Improving Air Interface User Privacy in Mobile Telephony

Although the security properties of 3G and 4G mobile networks have significantly improved by comparison with 2G (GSM), significant shortcomings remain with respect to user privacy. A number of possible modifications to 2G, 3G and 4G protocols have been proposed designed to provide greater user privacy; however, they all require significant modifications to existing deployed infrastructures, which are almost certainly impractical to achieve in practice. In this article we propose an approach which does not require any changes to the existing deployed network infrastructures or mobile devices, but offers improved user identity protection over the air interface. The proposed scheme makes use of multiple IMSIs for an individual USIM to offer a degree of pseudonymity for a user. The only changes required are to the operation of the authentication centre in the home network and to the USIM, and the scheme could be deployed immediately since it is completely transparent to the existing mobile telephony infrastructure. We present two different approaches to the use and management of multiple IMSIs

Novel Model of Adaptive Module for Security and QoS Provisioning in Wireless Heterogeneous Networks

Considering the fact that Security and Quality-Of-Service (QoS) provisioning for multimedia traffic in Wireless Heterogeneous Networks are becoming increasingly important objectives, in this paper we are introducing a novel adaptive Security and QoS framework. This framework is planned to be implemented in integrated network architecture (UMTS, WiMAX and WLAN). The aim of our novel framework is presenting a new module that shall provide the best QoS provisioning and secure communication for a given service using one or more wireless technologies in a given time

On the security of an anonymous roaming protocol in UMTS mobile networks

In this communication, we first show that the privacy-preserving roaming protocol recently proposed for mobile networks cannot achieve the claimed security level. Then we suggest an improved protocol to remedy its security problems

Solutions to the GSM Security Weaknesses

Recently, the mobile industry has experienced an extreme increment in number of its users. The GSM network with the greatest worldwide number of users succumbs to several security vulnerabilities. Although some of its security problems are addressed in its upper generations, there are still many operators using 2G systems. This paper briefly presents the most important security flaws of the GSM network and its transport channels. It also provides some practical solutions to improve the security of currently available 2G systems.Comment: 6 Pages, 2 Figure

SECURITY MEASUREMENT FOR LTE/SAE NETWORK DURING SINGLE RADIO VOICE CALL CONTINUITY (SRVCC).

Voice has significant place in mobile communication networks. Though data applications have extensively gained in importance over the years but voice is still a major source of revenue for mobile operators. It is obvious that voice will remain an important application even in the era of Long Term Evolution (LTE). Basically LTE is an all-IP data-only transport technology using packet switching. Therefore, it introduces challenges to satisfy quality of service expectations for circuit-switched mobile telephony and SMS for LTE capable smartphones, while being served on the LTE network. Since 2013, mobile operators have been busy deploying Voice Over LTE (VoLTE). They are relying on a VoLTE technology called Single Radio Voice Call Continuity (SRVCC) for seamless handover between packet-switch domain to circuit-switch domain or vice versa. The aim of thesis is to review and identify the security measurement during SRVCC and verify test data for ciphering and integrity algorithm.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

SECURITY AND PRIVACY ISSUES IN MOBILE NETWORKS, DIFFICULTIES AND SOLUTIONS

Mobile communication is playing a vital role in the daily life for the last two decades; in turn its fields gained the research attention, which led to the introduction of new technologies, services and applications. These new added facilities aimed to ease the connectivity and reachability; on the other hand, many security and privacy concerns were not taken into consideration. This opened the door for the malicious activities to threaten the deployed systems and caused vulnerabilities for users, translated in the loss of valuable data and major privacy invasions. Recently, many attempts have been carried out to handle these concerns, such as improving systems’ security and implementing different privacy enhancing mechanisms. This research addresses these problems and provides a mean to preserve privacy in particular. In this research, a detailed description and analysis of the current security and privacy situation in the deployed systems is given. As a result, the existing shortages within these systems are pointed out, to be mitigated in development. Finally a privacy preserving prototype model is proposed. This research has been conducted as an extensive literature review about the most relevant references and researches in the field, using the descriptive and evaluative research methodologies. The main security models, parameters, modules and protocols are presented, also a detailed description of privacy and its related arguments, dimensions and factors is given. The findings include that mobile networks’ security along with users are vulnerable due to the weaknesses of the key exchange procedures, the difficulties that face possession, repudiation, standardization, compatibility drawbacks and lack of configurability. It also includes the need to implement new mechanisms to protect security and preserve privacy, which include public key cryptography, HIP servers, IPSec, TLS, NAT and DTLS-SRTP. Last but not least, it shows that privacy is not absolute and it has many conflicts, also privacy requires sophisticated systems, which increase the load and cost of the system.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

METODY ZAPEWNIENIA BEZPIECZEŃSTWA DANYCH W STANDARDACH MOBILNYCH

The analysis of mobile communication standards is carried out, the functional structure and interfaces of interaction between the structural elements of the cellular network are considered. To understand the principle of communication according to the GSM standard, a block diagram of a mobile switching center (MSC), base station equipment (BSS), control and service center (MCC), mobile stations (MS) is presented. The main algorithms for ensuring the confidentiality and security of mobile subscribers' data, in different types of standards, as well as the vulnerabilities of information flows are considered. In particular, the following dangerous types of attacks have been identified, to which mobile network subscribers are sensitive: sniffing; leakage of personal data; leakage of geolocation data; spoofing; remote capture of SIM-card, execution of arbitrary code (RCE); denial of service (DoS). It is established that the necessary function of the mobile network is the identification of subscribers, which is performed by IMSI, which is recorded in the SIM card of the subscriber and the HLR of the operator. To protect against spoofing, the network authenticates the subscriber before starting its service. In the case of subscriber identification, the subscriber and the network operator are protected from the effects of fraudulent access. In addition, the user must be protected from eavesdropping. This is achieved by encrypting the data transmitted over the radio interface. Thus, user authentication in UMTS, as well as in the GSM network, is carried out using encryption with a common key using the "hack-response" protocol (the authenticating party sends a random number to the authenticated party, which encrypts it according to a certain algorithm using a common key and returns the result back).Przeprowadzana jest analiza standardów komunikacji mobilnej, rozważana jest struktura funkcjonalna i interfejsy interakcji między elementami strukturalnymi sieci komórkowej. Aby zrozumieć zasadę komunikacji w standardzie GSM, przedstawiono schemat blokowy centrali ruchomej (MSC), wyposażenia stacji bazowej (BSS), centrum sterowania i obsługi (MCC), stacji ruchomych (MS). Rozważane są główne algorytmy zapewniające poufność i bezpieczeństwo danych abonentów telefonii komórkowej, w różnych typach standardów, a także podatności na przepływ informacji. W szczególności zidentyfikowano następujące niebezpieczne rodzaje ataków, na które podatni są abonenci sieci komórkowych: sniffing; wyciek danych osobowych; wyciek danych geolokalizacyjnych; podszywanie się; zdalne przechwytywanie karty SIM, wykonanie dowolnego kodu (RCE); odmowa usługi (DoS). Ustalono, że niezbędną funkcją sieci komórkowej jest identyfikacja abonentów, która jest realizowana przez IMSI, która jest zapisywana na karcie SIM abonenta i HLR operatora. Aby zabezpieczyć się przed podszywaniem się, sieć uwierzytelnia subskrybenta przed uruchomieniem usługi. W przypadku identyfikacji abonenta, abonent i operator sieci są chronieni przed skutkami nieuprawnionego dostępu. Ponadto użytkownik musi być chroniony przed podsłuchem. Osiąga się to poprzez szyfrowanie danych przesyłanych przez interfejs radiowy. Tak więc uwierzytelnianie użytkownika w UMTS, jak również w sieci GSM, odbywa się z wykorzystaniem szyfrowania wspólnym kluczem z wykorzystaniem protokołu „hack-response” (strona uwierzytelniająca wysyła do strony uwierzytelnianej losową liczbę, która ją szyfruje zgodnie z pewien algorytm używający wspólnego klucza i zwraca wynik z powrotem)