Embed Size (px)
Citation preview
Security Models in Cellular / Wireless Networks
William Chipman
Fall 2010
Colorado State University
Abstract
Wireless technologies are continually advancing and becoming more pervasive.
Cellular-based networks have now become the network of choice for businesses and
individuals. With the introduction of multiple operating systems for mobile devices,
security is now becoming a major issue. To combat the risks involved in cellular
networking, several security models have been proposed and implementations of these
models are being tested and deployed continuously.
Because all cellular data transfer is inherently wireless and therefore insecure all
the risks associated with a wireless network must be addressed and ameliorated. Because
sensitive data is being stored and inputted on mobile devices, keeping the device and its
communication secure is a top priority to network and hardware designers. This push to
keep users and their devices mobile at all times drive the need for better and more
comprehensive security models for implementation in the new devices.
This field is very much in its infantile stage. Most security for cellular networks
are handle by four main ideas; authentication, authorization, encryption and physical
security. Newer smart phones also encompass an idea referred to as sandboxing. In this
concept, applications are given an area of the device to perform their purpose. Any
additional access is described to the user before installation and require authorization
prior to moving forward with the install process. A clear knowledge of the risks and
solutions for wireless cellular networks security issues is important to users, businesses
and scientists.
Keywords: GSM, Cellular Security, Android, CDMA, UTMS, Security Models, 3G
Security, Wireless Security.
I. Introduction
Wireless technologies are continually advancing and becoming more pervasive.
Cellular-based networks have now become the network of choice for businesses and
individuals. “The current ubiquity of Global System for Mobile Communications (GSM)
service and anticipated proliferation of last mile Worldwide Interoperability for
Microwave Access (WiMax) networks places intra-cellular wireless users at great risk”
[12]. With the introduction of multiple operating systems for mobile devices, security is
now becoming a major issue. To combat the risks involved in cellular networking, several
security models have been proposed and implementations of these models are being
tested and deployed continuously.
“Wireless security is ... a combination of wireless channel security (security of the
radio transmission) and network security (security of the wired network through with the
data flows)” [1]. Because all cellular data transfer is wireless all the risks associated with
a wireless network must be addressed and ameliorated. Because sensitive data is being
stored and inputted on mobile devices, keeping the device and its communication secure
is a top priority to network and hardware designers. “In addition, mobile devices having
both cellular phone and WLAN capability are available [and] demand to integrate
multiple mobile computing services into a single entity is preeminent” [9]. This push to
keep users and their devices mobile at all times drives the need for better and more
comprehensive security models for implementation in the new devices.
A clear knowledge of the risks and solutions for wireless cellular networks
security issues is important to users, businesses and scientists. This paper will explore
these issues in detail. A brief introduction to current cellular technology will build the
foundation of this paper and will be used to introduce the topics of mobile platforms,
security risks in these configurations and solution models.
II. Related Work
Work in the field of cellular network security has achieved its renaissance in
recent years. A large amount of research has been completed recently due to the
impending release of the 4G cellular network platform. As a part of this research many
security issues have been addressed and solutions to the most glaring issues have been
developed. In the paper, Improving Intra-Cellular Security Using Air Monitoring with RF
Fingerprints, the author shows that researchers have determined that each mobile device
has a unique RF signature that can be determined and cataloged for future verification.
There has been extensive research in the field of cellular to WLAN integration.
Most of it has focused on proposed architecture but security available in the hardware is
always a part of that research. Security across the WLAN/cellular connection has become
vital to the safety of both systems and the devices connected to those networks. With the
recent release of the 3G protocol and the impending release of the 4G protocol, “the 3rd
Generation Partnership Project (3GPP) has identified this [WLAN] interworking as vital
for 3G networks” [4].
The mobile IP working group is developing initiatives to seamlessly merge IP
networks with cellular-based networks. The cellular networks will need to adopt IETF
standardized protocols [2]. Once this adoption has occurred, cellular integration into
wireless networks will be seamless but security issues will still have to be addressed on
both sides of the connection.
III. Intro to Cellular technology
Global System for Mobile Communications
The Global System for Mobile Communications (GSM) is a system introduced in
most countries as the new standard for cellular communications. Approximately 80% of
the world uses the GSM format. “The main objective of the GSM system is to be at least
as secure … as the public switched telephone” [5]. This requirement has forced the GSM
designers to devise a standardized system that address as many of the security issues
surrounding cellular-based communications. The first line of defense in the GSM
network is authentication. It allows subscribers to attach to the network and drives the
encryption system.
The GSM network is based on a series of base stations that operate in cells similar
in appearance to the cells in a bee hive. These base stations interact directly with the
mobile devices. The base stations receive the signal from the mobile stations and relay it
to the network and switching subsystem. This subsystem then interacts with the GSM
backbone for communications onto the wired communication system. The General Packet
Radio Service (GPRS) “applies a packet radio principle to transfer user data packets in an
efficient way between mobile stations and external packet data networks” [8].
The “GSM security model is based on a 128-bit shared secret Ki between the
subscriber's SIM and the network” [7]. The subscriber SIM is a small factor data storage
card the carries the subscriber identification with the encryption algorithms used to
authenticate, authorize and encrypt the data communication as hardware in the mobile
device. “Key management [in the system] is independent of equipment” [14]. By
detaching the key management from the subscriber's mobile device, the subscriber
identity is not easily identified, compromised equipment is easily detected and data and
signaling are protected. “GSM uses Gaussian Minimum Shift Keying (GMSK)
modulation with a bandwidth-bit period product of Btbit = 0.3 and Gaussian filter
bandwidth of BW = 81.3KHz” [12].
CDMA/UMTS
“UMTS and CDMA2000 belong to a set of wireless network standards known as
3G, third generation mobile telecommunication standards, which replaced or are
replacing the older 2G networks” [7]. CDMA is code division multiple access and is the
format used in the UMTS system to speed-up data transfer rates to the 3G standard and
will eventually be used for the 4G standardization. UMTS security uses the following
defined security functions in the authentication and key agreement algorithm (AKA):
f0: Random challenge generation function
f1: network authentication function
f2: user challenge-response authentication function
f3: cipher key derivation function
f4: integrity key derivation function
f5: anonymity key deprivation function [7].
These are standardized functions across all mobile devices accessing the UMTS network.
By standardizing the functions, they can be implemented in hardware instead of software,
thus increasing the speed of data transfer and making the communication channel more
secure and more useful for subscribers.
Cellular integration into wireless networks
Based on the interdependence of the WLAN and the cellular network, the
coupling between the two can vary. “In a tight coupling, the 802.11 network appears to
the 3G core network as another 3G access network. In a loose coupling, the 802.11
gateway connects to the Internet and does not have any direct link to the 3G network
elements” [9]. The tying of the two networks together open unique security issues that
have not been seen in the past. In a tight coupling, WLAN networks are vulnerable to the
same attacks as standard cellular networks. The WLAN has to be secured against threats
that affect both types of networks. In a loosely coupled system, only the cellular network
is vulnerable to the discussed security issues.
Digital vs. Analog networks
In June 1999, 70% of the subscribers in the United States still used analog
handsets [13].
Security in an analog system is essentially non-existent. There is no encryption and as
such interception of the signal is all that is needed to perpetrate an attack. Digital phones
use either TDMA or CDMA. CDMA is the standard used by the GSM system which is
used in most of the world. The TDMA system is unique to the United States. Interception
and decryption would begin with the eavesdropper knowing which system was being
used. Once this is determined, an attacker would still need to bypass all other security
measures. Also, in digital systems data is both digitized and compressed. Therefore
would-be interceptors would need to know the compression algorithms.
III. Android Platform
Android is a mostly open-source operating system developed by over 30 industrial
partners with Google as the lead developing group. The OS is built on a Linux framework
and therefore contains many of the core applications. It is delivered on mobile devices
with many basic applications such as a phone dialer and address book. The security
issues revolve around the installation of other applications. The applications run in a
Dalvik virtual machine [10]. The Dalvik VM is a register-based virtual machine. The
applications are developed in Java. There is no “App Store” required like for the iPhone.
A developer can build an application and the user is free to install it on their mobile
device. The applications running on the Android system have an UNIX style UID but
sharing of data is allowed at the application level.
“Manifest files are the technique for describing the contents of an application
package” [3]. The Android manifest file is an XML file that describes all the components
contained in the application. Unlisted components are not allowed to execute. The
manifest file also lists all specific access rules for the application. All of the components
are either public or private. Private components are accessible only by the application but
all public components can be accessed by other applications. This can have devastating
effects if the access is malicious in nature or if the access inadvertently has a negative
effect on the device or the network.
The Android security model centers on an access control policy. An access
permission label is assigned to each component and each application requests a list of
permission labels. The manifest file assigns the access permissions but if the permissions
are not expressly set on public components then any application can access it. These
access permissions are fixed at install time. Access permissions are also used to control
access to resource APIs in the operating system.
IV. Security Risks
Interception
Interception is the hijacking of the mobile subscriber's signal. Interception of the
signal in and of itself is not a security risk. The cellular signal is available to all that wish
to retrieve it. The security of the signal comes in issue when the intercepted signal is
decrypted and the data is available to a non-authorized third party. Current cellular
systems use the A5 encryption algorithm. Brute force decryption of the A5 algorithm is
“infeasible in real-time” [7]. Interception and off-line decryption is possible even with a
keyspace of 2^54 bits. To make the offline decryption also infeasible, signaling protection
in the form of secure signaling is required. Secure encryption of the data inside of the
cellular transmission protects communication and makes interception useless to a would-
be attacker.
Jamming
Jamming of cellular signals is similar to a denial of service attack but focused on a
specific physical location. The jammer sends a blanket signal to an region that disrupts
the cellular traffic in the area with no regard for what the specific traffic is carrying. For
a minimal amount of money, using readily available equipment, an RF engineer could
easily build a jamming device that works in a small directed area. Jamming attacks lower
the availability of the cellular network resource. This can be directed at a individual
subscriber or at an entire network. “An attack capable of preventing the large majority of
voice communication in a metropolitan area is indeed possible with the bandwidth
available to a single cable modem” [15].
Virus introduction and propagation
The fact that users will install almost any application opens devices and networks
to exploitation through hidden virus and then propagation of those viruses. Stopping or at
least delaying the propagation can be handled through sandboxing of applications and
through limiting access privileges of applications. The closer coupling of the cellular
network and the WLAN that is being seen in the current configurations opens security
holes that would allow the propagation of these viruses across networks and into devices
that have not been the classic targets of such attacks.
Solution Models
Solution models designed for cellular traffic are all very similar and address four
basic issues. These are anonymity, authentication, encryption and integrity. A fifth
solution model, sandboxing, is being used in many newer mobile smart devices.
Anonymity
Anonymity is what protects the subscriber's identity in the case of interception.
Security models for both major network implementations use anonymity in some fashion
to protect subscribers. The identity of the subscriber is not readily available to potential
intruders. This makes intercepted data signals less useful to attackers as interception of a
specific user data stream is very difficult in a busy network. Anonymity is provided
through the use of temporary identifiers [8]. These temporary identifiers are setup and
exchanged during the initialization of the cellular communication. To bypass this factor,
the originating setup signals would have to be intercepted. These temporary identifiers
are only available in digital devices; analog cellular security has no anonymity.
Authentication
Authentication in a mobile network proves that the device sending the data signal
is who it claims to be and is provided through the use of challenge-response that is based
on the designated encryption model. The GSM network uses a standard authentication
and key agreement algorithm (AKA). [7] It uses a universal smart card that performs the
initiation, credential transfer and challenge-response sequence. The use of strong client
authentication is important to avoiding billing fraud from the operator [14]. Once a
device is authorized on the network, all communication between the device and the
network is confirmed to be from the authorized device. “Authentication in GSM proceeds
as follows: [mobile subscriber]MS receives the RAND from MSC, calculates the SRES
with A3 algorithm using RAND and Ki and sends it back to MSC” [7]. If the SRES
matches the one on file at the MSC then authentication succeeds. The corresponding Kc
is used to encrypt further communications between the device and the network.
Encryption
Encryption in the network is the most significant portion of the cellular security
model. “Most network operators use COMP128 algorithm for A3 implementation” [7].
The COMP128 algorithm uses two 128-bit inputs and produces a 128-bit output. These
are Ki and RAND in the case of A3 algorithm implementations and the first 32 bits are
the SRES output. There is a session key, Kc, that is used for encryption over-the-air after
authentication. Session key Kc is generated using the A8 algorithm. The A8 algorithm is
the voice privacy key generation algorithm and has never been made public. Combining
the A8 and COMP128 increases the level of encryption to a point that it is infeasible to
decrypt using current conventional methods.
Over the air encryption is handled using the A5 algorithm. A5 is a hardware based
cipher that uses linear feedback shift registers [7]. Export restriction of encryption
technology forced the A5 algorithm to be split into two versions: A5/1 which is stronger
but is only available in Europe and the US and A5/2 which has a weaker encryption but
can be exported worldwide [7]. Both versions of the A5 algorithm are strong enough to
halt most decryption attempts. The A5 algorithm has never been made public though
recently individuals have claimed to be able to decrypt messages using rainbow tables.
The UMTS has a defined function f8 that is used for encryption. This function is similar
in functionality to the A5 algorithm used in the GSM network.
Integrity
Integrity in a cellular network centers on assurance that the same mobile device is
transmitting data throughout the length of the connection. Random challenge vectors are
used in both GSM and UMTS to provide integrity for the length of the connection. These
challenge vectors are similar to the initial challenge-response authentication but with the
added benefit of the encryption of the message.
Sandboxing
The Android platform uses self-signed certificates with no certificate authority.
All application permissions are expressly defined by the developer and approved by the
user during the installation process. “Each app[lication] [is] isolated with its own process,
user [and] data” [10]. This sandbox forces all applications to expressly request access to
other applications and their public components. This access is governed by the manifest
file that is delivered with all applications but is managed under the sandbox protocol to
provide system stability even in an adverse environment. While the sandbox concept can
be effective, the granularity of control is not fine enough to completely protect the device
or the network [10]. Combining of the sandbox protocols with the other four models
allows for protection of the smart device and security of the mobile network being
accessed by the device.
VI. Solution Implementations Examples
Statistical RF Fingerprinting
“Physical (PHY) layer security using RF signal characteristics is one alternative
[as] such characteristics are nearly impossible to mimic” [12]. These RF fingerprints can
be used to establish a device's identity and be used to detect malicious network activity.
Device classification is performed using collective statistical metrics of the signal to
identify and authorize. The statistics “include standard deviation, variance, skewness and
kurtosis” [12]. Elements of the RF fingerprint are formed by dividing the N contiguous
equal subsequences and then calculating the four metrics across all elements. The
elements are then arranged and a parametric analysis is used to generate the unique RF
fingerprints.
PhonePrint is an application that makes use of the RF fingerprints in a commercial
setting. “PhonePrint is a combination of hardware and software that cellular operators
install in base stations in high fraud area” [13]. All handsets that request service in the
PhonePrint domain have the RF signature determined and then stored in a database along
with the mobile device and subscriber information. When future requests are made the
RF signature is compared to those stored in the database and if a match is not made, the
connection is disabled. The major use of this is to prevent cloning of mobile devices.
Physical Security
Physical security of the mobile device is the first line of defense and is the most
important single method to prevent attacks. “Cellular phones and other handheld devices
were designed to be small and mobile, but this also means that they are more likely than
other pieces of technology to get lost or stolen, and thieves can easily conceal them” [1].
In a GSM network, the physical security is achieved through the use of a subscriber SIM
card coupled with a PIN code to unlock the card [8]. Combining the physical card
(something you have) with a PIN code (something you know), makes this combination
highly effective against attacks. The physical security of the device is susceptible to
social engineering as well as device theft and bandwidth hijacking. Social engineering
can be as simple as asking someone their PIN code to use their phone. While this is
simple, it is highly effective. Protection of the device is critical to any security
implementation.
VII. Conclusion
Security in any network is a top priority. In a cellular network where all data
traffic is wireless, it becomes even more of a priority. Security in the network has to be
both complete and must not impact performance. “The security mechanism must not add
significant overhead on call setup, increase bandwidth of the channel, increase error rate
or add expensive complexity to the system” [14].
According to Ahmad, any security implementation needs five elements; it must be
complete, efficient, effective, extensible and user-friendly. Security implementations that
meet all of these requirements will be embraced by the network users and thus will
actually be used. The current and extensive research in the field of cellular to WLAN
integration has yielded an insight to the security issues . Most security is handled in the
hardware to make it seamless and efficient.
The cellular community has backed a single security model that addresses most
issues that arise in the current configurations found in cellular/WLAN networks. This
model includes anonymity, authentication, encryption and integrity. In many of the newer
cellular device that run interactive software, the concept of sandboxing has taken hold.
This adds to the overall protection of the network by protecting the device and the
network from malicious attacks hidden in delivered software. Implementations of this
security model include statistical RF fingerprinting and biometric hardware interfaces but
the most important protection of cellular networks begin with physical security of the
devices on the network and proper training of the users. As new platforms and devices are
developed, all of these concepts will need to be included during the development phase
so that cellular networks can remain safe.
References
[1]Ahmad, J., Garrison, B., Gruen, J., Kelly, C. & Pankey, H., (2003). “4G Wireless
Systems,” Next-Generation Wireless Working Group. Retrieved on 8 September
2010 from www.ckdake.com/system/files/4gwireless.pdf
[2]Calhoun, P., (2001) “Security for Mobile IP in the 3G Networks”, Sun Microsystems,
Retrieved on 14 September 2010 from www.iab.org/documents/workshops/IAB-
wireless.../mip-sec-3g.ppt
[3]Enck, W., McDaniel, P., (2009) Understanding Android's Security Framework. Penn
State Computer Science CSE597a. Retrieved 20 September 2010.
[4] Fitzek, F.H.; Popovski, P.; Zorzi, M., (2005) "A symbolic perspective on low-cost
cellular and multihop WLAN interworking solutions," Wireless Communications,
IEEE , vol.12, no.6, pp. 4- 10
[5]Guinier, D., (UNK). From eavesdropping to security on the cellular telephone system
GSM, ACM SIGSAC, pp.13-18
[6] Jalel, A., Uddin, I., (2003). Security Architecture for Third Generation (3G) using
GMHS Cellular Network, IEEE Transactions, 49(1), pp. 123-127
[7] Kazeka, A., (2009). “Security Model Evaluation of 3G Wireless Networks,”
Retrieved October 14, 2010 from
www.cs.colostate.edu/~kazeka/pdf/kazeka3Gsec07.pdf
[8] Khalifa, O., Aburas, A., Shahbuddin, M., Kasa, H., (2007). Security Management
System of Cellular Communication: Case Study. World Academy of Science,
Engineering and Technology, (35).
[9]Minghui S., Rutagemwa, H., Xuemin S., Mark, J.W., Saleh, A., (2007) "A Service-
Agent- Based Roaming Architecture for WLAN/Cellular Integrated Networks," Vehicular
Technology, IEEE Transactions on , vol.56, no.5, pp.3168-3181
[10] Oberheide, J., (2009). A Look at a Modern Mobile Security Model: Google's
Android Platform. University of Michigan CanSec West.
[11]Pasanen, S.; Haataja, K., Paivinen, N., Toivanen, P., (2010). "New Efficient RF
Fingerprint-Based Security Solution for Bluetooth Secure Simple Pairing," System
Sciences (HICSS), 2010 43rd Hawaii International Conference on , vol., no.,
pp.1-8, 5-8
[12]Reising, D., Temple, M., & Mendenhall, M., (2010). "Improving Intra-Cellular
Security Using Air Monitoring with RF Fingerprints," Wireless Communications
and Networking Conference (WCNC), 2010 IEEE , pp.1-6, 18-21
[13]Riezenman, M.J., (2000) "Cellular security: better, but foes still lurk," Spectrum,
IEEE , vol.37, no.6, pp.39-42
[14]Stepanov, M., (UNK) “GSM Security Overview,” Retrieved October 14, 2010 from
www.cs.huji.ac.il/~sans/students_lectures/GSM%20Security.ppt
[15] Traynor, P., Enck, W., McDaniel, P., La Porta, T., (2009). Mitigating Attacks on
Open Functionality in SMS-Capable Cellular Networks, IEEE/ACM Transactions on
Networking, 17(1)
[16]Ureten, O.; Serinken, N., (2007) "Wireless security through RF fingerprinting,"
Electrical and Computer Engineering, Canadian Journal of , vol.32, no.1, pp.27-
33
