Upload
trinhbao
View
239
Download
0
Embed Size (px)
Citation preview
CRACKING GSM AND UMTS SIGNAL INTERCEPTION AND JAMMING
By: James Konderla Written for CYBS 6350: Data Security (Fall 2014)
10/18/2014
i
Table of Contents Abstract ........................................................................................................................................................ iii
Overview of GSM and UMTS Technologies .................................................................................................. 1
What is GSM? ............................................................................................................................................ 1
Where does UMTS come in? ..................................................................................................................... 1
Security, Vulnerabilities and Attacks ............................................................................................................ 3
First Attack: Man-In-The-Middle ............................................................................................................... 3
Attack 2: Signal Jamming (Denial of Service) ............................................................................................ 6
Thoughts on Encryption ............................................................................................................................ 8
Conclusions ................................................................................................................................................. 10
References .................................................................................................................................................. 11
Table of Figures Figure 1 ......................................................................................................................................................... 2 Figure 2 ......................................................................................................................................................... 4 Figure 3 ......................................................................................................................................................... 7 Figure 4 ......................................................................................................................................................... 7 Figure 5 ......................................................................................................................................................... 8
ii
Abstract
As mobile devices and the “always on” lifestyle become central to society there remains
an area that few choose to think about: mobile security. Mobile devices, in particular
smartphones and tablets, have changed society in indisputable ways by allowing the sharing of
movies, photos, music, and even allowing the ability to telecommute and stay up to date on the
latest news while on the go. At the end of the day, though security of data often drifts to the back
of most consumers’ minds. Recent security events such as the Apple iCloud breach (Samson,
2014) have shown that no security technology is unbreakable and all security technologies need
constant revision to stay one step ahead of the enemy. In this paper I have chosen to focus on two
inter-twined technologies that are central to many lives globally: GSM and UMTS. First we will
take a look at both technologies before delving into two of the most pressing attacks: signal
interception and signal jamming. Finally we will take a look at the encryption of these
technologies as well as some conclusions I have developed based on the review of reference
materials, this course, and current events.
iii
Overview of GSM and UMTS Technologies What is GSM?
The Global System for Mobile Communications (GSM) is a second generation standard
for mobile networks (Technopedias, 2014). Founded in the 1980’s by the European
Telecommunications Standards Institute the mission of GSM was to make one standard
communications method for cellular and mobile devices throughout Europe. GSM uses signals
on three different frequencies: 900 MHz, which has since been depreciated, 1800 MHz, and the
1900 MHz band. GSM has very broad usage in Europe as the de-facto mobile protocol and is
used widely in the U.S. by T-Mobile and AT&T which amounts to approximately 44% of the
total U.S. Cellular Market as of the first quarter of 2014 (Statista, 2014). Although the competing
technology, Code Division Multiple Access (CDMA), holds 56% of the current U.S. Market
GSM still shows to be the top contender on the international side. The major weaknesses of
GSM, though are that the GSM technology has a fixed cell site range of 35 kilometers, has a very
low maximum data rate and that GSM and all 2G technologies are circuit-switched: if there are
no circuits available or the circuit is unreliable your call or data transmission will not be able to
be completed. When it comes down to it, GSM was just not built to be a data-transfer network or
to have data securely transferred.
Where does UMTS come in?
UMTS, or the Universal Mobile Telecommunications Systems, is a third-generation (3G)
mobile telecommunications technology. UMTS uses 3 different yet similar air interfaces and was
built on top of the existing GSM standard, providing the ability to co-operate with current
standards. Though infrastructure upgrades were required, UMTS added the ability for packet-
switching and a virtual connection that provides an “always on” experience using the frequency
1
bands between 1885 and 2025. UMTS expanded GSM into two very important areas: the ability
to consistently transfer data at a moment’s notice and the ability for a user to freely roam
between cell towers without losing connectivity. UMTS, while an improvement on GSM, came
with its own set of problems: usage of the COMP128 encryption algorithm (which has been
proven to allow user impersonation) a key length of only 32 bits, no method of network
authentication allowing the ability of signal interception through false base stations, encryption
that terminates at the base station but leaves the message decrypted in transit and an insecure key
transmission where cipher keys are transmitted in the clear both inside and outside of the
networks (Suominen, 2003). Even with these security flaws, UMTS delivers abilities for data
integrity and security based within the Radio Network Controller rather than at the base station
itself, methods of lawful interception and an increase to a 128 bit cipher key providing
compatibility with GSM network specifications. The way in which these two technologies
interact can be found in Image 1 (HACHA malla, 2010). Of particular note is that these two
systems interact together and are not separate, providing the capability to transmit both call and
data on the same network.
Figure 1
2
Security, Vulnerabilities and Attacks
UMTS was built on GSM, making many improvements but also inheriting some of the
basic weaknesses of the GSM system. One major flaw in the original GSM standard was the
authentication of the device and network. Originally, devices on the GSM network had no way
of ensuring that they were authenticating to a valid network and vice versa. In fact, during a 2012
DEFCON presentation (Goodin, 2014), a team of hackers known as “Ninja Networks” created
their very own GSM network and were able to successfully demonstrate the failings of the GSM
authentication protocols. UMTS was able to improve upon this by implementing the mutual
authentication of users (i.e. devices) and the network. This standard, though, made an important
improvement beyond mutual authentication: for 3G and 4G networks a mandatory cipher mode
using a block cipher called KASUMI, which utilizes a 128 bit cipher key in order to provide data
integrity and security (Suominen, 2003). The user, though, is able to disable this security creating
a very large hole in the security of this system.
In addition to the improvements of authentication, UMTS also provides user identity
confidentiality via the use of International Mobile Subscriber Identity (IMSI) numbers that allow
GSM and UMTS networks to interconnect and even enable users to use their cellular devices in a
“roaming” fashion on other networks. Both of these improvements, while substantial, still rely on
the use of Subscriber Identity Module (SIM) cards.
First Attack: Signal Interception (Man-In-The-Middle)
With the above mentioned facts in mind for both GSM and UMTS there are two classes
of attacks that clearly come to mind and that I have chosen to address: Signal Interception and
Denial of Service. Both of these attacks focus on the manipulation of the specific signal bands
3
that GSM and UMTS are built upon as well as the continued use of SIM card technologies, and
have been shown to be both easy and cheap to execute.
The first of our attacks focuses on Signal Interception via a Man-In-The-Middle attack.
As can be seen in Figure 1, Signal interception is already in use by law enforcement agencies via
a loophole in the standard that, according to Suomien (2003), states “3GMS shall provide access
to the intercepted content of communications (CC) and the Intercept Related Information (IRI) of
the mobile target on behalf of Law Enforcement Agencies (LEAs)”.
Figure 2
In simple terms, the UMTS standard allows for wire-tapping. In fact, there is a
technology that has caught on like wildfire in almost every area of the mobile device arena that
4
shares a similar vulnerability: Network-Assisted Discovery for Device-to-Device
Communications. According to Thanos, Shalmashi and Miao (2014), this technology allows the
network to not only estimate the proximity of devices to each other, but sends unique identifiers
in clear text between the devices and the network using a priory communication scheme allowing
devices to discover one another before communication takes place. Of course a variation of this
technology is also in widespread use by applications that allow detailed news, shopping, weather,
and other information based on activation of subscriber tracing on a particular network
(Willassen, 2003). This is particularly useful in smart phones, allowing users to see nearby
Bluetooth or wireless access points and their current signal strength. The same weakness of
clear-text identification is built into the IMSI transmissions themselves: when a device registers
for the first time in a servicing network the IMSI is sent in clear text and, in some cases, trusted
third parties can be used to assist in authentication (Suomien, 2003). In these cases, if a user has
disabled certain portions of the security interface on their cellular devices, the signal can be
intercepted via man-in-the-middle attacks.
According to Goodin (2014), during the presentation at Defcon, Ninja Networks
explained that one of the underlying algorithms of the GSM network known as A5/1, which is
still in use today during basic authentication with cell towers (also known as Base Stations), uses
a basic shift cypher that shifts the cypher text 3 times and is then transformed, or clocked, 100
times to mix up the bits of the cypher. Ninja Networks also demonstrated how a passive attack
using a Time-Memory-Tradeoff and Rainbow table, can determine the original identifier and
successfully decode the cypher text. In fact, Ninja Networks is not the only group to have
discovered the possibility of these attacks. According to a recent story on the Business Insider
online news site (Cook, 2014), fake cell towers have appeared all over the U.S., most of which
5
whose owners have remained unidentified. Even worse, due to the widespread use of cellular
base stations it has taken even longer to identify fake base towers due to the population no longer
noticing the construction of new towers and providers largely not checking the towers unless a
technical issue has occurred. The equipment cost for these attacks has shown to be between $70
and $500 thousand for equipment proceeding in active attacks and $1 Million for Passive
equipment, such as these cell towers. These towers could provide a huge payoff in populated
areas where users check bank accounts, social networks, and even business emails and
computers while on the go.
Attack 2: Signal Jamming (Denial of Service)
This brings me to the second attack focus of this paper: signal jamming. Signal jamming
can be done on either a deliberate basis, such as blocking the use of devices in a lecture hall or
board room (Naresh, Babu & Satyaswathi, 2013), or accidentally such as in the case of satellite
TV blocking certain Wi-Fi or wireless signal bands. In either case, the usual method of
conducting signal jamming operations is by over-riding the signal’s carrier waves with noise
through use of either a mobile signal jammer or a stationary jammer. In fact, signal jamming
does not even need to be done on the base station itself and can focus entirely on the uplink of
communications instead of the downlink. There are several techniques to jamming GSM signals
but the most obvious is the denial of service. By overloading the signal of the downlink on a
wireless base station an attacker would be able to keep a cellular device from confirming that a
secure and viable connection had been established. In the following table Ståhlberg (2003) has
outlined the GSM Frequency bands used in current networks.
6
Figure 3
As shown in the above table, different frequencies are used for the downlink and uplink
of communications between a device and the base station itself. When the device enters range of
a network it connects to the network through the base station. The problem with this approach is
that the device itself measures the Signal to Noise ratio but the base station itself uses a constant
power and signal level to enable connection by multiple users and devices in the simplest and
fastest way possible. Due to the constant rate of signals, it becomes a simple matter to overpower
the base station on the downlink frequencies. In Figure 3 Ståhlberg (2003) has also outlined the
GSM system’s transmitting powers.
Figure 4
The signal power is adjusted in 2 dBm steps but the handset itself has a maximum signal
power of 37dBm. Through a simple search of Amazon.com I was able to find several examples
of cheap, effective, devices for both short and long range signal jamming. In fact Figure 4 is a
device specifically marketed for blocking GSM signals at a short range.
7
Figure 5
In fact, several sites, such as TheSignalJammer.com exist to supply more advanced
devices to businesses and schools, both public and private, in efforts to block cellular devices in
certain areas of buildings. While these efforts may be justified, such as in grade school
classrooms, nothing would stop a would-be attacker from purchasing one of these devices and
going to a crowded area to hold an active denial of service attack.
Thoughts on Encryption
While reviewing the possibility of Man-In-The-Middle and Denial of Service attacks on
the GSM and UMTS networks I came across many references to the encryption used on these
networks. There are three main encryption Algorithms used to secure data on the GSM network:
A5/0, A5/1, and A5/2. As GSM is the underlying technology of UMTS there is no need here to
cover UMTS’ security Algorithms: UMTS is only effective after GSM connection and
authentication has been established. The most known of these is the A5/1 algorithm. All of the
8
A5 algorithms operate as a shift cipher and stream cipher but were changed between the
iterations. A5/1, for example, consisted of 3 shift registers and a 100-cycle bit scramble.
Originally a tightly kept secret, A5/1 was leaked in 1994. This algorithm was not meant
for use outside of Europe and was actually intentionally changed and made weaker for users in
the U.S. and other markets, creating the A5/2. In 1998, only 4 years since the leak, A5/1 was
reverse engineered and broken. With this also came the breaking of A5/2 and A5/0 in the same
year due to their commonalities. The algorithms still remained resource intensive to break until
2008 when a team of hackers at the DEFCON conference, known as Ninja Networks,
demonstrated the use of 16 PICA E-16 FPGA machines to create a 3 terabyte Rainbow table
which contains all the possible combinations of the A5/1 algorithm.
9
Conclusions
In reviewing both the man-in-the-middle and denial of service attacks on the
GSM/UMTS system one thing is obvious: these systems were not designed for security and were
instead designed for commercial and public use. One would think that the security algorithms
used in cellular communication on these networks are secure to offset for the possible use of
Man-In-The-Middle interactions but that would be an incorrect statement. The A5/0, A5/1, and
A5/2 algorithms were all broken in 1998 and several new algorithms used by certain carriers
have been kept proprietary with no mention of whether their security has or has not been broken.
There are almost no ways for a user to even tell if their signal is being intercepted, legally or
otherwise. In fact, the equipment to perform these attacks is so cheap that people and groups can
easily afford to obtain it. Even with cost being in the equation, a more troubling aspect of the
underlying GSM standard exists: carriers can ask the mobile devices to switch off authentication.
Although great strides have been made to secure UMTS the underlying standard of
communication still depends on GSM to establish and authenticate the connection. As devices
with GSM capabilities are cycled out of the market, whether by force or natural attrition and
device upgrades, GSM stands to be depreciated and the capabilities in UMTS can then be
discarded. Until then, the greatest security hole in the UMTS cellular standard will continue to
exist as, with the allowing of legacy GSM devices to connect to this new technology carriers
have also adopted GSM’s security flaws.
10
References
Cook, J. (2014, September 22). Everything We Know About The Mysterious Fake Cell Towers Across The US That Could Be Tapping Your Phone. Business Insider. Retrieved October 23, 2014, from http://www.businessinsider.com/mysterious-fake-cellphone-towers-2014-9
Goodin, D. (n.d.). At Defcon, hackers get their own private cell network: Ninja Tel. Ars Technica. Retrieved October 25, 2014, from http://arstechnica.com/security/2012/07/ninja-tel-hacker-phone-network/ Kassner, M. (n.d.). GSM encryption: No need to crack it, just turn it off.TechRepublic. Retrieved September 16, 2014, from http://www.techrepublic.com/blog/it-security/gsm-encryption-no-need-to-crack-it-just-turn-it-off/
HACHA malla. (2010, December 11). HACHA malla. Retrieved October 26, 2014, from http://hachamalla.blogspot.com/
Meyer, U., & Wetzel, S. (2004). On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks.Personal, Indoor and Mobile Radio Communications, 2004. PIMRC 2004. 15th IEEE International Symposium on, 4, 2876 - 2883.
Naresh, P., Babu, P. R., & Satyaswathi, K. (2013). Mobile Phone Signal Jammer for GSM, CDMA with Pre-scheduled Time Duration using ARM7. International Journal of Science, Engineering and Technology Research (IJSETR), Volume 2(Issue 9), 1781-1784.
Principles of Telecommunication Services Supported by a GSM PLMN. (n.d.). ETSI - European Telecommunications Standards Institute. Retrieved September 16, 2014, from http://www.etsi.org/deliver/etsi_gts/02/0201/03.02.00_60/gsmts_0201sv030200p.pdf
Samson, T. (n.d.). Apple iCloud breach proves Wozniak's point about cloud risks.InfoWorld. Retrieved September 23, 2014, from http://www.infoworld.com/article/2618094/cloud-security/apple-icloud-breach-proves-wozniak-s-point-about-cloud-risks.html
Southern, E., Ouda, A., & Shami, A. (2011). Solutions to security issues with legacy integration of GSM into UMTS.Internet Technology and Secured Transactions (ICITST), 2011 International Conference for, 614-619.
Ståhlberg, M. (Director) (2000, August 1). Radio Jamming Attacks Against Two Popular Mobile Networks. Proceedings of the Helsinki University of Technology Seminar on Network Security fall 2000. Lecture conducted from Helsinki University of Technology, Otaniemi, Espoo.
Suominen, M. (Director) (2003, April 15). UMTS security. Security issues in mobile networks. Lecture conducted from Helsinki University of Technology, Espoo, Finland.
What is the Global System for Mobile Communications (GSM)? - Definition from Techopedia. (n.d.). Techopedias. Retrieved September 23, 2014, from http://www.techopedia.com/definition/5062/global-system-for-mobile-communications-gsm
11
Thanos, A., Shalmashi, S., & Miao, G. (n.d.). Network-Assisted Discovery for Device-to-Device Communications.Academia.edu. Retrieved September 16, 2014, from https://www.academia.edu/5543066/Network-Assisted_Discovery_for_Device-to-Device_Communications
Willassen, S. Y. (2003). Forensics and the GSM mobile telephone system.International Journal of Digital Evidence,Volume 2(Issue 1). Retrieved September 10, 2014, from http://www.ccse.kfupm.edu.sa/~ahmadsm/coe589-121/willassen2003-mobile-forensics.pdf
Wireless carrier market share subscriptions United States 2011-2014 | Statistic. (n.d.). Statista. Retrieved September 23, 2014, from http://www.statista.com/statistics/199359/market-share-of-wireless-carriers-in-the-us-by-subscriptions/
12