This document summarizes a presentation on privacy and security aspects in mobile networks from 1G to 5G. It discusses how mobile network architectures and security have evolved with each generation, from basic access control and authentication in 2G to longer encryption keys, mutual authentication, and new key hierarchies in 4G and 5G. It provides examples of past attacks on mobile networks and how they have become easier to carry out as tools have become more widely available. Specifically, it discusses how subscriber identification methods have changed from sending IMSI in cleartext in 2G to concealed SUPI in 5G. The presentation emphasizes that securing systems is difficult and that we must learn from past mistakes as new technologies are developed.
1. University of Bucharest, Romania
Norwegian University of Science and Technology, Norway
Ruxandra F. Olimid
Privacy & Security Aspects
in Mobile Networks
March 21st, 2019
Ladies in Cybersecurity, Bucharest
2. I will take you …
… in a brief journey from 1G to 5G …
… with focus on privacy & security aspects
8. Cryptanalysis of Public Key Encryption Systems
BSc. (Maths & CS)2008
Security of GSM and UMTS Networks
BSc. (Telecom)2009
Secret Sharing Schemes
2010 MSc.
Group Key Establishment based on Secret Sharing
2013 Phd.
Secret Sharing Schemes and their Applications to Multiparty
Cryptographic Protocols
2015 PostDoc
Mobile Communication Security
2018 PostDoc
14. … and looking forward 5G
[Source:http://europa.eu/rapid/press-release_MEMO-14-129_en.htm]
15. Mobile Networks General Architecture
[Source: http://emfguide.itu.int/emfguide.html ]
• User equipment
• Access network
• Radio link
• Core network
17. Privacy & Security in Mobile Networks
Security
Requirements
Security
Principles
Security
Architecture
Vulnerabilities
Attacks
18. Wireless vs. Wired
Goal: GSM should be as secure as the wired network (PSTN) …
…but, security mechanisms should not have a negative impact on the
usability of the system
Sounds familiar? ... Wired Equivalence Privacy (WEP)
Wireless:
Easy / direct access to the medium (radio) – MitM, jamming
Difficulty to detect passive attacks (privacy concerns)
Broadcast communication
Dynamicity (roaming, mobility, etc.)
Constraint devices and capabilities (computational power,
energy consumption)
19. Security Improvements
2G 3G 4G 5G
+ Access control to the MS (PIN)
+ Anonymity of subscribers (TMSI)
+ Authentication of subscribers (SIM)
+ Confidentiality (encryption) Secret algorithms, short keys, limited encryption
Unilateral authentication
20. Security Improvements
2G 3G 4G 5G
+ Access control to the MS (PIN)
+ Anonymity of subscribers (TMSI)
+ Authentication of subscribers (SIM)
+ Confidentiality (encryption)
+ New facilities (USIM)
+ Longer crypto keys (128 bits)
+ Expand the encrypted communication (until RNC)
+ SQN no. (for freshness and mitigate replay attacks)
+ Integrity (MACs)
+ Mutual authentication
Weaknesses (MitM)
End-to-end security?
21. Security Improvements
2G 3G 4G 5G
+ Access control to the MS (PIN)
+ Anonymity of subscribers (TMSI)
+ Authentication of subscribers (SIM)
+ Confidentiality (encryption)
+ New facilities (USIM)
+ Longer crypto keys (128 bits)
+ Expand the encrypted communication (until RNC)
+ SQN no. (for freshness and mitigate replay attacks)
+ Integrity (MACs)
+ Mutual authentication
+ Physical security for eNodeB
+ New key hierarchy
+ Crypto improvements
22. Security Improvements
2G 3G 4G 5G
+ Access control to the MS (PIN)
+ Anonymity of subscribers (TMSI)
+ Authentication of subscribers (SIM)
+ Confidentiality (encryption)
+ New facilities (USIM)
+ Longer crypto keys (128 bits)
+ Expand the encrypted communication (until RNC)
+ SQN no. (for freshness and mitigate replay attacks)
+ Integrity (MACs)
+ Mutual authentication
+ Physical security for eNodeB
+ New key hierarchy
+ Crypto improvements
+ Public-key crypto
+ … (isolation, )
30. Evolution
2G 3G 4G 5G
Security improvements
Increased technical capabilities for the large public
Simpler attacks
More difficult to obtain
the tools
More advanced attacks
Easiest to obtain the tools
31. Evolution
More difficult to obtain
the tools
Easiest to obtain the tools
Increased technical capabilities for the large public
32. Low-cost tools available at large scale
Easy to obtain the tools Easy to obtain the tools
Facilitates attacks
Facilitates experimentation
34. Evolution
2G 3G 4G 5G
Security improvements
Increased technical capabilities for the large public
Easy to make the phone
accept a fake tower…
But difficult to get the
tools for it
More difficult to make
the phone accept a fake
tower…
But easy to obtain the
necessary tools
36. Identity Request
Identity Request (IMSI)
Identity Response (IMSI)
[. . . ] requests the user to send its permanent identity. The
user's response contains the IMSI in cleartext. This represents
a breach in the provision of user identity confidentiality.
[Source: ETSI TS 133 401 V14.4.0 (2017-10)]
2G 3G 4G 5G
39. 5G - Identity Request
Identity Request
Identity Response (never: SUPI)
“In response to the Identifier Request message, the UE never
sends the SUPI.”
.
[Source: ETSI TS 133 501 V15.2.0 (2018-09)]
2G 3G 4G 5G
40. 5G – SUPI Concealment
[Source: ETSI TS 133 501 V15.2.0 (2018-09) ]
Eph.
private key
1> Eph. key pair
generation
2> Key
agreement
Eph.
shared key
3> Key
derivation
4> Symmetric
encryption
Eph.
public key
Public key
of HN
Plaintext
block
Cipher-
text value
Eph. enc.
key, ICB
Final output = Eph. public key || Ciphertext || MAC tag [|| any other parameter]
Eph.
mac key
MAC-tag
value
5> MAC
function
42. Learn from the mistakes
Consider technological evolution
Do we really need so much digitalization / automation / …?
Speed of development vs. security
Still many aspects not referred to in this talk …
Breaking is easy! Securing is hard!
… but we need to do our best
[Source: https://youtu.be/nwPtcqcqz00 ]