Escolar Documentos
Profissional Documentos
Cultura Documentos
GSM
GSM Properties
cellular radio network digital transmission up to 9600 bit/s roaming (mobilitt among different network providers, international) Good transmission quality (error recognition and correction) scalable (groe Teilnehmerzahlen mglich) worldwide 900 million subscribers Europe : over 300 million subscribers security mechanisms provided (authentication, authorisation, encryption) good usage of resources (frequency- and time-multiplex) integration with ISDN and analogue telephone network standard (ETSI, European Telecommunications Standards Institute)
3
GSM
GSM Security Requirements Network providers view
correct Billing: authenticity of the user no misuse of the service, correct billing of content-usage efficiency: no more bandwidth needed for security, no long delays (user acceptance), cost-efficient
Users view
confidentiality of communication (voice and data) privacy, no profiles of the movements of the users connection with authentic base station correct billing
GSM
Anonymity:
GSM-Architecture
Radio subsystem
GSM-Architecture
Handover und Roaming
Roaming Handover
MSC HLR
VLR
AC
7
GSM Security
10
UMTS
UMTS properties
packet oriented, all-IP, 2-10 Mb/s throughput, Rich Telephony (voice with video, sound), audio-, video-streaming (movies etc.), better QoS, more user control, video-conferencing as killer application?? worldwide roaming It is basically a merge of mobile telephony, wireless and paging technologies into a common system Support of different carrier systems
Real time / not real time Line switching / packet switching
roaming between UMTS and GSM as well as satellite networks asymmetric data rates for up-link/down-link
11
12
13
UMTS Security
Adaptation of GSM security Confidentiality of the user identity Authentication of the user towards the network Encrypted communication over the radio link, SIM card as personal security module with authentication of the user towards the SIM card USIM (UMTS Subscriber Identity Module)
14
15
UMTS Problems
Problems Interoperability between 2G, 2.5G und 3G mobile networks different security features: what does it mean in case of roaming between old and new networks?
16
disadvantages
Comparatively low data rates (11 Mbit/s or 54 Mbit/s) Higher vulnerability on the transmission link in comparison to cabled local area networks no international standards for frequency bands security
17
Ad-hoc mode:
Direct point-to-point communication between users
18
Infrastructure mode
Ad-Hoc mode
Peer-to-Peer Network
19
21
22
Bluetooth short overview Created 1998 by Ericsson,Intel,IBM,Nokia,Toshiba Intended for wireless ad-hoc pico networks ( < 10m) goal: cheap one-chip solution for short distance wireless communication Areas of use Connectiion of peripheric devices Support of ad-hoc networks Frequency band 2,4 GHz
23
Bluetooth short overview (cont..) Point-to-point and point-to-multipoint transmission possible range 10 cm to 10 m with 1 mW, up to 100m with 100mW synchronous voice channels 1 asynchronous data channel 1 channel data or voice support data rates of: 433,9 kbit/s asynchronous-symmetric 723,2 kbit/s / 57,6 kbit/s asynchronous-asymmetric 64 kbit/s synchronous, voice
24
Example of a piconet
25
Bluetooth services Two modes Synchronous Connection-oriented Link, SCO Needed for voice Master reserves time slots Asynchronous Connectionless Link, ACL Needed for packet oriented data transfer Master uses polling
26
Central component of the Bluetooth security architecture is the Security Manager with the following tasks: Administration of security attributes of services and devices Access control from and to devices authentication Encryption/decryption support Moderation of the connection establishment between two devices which dont know each other
27
Security services comprise : mutual authentification of devices, which are identified through a Bluetooth address Encryption of transfered data authorisation of the use of services Subjects in Bluetooth are solely devices, i.e. authorisation is always done on the basis of the device identities and attributes Objects are the services
28
Access can be granted on the basis of the trustworthyness of the device, or whether a succesful authentication has been done before Identification means is the device address (BD_ADDR) BD_ADDR is a 48 bit long unique address which is assigned by IEEE device authorisation is based on device attributes
29
Bluetooth security on link level is based on 128 bit link key and on the symmetric E0 algorithm
A link key is being established between two or more communication partners for one session Link key and E0 algorithm are used for the device authentication Encryption keys are derived from the link key and can have a length between 8 bit and 128 bit. The length of the encryption keys is device-dependent and cannot be changed by the user
30