Upload
saffaura
View
5
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Network security
Citation preview
MOBILE NETWORK SECURITYALEXANDER R. ORTIZ
UNIVERSITY OF CENTRAL FLORIDA
COP4910
BODY WORN IMSI CATCHER(AND THEYRE GETTING EVEN SMALLER)
TABLE OF CONTENTS
OVERVIEW
HISTORY
TECHNICAL ASPECTS
PROFESSIONAL IMPACT
SOCIAL AND ETHICAL IMPACT
CAREERS AND MARKETING
CONCLUSION
REFERENCES
QUESTIONS
OVERVIEW
WHICH MOBILE NETWORKS ARE COVERED?
WHAT ASPECTS OF THEIR SECURITY WILL BE DISCUSSED?
WHAT IS THE DIFFERENCE BETWEEN NETWORK AND DATA STANDARDS?
WHAT ARE SOME SECURITY THREATS THAT EXIST?
HOW WILL THESE ISSUES BE ADDRESSED?
HISTORY THIRD GENERATION NETWORKS
PACKET BASED MOBILE NETWORKS.
DEVELOPED BEGINNING __________ .
COMPETITIVE RESEARCH BETWEEN _____ & _______ .
UMTS/CDMA AND CDMA2000/EV-DO
(EVOLUTION DATA OPTIMIZED)
HISTORY THIRD GENERATION TRANSITIONAL NETWORKS
FASTER PACKET BASED NETWORKS.
HSPA (HIGH SPEED PACKET ACCESS). EV-DO REV-A/B
THE INTERNET
BASE STATION CONTROLLER
HISTORY
FOURTH GENERATION NETWORKS
3GPP LTE ADVANCED (LONG TERM EVOLUTION)
QUALCOMM DISCONTINUED 3GPP2 ULTRA MOBILE BROADBAND
IEEE STANDARD WIMAX REL2 IS THE CONTENDER THIS TIME
PACKET SWITCHING ONLY, NO CIRCUIT SWITCHING!
TECHNICAL ASPECTS
MULTIPLE LAYERS OF NETWORK
THE POSSIBILITY OF FALLBACK MODES OF OPERATION
ALLOWS FOR GREATER CELLULAR NETWORK COVERAGE.
DIFFERENCES IN PROTOCOL ARE OF IMPORTANCE.
TECHNICAL ASPECTS
A5/1
STREAM CIPHER
USED BY 1G/2G/3G NETWORKS IN
FALLBACK MODES.
NUMEROUS PRACTICAL ATTACKS
PUBLISHED.
ROUTINELY DECRYPTED BY NSA.
64 BIT KEY.
A5/2
STREAM CIPHER
A WEAKER VERSION OF A5/1 MADE
FOR EXPORT.
REAL-TIME DECRYPTION.
ESSENTIALLY A 16 BIT KEY ONLY
NEEDED TO GUESS CORRECTLY.
MISTY1 AND A5/3
KASUMI
BASED ON MITSUBISHI DEVELOPED
CIPHER.
PRACTICAL ATTACKS SINCE 2010.
GPRS/EDGE
128 BIT KEY
TECHNICAL ASPECTS
ATTACK:
DETERMINE YOUR TARGET IMSI (INTERNATIONAL MOBILE SUBSCRIBER IDENTITY)
FOOL IT INTO CONNECTING TO A VIRTUAL BASE TRANSCEIVER STATION. (IMSI CATCHER)
FORCE LOW LEVEL ENCRYPTION/NO ENCRYPTION
DECRYPT IF NECESSARY
TECHNICAL ASPECTS
REAL TIME ATTACKS AGAINST ACTIVELY ENCRYPTED CALLS ARE POSSIBLE WHEN?
HAVE YOU EVER SEEN YOUR PHONE SWITCH FROM 4G->3G/EDGE/EV-DO?
FALLBACKS OCCUR TO PROVIDE CONTINUED CELL SERVICE IN AREAS WITH POOR SIGNAL.
MOBILE 4G NETWORKS ONLY REAL WEAKNESS: _______________ .
PROFESSIONAL IMPACT
THIS AFFECTS COMPANY DEVICE
POLICIES MOVING FORWARD.
SETTING A PREFERRED NETWORK MODE:
WHICH OPTION SHOULD BE CHOSEN TO
BEST SECURE THE DEVICE?
SOCIAL AND ETHICAL IMPACT
WIRETAPPING AND PRIVACY LAWS CONCERN CORPORATE, GOVERNMENT, AND PRIVATE
INTERESTS AT ALL LEVELS OF OUR SOCIETY.
SHOULD THE PUBLIC SECTOR BE ABLE TO WIRETAP?
IF THE PUBLIC SECTOR CAN EASILY WIRETAP, WHAT PREVENTS FOREIGN ENTITIES?
WHO OFFERS A PRODUCT/SERVICE THAT IS FREE FROM EAVESDROPPING?
CAREERS AND MARKETING
INFORMATION SECURITY ANALYSTS:
+36.5% TO 22. WOW!!!
COMPUTER HARDWARE ENGINEERS: +7.4%
TO 22.
SOFTWARE DEVELOPERS, APPLICATIONS:
+22.8% TO 22.
CONCLUSION
CELLULAR PRIVACY IS IMPORTANT.
UNDERSTANDING THE UNDERLYING ISSUES CAUSING THE LACK OF SECURITY CAN AID THOSE
INTERESTED IN THE DEVELOPMENT OF SECURE SYSTEMS.
IT AFFECTS CORPORATE, GOVERNMENT, AND PRIVATE INTERESTS AROUND THE WORLD.
INFORMATION SECURITY IS ONE OF THE HOTTEST JOB OPPORTUNITIES PROJECTED FOR AT
LEAST THE NEXT EIGHT YEARS.
REFERENCES
ABOUT 3GPP. (N.D). RETRIEVED NOVEMBER 10, 2014, FROM HTTP://WWW.3GPP.ORG/ABOUT-3GPP/ABOUT-3GPP
ABOUT 3GPP2. (N.D). RETRIEVED NOVEMBER 10, 2014, FROM HTTP://WWW.3GPP2.ORG/PUBLIC_HTML/MISC/ABOUTHOME.CFM
PACKET DATA SERVING NODE. (N.D.). RETRIEVED NOVEMBER 10, 2014, FROM HTTP://WWW.CISCO.COM/EN/US/TECH/TK722/TK721/TK488/TSD_TECHNOLOGY_SUPPORT_SUB-
PROTOCOL_HOME.HTML
SHAMIR, A. (2010, JANUARY 10). CRYPTOLOGY EPRINT ARCHIVE: REPORT 2010/013. RETRIEVED NOVEMBER 10, 2014, FROM HTTP://EPRINT.IACR.ORG/2010/013
TIMBERG, C., & SOLTANI, A. (2013, DECEMBER 13). HOW THE NSA PINPOINTS A MOBILE DEVICE. RETRIEVED NOVEMBER 10, 2014, FROM HTTP://WWW.WASHINGTONPOST.COM/BUSINESS/TECHNOLOGY/BY-CRACKING-CELLPHONE-CODE-NSA-HAS-
CAPACITY-FOR-DECODING-PRIVATE-CONVERSATIONS/2013/12/13/E119B598-612F-11E3-BF45-61F69F54FC5F_STORY.HTML
UNITED STATES OF AMERICA. BUREAU OF LABOR STATISTICS.OCCUPATIONAL EMPLOYMENT STATISTICS. 2014. WEB. .
MOBILE NETWORK SECURITYALEXANDER R. ORTIZ
UNIVERSITY OF CENTRAL FLORIDA
COP4910