Term
| 41. List some components of a GSM network (9) |
|
Definition
• MS – Mobile station
• BTS – Base Transceiver Stations
• BSC – Base Station Controller
• OMC – Operations and Maintenance Centre
• MSC – Mobile Switching Centre
• VLR – Visitors Location Register
• HLR – Home Location Register
• EIR – Equipment Identity Register
• AUC – Authentication Centre |
|
|
Term
| 42. List some components of a UMTS network (11) |
|
Definition
• CN – Core Network
• AN (UTRAN) – UMTS Terrestrial Radio Access Network
• UE – User Equipment
• BS are referred to as Node-B
• RNC – Radio Network Controller
• SGSN – Serving GPRS Support Node
• GGSN – Gateway GPRS Support Node
• SMS-GMSC – SMS Gateway Mobile Switching Centre
• UICC – Universal Integrated Circuit Card
• PSTN - Public Switching Telephone Network
• MGW – Media Gateway - - Session Initiation Protocol |
|
|
Term
| 43. What are 5 security limitations of GSM |
|
Definition
• Only provides for access security – communications and signalling in fixed network portion are not protected
• Does not address active attacks, whereby network elements may be impersonated
• Lawful interception is an afterthought
• Inflexibility to upgrade and improve security functions over time
• No confirmation that encryption is on |
|
|
Term
| 44. What are 5 attacks on GSM |
|
Definition
• Eavesdropping
• Impersonation of user
• Impersonation of network
• Man in the middle
• Compromising authentication vectors in the network |
|
|
Term
| 45. 4 specific GSM security issues |
|
Definition
• Encryption terminated too soon
• Clear transmission of cipher keys and authentication values within and between networks
• Confidence in strength of algorithms
• Use of false base stations |
|
|
Term
| 46. What is de-registration spoofing |
|
Definition
• The network can’t authenticate the messages it receives over the radio interface
• The intruder spoofs a de-registration request (IMSI detach) to the network
• The network deregisters the user from the visited location area and instructs the HLR to do the same.
• The user subsequently cannot be reached for mobile terminated services. |
|
|
Term
|
Definition
| International Mobile Subscriber Identity |
|
|
Term
| 48. What is location update spoofing: |
|
Definition
| When an attacker spoofs a location update request from a different area than that which the user is currently roaming. |
|
|
Term
| 49. What is passive identity caching and how is it countered? |
|
Definition
| If the network requests the users identity in plaintext, a modified MS can capture this information. Temporary identities (TMSI - Temporary Mobile Subscriber Identieis) makes this inefficient |
|
|
Term
| Compromised cipher key works by |
|
Definition
| User is enticed to camp on the false BTS / Ms. when a call is set-up the false BTS / MS forces the use of a compromised cipher key on the mobile user |
|
|
Term
| 51. Eavesdropping on user data by forcing the use of a compromised cipher key |
|
Definition
• An attack that requires a modified BTS/MS and the possession by the intruder of a compromised authentication vector and thus exploits the weakness that the user has no control the cipher key.
• The target user is enticed to camp on the false BTS/MS. When the target user or the intruder set-up a service, the false BTS/MS forces the use of a compromised cipher key on the mobile user while it builds up a connection with the genuine network using its own subscription.
Countered by having a unique sequence number for each cipher key |
|
|
Term
52. Hijacking outgoing calls in networks
with encryption disabled |
|
Definition
• This attack requires a modified BTS/MS. While the target user camps on the false base station, the intruder pages the target user for an incoming call.
• The user then initiates the call set-up procedure, which the intruder allows to occur between the serving network and the target user, modifying the signaling elements such that for the serving network it appears as if the target user wants to set-up a mobile originated call.
• The network does not enable encryption. After authentication the intruder cuts the connection with the target user, and subsequently uses the connection with the network to make fraudulent calls on the target user’s subscription. |
|
|
Term
53. Hijacking outgoing calls in networks
with encryption enabled |
|
Definition
| • This attack requires a modified BTS/MS. In addition to the previous attack this time the intruder has to attempt to suppress encryption by modification of the message in which the MS informs the network of its ciphering capabilities. |
|
|
Term
54. Hijacking incoming calls in networks
with encryption disabled |
|
Definition
• This attack requires a modified BTS/MS. While the target user camps on the false base station, an associate of the intruder makes a call to the target user’s number.
• The intruder acts as a relay between the network and the target user until authentication and call set-up has been performed between target user and serving network. The network does not enable encryption.
• After authentication and call set-up the intruder releases the target user, and subsequently uses the connection to answer the call made by his associate. The target user will have to pay for the roaming leg. |
|
|
Term
55. Hijacking incoming calls in networks
with encryption enabled |
|
Definition
| • This attack requires a modified BTS/MS. In addition to the previous attack this time the intruder has to suppress encryption. |
|
|
Term
| 56. What are 8 principles of 3G Security |
|
Definition
• Mutual Authentication
• Data integrity – signalling messages between MS and RNC are protected by integrity code
• Network to Network Security – usually by using IPSec or similar
• Security not limited to base stations includes as well RNCs
• Temporary TMSI to secure International Mobile Subscriber Number (UMSI)
• Visibility and Configurability
• Exporting encryption algorithms
• Lawful interception |
|
|
Term
| 57. What is the 3G Security model |
|
Definition
• Network access security – provide secure access to 3G services and protection for the (radio) access link
• Network domain security – secures provider domain nodes to exchange signalling data, and defends the wireline network
• User domain security – secures access to mobile stations
• Application domain security – enables applications in the user and provider domains to exchange messages
• Visibility and configurability of security – lets a user know which security features are active and which should be in use. |
|
|
Term
| How does Authentication and Key Agreement work? |
|
Definition
• Mutual authentication
• Establishes cipher and integrity keys
• Maximum compatibility with GSM
• Based on challenge-response protocol |
|
|
Term
| 59. What are the AKA pre-requisites |
|
Definition
• Auc and USIM share secret key, authentication functions and key generation functions
• Auc must have random number generator
• Auc has scheme to generate fresh sequence numbers
• USIM checks sequence numbers |
|
|
Term
| 61. Interception terminology |
|
Definition
• Network based
• Subject based
• Target identity
• Interception Area
• Location Dependent interception |
|
|
Term
Why is there a lack of confidence in cryptographic
algorithm? (5) |
|
Definition
- Lack of openness in design of A5/1
- Misplaced belief by regulator in the effectiveness of controls on the export or even the use of cryptography
- Key length too short, but implementation faults made increasing key length difficult
- Frames XORed with Key stream
- Need to replace A5/1 but poor design support made replacement difficult |
|
|
Term
| 4 DOS attacks countered by 3G |
|
Definition
- De-reg spoofing
- Location update spoofing
- camping on a false BS
- camping on a false BTS / MS |
|
|
Term
| 2 Type of attack for identity catching |
|
Definition
|
|
Term
| Impersonation of the network attacks (3) |
|
Definition
- Suppressing Suppressing encryption between target user and intruder
- Supressing encryption between target user and true network
- Forcing use of a compromised key |
|
|
Term
| What does 3G offer to prevent location spoofing attacks? |
|
Definition
| Integrity protection of critical signalling messages protects against this attack. Data authentication and replay inhibition of the location update request allows the serving network to verify the location update request is legit |
|
|
Term
| What does camping on a false BTS exploit? |
|
Definition
| Weakness that a user can be enticed to camp om a false base station |
|
|
Term
| What happens once a target user camps on the radio channels of a false base station? |
|
Definition
| Target user is out of reach of the paging signals of the serving network |
|
|
Term
| How does the 3g security architecture counteract this attack? (target user camps on the radio channels of a false base station) |
|
Definition
| It doesn't. But the DOS only persists for as long as the attacker is active. |
|
|
Term
| What does a modified BTS/MS exploit? |
|
Definition
| user can be enticed to camp on a false base station |
|
|
Term
| What is active identity caching? |
|
Definition
| Intruder entices target user to camp on its false BTS and requests target user to send its permanent user ID in cleartext |
|
|
Term
| What 3G measure stops ID caching? |
|
Definition
| Identity confidentiality mechanism counteracts the attack by using an encryption key shared by a group of users to protect the user ID |
|
|
Term
| How is encryption suppressed between target user and intruder? |
|
Definition
| Target user is enticed to camp on the false BTS. When the intruder or target user initiates a service, the intruder does not enable encryption by spoofing the cipher mode command. |
|
|
Term
| What 3G measure prevents suppressing encryption between the target user and intruder |
|
Definition
| Mandatory cipher mode command with message authentication and replay inhibition to verify that encryption has not been supressed by the attacker |
|
|
Term
| How is encryption suppressed between target user and true network |
|
Definition
| User is enticed to camp on a false BTS / MS. The false BTS / MS modifies the ciphering capabilities of the MS to make it appear to the network that a geninue incompatibility exists between network and mobile station |
|
|
Term
| 3G counters suppression between target user and true network by doing what? |
|
Definition
| Message authentication and replay inhibition allows the network to verify that encryption has not been suppressed by an attacker |
|
|
Term
| Compromised cipher key works by |
|
Definition
| Target user is enticed to camp on the false BTS / MS. When a call is setup the false BTS / MS forces use of a compromised cipher key on the mobile user |
|
|
Term
| 3G helps vs Compromised cipher key by |
|
Definition
| The presence of a sequence number in the challenge which allows the USM to verify the freshness of the cipher key to help guard against forced re-use of a compromised authentication vector |
|
|
Term
| How does eavesdropping on user data by suppressing encryption between the target user and the intruder |
|
Definition
| The target user is enticed to camp on the false BTS. When the target user or intruder initiates a call, the network does not enable encryption by spoofing the cipher mode command. |
|
|
Term
| Eavesdropping on user data by suppressing encryption between the target user and the intruder is helped by 3g because |
|
Definition
| A mandatory cipher mode command with message authentication and replay inhibition allows the mobile to verify that encryption has not been suppressed by an attacker |
|
|
Term
| 3G counters suppression of encryption between target user and true network by |
|
Definition
| Message authentication and replay inhibition of the mobile's cipher capabilities allows the network to verify that enc has not been suppressed by the attacker |
|
|
Term
| How does user impersonation with compromised authentication vector work |
|
Definition
| Intruder uses the data to impersonate the target user towards the network and the other party |
|
|
Term
| How does 3G counter user impersonation with compromised authentication vector |
|
Definition
| Presense of a sequence number in the challenge which means that authentication vectors cannot be re-used to authentication USIMs |
|
|
Term
| How does user impersonation through eavesdropped auth response work |
|
Definition
| Intruder eavesdrops on the authentication response sent by the user and reuses that when the same challenge is sent later on |
|
|
Term
| User impersonation through eavesdropped auth response works by |
|
Definition
| Intruder eavsdrops on the authentication response sent by the user and reuses that when the same challenge is sent later on. Subsequently cipher has to be avoided by any of the mechanisms described above. The intruder uses the eavesdropped response data to impersonate the target user towards the network and the other party |
|
|
Term
| 3G gets rid of user impersonation through eavesdropped auth response |
|
Definition
| The presence of a sequence number in the challenge means that auth vectors cannot be re-used to auth USIMs |
|
|
Term
|
Definition
- Mutual Authentication
- Data integrity
- Network to Network security
- Security not limited to base stations includes as well RNCs
- Temporary TMSI to secure International Mobile Subscribers (UMSI)
- Visibility and Configurability
- At least one encryption algorithm exported on a world-wide basis (KASUMI)
- Lawful interception |
|
|
Term
| 3 Generation Partnership Project Security overview (5) |
|
Definition
- Defeat false base station attacks
- Key lengths increased to allow for stronger crypto algorithms
- Mechanisms to support security within and between networks
- Security is based within the switch rather than the base station
- Integrity mechanisms for terminal identity (IMEI)
- To ensure that info generated about a user is adequately protected against misuse
- Ensure that the resources and services provided by networks are adequately protected against misuse |
|
|
Term
| 3GPP Security objectives (5) |
|
Definition
- To ensure security features are standardised and available
- To ensure security features are standardised and available
- To ensure that the level of protection afforded is better than contemporary fixed networks
- To ensure security features & mechanisms can be extended and enhanced as necessary |
|
|
Term
| What is the most boring subject in CNET338? |
|
Definition
|
|
Term
| Why worry about security? |
|
Definition
(As a 3rd year Computer and Information security, I'm glad you asked...)
- There is no physical protection
- Broadcast comms
- Eavesdropping is easy
- Injecting bogus messages into the network is easy
- Replaying previously recording messages is easy
- Illegitimate access to network and its services is easy
- Denial of service is easy by jamming |
|
|
Term
| The lack of inherent protection presents a problem. Physical connections between devices are replaced by what? |
|
Definition
|
|
Term
| The fact that communications are broadcast presents another two problems, what are these? |
|
Definition
Transmissions can be overheard by anyone in range
Anyone can generate transmissions |
|
|
Term
| What is computer security? (This one's a tough one) |
|
Definition
Confidentiality
Integrity
Availability |
|
|
