Date post: | 07-Jul-2015 |
Category: |
Education |
Upload: | ankit-gupta |
View: | 269 times |
Download: | 1 times |
MOTILAL NEHRU NATIONAL INSTITUTE OF TECHNOLOGYALLAHABAD
SECURITY IN BLUETOOTH, CDMA AND
UMTS
BLUETOOTH System for short range wireless communication
Wireless data transfer via ACL link
Data rates up to 3 Mb/s
2.4 GHz ISM band (Industrial Scientific Medicine)
Typical communication range is 10-100 meters
Bluetooth SIG (Special Interest Group) developed the
technology
SECURITY THREATS
Disclosure Threat
Integrity Threat
Denial of Service (DoS)
ATTACKS
Snarf Attack
Backdoor Attack
BlueBug Attack
BlueJack Attack
Denial of Service Attack
BluePrinting Attack
SECURITY LEVELS AND MODES
Security Levels:
Silent
Private
Public
Security Modes:
Non Secure
Service Level Enforced Security
Link Level Enforced Security
AUTHENTICATION, AUTHORIZATION , ENCRYPTION
Authentication is the process of proving the identity of
one piconet member to another
Authorization determines whether the user is authorized
to have access to the services provided
Encryption is the process of encoding the information so
that no eavesdropper can read it
SECURITY OPERATIONS
AUTHENTICATION
AUTHORIZATION
ENCRYPTION
Encryption Mode 1
Encryption Mode 2
Encryption Mode 3
ENCRYPTION PROCEDURE
KNOWN VULNERABILITIES
Spoofing through Keys
Spoofing through a Bluetooth Address
PIN Length
COUNTERMEASURES Know your Environment
Be Invisible
Abstinence is best
Use only long PIN codes (16 case sensitive
alphanumerical characters)
Requiring Authentication for every L2CAP request
Using additional security at software level and an
additional password to physically protect the Bluetooth
devices
COUNTERMEASURES CONTD… Requiring re authentication always prior to access of a
sensitive information / service
To prevent Man-in-the-middle attack, approach is to
make it difficult for an attacker to lock onto the
frequency used for communication. Making the
frequency hopping intervals and patterns reasonably
unpredictable might help to prevent an attacker from
locking onto the devices signal.
PROPOSED SOLUTION FOR DOS ATTACK
When the pairing message is sent by one device
When the attacker is sending the message with the
address, which is already connected to Bluetooth device
When the pairing message sent by more than one device
When the attacker is changing the Bluetooth address of
itself with another Bluetooth address
UMTS security
UMTS system architecture (R99) is based on GSM/GPRS
POSSIBLE ATTACKS ON UMTS
Denial of service Identity catching Impersonation of the network Impersonation of the user
3G SECURITY FEATURES „ Mutual Authentication
The mobile user and the serving network authenticate each other
„ Data Integrity Signaling messages between the mobile station and RNC
protected by integrity code Network to Network Security Secure communication between serving networks. IPsec
suggested Secure IMSI (International Mobile Subscriber
Identity) Usage The user is assigned a temporary IMSI by the serving
network
3G SECURITY FEATURES CONTD…
� User – Mobile Station Authentication
The user and the mobile station share a secret key, PIN � Secure Services
Protect against misuse of services provided by the home network and the serving network
� Secure Applications
Provide security for applications resident on mobile station
AUTHENTICATION AND KEY AGREEMENT
„ AuC and USIM share
permanent secret key K
Message authentication functions f1, f1*, f2
key generating functions f3, f4, f5
„ AuC has a random number generator
„ AuC has scheme to generate fresh sequence numbers
„ USIM has scheme to verify freshness of received
sequence numbers
AUTHENTICATION AND KEY AGREEMENT
128 bit secret key K is shared between the home network and the mobile user
Home Network Mobile station
Complete Message flow for successful AKA
Encryption
Integrity Check
NETWORK DOMAIN SECURITY IPSec
IP traffic between networks can be protected with IPSEC between security gateways
Encapsulating Security Payload (ESP) is used for protection of packets
ESP is always used in tunnel mode Advance Encryption Standard (AES)
CDMA
CODE DIVISION MULTIPLE ACCESS (CDMA)
Channel access method used by various radio
communication technology
Employs spread spectrum technology and a special
coding scheme
Attacks are very difficult and rare
DIFFERENCE BETWEEN CDMA, TDMA AND FDMA
TYPES OF CDMA
Frequency Hopping Spread Spectrum CDMA
Direct Sequence Spread Spectrum CDMA
SECURITY
By design, CDMA technology makes eavesdropping very
difficult
42-bit PN (Pseudo Random Noise) sequence
64-bit authentication key (A-Key)
Electronic Serial Number (ESN) of the mobile
AUTHENTICATION
AUTHENTICATION MODEL
ENCRYPTION
Thank You!!!!!