Security in GPRS

Cryptology Presentation

Pehme Taavi Rey Charles

Technolac, February 2008

What you will hear ...

Architecture of GPRS systems

User authentication

Ciphering

Inter working with other GPRS networks

Inter working with packet data network

Basic security threats for GPRS

Solutions for security threats

GPRS - security issues

1. Security aspect related to the mobile phone and the SIM card. 2. Security mechanics between the MS and the SGSN

3. The PLMNs between SGSN and GGSN. subscriber information - HLR

4. Security between different operators. 5. Security between GGSN and the external connected networks, like Internet.

GPRS - security issues

GPRS system

GPRS system

MS - Mobile StationClasses A, B, C

BSS – Base Station System Base Transceiver Station(BTS)- send and receive information Base Station Controller (BSC)- controls a group of BTS

HLR – Home Location Register - subscription information

VLR – Visitor Location Register - MSs that are currently located in the SGSN routing area

GPRS system

SGSN – Serving GPRS Support Node -

Ciphering and authentication, registration Session management Mobility management

Logical link management towards the MS

Statistics collection

GPRS system

GGSN - Gateway GPRS Support Node

Communication setup towards external network. Functionality for associating the subscribers to the right SGSN.Output of billing data.

BG – Border Gateway - SGSN and GGSN can be located in different PLMNs - connection via BG - Roaming

GPRS system

EIR – Equipment Identity RegisterList of stolen phones

AuC – Authentication Center - information for identifying authorized users - may be a physical part of HLR

LIN - Lawful Interception Node - collect information about some pre-defined subscriber or subscribers (location)

GPRS backbone networks - IP-based networks. intra-operator- connect to single operator’s GSMinter-operator - connects GPRS operators, international GPRS roaming.

User authentication

Ki - Individual Subscriber Authentication Key 128 bits stored on SIM and HLR

Algorithm used - A3

Authentication tripletRAND: random number between 0 and 2128-1

SRES: signed response which is result of the A3 algorithm used for subscriber authentication

Kc: Ciphering key which computed using the A8 algorithm and it is used by the GPRS Encryption Algorithm (GEA)

User authentication

User authentication

Ciphering

Communication on cyphered from SGSN to MS

Ciphering method is GPRS Encryption Algorithm (GEA)

Ciphering key - Kc 64 bits

When using GSM and GPRS - two different keys

Key is set by the authentication procedure (calculated from RAND) and can be reset as operator wishes it

LLC - Logical Link Control - protocol to maintain communication channel between a MS station and the GPRS core network.

Ciphering

Ciphering

NPUT - the sequence number of the LLC packet, its initial value is selected by the network

DIRECTION - MS -> network network -> MS

Secure inter working between GPRS networks

Inter working between GPRS networks

This is what supports roaming

Connects two inter-operator GGSN

The link - internet(1) or dedicated link(2) - QoS

All data and signaling via BG

Inter working with IP Networks

Support IPv4 and IPv6 protocolsAcces to Internet or IntranetFrom external - seen as simple routersCommunication between GGSN and IP nw operator

Firewall is configured by the GPRS operatorDNS managed by the GPRS or IP nw operatorGGSN may allocate dynamic addresses by itself or use an DHCP operated by IP nw operator

Inter working with IP networks Transparent access to Internet

MS receives an IP address from operators address space

This address can be static or dynamic

MS does NOT send any authentication information for activating IP context

GGSN does not participate in authorization or encryption

SO - authentication and encryption are left for an additional protocol like IPSec

Inter working with IP networks Non-transparent access to Internet

MS receives an address, either static or dynamic from the address space of ISP

MS transmits an authentication request at IP context activation

GGSN requests user authentication from the same server as the IP address was acquired

GPRS and ISP can connect over every network

Unsecure nw (Internet) - dedicated link or a special secured tunnel - (IPSec)

Security threats - Availability (DoS)

Border Gateway (BG) bandwidth saturation - Connect to a roaming context (GRX) and generate traffic to block roaming

DNS Flood - Generate traffic on DNS servers to deny subscribers to locate the GGSN to connect external nw

Flood the connection between SGSN and GGSN to deny the access to external network

Removing the GPRS tunnel between SGSN and GGSN by creating IP context delete message (need special information)

Security threats - Availability (DoS) 2

Bad Routing Information - Injecting info into GRX operators’ route tables - causes losing routes for roaming partners and denying access to roaming partners

DNS Cache Poisoning - Forging DNS queries as users would not be able to find a GGSN to access ext. nw.

Flooding an MS – Flooding the traffic of a IP address of aparticular MS, so that the MS will most likely be unable to use the GPRS network at all

Security threats - Authent. & Author.

Spoofed Create IP Context Request - somebody with an access to the GRX can create their own bogus SGSN and create a GTP tunnel to the GGSN pretending to be a subscriber

Spoofed Update PDP Context Request - Using acompromised SGSN to hijack the subscriber data connection with update request

"Overbilling Attacks" - Hijacking an IP, starting a malicious download, exiting the session -> The subscriber gets billed

Security threats - internal network

The attacker who has disguise as a member of the network can attack while undetected till the damage is done

Can remove the tunnel between SGSN and GGSN

Can learn some information

Once disguised, execute "Over billing" attacks on innocent users.

Security solutions - firewall

We protect the operators network from any outside accessNo unwanted data for MS'sNo attacks against MS's

Security solutions - firewall (2)

We shouldn't trust another MS who is connected to the same GGSN!

Security solutions - firewall - APN

MS belongs to a certain APN (Access Point Names)

By default the one of the provider

Cell phones have: WAP APN and WEB APN

But still - other devices like SGSN are not protected

Security solutions - firewall

Use a design where all the network interfaces are separated

Security solutions - VPN

End-to-end VPN - provides best security for the customer but denies the LEA to gather the information

Only between GGSN and Corporate Internet - better for LEA but needs extra security for MS -> GGSN

Security solution - IPSec

Intranet protocol - offers encryption and authentication

Ensure secure communication over insecure networks

2 operations modes :

Transport mode - Only the data is encrypted

Tunnel mode - Entire IP Packet is encrypted

References

GPRS security Ksenia Orman

Geir Stian Bjan and Erling Kaasin. Security in GPRS,Master thesis, 2001http://student.grm.hia.no/master/ikt01/ikt6400/ekaasin/

GPRS Security Threats and SolutionRecommendationsAlan Bavosa