpr
even
tion
(?)
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
9
802.
11 N
etw
ork
Acc
ess C
ontro
l
•N
etw
ork
Iden
tific
atio
n ba
sed
on S
SID
(Ser
vice
Set
Id
entif
ier)
–
“sec
ret”
SS
ID s
hare
d by
too
man
y–
Exc
hang
ed in
cle
arte
xt–
Eas
e of
repl
ay
•A
cces
s C
ontro
l: M
AC
-add
ress
bas
ed a
utho
rizat
ion
to
Acc
ess
Poi
nt–
MA
C-a
ddre
sses
are
not
aut
hent
icat
ed–
MA
C-a
ddre
sses
are
eas
y to
set
on
mos
t car
ds
•80
2.1x
–C
lient
s au
then
ticat
ed a
nd s
cree
ned
by R
adiu
s S
erve
r–
AP
ser
ves
as p
roxy
–E
xten
sibl
e A
uthe
ntic
atio
n P
roto
col (
EA
P)
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
10
802.
11 C
lient
and
Dat
a Se
curit
y
•W
irele
ss E
quiv
alen
t Priv
acy
(WE
P)
•W
i-FiP
rote
cted
Acc
ess
(WP
A)
•80
2.11
i (W
PA
2)
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
11
802.
1x•
Gen
eral
pur
pose
net
wor
kac
cess
cont
rolm
echa
nism
•80
2.1x
sup
port
in A
cces
spo
int
•N
o im
pact
on
clie
nts’
wire
less
inte
rface
•A
uthe
ntic
atio
n an
d A
utho
rizat
ion
by R
AD
IUS
ser
ver
–E
xten
sibl
eA
uthe
ntic
atio
nP
roto
col(
EA
P) R
FC
2284
•
Alte
rnat
ive
met
hods
: pas
swor
d, s
mar
tcar
d, to
kens
, OTP
•A
ltern
ativ
e pr
otoc
ols:
sim
ple
chal
leng
e re
spon
se, E
AP
-TL
S.
–R
AD
IUS
serv
er d
eter
min
es w
heth
erac
cess
to
cont
rolle
dpo
rtsof
the
AP
sho
uld
beal
low
ed
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
12
802.
1x O
pera
tiona
l Flo
ws
Clie
nt
R
AD
IUS
Acc
ess
Poi
nt
Ass
ocia
tion
Req
.
Ass
ocia
tion
Res
p.
Aut
hent
icat
ion
Suc
cess
Aut
hent
icat
ion
usin
g E
AP
Aut
hent
icat
ion
usin
g E
AP
Aut
hent
icat
ion
Suc
cess
Dat
a A
cces
s A
utho
rized
Acc
ess
Den
ied
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
13
WEP
Ser
vice
s
–D
ata
Con
fiden
tialit
y
–D
ata
Inte
grity
–D
ata
Orig
in A
uthe
ntic
atio
n
–A
cces
s co
ntro
l thr
ough
clie
nt
auth
entic
atio
n by
the
AP
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
14
WEP
•R
C4
stre
am c
iphe
r
•40
bit a
nd 1
04bi
t key
s
•W
EP
key
sha
red
by a
ll
•N
o ke
y di
strib
utio
n
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
15
WEP
ope
ratio
n
•K
: sh
ared
key
(40
or 1
04 b
its)
•in
tegr
ity c
heck
: IC
= h
(hea
der|d
ata)
•ra
ndom
initi
aliz
atio
n ve
ctor
: IV
(24
bits
)
•K
eyst
ream
gene
ratio
n:
k =
RC
4(K
, IV
)
•E
ncry
ptio
n of
dat
a fra
gmen
t m:
EK
(m) =
m ⊕
k
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
16
WEP
pac
ket
hea
der
IV
cip
her
text
data
IC
k
80
2.1
1 p
acke
t
hea
der
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
17
WEP
Enc
rypt
ion
flaw
s
•sec
ret p
arts
of P
1ca
n be
retri
eved
bas
ed o
n kn
own
parts
of P
2. •k
eyst
ream
can
be re
triev
ed s
imila
rly.
•onc
e ke
ystre
ams
are
iden
tifie
d, n
ew c
iphe
rtext
can
be d
ecry
pted
ba
sed
on (c
lear
text
) IV
use
d as
inde
x to
an
arra
y of
kno
wn
keys
tream
sif
keys
tream
sar
e re
used
. •r
euse
of t
he s
ame
keys
tream
: –
stan
dard
s re
com
men
d, b
ut d
o no
t req
uire
, a p
er-s
tream
IV to
co
mba
t thi
s
–S
ome
PC
MC
IA c
ards
rese
t IV
to 0
eac
h tim
e th
ey’re
re-in
itial
ized
an
d in
crem
ent b
y 1,
so
expe
ct re
use
of lo
w-v
alue
IVs
–W
EP
onl
y us
es 2
4-bi
t IV
s “b
irthd
ay p
arad
ox”
If C
1=
P 1 ⊕
RC
4(v,
k)
and
C2
= P 2
⊕R
C4(
v,k)
C1 ⊕
C2
= (P
1 ⊕
RC
4(v,
k)) ⊕
(P2
⊕R
C4(
v,k)
)
= P 1
⊕P 2
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
18
WEP
Mes
sage
Aut
hent
icat
ion
Flaw
s•
Has
h fu
nctio
n h,
bas
ed o
n C
RC
-32,
is a
line
ar fu
nctio
n of
the
mes
sage
:
h(X
) ⊕h(
Y) =
h(X
⊕Y
)
Mod
ifica
tion
atta
ck:N
ew (v
alid
) cip
herte
xtca
n be
com
pute
d fro
m
exis
ting
ciph
erte
xtw
ithou
t the
kno
wle
dge
of th
e ke
ystre
am:
•E
xist
ing
ciph
erte
xtC
= R
C4(
k,v)
⊕(M
| h(
M))
•N
ew c
iphe
rtext
resu
lting
from
a d
esire
d m
odifi
catio
n(D
) on
C:
C’=
C ⊕
(D |
h(D
)) =
RC
4(k,
v) ⊕
(M |
h(M
)) ⊕
(D |
h(D
))
= R
C4(
k,v)
⊕(M
⊕D
| h(
M) ⊕
h(D
))
= R
C4(
k,v)
⊕(M
⊕D
| h(
M⊕
D))
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
19
WEP
flaw
s con
tinue
d•
Usi
ng fl
aws
in e
ncry
ptio
n an
d m
essa
ge a
uthe
ntic
atio
n, fu
rther
at
tack
s su
ch a
s sp
oofin
g, d
ictio
nary
atta
cks,
traf
fic in
ject
ion,
rout
e su
bver
sion
can
be
mou
nted
. Too
ls a
re a
vaila
ble.
•M
anag
emen
t mes
sage
s (d
eass
ocia
te, d
eaut
hent
icat
e) a
re n
ot
auth
entic
ated
: DoS
and
MIT
M a
ttack
s st
ill w
ork.
•A
dvan
ced
atta
ck:
Ret
rieve
WE
P k
eys
usin
g th
e at
tack
des
crib
ed in
"Wea
knes
ses
in
the
Key
Sch
edul
ing
Alg
orith
m o
f RC
4“ b
y Fl
uhre
r, M
antin
, and
S
ham
ir
–A
irsno
rtht
tp://
airs
nort.
shm
oo.c
om
–W
EP
Cra
ckht
tp://
wep
crac
k.so
urce
forg
e.ne
t/
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
20
Wi-F
iPro
tect
ed A
cces
s (W
PA)
•su
bset
of t
he fo
rthco
min
g IE
EE
802
.11i
sec
urity
sta
ndar
d (a
lso
know
n as
WP
A2)
•
desi
gned
to o
verc
ome
the
wea
knes
ses
of W
EP
•C
ompa
tible
with
exi
stin
g 80
2.11
har
dwar
e us
ing
firm
war
e up
grad
es
•Fe
atur
es o
f WPA
•E
nhan
ced
encr
yptio
n sc
hem
e: T
empo
ral K
ey In
tegr
ity P
roto
col
(TK
IP)
–R
C4,
dyn
amic
ses
sion
key
s–
48 b
it IV
•N
on-li
near
Mes
sage
Inte
grity
Che
cks
(MIC
) bas
ed o
n M
icha
el
•S
trong
Use
r Aut
hent
icat
ion
usin
g on
e of
the
stan
dard
Ext
ensi
ble
Aut
hent
icat
ion
Pro
toco
l (E
AP
) typ
es a
vaila
ble
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
21
WPA
2 -8
02.1
1i
Ulti
mat
e im
prov
emen
ts o
ver W
PA
802.
11i F
eatu
res
•N
ew e
ncry
ptio
n al
gorit
hm: A
dvan
ced
Enc
rypt
ion
Sta
ndar
d (A
ES
) →
impa
ct o
n ha
rdw
are
•D
ynam
ic k
eys
both
for e
ncry
ptio
n an
d au
then
ticat
ion
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
22
Out
line
•Wire
less
LA
N•8
02.1
1 (W
iFi)
•Mob
ile T
elec
omm
unic
atio
ns S
ecur
ity•G
SM
Sec
urity
Fea
ture
s•3
GP
P S
ecur
ity A
rchi
tect
ure
•CD
PD
Key
agr
eem
ent a
nd a
uthe
ntic
atio
n•F
raud
man
agem
ent
•Mob
ile IP
•IP
sec-
base
d so
lutio
n•F
irew
alls
vs.
Mob
ile IP
vs.
Pac
ket F
ilter
ing
→
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
23
GSM
Mob
ile S
witc
hing
Cen
ter (
MS
C)
Bas
e S
tatio
n (B
S)
Mob
ile S
ubsc
riber
(MS
) = M
obile
Equ
ipm
ent (
ME
) + S
ubsc
riber
Iden
tity
Mod
ule
(SIM
)H
ome
Loca
tion
Reg
istry
(HLR
)A
uthe
ntic
atio
n C
ente
r (A
uC)
Vis
iting
Loc
atio
n R
egis
try (V
LR)
Wire
d N
etw
ork
HLR
VLR
MSC
BTS
BTS
BTS
BTS
BTS
BTS
MSC
VLR
roaming
Rad
io li
nkM
S
AuC
MS
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
24
Secu
rity
Req
uire
men
ts•
Sec
urity
Thr
eats
–E
aves
drop
ping
on
the
Rad
io in
terfa
ce•
data
con
fiden
tialit
y•
Use
r ano
nym
ity–
MS
Impe
rson
atio
n (m
asqu
erad
e)
•S
ecur
ity S
ervi
ces
–S
ubsc
riber
iden
tity
prot
ectio
n–
Sub
scrib
er a
uthe
ntic
atio
n–
Dat
a co
nfid
entia
lity
Goa
l: W
irele
ss s
ecur
ity e
quiv
alen
t to
wire
d N
etw
ork
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
25
Subs
crib
er Id
entit
y Pr
otec
tion
in G
SM
•IM
SI:
univ
ersa
l ide
ntity
(15
digi
ts -
9 oc
tets
)
•rep
lace
d by
TM
SI (
tem
pora
ry m
obile
sub
scrib
er id
entit
y) (4
oct
ets)
•Firs
t reg
istra
tion
or a
fter f
ailu
re in
VLR
IMS
I is
sent
in c
lear
.
•TM
SI a
lloca
ted
by th
e V
LR w
here
the
MS
is re
gist
ered
.
•TM
SI p
rote
cted
by
Dat
a C
onfid
entia
lity
Ser
vice
tran
smitt
ed to
MS
.
•Sub
sequ
ent i
dent
ifica
tion
of M
S b
y V
LR is
bas
ed o
n TM
SI.
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
26
Aut
hent
icat
ion
in G
SM
•ban
dwid
th o
ptim
izat
ion:
sev
eral
ver
ifica
tions
by
the
VLR
can
take
pla
ce lo
cally
w
ithou
t com
mun
icat
ing
with
the
rem
ote
HLR
.•s
ecur
ity: K
iis
not d
iscl
osed
to th
e V
LR's
of th
e vi
site
d ar
eas.
MS
Id (I
MSI
or T
MSI
)
MS
Id, V
LR
RA
ND
SRES
repe
ated
with
a d
iffer
ent
(RA
ND
, SR
ES) f
or e
ach
auth
entic
atio
n at
tem
pt
MSC/VLR
HLR/AuC
Ki
wire
d ne
twor
k (tr
uste
d)ra
dio
link
(vul
nera
ble)
MS
Ki Ki
A3
SIM
Ki A3
{(R
AN
D, S
RES
, Kc)
}
A8
RA
ND
SRES
Kc
RA
ND
Gen
erat
ion
of tr
iple
ts
{(SR
ES, R
AN
D, K
c)}
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
27
Dat
a co
nfid
entia
lity
in G
SM
Kc
Plai
ntex
tC
iphe
rtext
Fram
e N
umbe
r22 11
4+2
64 114
A5
128
A8
Ki
128
RA
ND
SIM
MSC/VLR
radi
o lin
kMS
Kc
Plai
ntex
t
Fram
e N
umbe
r
+2A5
Trip
lets
from
HLR
{(R
AN
D, S
RES
, Kc)
} R
AN
D
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
28
GSM
Alg
orith
ms
•A
3 an
d A
8–
Def
ined
by
the
netw
ork
oper
ator
–
Sof
twar
e im
plem
enta
tion
in th
e S
IM
•A
5 st
ream
cip
her
–H
ardw
are
impl
emen
tatio
n in
the
ME
–de
fined
by
the
stan
dard
(int
erop
erab
ility
)–
Sev
eral
ver
sion
s: A
5/1,
A5/
2, A
5/3
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
29
•Alg
orith
m le
ft at
the
disc
retio
n of
the
oper
ator
•CO
MP
128
-ill-
advi
sed
by G
SM
sta
ndar
ds
–128
-bit
hash
func
tion
–firs
t 32
bits
pro
duci
ng th
e A
3 ou
tput
–las
t 64
bits
pro
duci
ng th
e A
8 ou
tput
–maj
or w
eakn
esse
s•
A c
ollis
ion
just
requ
ires
214
atte
mpt
s
A3
and
A8
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
30
A5/
1•
Bas
ed o
n a
com
bina
tion
of L
FSR
s
cloc
king
bas
ed o
n m
ajor
ity ru
le
022
021
018
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
31
Secu
rity
of A
5/1
and
A5/
2
•A
5/1
–E
xhau
stiv
e se
arch
, com
plex
ity=2
64
–A
ttack
s ba
sed
on ti
me-
mem
ory
trade
-off
–A
ttack
•2
disk
s (7
3 G
B)
•2
seco
nds
of p
lain
text
•K
ey re
triev
ed in
a m
inut
e
•A
5/2
–S
imila
r des
ign,
del
iber
atel
y w
eak
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
32
A5/
3
•B
ased
on
Blo
ck c
iphe
r•
Out
put F
eedb
ack
Mod
e w
ith B
LCK
CN
T to
pre
vent
sho
rt cy
cles
•N
o se
curit
y by
obs
curit
y•
Des
ign
by E
TSI S
AG
E
–B
ased
on
Kas
umi,
deriv
ed fr
om M
ISTY
1 (M
itsub
ishi
) •
As
part
of 3
GP
P
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
33
Pro
s•
Effe
ctiv
e so
lutio
n to
clo
ning
•H
ighe
r con
fiden
tialit
y co
mpa
red
with
ana
logu
e sy
stem
sC
ons
•S
ecur
ity li
mite
d to
acc
ess
netw
ork
•La
ck o
f net
wor
k au
then
ticat
ion
–R
isk
of b
ogus
bas
e st
atio
ns•
Sec
urity
by
obsc
urity
•Ill
adv
ised
use
of w
eak
algo
rithm
s•
Lack
of c
ontro
l ove
r act
ivat
ion
of s
ecur
ity fo
r use
r and
ho
me
netw
ork
•La
ck o
f law
ful i
nter
cept
ion
GSM
Sec
urity
-Su
mm
ary
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
34
Out
line
•Wire
less
LA
N•8
02.1
1 (W
iFi)
•Mob
ile T
elec
omm
unic
atio
ns S
ecur
ity•G
SM
Sec
urity
Fea
ture
s•3
GP
P S
ecur
ity A
rchi
tect
ure
•CD
PD
Key
agr
eem
ent a
nd a
uthe
ntic
atio
n•F
raud
man
agem
ent
•Mob
ile IP
•IP
sec-
base
d so
lutio
n•F
irew
alls
vs.
Mob
ile IP
vs.
Pac
ket F
ilter
ing
→
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
35
•Bui
ld o
n th
e se
curit
y of
GS
M–a
dopt
sec
urity
feat
ures
that
hav
e pr
oved
to b
e ne
eded
and
that
are
robu
st–e
nsur
e co
mpa
tibili
ty w
ith G
SM
to e
ase
inte
r-w
orki
ng a
nd h
ando
ver
•Fix
the
secu
rity
flaw
s of
GS
M
•Enh
ance
with
new
sec
urity
feat
ures
to s
uit
–new
ser
vice
s–c
hang
es in
net
wor
k ar
chite
ctur
e•K
eep
min
imal
trus
t in
inte
rmed
iate
com
pone
nts
Obj
ectiv
es o
f 3G
PP S
ecur
ity
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
36
•Mut
ual a
uthe
ntic
atio
n be
twee
n us
er a
nd
base
sta
tion
•No
secu
rity
by o
bscu
rity
–Mak
e su
re c
hose
n al
gorit
hms
have
bee
n te
sted
by
the
scie
ntifi
c co
mm
unity
•Fle
xibi
lity
in s
tand
ards
•Cha
nge
in la
w e
nfor
cem
ent f
or
cryp
togr
aphy
: lon
ger k
eys
(≥12
8 bi
ts)
Less
ons f
rom
GSM
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
37
•Mut
ual A
uthe
ntic
atio
n be
twee
n U
ser a
nd
Net
wor
k•D
ata
Con
fiden
tialit
y (u
ser t
raffi
c an
d si
gnal
ling
data
) (lik
e G
SM
)•U
ser i
dent
ity p
rote
ctio
n (li
ke G
SM
)•D
ata
Inte
grity
(ove
r the
air
inte
rface
)
3GPP
Sec
urity
Ser
vice
s
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
38
Aut
hent
icat
ion
& K
ey A
gree
men
t (A
KA
)
Obj
ectiv
es•
Mut
ually
aut
hent
icat
e us
er to
net
wor
k•
Est
ablis
h sh
ared
key
s be
twee
n us
er a
nd
netw
ork
–C
K: 1
28-b
it en
cryp
tion
key
–IK
: 128
-bit
inte
grity
key
•A
ssur
e fre
shne
ss o
f CK
/IK•
Aut
hent
icat
ed m
anag
emen
t fie
ld H
LR →
U
SIM
–A
uthe
ntic
atio
n ke
y an
d al
gorit
hm id
entif
iers
–Li
mit
CK
/IK u
sage
for e
ach
AK
A e
xecu
tion
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
39
AK
A M
essa
ge F
low
s
Aut
hent
icat
ion
data
requ
est
RA
ND
, AU
TN
RES
Mut
ual a
uthe
ntic
atio
n
And
key
agr
eem
ent
VLR/SGSN
HLR/AuC
KUSIM
K
{(R
AN
D, X
RES
, CK
, IK
, AU
TN)}
Ver
ify M
AC
, SQ
N
Der
ive
CK
, IK
, RES
Ver
ify: R
ES=X
RES
?
Star
t usi
ng C
K, I
KSt
art u
sing
CK
, IK
MS
Id (I
MSI
or T
MSI
)
Prot
ecte
d D
ata
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
40
Dat
a En
cryp
tion
•A
pplie
d on
Use
r & S
igna
ling
Dat
a•
Ove
r the
air
inte
rface
•S
tream
Cip
her
•P
rovi
sion
for d
iffer
ent A
lgor
ithm
s•
Incl
udin
g K
asum
i (A
5/3
of G
SM
)
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
41
Out
line
•Wire
less
LA
N•8
02.1
1 (W
iFi)
•Mob
ile T
elec
omm
unic
atio
ns S
ecur
ity•G
SM
Sec
urity
Fea
ture
s•3
GP
P S
ecur
ity A
rchi
tect
ure
•CD
PD
Key
agr
eem
ent a
nd a
uthe
ntic
atio
n•F
raud
man
agem
ent
•Mob
ile IP
•IP
sec-
base
d so
lutio
n•F
irew
alls
vs.
Mob
ile IP
vs.
Pac
ket F
ilter
ing
→
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
42
Cel
lula
r Dig
ital P
acke
t Dat
a (C
DPD
)
•Dat
a co
mm
unic
atio
n ov
er th
e an
alog
AM
PS
net
wor
k
•Ful
l-fle
dge
netw
ork
arch
itect
ure
incl
udin
g se
vera
l lay
ers
•Sec
urity
ser
vice
s:
•mob
ile u
nit a
uthe
ntic
atio
n
•dat
a co
nfid
entia
lity
over
the
wire
less
link
•key
exc
hang
e
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
43
CD
PD -
Mob
ile U
nit A
uthe
ntic
atio
n
NEI
: m
obile
uni
t id
AR
N :
nonc
eA
SN :
sequ
ence
num
ber
Key
exc
hang
e
usin
g
Diff
ie-H
ellm
an
MD
-IS
key
exch
ange
M-E
S ke
y ex
chan
ge
M-E
S he
lloR
edire
ctio
n re
ques
t N
EI, A
RN
, ASN
Red
irect
ion
conf
irm
AR
N’,
ASN
+ 1
Ver
ifica
tion
MD
-IS
conf
irm
RC
4(K
s, N
EI, A
RN
’, A
SN+1
)
RC
4(K
s, N
EI, A
RN
, ASN
)
Ks =
gyx
Ks =
gxy
MD
-IS
“hom
e”M
D-I
S “r
emot
e”W
ired
netw
ork
(trus
ted)
M-E
SR
adio
link
(v
ulne
rabl
e)
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
44
Frau
d M
anag
emen
t in
Mob
ile N
etw
orks
Thre
ats:
•Acc
ess
fraud
•Sub
scrip
tion
fraud
Sec
urity
mec
hani
sms
like
auth
entic
atio
n an
d co
nfid
entia
lity
prev
ent a
cces
s fra
ud b
ut
they
can
not h
elp
with
sub
scrip
tion
fraud
.
Sol
utio
n: re
al-ti
me
fraud
det
ectio
n
Prin
cipl
e:•m
onito
r sub
scrib
er b
ehav
ior i
n re
al-ti
me
•bas
ed o
n co
nnec
tion
ticke
ts•d
etec
t dev
iatio
ns w
ith re
spec
t to
user
/cla
ss p
rofil
e•p
rom
pt s
uspe
cted
use
rs w
ith e
xplic
it au
then
ticat
ion
chal
leng
e•a
dapt
use
r/cla
ss p
rofil
e ba
sed
on th
e m
onito
ring
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
45
Out
line
•W
irele
ss L
AN
•802
.11
(WiF
i)
•Mob
ile T
elec
omm
unic
atio
ns S
ecur
ity•G
SM
Sec
urity
Fea
ture
s•3
GP
P S
ecur
ity A
rchi
tect
ure
•CD
PD
Key
agr
eem
ent a
nd a
uthe
ntic
atio
n•F
raud
man
agem
ent
•Mob
ile IP
•IP
sec-
base
d so
lutio
n•F
irew
alls
vs.
Mob
ile IP
vs.
Pac
ket F
ilter
ing
→
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
46
Mob
ile IP
Mob
ile N
ode
(MN
) -C
orre
spon
dent
Nod
e (C
N)
Hom
e A
gent
(HA
) -Fo
reig
n A
gent
(FA
)
CN
→M
N :
IP w
ithin
IP tu
nnel
ing
betw
een
HA
and
FA
:•o
uter
IP: d
st@
: car
e of
add
ress
(CO
A),
src
@: H
A@
•inn
er IP
: dst
@: M
N@
, src
@: C
N@
MN
→C
N :
regu
lar I
P
HA
FAMN
CN
Inte
rnet
hom
e ne
twor
k
regi
stra
tion
data
flow
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
47
Mob
ile IP
Sec
urity
Req
uire
men
ts
MN
regi
stra
tion
•im
pers
onat
ion
of M
N b
y in
trude
rs o
r mal
icio
us F
A•r
epla
y•s
ubve
rsio
n of
traf
fic d
estin
ed to
MN
Sol
utio
n: a
uthe
ntic
atio
n of
MN
by
HA
•Mob
ile IP
v4•A
uthe
ntic
atio
n ba
sed
on k
eyed
MD
5 or
HM
AC
usi
ng ti
mes
tam
ps o
r non
ces
•Mob
ile IP
v6•d
efau
lt IP
AH
sup
port
•sec
urity
ass
ocia
tion
betw
een
MN
and
HA
•key
man
agem
ent m
ight
be
a pr
oble
m.
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
48
Mob
ile IP
Sec
urity
Req
uire
men
ts
CN
→H
A →
MN
Diff
eren
ce /
wire
d ne
twor
ks: M
N p
ossi
bly
loca
ted
in a
n un
trust
edre
mot
e ne
twor
k
Sol
utio
n:IP
sec
-IP A
uthe
ntic
atio
n H
eade
r -IP
Enc
apsu
latin
g S
ecur
ity P
aylo
ad-K
ey M
anag
emen
t
Man
dato
ry re
quire
men
t: S
ecur
ity A
ssoc
iatio
n be
twee
n H
A a
nd M
N.
End
-to-e
nd s
ecur
ity: S
A b
etw
een
CN
and
MN
MN
→C
N
Exp
osur
e is
sim
ilar
Sol
utio
n:IP
sec
with
an
SA
bet
wee
n M
N a
nd C
N
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
49
Mob
ile IP
vs.
Fire
wal
ls
•Fire
wal
l tra
vers
al fo
r Mob
ile IP
Fire
wal
l pol
icy
(usu
ally
) doe
s no
t allo
w in
boun
d co
nnec
tions
from
ext
erna
l net
wor
ks.
How
can
a re
mot
e M
N c
onne
ct to
the
hom
e ne
twor
k un
der s
uch
polic
y.
•ing
ress
filte
ring
Eve
n if
ther
e is
no
firew
all,
sim
ple
pack
et fi
lterin
g ex
ists
in m
ost n
etw
orks
. M
obile
IP tr
affic
can
be
bloc
ked
by s
uch
filte
ring.
•CN
'sin
side
hom
e ne
twor
k m
ay u
se p
rivat
eIP
add
ress
es to
geth
er w
ith N
AT
MN
→C
N p
acke
ts m
ay s
impl
y no
t get
rout
ed in
Inte
rnet
.
Sol
utio
n fo
r all:
IPse
ctu
nnel
ing
thro
ugh
the
firew
all
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
50
Mob
ile IP
vs.
Pack
et F
ilter
ing
MN
@ d
oes
not b
elon
g to
rem
ote
netw
ork.
If pa
cket
filte
ring
is im
plem
ente
d pr
oble
ms
may
aris
e:
•MN
→C
N p
acke
ts g
ets
reje
cted
by
rem
ote
netw
ork
filte
ring
beca
use
they
hav
e an
ille
gal s
ourc
e ad
dres
s (o
utbo
und
pack
et w
ith a
n ex
tern
al s
ourc
e ad
dres
s).
•MN
→ho
me
netw
ork
pack
ets
get r
ejec
ted
by th
e fil
terin
g at
the
hom
ene
twor
k be
caus
e th
ey h
ave
an il
lega
l sou
rce
addr
ess
(inbo
und
pack
et w
ithan
inte
rnal
so
urce
add
ress
).
Suc
h pa
cket
filte
ring
is d
ue to
cou
nter
mea
sure
s ca
lled
anti-
spoo
fing.
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
51
Ant
i-spo
ofin
gIP
Spo
ofin
g A
ttack
s ba
sed
on IP
pac
kets
with
bog
us s
ourc
e ad
dres
s:•L
and
atta
cks:
src
@=d
st@
, des
tinat
ion
host
han
gs.
•sm
urf:
ping
with
dire
cted
bro
adca
st a
ddre
ss m
ay u
se a
bog
us s
ourc
e ad
dres
s in
the
sam
e ne
twor
k as
the
dest
inat
ion;
the
host
at t
he s
ourc
e ad
dres
s ge
ts fl
oode
d by
the
repl
ies
to th
e br
oadc
ast.
•SY
N a
ttack
s: T
CP
SY
N p
acke
t cau
ses
allo
catio
n of
ker
nel m
emor
y,m
ay
use
bogu
s so
urce
add
ress
bel
ongi
ng to
the
dest
inat
ion
netw
ork.
Ant
i-spo
ofin
g m
easu
res
Dro
p pa
cket
s w
ith o
bvio
us in
cons
iste
ncy:
•out
boun
d pa
cket
with
an
exte
rnal
sou
rce
addr
ess
•inb
ound
pac
ket w
ith a
n in
tern
al s
ourc
e ad
dres
s•i
nbou
nd p
acke
ts w
ith p
rivat
e IP
sou
rce
addr
ess
Cis
co IO
S a
nti-s
poof
ing
rule
s fo
r net
wor
k 19
2.65
.32.
0/24
•on
the
exte
rnal
rout
er in
terfa
ce (i
nbou
nd p
acke
ts):
acce
ss-li
st 1
01 d
eny
ip19
2.65
.32.
0 0.
0.0.
255
any
•on
the
inte
rnal
rout
er in
terfa
ce (o
utbo
und
pack
ets)
:ac
cess
-list
101
per
mit
ip19
2.65
.32.
0 0.
0.0.
255
any
acce
ss-li
st 1
01 d
eny
ipan
y an
y lo
g
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
52
Ant
i-spo
ofin
g vs
. Mob
ile IP
Why
MIP
pac
kets
get
blo
cked
by
anti-
spoo
fing
?
MN
→C
N1
pack
ets
bloc
ked
by th
e in
gres
s an
ti-sp
oofin
g in
rout
er R
1:ac
cess
-list
101
per
mit
ip19
2.35
.73.
0 0.
0.0.
255
any
acce
ss-li
st 1
01 d
eny
ipan
y an
y lo
g
MN
→C
N2
pack
ets
bloc
ked
by e
gres
s an
ti-sp
oofin
g in
rout
er R
2:ac
cess
-list
101
den
y ip
172.
45.0
.0 0
.0.2
55.2
55 a
ny
MN
R1 In
gres
s filt
erin
gEg
ress
filte
ring
CN
1
CN
2R
2
Inte
rnet
172.
45.3
.2
rem
ote
ne
twor
k 19
2.35
.73.
x20
3.74
.21.
5
172.
45.3
.1
hom
e ne
twor
k 17
2.45
.x.x
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
53
How
can
MIP
pas
s thr
ough
ant
i-spo
ofin
gR
ever
se tu
nnel
ing
to b
y-pa
ss a
nti-s
poof
ing
Pac
kets
orig
inat
ed a
t MN
•t
ake
the
path
MN
→FA
→H
A →
CN
2•I
Pw
ithin
IPen
caps
ulat
ion
betw
een
FA a
nd H
A:
No
illeg
al a
ddre
sses
any
mor
e.
Pack
et fi
lterin
g
FAMN
CN
1
CN
2
HA
Inte
rnet
R1
R2
HA
@FA
@M
N@
CN
2@
inne
r IP
head
erou
ter I
P he
ader
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
54
New
pro
blem
with
Rev
erse
Tun
nelli
ng
Intru
ders
can
per
petra
te s
poof
ing
atta
cks
by s
endi
ng e
ncap
sula
ted
(IPIP
) pa
cket
s w
ith b
ogus
add
ress
es in
the
inne
r hea
der.
⇒N
o sp
oofin
g de
fens
e an
y m
ore
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
55
How
can
MIP
pas
s thr
ough
ant
i-spo
ofin
g
Dire
ct tu
nnel
ling
of d
ata
traffi
c by
MN
:
IPw
ithin
IPen
caps
ulat
ion
betw
een
MN
and
CN
:
CO
A: C
are
of a
ddre
ssP
robl
em: C
N m
ust b
e ab
le d
o de
-enc
apsu
late
IPIP
pac
kets
.
Inte
rnet
CN
MN
R1
CN
@C
OA
MN
@C
N@
inne
r IP
head
erou
ter I
P he
ader
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
56
Solu
tion:
Fire
wal
l com
patib
le w
ith M
obile
IP
Idea
:MN
shou
ld e
njoy
the
sam
e le
vel o
f con
nect
ivity
and
sec
urity
as
if it
wer
e in
the
secu
re h
ome
netw
ork.
Prin
cipl
e: a
ll tra
ffic
betw
een
MN
and
hom
e ne
twor
k go
es th
roug
h a
firew
all.
Pro
blem
s du
e to
filte
ring
and
addr
essi
ng d
iscr
epan
cies
are
als
o so
lved
.
Pos
sibl
e ap
proa
ches
:•A
pplic
atio
n ga
tew
ay o
r circ
uit g
atew
ay:
•stro
ng a
uthe
ntic
atio
n•c
ompl
ex in
tera
ctio
ns•n
o da
ta c
onfid
entia
lity
and
inte
grity
•IP
sec
tunn
ellin
g•m
ost s
uita
ble
to c
reat
e a
virtu
al h
ome
netw
ork
abro
ad•e
xter
nal l
inks
can
be
view
ed a
s se
cure
as
inte
rnal
one
s•d
ata
conf
iden
tialit
y an
d in
tegr
ity in
add
ition
to a
uthe
ntic
atio
n
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
57
IPse
ctu
nnel
ling
Fire
wal
lR
egis
tratio
n re
ques
tSA
Inte
rnet
FWH
AM
NR
oute
rrem
ote
netw
ork
hom
e ne
twor
k
•Opt
iona
l tun
nel S
A b
etw
een
FW a
nd H
A•S
A's
mus
t be
esta
blis
hed
man
ually
or u
sing
key
man
agem
ent (
IKE
, IS
AK
MP
)
•FW
retri
eves
sec
urity
par
amet
ers
of th
e S
A u
sing
the
SP
I in
the
IPse
c(A
H o
r ES
P) h
eade
r.
IP D
atag
ram
bet
wee
n M
N a
nd F
WTu
nnel
Mod
e SA
IP D
atag
ram
bet
wee
n FW
and
HA
IP2
ESP
IP1
IP2
AH
IP1
regi
stra
tion
requ
est
regi
stra
tion
requ
est
IP1
: src
@=C
OA
; dst
@=H
A@
IP
2 : s
rc@
=CO
A; d
st@
=FW
@
regi
stra
tion
requ
est
IP1
CO
A :
care
of a
ddre
ss o
btai
ned
from
DH
CP
CO
A ∈
rem
ote
netw
ork
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
58
IPse
ctu
nnel
ling
Fire
wal
l
Dat
a flo
w
•Opt
iona
l FW
-CN
tunn
el S
A o
r MN
-CN
tran
spor
t/tun
nel S
A
•SA
'sm
ust b
e es
tabl
ishe
d m
anua
lly o
r usi
ng k
ey m
anag
emen
t (IK
E, I
SA
KM
P)
•FW
retri
eves
sec
urity
par
amet
ers
of th
e S
A u
sing
the
SP
I in
the
IPse
c(A
H o
r ES
P) h
eade
r.
SA
Inte
rnet
FWC
NM
NR
oute
rrem
ote
netw
ork
hom
e ne
twor
k IP D
atag
ram
bet
wee
n M
N a
nd F
WTu
nnel
Mod
e SA
IP2
ESP
IP1
IP2
AH
IP1
data
data
IP D
atag
ram
bet
wee
n FW
and
CN
data
IP1
IP1
: src
@=M
N@
; dst
@=C
N@
IP
2 : s
rc@
=CO
A; d
st@
=FW
@C
OA
∈re
mot
e ne
twor
k
M
N @
∈ho
me
netw
ork
Mob
ile N
etw
ork
Secu
rity
-R. M
olva
59
IPse
ctu
nnel
ling
Fire
wal
l -C
oncl
usio
n
•Sec
ure
exte
nsio
n of
pro
tect
ed h
ome
netw
ork
to m
obile
nod
es a
broa
d
•By-
prod
uct:
pack
et fi
lterin
g pr
oble
ms
are
avoi
ded
•com
mun
icat
ions
bet
wee
n M
N a
t hom
e an
d ex
tern
al C
N: r
egul
ar (n
on-m
obile
) se
curit
y co
ntro
ls a
pply
in th
is c
ase.
•com
mun
icat
ions
bet
wee
n M
N o
n pu
blic
net
wor
k an
d ex
tern
al C
N: u
se b
i-dire
ctio
nal
IPse
ctu
nnel
s.