Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Kerberos Chapter 10 Real world security protocols

Kerberos 그리스 신화에서, Kerberos는 Hades의 입구를 지키는 머리가 3개 달린 개이다. 보안에서, Kerberos는 대칭키 암호에 기반을 둔 인증 시스템이다. MIT에서 제안 Needham and Schroeder 알고리즘에 기반 Trusted Third Party (TTP) 기반 Chapter 10 Real world security protocols

Kerberos의 동기 공개키를 사용한 인증 N users  N key pairs 대칭키를 사용한 인증 N users  N2 keys 대칭키는 큰 규모의 망에서 사용할 수 없다! 대칭키에 기반을 둔 Kerberos는 오직 N명의 사용자에 대해서 N개의 키를 요구한다. 하지만 TTP가 존재해야 한다. PKI가 필요하지 않다. Chapter 10 Real world security protocols

Kerberos 키 분배 센터(KDC) Kerberos Key Distribution Center(KDC) TTP로서 동작 TTP는 신뢰할 수 있어야 한다! KDC는 Alice와 대칭키 KA, Bob과 대칭키 KB, Carol과 대칭키 KC를 공유한다. Master key KKDC는 오직 KDC 만 알고 있다. KDC는 인증과 세션키를 분배한다. 기밀성과 무결성을 위한 키 암호 알고리즘으로는 DES를 사용한다. Chapter 10 Real world security protocols

Kerberos Tickets KDC는 네트워크 자원에 접근하는데 필요한 ticket을 발행한다. KDC는 또한 ticket을 얻는데 사용되는 ticket-granting tickets(TGTs) 을 발행한다. TGT는 다음의 정보를 포함하고 있다. Session key 사용자 ID 만기 시간(Expiration time) 모든 TGT는 KKDC로 암호화된다. 오직 KDC 만이 TGT를 읽을 수 있다. Chapter 10 Real world security protocols

Kerberized Login Alice는 암호를 입력 Alice의 workstation
Alice의 암호로부터 KA 를 찾아낸다. Uses KA 를 사용하여 KDC로부터 Alice를 위한 TGT를 부여 받는다. 그리고 Alice는 자신의 TGT (credentials)를 사용하여 안전하게 네트워크 자원을 엑세스할 수 있다. Plus: Alice는 보안에 신경을 쓸 필요가 없다. Minus: KDC는 안전하게 유지되어야 한다!

Kerberized Login Alice wants Alice’s a TGT password E(SA,TGT, KA) Alice Computer KDC Alice의 암호로부터 키 KA를 계산 KDC는 세션 키 SA를 생성 Workstation은 복호화하여 SA, TGT를 구하고 KA는 잊어버린다. TGT = E(“Alice”, SA, KKDC) Chapter 10 Real world security protocols

Alice는 Bob과 통신을 하기 위한 Ticket을 요청
Alice의 컴퓨터가 TGT를 받으면 이것을 사용하여 네트워크의 자원을 엑세스할 수 있다. 예를 들어, Alice는 Bob의 컴퓨터에 접속하기를 원하다고 하자. Alice의 컴퓨터는 KDC에게 TGT를 제시한다. 이때 “authenticator”를 함께 보낸다(재사용 공격을 막기위해서) KDC는 Alice에게 “Ticket to Bob”을 제공한다. 그러면 Alice의 컴퓨터는 “Ticket to Bob”을 사용하여 Bob의 컴퓨터에 접속할 수 있다. Chapter 10 Real world security protocols

Alice는 Bob에 접속하기 위한 Ticket 요청
I want to talk to Bob Talk to Bob REQUEST REPLY Alice Computer KDC REQUEST = (TGT, authenticator) where authenticator = E(timestamp, SA) REPLY = E(“Bob”, KAB, ticket to Bob, SA) ticket to Bob = E(“Alice”, KAB, KB) KDC는 TGT로부터 SA 를 구하여 timestamp를 검증한다. Chapter 10 Real world security protocols

Alice는 Bob에게 접속하기 위해 Ticket을 사용
ticket to Bob, authenticator E(timestamp + 1,KAB) Alice’s Computer Bob ticket to Bob = E(“Alice”, KAB, KB) authenticator = E(timestamp, KAB) Bob은 “ticket to Bob”을 복호화하여 to get KAB를 구하고 timestamp를 검증한다. Chapter 10 Real world security protocols

Kerberos Session key SA 인증에 사용 기밀성/무결성을 위해서도 사용된다. Timestamps 상호 인증 Timestamp는 교환해야 되는 메시지 수를 줄인다. 둘 사이에 알고 있는 nonce와 같은 역할을 한다. Chapter 10 Real world security protocols

Kerberos Security: 질문 Alice가 로그인할 때, KDC는 E(SA,TGT,KA)을 보내다. TGT = E(“Alice”, SA, KKDC) Q: 왜 TGT를 KA로 암호화해야 하는가? A: 중복된 일! Q: Alice가 Bob에 로그인할 때, 자신을 밝 히지 않아도 되는가? A: ticket to Bob = E(“Alice”, KAB, KB) Chapter 10 Real world security protocols

Kerberos Security: Questions
Q: 왜 “ticket to Bob”을 Alice에게 보내는가? A: 만약 “ticket to Bob”이 Alice가 Bob에 접촉하기 전에 Bob에 도착한다면, Bob은 Alice를 위한 키 KAB를 기억하고 있어야 한다. 즉, Bob은 state에 대한 정보를 보관하고 있어야 한다. Q: 재사용 공격을 어떻게 막고 있는가? A: timestamp Chapter 10 Real world security protocols

Kerberos Keys KA = h(Alice’s password) 이것 대신으로 랜덤값 KA 을 발생하고 Kh = h(Alice’s password)을 계산한 뒤에 컴퓨터는 E(KA, Kh)을 보관한다. 그러면 Alice가 암호를 바꾸더라도 KA는 변경될 필요가 없다. 하지만 E(KA, Kh)는 암호 추측(guessing)의 위험이 있다. Chapter 10 Real world security protocols

GSM Security The Global System for Mobile Communications, GSM (original acronym: Groupe Spécial Mobile) is the most popular standard for mobile phones in the world. GSM service is used by over 2 billion people across more than 212 countries and territories [1] [2]. The ubiquity of the GSM standard makes international roaming very common between mobile phone operators, enabling subscribers to use their phones in many parts of the world. GSM differs significantly from its predecessors in that both signaling and speech channels are Digital call quality, which means that it is considered a second generation (2G) mobile phone system. This fact has also meant that data communication was built into the system from the 3rd Generation Partnership Project (3GPP). From the point of view of the consumers, the key advantage of GSM systems has been higher digital voice quality and low cost alternatives to making calls such as text messaging. The advantage for network operators has been the ability to deploy equipment from different vendors because the open standard allows easy inter-operability. Like other cellular standards GSM allows network operators to offer roaming services which mean subscribers can use their phones all over the world. The GSM logo is used to identify compatible handsets and equipment As the GSM standard continued to develop, it retained backward compatibility with the original GSM phones; for example, packet data capabilities were added in the Release '97 version of the standard, by means of GPRS. Higher speed data transmission has also been introduced with EDGE in the Release '99 version of the standard. GSM is a cellular network, which means that mobile phones connect to it by searching for cells in the immediate vicinity. GSM networks operate in four different frequency ranges. Most GSM networks operate in the 900 MHz or 1800 MHz bands. Some countries in the Americas (including the United States and Canada) use the 850 MHz and 1900 MHz bands because the 900 and 1800 MHz frequency bands were already allocated. Radio interface The rarer 400 and 450 MHz frequency bands are assigned in some countries, notably Scandinavia, where these frequencies were previously used for first-generation systems. In the 900 MHz band the uplink frequency band is MHz, and the downlink frequency band is MHz. This 25 MHz bandwidth is subdivided into 124 carrier frequency channels, each spaced 200 kHz apart. Time division multiplexing is used to allow eight full-rate or sixteen half-rate speech channels per radio frequency channel. There are eight radio timeslots (giving eight burst periods) grouped into what is called a TDMA frame. Half rate channels use alternate frames in the same timeslot. The channel data rate is kbit/s, and the frame duration is ms. GSM has used a variety of voice codecs to squeeze 3.1kHz audio into between 6 and 13kbps. Originally, two codecs, named after the types of data channel they were allocated, were used, called "Full Rate" (13kbps) and "Half Rate" (6kbps). These used a system based upon linear predictive coding (LPC). In addition to being efficient with bitrates, these codecs also made it easier to identify more important parts of the audio, allowing the air interface layer to prioritize and better protect these parts of the signal. The transmission power in the handset is limited to a maximum of 2 watts in GSM850/900 and 1 watt in GSM1800/1900. GSM was further enhanced in the mid-nineties with the GSM-EFR codec, a 12.2kbps codec that uses a full rate channel. Finally, with the development of UMTS, EFR was refactored into a variable-rate codec called AMR-Narrowband, which is high quality and robust against interference when used on full rate channels, and less robust but still relatively high quality when used in good radio conditions on half-rate channels. There are four different cell sizes in a GSM network - macro, micro, pico and umbrella cells. The coverage area of each cell varies according to the implementation environment. Macro cells can be regarded as cells where the base station antenna is installed on a mast or a building above average roof top level. Micro cells are cells whose antenna height is under average roof top level; they are typically used in urban areas. Picocells are small cells whose diameter is a few dozen meters; they are mainly used indoors. On the other hand, umbrella cells are used to cover shadowed regions of smaller cells and fill in gaps in coverage between those cells. Cell radius varies depending on antenna height, antenna gain and propagation conditions from a couple of hundred meters to several tens of kilometers. The longest distance the GSM specification supports in practical use is 35 km or 22 miles. There are also several implementations of the concept of an extended cell, where the cell radius could be double or even more, depending on the antenna system, the type of terrain and the timing advance. Indoor coverage is also supported by GSM and may be achieved by using an indoor picocell base station, or an indoor repeater with distributed indoor antennas fed through power splitters, to deliver the radio signals from an antenna outdoors to the separate indoor distributed antenna system. These are typically deployed when a lot of call capacity is needed indoors, for example in shopping centers or airports. However, this is not a prerequisite, since indoor coverage is also provided by in-building penetration of the radio signals from nearby cells. The modulation used in GSM is Gaussian minimum shift keying (GMSK), a kind of continuous-phase frequency shift keying. In GMSK, the signal to be modulated onto the carrier is first smoothed with a Gaussian low-pass filter prior to being fed to a frequency modulator, which greatly reduces the interference to neighboring channels (adjacent channel interference). A nearby GSM handset is usually the source of the "dit dit dit, dit dit dit, dit dit dit" signal that can be heard from time to time on home stereo systems, televisions, computers, and personal music devices. When these audio devices are in the near field of the GSM handset, the radio signal is strong enough that the solid state amplifiers in the audio chain function as a detector. The clicking noise itself represents the power bursts that carry the TDMA signal. This is a form of RFI, and could be mitigated or eliminated by use of additional shielding and/or bypass capacitors in these audio devices, however, the increased cost of doing so is difficult for a designer to justify. Network structure the Base Station Subsystem (the base stations and their controllers). The network behind the GSM system seen by the customer is large and complicated in order to provide all of the services which are required. It is divided into a number of sections and these are each covered in separate articles. The structure of a GSM network all of the elements in the system combine to produce many GSM services such as voice calls and SMS. the GPRS Core Network (the optional part which allows packet based Internet connections). the Network and Switching Subsystem (the part of the network most similar to a fixed network). This is sometimes also just called the core network. One of the key features of GSM is the Subscriber Identity Module (SIM), commonly known as a SIM card. The SIM is a detachable smart card containing the user's subscription information and phonebook. This allows the user to retain his or her information after switching handsets. Alternatively, the user can also change operators while retaining the handset simply by changing the SIM. Some operators will block this by allowing the phone to use only a single SIM, or only a SIM issued by them; this practice is known as SIM locking, and is illegal in some countries. Subscriber identity module In the United States, Europe and Australia, many operators lock the mobiles they sell. This is done because the price of the mobile phone is typically subsidised with revenue from subscriptions and operators want to try to avoid subsidising competitor's mobiles. A subscriber can usually contact the provider to remove the lock for a fee, utilize private services to remove the lock, or make use of ample software and websites available on the Internet to unlock the handset themselves. While most web sites offer the unlocking for a fee, some do it for free. The locking applies to the handset, identified by its International Mobile Equipment Identity (IMEI) number, not to the account (which is identified by the SIM card). It is always possible to switch to another (non-locked) handset if such other handset is available. Some providers will unlock the phone for free if the customer has held an account for a certain period. Third party unlocking services exist that are often quicker and lower cost than that of the operator. In most countries removing the lock is legal. Cingular provides free unlock services to its customer after 3 months of subscriptions. In countries like India, Belgium, etc., all phones are sold unlocked. However, in Belgium, it is unlawful for operators there to offer any form of subsidy on the phone's price. This was also the case in Finland until April , when selling subsidized combinations of handsets and accounts became legal though operators have to unlock phone free of charge after a certain amount of time (at most 24 months). GSM was designed with a moderate level of security. The system was designed to authenticate the subscriber using shared-secret cryptography. Communications between the subscriber and the base station can be encrypted. The development of UMTS introduces an optional USIM, that uses a longer authentication key to give greater security, as well as mutually authenticating the network and the user - whereas GSM only authenticated the user to the network (and not vice versa). The security model therefore offers confidentiality and authentication, but limited authorization capabilities, and no non-repudiation. GSM security GSM uses several cryptographic algorithms for security. The A5/1 and A5/2 stream ciphers are used for ensuring over-the-air voice privacy. A5/1 was developed first and is a stronger algorithm used within Europe and the United States; A5/2 is weaker and used in other countries. A large security advantage of GSM over earlier systems is that the Ki, the crypto variable stored on the SIM card that is the key to any GSM ciphering algorithm, is never sent over the air interface. Serious weaknesses have been found in both algorithms, and it is possible to break A5/2 in real-time in a ciphertext-only attack. The system supports multiple algorithms so operators may replace that cipher with a stronger one. Core technology: See also 2G 4G 3G 2.5G Architectural elements: Base Station Subsystem (BSS) Base Station Controller (BSC) Subscriber Identity Module (SIM) Mobile Switching Center (MSC) Home Location Register (HLR) Visitors Location Register (VLR) Radio: Equipment Identity Register (EIR) GSM frequency ranges Services: Cellular traffic GSM services GSM localization MMS GSM codes for supplementary services SMS Cell Broadcast GPRS WAP Wireless Application Protocol Standards: European Telecommunications Standards Institute (ETSI) Comparison of mobile phone standards Intelligent network (IN) Common terms: Parlay International Mobile Equipment Identity (IMEI) Handoff Mobile Station Integrated Services Digital Network (MSISDN) International Mobile Subscriber Identity (IMSI) Related technologies: External links GSM-R (GSM-Railway) 3GPP The current standardisation body for GSM with free standards available. GSM Association - the group representing GSM operators (official site) - includes coverage maps for all members GSM and GPRS Tutorials explained with realtime Scenario traces Overview of GSM by John Scourias GSM/Telecom Resources 3GPP numbering scheme Visualtron's tutorial on GSM GSM-security.net FAQ Number of GSM Subscribers GSM technical overview and tutorial from Radio-Electronics.Com GSM - ideas, origin and milestones - a Norwegian perspective from Telenor's journal of technology Telektronikk List of acronyms of GSM network parameters GSM Call Flow Diagrams Selection of GSM Handsets GSM Wireless Terminals Cell Phone Safety and Wireless Facts bat-smg:GSM Smart Car Surveillance System How to trace your missing car using a GSM cell phone (Wiki eHow) GSM in Africa This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer) Translations Donate to Wikimedia Directory > Words > Translations Translations for: Gsm Dansk (Danish) abbr. - Global System for Mobile Communications, globalt system for mobilkommunikation Français (French) abbr. - (abrév = Global Systems for Mobile Communications) GSM, système global de communications mobiles Deutsch (German) abbr. - Globales System zur Standardisierung von Mobile Español (Spanish) abbr. - Sistema Global para Mobile 中文（简体） (Chinese (Simplified)) 全球数字移动电话系统图系统模块中文（繁體） (Chinese (Traditional)) abbr. - 全球數位移動電話系統圖系統模組 한국어 (Korean) abbr. - general sales manager (판매 부장) עברית (Hebrew) abbr. - ‮רשת תקשורת של טלפון תאי (סלולרי)‬ If you are unable to view some languages clearly, click here. To select your translation preferences click here. GSM is mentioned in these AnswerPages: gsm (Shopping) gsm 95 (Shopping) gsm pda (Shopping) logo gsm (Shopping) S700i Gsm (Shopping) Gsm-fm-2w-4c (Shopping) Gsm Quadband (Shopping) P910 Gsm (Shopping) treo 600 gsm (Shopping) treo 650 gsm (Shopping) More> Mentioned In Chapter 10 Real world security protocols

Cell Phones 1세대 이동 전화 아나로그, 표준이 거의 없었음 보안은 거의 고려되지 않음 복제(cloning)가 보안의 주 관심사였음 2세대 이동 전화: GSM 1982에 시작 Global System for Mobile Communications 3세대 3rd Generation Partnership Project (3GPP) Chapter 10 Real world security protocols

1G 2G 2.5G 3G 3.5G D-AMPS GSM GPRS EDGE WCDMA HSDPA AMPS TDMA/FDMA
30kbps 384kbps 144kbps 384kbps 2Mbps 10Mbps 2007년 Analog (FDMA) 9.6kbps 8Kbps IS-95 CDMA IS-95A IS-95B CDMA1x- EVDO 14.4kbps 64kbps 2.4Mbps 2003년 1992년 결정 1996년 개시 WiBro 18Mbps Wi-Fi 54Mbps

GSM Architecture VLR (Visitor Location Register) HLR (Home Location Register) AuC (Authentication Center) air interface Mobile Base Station AuC VLR “land line” HLR PSTN Internet Etc. Visited Network Base Station Controller Home Network Chapter 10 Real world security protocols

GSM 시스템 구성요소 휴대 전화: cell phone SIM(Subscriber Identity Module)을 내장 Smart card Air interface 방문 네트워크(Visited network) 기지국(base station) base station controller SIM Chapter 10 Real world security protocols

GSM 시스템 구성요소 PSTN (공중 전화망) Home network  휴대전화가 속해 있는 망 HLR (Home Location Register)  AuC (Authentication Center)  IMSI/Ki를 보관 IMSI(International Mobile Subscriber ID) Chapter 10 Real world security protocols

Mobile phone: cell phone
SIM(Subscriber Identity Module) 내장 SIM은 security module로서 다음의 정보를 갖는다. IMSI (International Mobile Subscriber ID): 휴대전화 사용자를 구별 User key Ki (128 bits) SIM을 사용하는 목적은 조작을 방지하기 위한 H/W(smart card)를 제공하는 것이다. SIM Chapter 10 Real world security protocols

방문 네트워크(Visited network)
다수의 base stations One base station: one cell Base Station Controller VLR (Visitor Location Register)은 base station controller에 존재한다. 현재 Visited network에 방문한 휴대전화의 정보를 기록한다. Chapter 10 Real world security protocols

Home network 휴대 전화가 속한 홈 네트워크 각 휴대전화는 하나의 홈 네트워크에 등록되어 있다. HLR (Home Location Register) 등록된 휴대전화가 현재 어떤 방문 네트워크에 있는지 기록한다. AuC (Authentication Center) IMSI(international Mobile Subscriber ID): 가입자 식별 번호 Ki: SIM 사용자 번호 모든 휴대전화 사용자에 대한 요금 정보를 갖는다. Chapter 10 Real world security protocols

GSM 보안의 목표 주 목표 GSM를 공중 전화망과 같은 정도의 보안 유지 복제 방지 능동적인 공격은 고려하지 않음! 그때는 이러한 공격은 실현 가능성이 없었다. 가장 큰 위협은 안전하지 않은 요금 관리 Chapter 10 Real world security protocols

GSM 보안 특징 익명성(Anonymity) 사용자의 신분이 드러나지 않도록 한다. 전화회사에는 그리 중요하지 않다. 인증(Authentication) 정확한 요금 청구를 위해서 필요 전화 회사에는 가장 중요한 문제! 기밀성(Confidentiality) 전화 회사에는 그리 중요하지 않다. Chapter 10 Real world security protocols

GSM: 익명성 IMSI는 처음에 송신자를 식별하는데 사용된다. 공격자가 통신 메시지의 시작 부분을 캡쳐하면 IMSI를 알 수 있다. 그래서 TMSI (Temporary Mobile Subscriber ID)를 사용 TMSI는 자주 변경 TMSI는 보낼 때 암호화함 익명성을 확실하게 보장하지 않는다. 하지만 대부분의 사용자에게는 충분함 Chapter 10 Real world security protocols

GSM: 인증 Caller는 기지국에 인증 상호 인증은 아니다. challenge-response에 의한 인증 Home network은 RAND를 발생하고 XRES = A3(RAND, Ki)를 계산한다. (A3는 hash) 그리고 (RAND,XRES)를 기지국에 보낸다. 기지국은 challenge RAND를 휴대 전화에 보낸다. 휴대전화의 response는 SRES = A3(RAND, Ki) 기지국은 검증: SRES = XRES Ki는 홈 네트워크를 벗어나지 않는다! Chapter 10 Real world security protocols

GSM: 기밀성 데이터는 stream cipher로 암호화 에러율이 대략 1/1000 에러율이 높아서 block cipher를 사용할 수 없다. Chapter 10 Real world security protocols

GSM: 기밀성 홈네트워크가 기지국으로부터 IMSI를 받을 때, 홈네트워크는 다음을 계산한다. Kc = A8(RAND, Ki), where A8 is a hash GSM encryption key : Kc 그러면 Kc 는 (RAND,XRES)와 함께 기지국으로 전송된다. 기지국은 앞에서와 같이 인증 절차가 완료되면, 휴대전화는 Kc = A8(RAND, Ki)를 계산 기지국은 이미 Kc를 알고 있다. 따라서 휴대전화와 기지국은 대칭키를 공유한다. A5(Kc)로부터 키스트림을 발생한다. Ki 는 홈 네트워크를 벗어나지 않는다! Chapter 10 Real world security protocols

GSM의 보안상의 문제점 GSM에서 사용하는 암호 알고리즘에 결함 또한 프로토콜에 결함 가장 큰 문제는 처음 설계자들이 잘못된 보안의 가정이다. Chapter 10 Real world security protocols

GSM 보안 SRES와 Kc는 상관 관계가 없어야 한다.
1. IMSI 2. IMSI 4. RAND 3. (RAND,XRES,Kc) 5. SRES Mobile Base Station Home Network 6. Encrypt with Kc SRES와 Kc는 상관 관계가 없어야 한다. 둘 다 RAND와 Ki에서 유도되었더라도 알려진 RAND/SRES pair에서 부터 Ki를 추측하는 것이 가능하지 않아야 한다. (known plaintext attack) 선택된 RAND/SRES pair에서 부터 Ki를 추측하는 것이 가능하지 않아야 한다.(chosen plaintext attack)

GSM 암호 알고리즘 결함 A3/A8는 해쉬로 COMP128를 사용 150,000개의 선택된 평문으로 해독될 수 있다. SIM에서 , 2시간에서 10시간 만에 Ki를 구할 수 있다. Encryption algorithm A5/1 알려진 평문 공격에 2초만에 깨진다. Chapter 10 Real world security protocols

GSM: 잘못된 가정 GSM 호(call)은 휴대 전화와 기지국 사에서 암호화 된다. 오직 휴대전화와 기지국 만을 보호한다. 하지만 기지국과 기지국 controller 사이에는 암호화되지 않는다. 이 사이에서의 통신은 마이크로파를 사용할 때가 있다. Base Station VLR Base Station Controller Chapter 10 Real world security protocols

GSM: SIM 공격 SIM card에 대한 공격 Optical Fault Induction Partitioning Attacks SIM을 갖고 있으면 공격자는 수초안에 Ki 을 찾아낼 수 있다. 휴대폰을 분실했다면 수초 안에 복제해 낼 수 있다!!! Chapter 10 Real world security protocols

GSM: 프로토콜의 결함 (가짜 BS) 가짜 기지국은 프로토콜의 두 가지 결함을 이용한다. ① 상호 인증이 아니다. Caller는 기지국에 인증을 받지만 caller는 기지국을 인증하지 않는다. ② air interface에서의 암호화는 자동적으로 이루어지지 않는다. 기지국이 암호화할 지 않을지를 결정한다. Chapter 10 Real world security protocols

GSM: 프로토콜 결함 (2/3) RAND Call to SRES destination No Mobile Fake Base Station encryption Base Station 가짜 기지국은 보통의 전화 같은 역할을 한다. 그래서 가짜 기지국과 합법적인 기지국 사이에는 보통의 GSM 전화 통신이 이루어지고 암호화된다. 기지국은 통화를 엿들을 수 있다. 요금은 가짜 기지국으로 청구된다! Chapter 10 Real world security protocols

GSM: 프로토콜 결함 (3/3) RAND Call to SRES destination No Mobile Fake Base Station encryption Base Station 가짜 기지국은 어떤 RAND와 이에 해당하는 값을 보내기 때문에 SIM에 대한 선택 평문 공격(chosen plaintext attack)을 할 수 있다. Chapter 10 Real world security protocols

GSM: 프로토콜 결함 (재사용) 기지국은 (RAND,XRES,Kc)을 재사용할 수 있다. 서비스 거부 공격이 가능하다. jamming(이것은 무선 통신에서 영원한 문제이다) Chapter 10 Real world security protocols

GSM 결론 Did GSM achieve its goals? Eliminate cloning? Yes Make air interface as secure as PSTN? Perhaps… But design goals were clearly too limited GSM insecurities weak crypto, SIM issues, fake BS, replay, etc. PSTN insecurities tapping, active attack, passive attack (e.g., cordless phones), etc. GSM a (modest) security success? Chapter 10 Real world security protocols

Chapter 10 Real world security protocols

Similar presentations

Presentation on theme: "Chapter 10 Real world security protocols"— Presentation transcript:

Similar presentations

About project

지원

로그인

Auth with social network:

Chapter 10 Real world security protocols

Similar presentations

Presentation on theme: "Chapter 10 Real world security protocols"— Presentation transcript:

Similar presentations

About project

지원