This document summarizes a presentation on privacy and security aspects in mobile networks from 1G to 5G. It discusses how mobile network architectures and security have evolved with each generation, from basic access control and authentication in 2G to longer encryption keys, mutual authentication, and new key hierarchies in 4G and 5G. It provides examples of past attacks on mobile networks and how they have become easier to carry out as tools have become more widely available. Specifically, it discusses how subscriber identification methods have changed from sending IMSI in cleartext in 2G to concealed SUPI in 5G. The presentation emphasizes that securing systems is difficult and that we must learn from past mistakes as new technologies are developed.

1. University of Bucharest, Romania
Norwegian University of Science and Technology, Norway
Ruxandra F. Olimid
Privacy & Security Aspects
in Mobile Networks
March 21st, 2019
Ladies in Cybersecurity, Bucharest

2. I will take you …
… in a brief journey from 1G to 5G …
… with focus on privacy & security aspects

3. Who am I

4. I know… I have… I am…

5. I am …
... a former employee (almost 10 years)
*This presentation is facilitated by Orange Romania
Thanksforthistalk!

6. I have …
 ... background in Math & CS and Telecom

7. 2008
2009
2010
2013
2006
2015
Orange
BSc.
Maths & CS
BSc.
Telecom
MSc.
Distr.Systems
Phd.
Crypto
PostDoc
Crypto
PostDoc
Mobile Security
Academic
Position
2018
Academic
Position

8. Cryptanalysis of Public Key Encryption Systems
BSc. (Maths & CS)2008
Security of GSM and UMTS Networks
BSc. (Telecom)2009
Secret Sharing Schemes
2010 MSc.
Group Key Establishment based on Secret Sharing
2013 Phd.
Secret Sharing Schemes and their Applications to Multiparty
Cryptographic Protocols
2015 PostDoc
Mobile Communication Security
2018 PostDoc

9. Ruxandra F. Olimid
ruxandra.olimid@fmi.unibuc.ro
www.ruxandraolimid.weebly.com

10. I know …

11. From 1G to 5G

12. Mobile Networks Evolution
[Source:http://europa.eu/rapid/press-release_MEMO-14-129_en.htm]

13. [Source: http://europa.eu/rapid/press-release_MEMO-14-129_en.htm ]
From 1G to 4G…

14. … and looking forward 5G
[Source:http://europa.eu/rapid/press-release_MEMO-14-129_en.htm]

15. Mobile Networks General Architecture
[Source: http://emfguide.itu.int/emfguide.html ]
• User equipment
• Access network
• Radio link
• Core network

16. Privacy & Security

17. Privacy & Security in Mobile Networks
Security
Requirements
Security
Principles
Security
Architecture
Vulnerabilities
Attacks

18. Wireless vs. Wired
Goal: GSM should be as secure as the wired network (PSTN) …
…but, security mechanisms should not have a negative impact on the
usability of the system
Sounds familiar? ... Wired Equivalence Privacy (WEP)
Wireless:
Easy / direct access to the medium (radio) – MitM, jamming
Difficulty to detect passive attacks (privacy concerns)
Broadcast communication
Dynamicity (roaming, mobility, etc.)
Constraint devices and capabilities (computational power,
energy consumption)

19. Security Improvements
2G 3G 4G 5G
+ Access control to the MS (PIN)
+ Anonymity of subscribers (TMSI)
+ Authentication of subscribers (SIM)
+ Confidentiality (encryption) Secret algorithms, short keys, limited encryption
Unilateral authentication

20. Security Improvements
2G 3G 4G 5G
+ Access control to the MS (PIN)
+ Anonymity of subscribers (TMSI)
+ Authentication of subscribers (SIM)
+ Confidentiality (encryption)
+ New facilities (USIM)
+ Longer crypto keys (128 bits)
+ Expand the encrypted communication (until RNC)
+ SQN no. (for freshness and mitigate replay attacks)
+ Integrity (MACs)
+ Mutual authentication
Weaknesses (MitM)
End-to-end security?

21. Security Improvements
2G 3G 4G 5G
+ Access control to the MS (PIN)
+ Anonymity of subscribers (TMSI)
+ Authentication of subscribers (SIM)
+ Confidentiality (encryption)
+ New facilities (USIM)
+ Longer crypto keys (128 bits)
+ Expand the encrypted communication (until RNC)
+ SQN no. (for freshness and mitigate replay attacks)
+ Integrity (MACs)
+ Mutual authentication
+ Physical security for eNodeB
+ New key hierarchy
+ Crypto improvements

22. Security Improvements
2G 3G 4G 5G
+ Access control to the MS (PIN)
+ Anonymity of subscribers (TMSI)
+ Authentication of subscribers (SIM)
+ Confidentiality (encryption)
+ New facilities (USIM)
+ Longer crypto keys (128 bits)
+ Expand the encrypted communication (until RNC)
+ SQN no. (for freshness and mitigate replay attacks)
+ Integrity (MACs)
+ Mutual authentication
+ Physical security for eNodeB
+ New key hierarchy
+ Crypto improvements
+ Public-key crypto
+ … (isolation, )

23. Security Improvements
2G 3G 4G 5G
Security improvements
WEP WPA WPA2 WPA3
Breaking is easy! Securing is hard!
Sounds familiar?

24. [Source: https://www.krackattacks.com/ ]
Attacks in the wireless world

25. [Source: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/]
Attacks in the wireless world

26. [Source: https://rayzone.com/products/piranha-2g-3g-and-4g-imsi-catcher/ ]
Attacks (?!) in the wireless world

27. [Source: https://www.enisa.europa.eu/publications/annual-report-telecom-security-incidents-2017 ]
Attacks in the wireless world
Incidents caused by malicious
actions are rare: Only a small
percentage of reported incidents
(2.5% in 2017) was categorized as
caused by malicious actions. This
percentage reduced by half
compared to the previous
year (5.1% in 2016).

28. One specific example

29. Subscriber’s Identification
IMSI
Identification

30. Evolution
2G 3G 4G 5G
Security improvements
Increased technical capabilities for the large public
Simpler attacks
More difficult to obtain
the tools
More advanced attacks
Easiest to obtain the tools

31. Evolution
More difficult to obtain
the tools
Easiest to obtain the tools
Increased technical capabilities for the large public

32. Low-cost tools available at large scale
Easy to obtain the tools Easy to obtain the tools
Facilitates attacks
Facilitates experimentation

33. Evolution
2G 3G 4G 5G
Security improvements
Simpler attacks More advanced attacks
Unilateral authentication
Mutual authentication

34. Evolution
2G 3G 4G 5G
Security improvements
Increased technical capabilities for the large public
Easy to make the phone
accept a fake tower…
But difficult to get the
tools for it
More difficult to make
the phone accept a fake
tower…
But easy to obtain the
necessary tools

35. Subscriber’s Identification
IMSI
Identification
IMSI
TMSI1
TMSI2

36. Identity Request
Identity Request (IMSI)
Identity Response (IMSI)
[. . . ] requests the user to send its permanent identity. The
user's response contains the IMSI in cleartext. This represents
a breach in the provision of user identity confidentiality.
[Source: ETSI TS 133 401 V14.4.0 (2017-10)]
2G 3G 4G 5G

37. Experimental Work
UE eNodeB
Identity Request (IMSI)
Identity Response (IMSI)

38. Experimental Work
[Source: http://ruxandraolimid.weebly.com/uploads/2/0/1/0/20109229/final_lte.pdf ]

39. 5G - Identity Request
Identity Request
Identity Response (never: SUPI)
“In response to the Identifier Request message, the UE never
sends the SUPI.”
.
[Source: ETSI TS 133 501 V15.2.0 (2018-09)]
2G 3G 4G 5G

40. 5G – SUPI Concealment
[Source: ETSI TS 133 501 V15.2.0 (2018-09) ]
Eph.
private key
1> Eph. key pair
generation
2> Key
agreement
Eph.
shared key
3> Key
derivation
4> Symmetric
encryption
Eph.
public key
Public key
of HN
Plaintext
block
Cipher-
text value
Eph. enc.
key, ICB
Final output = Eph. public key || Ciphertext || MAC tag [|| any other parameter]
Eph.
mac key
MAC-tag
value
5> MAC
function

41. Message to take home

42. Learn from the mistakes
Consider technological evolution
Do we really need so much digitalization / automation / …?
Speed of development vs. security
Still many aspects not referred to in this talk …
Breaking is easy! Securing is hard!
… but we need to do our best
[Source: https://youtu.be/nwPtcqcqz00 ]

43. Thank you!