Session 14

3G Network

The third generation (3G) proposal for cellular communications aimed to provide global roaming,
high transmission bandwidths, and support for advanced services such as global positioning systems
and multimedia. The 3G technology was developed to fulfill the goals set by the IMT-2000 standard.

3G Network Security

The security objectives of 3G networks can be summarized as follows:

1. Implement a robust mobile user authentication scheme based on unique identification of

users, unique user numbering, and unique equipment identification.

2. Adopt a challenge and response authentication concept using asymmetric secret key shared
between the SIM card and the authentication center, similar to the authentication
mechanism used in GSM networks.

3. Protect user-generated messages from misuse or unauthorized access by restricting access to

vulnerable services.

4. Safeguard mobile users against theft and misuse of mobile stations by maintaining a list of
stolen mobile station identities and monitoring traffic for their use.

5. Ensure adequate protection of resources and services provided by 3G networks and home
environments.

6. Support emergency services by providing essential information such as user identity,

location, and any other details required by local authorities.

Security Challenges

The main security challenges for 3G networks can be summarized as follows:

1. Equivalent security to fixed networks: The 3G standard should provide the same level of
security as fixed networks, despite the differences in the underlying wireless infrastructure.
This is important because wireless networks are more susceptible to attacks due to their
radio nature.

2. User privacy during roaming: When users are roaming on other networks, their data should
be protected and transmitted securely. The lack of a secure connection between the home
network and the roaming user can pose privacy risks.

To address these challenges, the security models of 3GPP and 3GPP2 have been developed with the
following objectives:

 Enhance the 2G security architecture: Improvements are made to subscriber authentication,

subscriber identity confidentiality, radio interface encryption, use of subscriber identity
modules, and creation of a secure application layer.

 Ensure adequate protection: Mobile subscribers, their information, and the resources and
services provided by the networks should be adequately protected.
  Incorporate specific security features: 3G networks should include encryption algorithms,
standardized security properties, and the ability to extend security mechanisms with
additional features.

Security Threats

Security threats in 3G networks can be categorized as follows:

1. Misusing network services: Attackers target network services to disrupt their availability or
cause denial of service. For example, flooding the call forwarding service with requests to
overwhelm it.

2. Eavesdropping transmission: Attackers intercept transmissions during voice transfer,

signaling, or authentication processes, compromising privacy and enabling potential attacks.
For instance, tracking a victim's location or obtaining call forward numbers.

3. Manipulation attacks against messages: Intruders manipulate transmissions between parties

to modify messages, corrupt transactions, or alter packets being exchanged.

4. Man-in-the-middle attacks: Attackers position themselves between two communicating

parties without their knowledge, impersonating each party and intercepting their
communication.

5. Unauthorized access to networked services: Intruders gain unauthorized access by

masquerading or exploiting access rights. An example is a rogue shell attack that enables
opening a session on a remote system.

Retention of 2G Robust Features

Several security mechanisms have been shown to be robust and useful in 2G communication
systems. 3GPP standards have to build on these mechanisms and retain their advantages. These
mechanisms rely on four major issues:

(a) the SIM-based authentication; (b) the confidentiality of user traffic on the air interface;

(c) the radio interface encryption; and (d) the confidentiality of user identity on the radio interface.

3G Network Architecture

UMTS is a 3G mobile network that is compatible with GSM and GPRS networks. It offers higher
access rates through its Wideband Code Division Multiple Access radio interface. Recent versions
introduce new features like an all-IP network architecture and open service architecture for third-
party access. The UMTS network consists of the Core Network (CN) and the Generic Radio Access
Network (GRAN). The CN includes Circuit-Switched (CS) and Packet-Switched (PS) domains. The CS
domain handles voice calls, while the PS domain transports user data in autonomous packets. UMTS
overcomes the limitations of 2G networks and allows connections to external packet data networks
and other wireless networks.

The Mobile Station (MS)

A UMTS mobile station (MS) is similar to a GSM device and provides access to network services and a
Universal Subscriber Identity Module (USIM). The MS is involved in various UMTS procedures, call
management, handoff, and mobility management. The USIM contains user identification,
authentication data, service profile, and security elements. UMTS mobile stations can operate in
three modes:

1. Circuit switching mode (of operation): MS is attached to the CS domain and can only access
CS services.

2. Packet switching mode: MS is attached to the PS domain and can only access PS services, but
CS-like services can still be offered over the PS domain.

3. PS/CS mode: MS is attached to both the PS and CS domains, allowing simultaneous access to
PS and CS services.

USIM vs SIM

The USIM (Universal Subscriber Identity Module) is an application stored in a removable smart card
that enables access to 3G services. It shares similar features with the SIM (Subscriber Identity
Module) card, including unique mobile subscriber identification(in an unambiguous way), storage of
subscription information, mutual authentication with the network, security functions, and storage of
information elements such as preferred language, IMSI (International Mobile Subscriber Identity),
and cipher key.

The Access Network (UTRAN)

The UTRAN (UMTS Terrestrial Radio Access Network) manages radio resources and air interface in 3G
networks. It consists of two main components: Node B and Radio Network Controller (RNC).

1. Node B: It handles radio transmission/reception within radio cells, measuring connection

quality, detecting errors, power control and performing modulation/demodulation. It reports
measurements to the RNC for handoff decisions and macro diversity.

2. RNC: It manages radio resources for Node Bs, connects them to the transport network, and
handles handoff decisions. The RNC controls Node B resources and performs functions like
radio resource control, admission control, channel allocation, power control, handoff control,
macro diversity, and encryption. It interfaces with the core network's CS and PS domains.

The RNC plays a role in voice and data traffic processing, handoff between cells, and call
establishment/termination.

The Core Network

The Core Network (CN) transports user data and includes switching entities, gateways, and
databases. It connects to external networks and manages user access authorizations. Key elements in
the CN's CS domain include:

1. Mobile Switching Center (MSC): Interfaces between the cellular network and fixed circuit-
switched telephone networks. It routes calls, performs switching and signaling functions,
handles location registration, collects charging data, and manages encryption parameters.

2. Home Location Register (HLR): Stores data for mobile subscribers, including permanent and
temporary identities. Permanent data like IMSI and authentication key do not change, while
temporary data may change between MSCs, radio cells, and calls. Larger networks may have
multiple HLRs.
 3. Visitor Location Register (VLR): Associated with an MSC, it stores information for mobile
stations roaming into its coverage area. Contains data on active subscribers and copies
relevant information from the HLR. Discards the data when the subscriber leaves the
network.

4. Authentication Center (AuC): Located with the HLR, it stores authentication keys and
corresponding IMSIs for each subscriber. Plays a crucial role in network security by
generating data for authentication and encryption procedures, particularly for supporting
roaming.

UMTS Security Architecture

The UMTS network's security architecture is based on security characteristics and mechanisms
organized into five classes.

1. Network access security (Class I): Ensures secure access to 3G services and protects against
radio link attacks.

2. Network domain security (Class II): Enables secure exchange of signaling messages between
network nodes and protects against attacks on the wired network.

3. User domain security (Class III): Secures the access of mobile stations to the UMTS network
and services.

4. Application domain security (Class IV): Facilitates secure message exchange between
applications in the user and provider domains.

5. Visibility and configurability of security (Class V): Provides users with information about
active security functions and allows them to verify if a service requires specific security
features.

Mitigating 2G Weaknesses

The 3G objectives have addressed the mitigation of the following weaknesses observed in the
security of 2G networks:

 active attacks using a rogue BTS are launchable in 2G networks;

  the cipher keys and authentication data are transmitted in clear between and within
networks;
 the encryption is only performed on the wireless link. This may result in the transmission of
user and signaling data in a non-crypted form across micro-wave links (from the BTS to the
BSC, in the case of GSM);
 the data integrity is not provided. Data integrity defeats certain rogue BTS attacks and
provides protection against channel hijack;
 the IMEI is an unsecured identity;
 there is no HE knowledge or control of how an SN uses authentication parameters for HE
subscribers roaming in that SN; and
 the 2G systems do not have the flexibility to upgrade and improve security functionality over
time.

Denial of Service (DoS) attacks using request spoofing are mitigated in 3G networks by ensuring
integrity and non-replay of signaling requests. These attacks include:

1. User de-registration request spoofing: Exploits the 2G network's inability to authenticate

messages received over the radio interface. The attacker spoofs a deregistration request,
causing the user to be de-registered from the visited location area.

2. Location update request spoofing: Also takes advantage of the lack of message
authentication in 2G networks. The attacker spoofs a location update request in a different
location area, causing the user to register in the new area and become unreachable in their
actual location.

Identity catching attacks, which compromise user identity confidentiality, have also been addressed
in 3G networks:

1. Passive identity catching: Involves eavesdropping on the user's identity transmitted in clear
form. 3G networks use temporary identities, making passive eavesdropping inefficient as the
permanent identity is only revealed during specific events.

2. Active identity catching: Requires a modified Base Station (BS) and exploits the 2G network's
request for the user to send their permanent identity in clear form. By attracting the target
user to a false BS, the attacker can force the user to disclose their permanent identity. UMTS
networks protect against this attack by using encryption keys shared by a group of users to
safeguard user identity.

Impersonation of the network attacks aim to impersonate a legitimate network, with the objective
of eavesdropping on user data or sending information that is believed to be initiated from an
authentic network. Three types of attacks are distinguished in this category. The 3G network provides
mandatory cipher mode command with message authentication and replay inhibition to allow
mobiles to verify that encryption has not been hidden by an attacker. Mobile stations set up class-
marks with message authentication and replay inhibition to verify encryption has not been
suppressed by an attacker. However, 3G networks are still vulnerable to attacks using compromised
authentication vectors.

Eavesdropping on user data attacks aim to intercept user data transmitted through the network. In
GSM networks, three attacks can occur. The first attack involves suppressing encryption between the
target user and the intruder, but in 3G networks, a cipher mode command with message
authentication and replay inhibition helps verify encryption integrity. The second attack suppresses
encryption between the target user and the legitimate 2G network, but the 3G network's message
authentication and replay inhibition verify encryption integrity. The third attack involves forcing the
use of a compromised cipher key, and the architecture does not protect against the use of
compromised authentication vectors that haven't been used to authenticate the USIM.

Classification of Attacks on 3G networks

Attacks on the 3G network can be classified based on three dimensions: attack categories, attack
means, and physical access.

1. Attack Categories:

 Interception: The attacker gains unauthorized access to the network and intercepts
information or reads signaling messages without modifying them. This compromises
the privacy of subscribers and the network operator, allowing the attacker to analyze
traffic.

 Fabrication/Replay: The attacker inserts spurious objects into the system, such as
false signaling messages, fake service logic, or fake subscriber data. These attacks can
lead to the attacker masquerading as an authority, resulting in potential security
breaches.

 Modification of Resources: The attacker modifies system resources, including

signaling messages, service logic, or subscriber data. This can cause significant
damage to the network's integrity and functionality.

 Denial of Service: The attacker overloads or disrupts resources and applications

connected to the 3G system. This abnormal behavior can prevent legitimate
subscribers from receiving service or even disable the entire network.

 Interruption: The attacker destroys resources, deletes signaling messages, subscriber

data, or stops service delivery to mobile users. This disrupts the normal operation of
the network.

2. Attack Means:

 Data-based attacks: The attacker targets the data stored in the 3G communication
system by modifying, inserting, or dropping it. This can lead to data corruption,
unauthorized access, or data loss.

 Messages-based attacks: The attacker launches attacks against the 3G

communication system by manipulating the signaling messages. This includes
inserting, modifying, replaying, or dropping signaling messages, potentially
compromising network operations and services.

 Service Logic attacks: The attacker causes significant damage by attacking the service
logic running in various 3G network entities. This can result in the deletion or
manipulation of critical logic, affecting the overall functionality of the network.

3. Physical Access Dimension:

  Physical Access attacks I: The attacker obtains access to the air interface using a
physical device. They can impersonate parts of the network, deploy rogue base
stations, eavesdrop, and execute man-in-the-middle attacks.

 Physical Access attacks II: The attacker gains access to the cables connecting 3G
network switches, allowing them to disrupt the transmission of signaling messages
and potentially cause considerable damage to network operations.

 Physical Access attacks III: The attacker has access to sensitive components of the 3G
network, such as the 3G node switch. This unauthorized access enables them to
modify service logic or manipulate subscriber data, compromising user profiles,
security, and services.

 Physical Access attacks IV: The attacker has access to links connecting the Internet to
the 3G network. They can disrupt signaling message transmission, insert malicious
messages, and interfere with communication between the two networks.

 Physical Access attacks V: The attacker has access to Internet or cross-network

servers providing services to mobile subscribers connected to the 3G network. This
cross-infrastructure attack allows them to edit service logic or modify subscriber
data, potentially causing harmful damage.

Session 16
Radio Operation and Frequency

Bluetooth radios operate in the 2.4GHz unlicensed ISM band, shared with other devices like Wi-Fi
and cordless phones. They use frequency-hopping spread spectrum for data transmission. Typical
transmission rates are 1Mbps, but Enhanced Data Rate devices can reach 2Mbps or 3Mbps.
Bluetooth devices have three transmitter power classes chosen based on usage, proximity, and
power availability (that is, AC powered vs battery powered).

Device Identification

Bluetooth uses a 48-bit identifier, similar to a MAC address for an Ethernet adapter, for device
identification. This identifier is referred to as the Bluetooth device address (BD_ADDR). The first
three bytes of the BD_ADDR are specific to the manufacturer of the Bluetooth radio, with
identification assignments controlled by the IEEE Registration Authority.

Discoverability in Bluetooth refers to whether a device will respond to discovery inquiries from other
Bluetooth devices. There are three discoverability modes:
 1. Non-discoverable: Devices in this mode do not respond to inquiry scans from other devices,
but they can still be connected to based on connectivity modes.

2. Limited discoverable: Devices in this mode are discoverable for a limited period of time.

3. General discoverable: Devices in this mode are continuously discoverable by other devices
and respond to inquiry scans with connection configuration information, allowing the
scanning device to initiate a connection.

Connectability, on the other hand, refers to whether a device will respond to paging (requests to
initiate a Bluetooth connect) from other devices. There are two connectability modes:

1. Non-connectable: Devices in this mode do not enter the page scan state and cannot
establish connections based on inbound page requests.

2. Connectable: Devices in this mode periodically enter the page scan state, listening for pages
on the page scan physical channel and responding to connection requests.

Pairability refers to whether a device is capable of bonding/pairing with another Bluetooth device.
The defined bondability modes include:

1. Non-bondable mode Devices in this mode do not respond to bonding requests and will not
pair with other devices.
2. Bondable mode Devices in bondable mode will allow pairing with another Bluetooth device.
Note that devices in bondable mode may require additional security prior to pairing (that is,
PIN entry/authentication).

Bluetooth Module Layers:

 Bluetooth controller consists of radio hardware

components.

 Bottom layer: Bluetooth radio processes RF signals.

 Above that: Baseband/link controller handles link

synchronization and data formatting.

 Link manager level establishes and maintains links

between Bluetooth devices.

Host Controller Interface (HCI):

 Optional component separating higher- and lower-

level functions on different processors.

 Acts as an interface between processors.

 Example: External Bluetooth dongle on a laptop,

with lower-level functions handled by the dongle and
upper-level functions managed by the laptop's Bluetooth stack.

Bluetooth Host Layers:

 Logical Link Control and Adaptation Protocol (L2CAP) sits above HCI.
  L2CAP multiplexes across multiple higher-level protocols and packages/repackages packets.

 Protocols above L2CAP include Service Discovery Protocol (SDP) for locating Bluetooth
services and RFCOMM for serial cable emulation.

 Top of the stack: Various applications and profiles offered via Bluetooth.

Bluetooth Security Features

Bluetooth is designed to enable wireless communication between various devices, including

consumer electronics. It is important to consider that Bluetooth devices may be used by non-
technical users and may have limited visual or input capabilities. This complicates Bluetooth security
since many users and devices cannot implement advanced security measures. Mobile application
developers should keep these factors in mind when designing their applications and considering the
utilization of Bluetooth security.

Pairing

Bluetooth pairing is a crucial process for establishing secure communication between devices. In
older versions, pairing involves entering a PIN or passkey. Secure Simple Pairing, introduced in
Bluetooth v2.1 + EDR, offers enhanced security through Elliptic Curve Diffie-Hellman (ECDH) for key
exchange. It provides different pairing methods: Numeric Comparison, Just Works, Out of Band, and
Passkey Entry. Numeric Comparison compares displayed numbers, Just Works accommodates devices
without displays, Out of Band uses external mechanisms like NFC, and Passkey Entry involves
entering a matching six-digit number.

Traditional Security Services

Bluetooth provides limited security services: authentication, authorization, and confidentiality.

However, it lacks integrity and nonrepudiation services, and does not support user-level
authentication. Bluetooth authentication involves one device verifying the identity of another
through a one-way challenge-response mechanism. To prevent repeated attacks, failed
authentication attempts trigger a delay that exponentially increases with subsequent failures.
Authorization in Bluetooth is based on device trust levels (trusted or untrusted) and service security
levels (1, 2, or 3). Trusted devices have full access, while untrusted devices have restricted access to
services. Confidentiality is achieved through optional encryption modes: Mode 1 has no encryption,
Mode 2 encrypts individual non-broadcast traffic, and Mode 3 encrypts all traffic with the same key.
However, in Mode 3, all nodes within the piconet can access the encrypted data, assuming trust
among them. While Bluetooth's security features are limited, its architecture allows for the
implementation of more complex security and authorization policies.

Bluetooth Security Modes

Bluetooth has different security modes that determine the level of security and authentication used
during device connections.

Security Mode 1: No security measures are employed, including encryption and authentication.
Devices in this mode allow connections without any control measures.

Security Mode 2: Security is applied after the Bluetooth link is established. It is enforced at the
service level, allowing specific security policies based on requested services. However, the
implementation of these policies can introduce vulnerabilities.
Security Mode 3: Security is implemented during the establishment of the Bluetooth link. It provides
an "always-on" policy, ensuring security for all uses but reducing flexibility and requiring
authentication for every connection.

Security Mode 4: Introduced in the v2.1 + EDR specification, it is required for v2.1 + EDR devices.
Similar to Security Mode 2, security is applied after link setup. Service security requirements are
classified as authenticated link key required, unauthenticated link key required, or no security
required.

Security “Non-features”

Bluetooth has certain non-features that are mistakenly considered as security measures but provide
no real protection.

1. Frequency hopping, the scheme used by Bluetooth to switch between channels,

does not offer eavesdropping protection. The channel sequence is not secret, and
monitoring all channels offline can enable attacks.
2. Device proximity, relying on the limited range of Bluetooth radios, is not a reliable
security feature. Attackers can overcome the supposed protection by using high gain
antennas.

Implementation issues pose threats to Bluetooth devices and networks when manufacturers
incorrectly implement the Bluetooth specification in their devices. These flaws have led to well-
known security issues:

 Bluesnarfing: This attack exploits firmware flaws in Bluetooth devices, allowing unauthorized
access to arbitrary data, including the IMEI.

 Bluebugging: Attackers can access data, make calls, and eavesdrop on conversations due to
firmware flaws in certain mobile phones.

 Car whispering: An attacker can send or receive audio through a Bluetooth-enabled hands-
free automobile kit due to implementation flaws in these kits.

Bluetooth Vulnerabilities

 Prior to v1.2, the reusable unit key becomes public, enabling arbitrary eavesdropping.

 Prior to v2.1, short PINs are allowed, weakening encryption.

 Keystream repetition occurs in versions prior to v2.1 after 23.3 hours of use.

 The strength of the random number generator (RNG) for challenge-response is unknown.

 Encryption key length can be negotiated down to one byte.

 The shared master key is used for encrypted broadcast communications in a Bluetooth
piconet.

 The E0 stream cipher has a theoretical known-plaintext attack.

 Bluetooth has limited security services, lacking integrity protection and nonrepudiation.

Recommendations for Bluetooth security

 1. Do not rely solely on Bluetooth's native security mechanisms for sensitive applications. They
are limited and cannot provide user-level security.

2. Use complex PINs for Bluetooth devices to enhance security.

3. In sensitive environments, limit the power used by Bluetooth radios on devices.

4. Avoid using the "Just Works" association model for v2.1 + EDR devices.

5. Limit the services and profiles available on Bluetooth devices to only those necessary.

6. Configure Bluetooth devices as non-discoverable except during pairing and avoid using
Security Mode 1.

7. Enable mutual authentication for all Bluetooth communications.

8. Configure the maximum allowable size for encryption keys to enhance security.

Session 17
Smart Card Security:

Smart cards are secure modules that store secret cryptographic materials and execute cryptographic
algorithms. They provide tamper resistance and protect against unauthorized access. They are
commonly used as application-specific security modules, particularly in mobile systems.

Smart cards come in different types:

 Memory cards have surface contacts and contain a memory-only chip, with access control
handled by a security logic. They are usually optimized for specific applications, such as
prepaid phone systems.

 Microprocessor cards also have surface contacts and include an operating system, allowing
multiple applications to be loaded onto a single card.

 Contactless cards overcome the limitations of physical contacts and can offer new
applications. They don't require insertion into a reader and have a standard coverage of
about 1 meter.
Components of a smart card include:

1. CPU: The programmable central processing unit with an operating system that performs
sensitive operations independently. It is equipped with an operating system that controls the
card's functions.

2. Memory system: Consisting of ROM (non-volatile memory for the operating system), RAM
(volatile memory for runtime control), and non-volatile memory (persistent storage). ROM
contains the card operating system. Access to RAM is usually a magnitude faster than access
to ROM or EEPROM. Therefore, RAM is used for the runtime control and data stack. Since
RAM only ensures volatile storage, it cannot be used for storing persistent data. In contrast
to RAM, the non-volatile memory is persistent, meaning that when the power is turned off,
the data stays there for a long time

3. I/O system: Provides serial communication with external devices, including lines for clock,
reset, and power supply. The smart card acts as a slave, responding to commands from the
card reader.

Smart card processes

Smart cards operate in a client/server system, where they function as servers. They perform three
main processes:

1. Requesting: The smart card receives a command request via the serial interface, which is
handled by the I/O manager. The I/O manager also handles error correction for transmission
failures.

2. Processing: The smart card interprets and executes the received command. During
computation, state transitions may occur, and a messaging manager handles message
encoding and decoding. The return code manager generates a corresponding return code
based on the interpreter's computation.

3. Responding: Once the card has processed the command, it returns the computed data and
the return code to the client through the I/O manager. Smart card computations occur only
in response to specific requests and cannot initiate external activities on their own.

Smart Card Applications

Smart cards serve as valuable crypto devices due to their ability to generate and protect private
signing keys within the card, making it difficult for external attackers to access the key. Unlike storing
the key in a file on a hard drive, which can be vulnerable to dictionary attacks, smart cards have
safeguards such as locking themselves after a limited number of unsuccessful PIN attempts.

Typical applications of smart cards include:

1. Workstation logon: Smart cards securely store logon credentials, replacing traditional
username and password prompts.

2. Dialup access: Smart cards enhance the security of remote access protocols that rely on
passwords, and they can also protect private keys and certificates for public key-based
systems.

3. Secure electronic transactions (SET): Smart cards are suitable for storing certificates and
private keys in the SET protocol, ensuring secure transfer of credit card data.
 4. Law-strong digital signatures: Smart cards meet the responsibility of protecting private keys,
assisting users in complying with digital signature laws.

5. Digital cash: Smart cards enable the implementation of protocols for managing digital cash
and electronic payments, ensuring secure transactions.

6. Networking framework for smart cards: Smart cards can integrate with local environments
dynamically, complementing card-resident resources with off-card resources using mobile
code technology.

7. Web smart card: By using mobile phones as wireless smart card readers, smart cards can be
accessed over the internet, allowing them to function as web servers for secure connections.

Security of Smart Cards

Smart cards ensure the security and confidentiality of stored data through four major components:
the card body, chip hardware, operating system, and applications. (the first being responsible for the
physical security, while the other three protecting the programs and data in the smart card) Physical
security (guarantees tamper-resistance character of SC) is ensured by packaging the integrated circuit
card (ICC) in epoxy resin and physical attacks typically leave an obvious track on such a package.

Key management aims to minimize the impact of compromised secret keys by using derived keys
generated from a master key. Multiple keys are employed for different cryptographic operations, and
key versions are periodically changed. Dynamic keys, such as session keys, are generated for secure
communication. The operating system controls key usage and includes parameters such as key
reference number (unique within the key file) , version number, application purpose, disablement
capability (temp. or perm.), retry counter (non-succ. attempts to use the key with a cryptosystem) ,
max retry counter (when reached the key is blocked), and key length.

Attacks against Smart Cards

Smart cards are highly valuable devices in both offline and online communication systems due to
their secure storage capabilities and implementation of cryptographic algorithms. They enable the
storage of secrets, secure computations, and participation in communication sessions. There are two
main types of attacks on smart cards: invasive and non-invasive.

Invasive attacks involve physically tampering with the card, often resulting in damage. Examples of
invasive attacks include removing the chip from the card, reverse engineering the chipset, and
microprobing. Removing the chip can be done through various methods like using a sharp knife,
heating the card, or using chemicals. Reverse engineering involves creating a map of the processor
using techniques like optical microscopy or focused ion beam workstations. Microprobing allows
direct interaction with the chip's components by removing part of the passivation layer.
Countermeasures against invasive attacks include incorporating copy trap features into chip designs,
using non-standard cell libraries, and adding self-test procedures to detect chip modifications. Semi-
invasive attacks share similarities with invasive attacks but do not require passivation. They can be
performed using tools like UV light, X-rays, or ionizing radiation.

Non-invasive attacks include timing attacks and software attacks. Timing attacks exploit information
about the time and input patterns of operations to obtain sensitive information stored in the smart
card, such as private or secret keys. Software attacks involve using malicious programs or Trojan
horses to deceive users into unknowingly using their private keys for unauthorized purposes.
Countermeasures for these attacks include implementing logical security measures, unique-access
device driver architectures, and enforcing a one private key usage per PIN entry policy.

Power and electromagnetic analysis attacks focus on measuring power fluctuations to extract
information about algorithms and cryptographic keys. Countermeasures involve reducing signal size,
introducing noise into power consumption measurements, randomizing execution timing and order,
and using non-linear key update procedures.

Fault generation attacks stress the smart card processor to induce faulty operations or results.
Examples include under-voltage, over-voltage, power, and clock transient attacks. Countermeasures
involve transforming processors into self-timed asynchronous circuits or implementing sensors for
environmental conditions that trigger a reset.

Data remanence is another concern, where sensitive data can be retrieved even after being erased.
To prevent attacks based on data remanence, best practices include avoiding long-term storage of
cryptographic variables in RAM, cycling EEPROM/Flash cells with random data before writing
sensitive information, and utilizing techniques like multilevel storage in semiconductor memory.

Session 19
iOS architecture

iOS is Apple's exclusive operating system for iPhones, iPads, and iPods, built on the Darwin
foundation. It manages device hardware and provides necessary technologies for app development.
Default system apps like Mail, Calendar, and Safari are pre-installed. iOS cannot be used on non-
Apple devices due to security and commercial restrictions, leading to jailbreak attacks. The App Store
offers over 1 million applications, expanding the attack surface. The iOS architecture (iOS software
stack) is layered, with frameworks containing shared libraries, images, and header files. The four
layers are Cocoa Touch, Media, Core Services, and Core OS. Cocoa Touch, developed using Mac OS X
Cocoa API, supports app appearance, notifications, multitasking, touch inputs, and system services.
Key frameworks include Address Book UI, Event Kit UI, Game Kit, Map Kit, and Message UI. The
Media layer handles multimedia experiences with frameworks like Assets Library, AV Foundation,
Core Audio, Core Graphics, and more. Core Services provides fundamental services through
frameworks like Accounts, Address Book, Ad Support, CFNetwork, Core Data, Core Location, and
others. Core OS, built on the OS X kernel, handles low-level functions like networking, memory
management, and access to external accessories. Frameworks include Accelerate, Core Bluetooth,
External Accessory, Generic Security Services, and Security.

The iOS software development kit (SDK) and Xcode provide resources and tools for app development.
The SDK, previously called the iPhone SDK, is a free download but beta versions require enrollment
in the Apple Developer Program. Xcode is the integrated development environment (IDE) for iOS app
development. These SDKs can only be installed on Mac OS X.

Objective-C and Swift are the main programming languages for iOS apps, with Swift being mandated
by Apple since 2015. Objective-C is an object-oriented language that adds messaging to C, while Swift
is a newer language developed by Apple as a replacement for Objective-C.

Understanding the different application states in iOS is crucial for assessing iOS apps. Apple allows
only one state at a time, and these states change based on user or system actions. The app states in
iOS include "Not running," which is the initial state before the app is started or after it is terminated;
"Inactive," where the app is running in the foreground but does not receive events or alerts; "Active,"
which occurs when the app is in the foreground and actively receives events; "Background," where
apps run in the background and can execute code without user interaction, such as providing
notification alerts; and "Suspended," which is the state for apps that haven't been used for a while
but remain in memory.

Apple’s iOS security model

The security architecture of an iOS device encompasses various levels of protection, including device-
level security, system-level security, hardware-level security, data-level security, network-level
security, and application-level security.

At the device level, security measures prevent unauthorized access and include features such as
device locks, remote wipe capabilities, activation lock, and Find My Phone. Apple allows the signing
of configuration profiles, enabling secure distribution of configurations to devices.

System-level security involves the secure boot chain, which ensures the integrity of iOS from
firmware initialization to code loading. Apple signs each step of the boot chain, starting from the
Boot ROM, Low Level Bootloader (LLB), iBoot, and finally the iOS Kernel. System software
authorization prevents downgrading to lower iOS versions.

Secure Enclave was introduced at the hardware-level against kernel-level attacks. It operates
independently from the application processor and is responsible for Touch ID fingerprint verification
and access approval.

Data-level security focuses on protecting data stored on mobile devices. Encryption techniques are
used, along with data-protection classes. These classes, such as NSFileProtectionComplete and
NSFileProtectionCompleteUntilFirstUserAuthentication, enforce different levels of protection based
on device passcode or Touch ID.
Keychain data, used for basic-level password management, is protected using classes like
kSecAttrAccessibleAfterFirstUnlock (Keychains can be accessed while the device is locked but in the
case of a reboot, it requires an unlock before allowing access to data),
kSecAttrAccessibleWhenUnlocked (All the keychain data will be accessible when the device is
unlocked) and kSecAttrAccessibleAlways (All the data is accessible at any point of time), which
control accessibility based on device lock status.

Network-level security ensures the protection of data during network traversals. Encryption
technologies like Transport Layer Security (TLS) are used for VPN, applications, Wi-Fi, Bluetooth, and
Airdrop. Inbuilt applications like Mail and Safari default to TLS. App developers can use classes like
CFNetwork to disallow SSLv3 connections.

Application-level security involves code signing, isolation mechanisms, and protection techniques like
ASLR (Address Space Layout Randomization) and stack-level protection. iOS apps must be signed by
the App Store, and code signature checks are performed during installation and runtime to verify the
app's origin. Code signing in iOS involves digital identification with a developer-signed public key and
private key. Signed applications are eligible for installation, and Apple issues code sign identities for
developers to use.

In iOS, apps are installed and run in a sandbox, which limits their access to resources like files,
hardware, and preferences. This sandboxing mechanism is designed to ensure app isolation and
prevent unauthorized access. The entire app, along with its data, is installed in its own sandbox
directory. However, if a device is jailbroken, apps can have unrestricted access.

iOS provides two types of isolation: process isolation and filesystem isolation. Process isolation
prevents apps from viewing or modifying each other's data or communicating with other processes.
Each app runs in its own sandbox, isolated from other apps and the operating system. Process-level
sandboxing, also known as Seatbelt, controls the operations performed within the sandbox.

Filesystem isolation ensures that apps cannot access or detect the presence of other apps on the
device. While a certain part of the iOS filesystem is publicly readable, it is read-only, and no
modifications can be made.

Address Space Layout Randomization (ASLR) randomizes the data in memory to prevent exploits. It
was introduced in iOS 4.3 and enhances the security of system apps by randomizing the data they
store in memory.

iOS devices also support the NX (No-eXecute) bit feature, which makes memory non-executable until
instructed by the operating system. This helps prevent buffer overflow and underflow attacks. Stack
and heap can be set as non-executable, providing additional protection against adversaries.

Hardware-level security
iOS devices have tight integration between hardware and software protection. Devices using Apple
A8 or A7 processors have cryptographic support, utilizing AES 256 encryption. Each device is assigned
a UID and a device Group ID (GID) at the processor level, providing enhanced security. Application
code, resources, and metadata are zipped, signed with the developer's certificate, and packaged as
an iOS app store package (iPA).

When opening an iPA file with archiving software, it contains the Payload folder with the application
data, including the app binary, bundle resources, embedded.mobileprovision file, CodeSignature for
verification, iTunesArtwork for displaying the app's logo, and iTunesMetadata.plist containing
metadata. Structural representation of an iOS application:

Jailbreaking is a technique used

to bypass iOS security
limitations through software
exploits. It allows customization
of the iOS interface, full access
to the filesystem and device,
installation of custom apps or
non-traditional store apps, and
downloading of content for
free. However, jailbreaking
voids the warranty and support
from Apple.

There are different types of jailbreaks: untethered, which allows running apps and tweaks even after
rebooting; tethered, requiring the device to be connected to a computer for startup; and semi-
tethered, allowing booting without the computer but requiring a program for jailbroken add-ons and
tweaks.

Property lists, stored as XML files with the .plist extension, are used to store application data and
settings information. They are often located in the /Library/Preferences folder and can be accessed
using the plutil utility.

Session 22
Voice over IP (VoIP) refers to voice-oriented services where voice is encoded into IP packets for
transmission over communication networks. In a typical VoIP system, the voice sound is sampled,
translated into a digital representation, packed into IP packets, and sent over an IP network. At the
receiver side, the packets are unpacked, put into a playback buffer to compensate for network jitter,
and converted back into an analog signal.

Mobile VoIP faces three major problems: limited bandwidth and constraints on network resources,
the addition of security mechanisms reducing performance and flexibility, and the need to change IP
addresses as users move. These issues affect the performance and functionality of mobile VoIP
systems.
The two widely used signaling protocols in VoIP are Session Initiation Protocol (SIP) and H.323. SIP is
simple, scalable, and extensible, requiring fewer packets for call setup and running on UDP. H.323 has
a longer setup time, uses both TCP and UDP, and provides control within a session for coordinating
media input in conferences.

Real-time Protocol (RTP) is used to handle retransmission in VoIP applications. It avoids the time-
consuming process of resending packets by providing a protocol for sequencing audio and video
packets.

SIP is an application layer control protocol with user agents (UA) and network servers. UA functions
include receiving and sending SIP messages, while network servers include proxy, redirect, and
registrar servers. Proxy servers relay SIP messages and hide user locations, redirect servers provide
host location information, and registrar servers handle user registration.

H.323 defines terminals, gateways, gatekeepers, and multipoint control units for network-based
communication. Terminals handle signaling and control, real-time communication, and codecs for
audio/video compression. Gateways connect packet-switched and circuit-switched networks,
gatekeepers perform address translation, admission control, bandwidth control, and zone
management, and multipoint control units support conferencing.

H.323 uses channels for information exchange, including audio, video, data, communications control
data, and call control data. RTP and Real-Time Control Protocol (RTCP) are used for audio and video
streams, while UDP is the transport protocol.

Comparing the two signaling protocols, H.323 has a two-phase connection setup, supports TCP and
UDP, and provides call forwarding and QoS support through gatekeepers. SIP has a similar call setup
procedure, does not provide management or control functions, relies on other protocols, and
supports call forwarding and QoS through other means. Resource reservation is handled externally
by protocols like RSVP in both cases.

Security issues in VoIP (Voice over Internet Protocol) can have several implications. One major
concern is that adding security constraints to VoIP can increase bandwidth usage, leading to more
latency and jitter, ultimately reducing the overall quality of service (QoS) in the network. Additionally,
these security requirements often fail to consider the heterogeneous data flow over the network,
where voice and data streams share limited bandwidth. This can cause congestion and prevent VoIP
traffic from reaching its destination within the required time constraints.

Both H.323 and SIP (Session Initiation Protocol) signaling used in VoIP are vulnerable to various risks.
Attacks targeting the signaling and voice data transport planes aim to compromise the integrity,
confidentiality, authentication, or non-repudiation of the transmitted data. Eavesdropping, jamming,
and active modification of audio payload data and signaling information are significant concerns.

In an open environment with competition between service providers, compromising the identity of
an end system or infrastructure component can lead to additional risks. Malicious users can register
with H.323 Gatekeepers or SIP servers/registrars to gain the identity of victims, invading privacy and
potentially misusing services.

H.323 provides security services through elliptic curve cryptography, Advanced Encryption System
(AES), and different security profiles for interoperability. The Baseline Security Profile relies on
symmetric techniques with shared secrets for authentication and message integrity in endpoint-to-
gatekeeper, gatekeeper-to-gatekeeper, and endpoint-to-endpoint scenarios.
SIP offers security services such as digest authentication, RTP (Real-time Transport Protocol)
encryption for media data confidentiality, and the use of TLS (Transport Layer Security) for protecting
SIP signaling messages against integrity loss, confidentiality attacks, and replay attacks. However, the
use of TLS is limited to TCP-based SIP signaling and cannot be applied to UDP-based SIP signaling.

Mobile VoIP introduces additional security threats, including loss of availability, telephone fraud,
abuse of access, denial of service, eavesdropping, masquerading, control of end systems, and attacks
on user privacy. These threats can compromise the integrity, confidentiality, authentication, or non-
repudiation of data transmitted through signaling and media transport planes. Eavesdropping attacks
pose a significant risk, especially in WLANs (Wireless Local Area Networks), where packet-sniffers can
easily intercept VoIP traffic.

To ensure widespread adoption of mobile VoIP, a minimum set of security facilities is required. End-to-
end authentication between callers and callees should establish session keys for protecting voice
data streams. Privacy during call establishment and data transmission should be ensured through
session key-based encryption. Blocking undesired calls and preventing VoIP spamming can be
achieved through authentication handshakes and user preferences. Correct call charging is crucial,
and the system must protect caller identity and called party information from eavesdropping. An
anonymous call service should also be provided, allowing callers to remain anonymous while
enabling callees to reject such calls.

Session 21
Mobile devices use GPS and wireless signals((e.g., cellular, wireless (Wi-Fi® ), or Bluetooth) to
determine and share geolocation data, which is crucial for many applications, but also poses privacy
risks. This data can reveal sensitive information about users and must be protected.

Retrieval of location data :

 Tower Triangulation(Accuracy: 50m–1,000m) : uses radio signals between a cell phone and a
cell tower of a known location. It requires at least two cell towers to be within range of the
user. However, this method is fairly inexact due to factors that can affect signal strength.
 GPS(5-15m) : GPS uses satellite signals and can provide continuous tracking updates, but it
may not work well indoors and initial location acquisition can take several minutes. Assisted
GPS provides an initial location(it is obtained via tower triangulation or 802.11) to reduce
satellite acquisition time and correct for signal noise, but it still takes upwards of 10 seconds.
 802.11(10m–200m) : This location method works by surveys nearby Wi-Fi access points and
submits data about them to a web service for coordinates. This is faster and more accurate
than cell tower triangulation but because of location data relies on specific wireless Aps
location data can be drastically wrong.
Android devices ask for permission to use geolocation services when the app is installed. The
ACCESS_COARSE_LOCATION( cell triangulation or Wi-Fi) and ACCESS_FINE_LOCATION(GPS)
permissions are used

Mobile exposes location data : Mobile devices expose location data even when powered on, and
cellular providers receive real-time location information and even cellular service is turned off, using
Wi-Fi, BT, and other sensors mobile devices can be tracked. Commercially available rogue base
stations allow anyone obtain real-time location data and track targets(if it is the strongest signal
present, devices will automatically try to connect to). Disabling location services on a device only
limits access to GPS and location data by apps, but does not prevent the operating system from using
location data or communicating it to the network. Additionally, apps and websites can use other
sensor data(not require permission) and web browser information to obtain or infer location
information. And morover Anything that sends and receives wireless signals(such as household
smart devices , smart watches, smart medical devices, IoT devices and built-in video
communications) has location risks similar to mobile devices. Personal and household smart devices
(e.g., light bulbs, cookware, thermostats, home security, etc.) often contain wireless capabilities of
which the user is unaware. Such IoT devices can be difficult to secure, most have no way to turn off
wireless features, and little, if any, security built in. These security and privacy issues could result in
these devices collecting and exposing sensitive location information about all devices that have come
into range of the IoT devices. Geolocation information contained in data automatically synced to
cloud accounts could also present a risk of location data exposure if the accounts or the servers
where the accounts are located are compromised.

Pictures posted on social media may have location data stored in hidden metadata. Even without
explicit location data, pictures may reveal location information through picture content.

Risks of Geolocation Services:

Geolocation services pose risks to both end users and service providers. For end users,
storing their positional data on remote servers increases the potential for data theft and
compromises their privacy. This data can reveal personal information and historical
whereabouts, which can be used against them in court. Users should consider the privacy
policy of the application or site, whether data is retained or discarded, and if it will be shared
with law enforcement or third parties. They should also be aware if other users have access
to their location data and if they can block unwanted users.
Service providers, on the other hand, expose themselves to negative publicity, legal
subpoenas, and potential facilitation of criminal acts by maintaining extensive positional
records. In many cases, this data is not necessary for providing the required functionality.
Service providers must comply with privacy guidelines and inform users about tracking, data
collection purposes, third-party sharing, data retention, and storage. Storing positional data
should be avoided unless there is a compelling need to do so due to these associated risks.

Geolocation Best Practices :

 Disable location services settings on the device.

 Disable radios(BT and Wifi) when they are not actively in use
  Apps should be given as few permissions as possible
 limit app permissions by setting privacy settings to avoid sharing location data. Avoid using
location based apps(such as traffic ,shopping apps and etc) when possible
 Turn off settings (typically known as FindMy or Find My Device settings)
 Use VPN
 Minimize web-browsing on the device as much as possible, and set browser
privacy/permission location settings to not allow location data usage
For developers :

 Use the least precise measurement necessary.

 Discard data after use.
 Keep data anonymous.
 Indicate when tracking is enabled.
 Use an opt-in model.
 Have a privacy policy.
 Familiarize yourself with local laws

Session 20

SMS overview
SMS, or Short Message Service, is a standardized communication method that allows two mobile
phones to exchange short text messages of up to 160 characters. The introduction of features like
MMS has expanded SMS functionality to include multimedia content. Mobile carriers also utilize SMS
for administrative tasks such as voicemail notifications and OS updates. While these advancements
have broadened SMS usage, they have also increased its vulnerability as an attack surface. The SMS
system operates through a store-and-forward mechanism within the carrier network, where
messages are composed, submitted to the SMSC (Short Message Service Center), and forwarded to
the recipient. This process involves message storage and forwarding by the SMSC.

SMS PAYLOAD : SMS messages are composed of headers and message contents called a protocol
data unit (PDU). The SMS PDU contains header fields that define values such as the destination
phone number and message encoding type. The User Data Header (UDH) is an important field that
allows additional headers to be defined in the message contents, allowing for functionalities such as
multimedia messages and multipart SMS messages.

MMS overview
Multimedia Messaging Service (MMS) allow users to send pictures, audio, and video
recordings to each other by building new functionality on top of the SMS layer

Protocol Attacks :

 Abusing legitimate functionality : There are legitimate administrative functions

performed over SMS such as voicemail notification. These functions are meant to be
sent from a carrier to a subscriber’s mobile phone; however, typically nothing is in
 place to stop an attacker from spoofing these messages and sending them to victims’
mobile phones.
 Vulnerabilities in the implementation : attackers may attempt to send malformed or
corrupted SMS messages to a target mobile phone. The goal of these attacks is to cause an
error condition on the mobile phone that can be exploited to execute hostile code or crash
the device. For example, manipulating the length field in an SMS header could lead to
triggering an error condition.

Battery-Draining Attack : MMS battery-draining attacks aim to drain a victim's phone battery
quickly, knocking it offline. Attackers can abuse MMS notifications by crafting messages that point to
their own server. When the victim's phone connects to the server to receive the message, instead of
a valid image or video file, the attacker configures their server to keep the victim's phone connected
indefinitely, for example, by sending UDP packets to the victim's IP address, which keeps the phone's
radio powered on and drains the battery rapidly.

Silent Billing Attack : Unlike text SMS messages, MMS messages have more overhead and involve
several background messages(users can’t see them) to set up and confirm that an MMS has been
successfully delivered. Bombarding users with background messages which are still valid from a
billing perspective, can quickly drain the victim's credit balance

OTA(Over The Air) Settings Attack : OTA settings allow carriers to send new settings to mobile
phones on their network. This can refer to various items such as firmware updates or browser
settings. One attack involves pushing new browser settings to a target phone, which routes all traffic
through an attacker-controlled proxy, enabling them to obtain personal information and perform
man-in-the-middle attacks.

MMS Notification :
Session 13
GSM which is one of the most popular systems for mobile communication provides terminal mobility
and allows users to roam seamlessly from one GSM network to another. A key feature of GSM is the
use of a Subscriber Identity Module (SIM) that stores sensitive data for user authentication and
message confidentiality.

GSM components :

1. The Mobile Station (MS) : consists of mobile equipment(ME) and SIM card which is inserted
into ME and it allows subscirber to make and receive calls. Typical ME is the mobile phone.
SIM card contains the following subscriber related information:
a. The International Mobile Subscriber Identity (IMSI) : it is used by
the network for purposes including universal identification and roaming
b. A3 and A8 cryptographic algorithms and Ku key for user authentication and
confidentiality
c. Temporary network related data : TMSI ( it is temporary identifier and used for
protecting privacy and security of subsciriber by preventing disclosure of IMSI to
unauthorized parties) , LAI (identifying the geographical area in which a mobile
device is located) , and the forbidden Public Land Mobile Networks (PLMN).
d. The Card Holder Verification Information (CHVI): The information authenticates the
user to the card and provides protection against the use of stolen cards.
2. The Base Station Subsystem (BSS) : It consists of the Base Transceiver Station (BTS) which
sets up the radio transceivers that handle the radio link with the MS and Base Station
Controller (BSC) which manages the radio communication and controls a set of BTSs.
3. Mobile Services Switching Center (MSC) : MSC is a crucial part of the GSM network that
manages a large number of BSCs and serves as a switching node. It handles various functions
related to terminal mobility, such as registration, authentication, location, handover, and call
routing (in short , It acts as a central point where multiple BSCs and other network
components can connect to exchange information)
4. The Operation and Support System (OMC) : it offers the customer cost-effective support for
centralized, regional, and local operational and maintenance activities that are required for a
GSM network
5. Home Location Register (HLR) : The HLR is a database that stores and manage subscriber
information(such as IMSI and Ku key). Every subscirber is assigned to a unique HLR. HLR
plays an important role in various tasks such as the roaming of mobiles to foreign networks.
6. Visitor Location Register (VLR) : VLR is a database contains subscriber information like the
HLR but difference is that it relates only to the subscribers who roam in the area assigned to
the VLR. When a subscriber roams away from his/her own network, information is forwarded
from the subscriber’s HLR to the VLR of the serving network, in order to perform the
authentication process.
7. Authentication Center (AuC) : AuC is an important part of the HLR. The attributes in this
database include the subscriber’s IMSI, secret key K, LAI, and TMSI. The AuC is responsible
for generating triplets of values consisting of a random field, called RAND, an assigned
response, and session key K, which are stored in the HLR for each subscriber and a call made
by the subscriber
8. Equipment Identity Register (EIR) : is a database and responsible for storing information
about mobile devices(IMEI numbers of mobile phones) and it is used to prevent the use of
stolen or unauthorized devices on the network by checking the IMEI numbers(if it is in Black
List not allowed to connect to the network and white and grey) of devices attempting to
connect.

Mobility Management : Mobility management involves tracking the location of roaming mobile
subscribers, registering location information, and handling connection handoffs during
communication. Handoffs occur when a GSM terminal passes out of the range that the
serving cell can handle

Protocol Architecture

1. Physical Layer(Layer 1) : Physical layer includes mechanisms such as modulation, coding,

timing, power control, and radio channel establishment and maintenance. GSM uses a
combination of FDMA (Frequency Division Multiple Access) and TDMA (Time Division
Multiple Access) to allocate radio resources to users. FDMA divides the available radio
spectrum into different frequency bands, with each band assigned to a specific user. On top
of FDMA, TDMA divides each frequency band into time slots, allowing multiple users to
share the same frequency band by transmitting at different times. GSM uses three frequency
bands: 900 MHz, 1800 MHz, and 1900 MHz.

2. Data Link Layer(Layer 2) : The data-link layer is responsible for the correct and complete
transfer of information blocks between the Layer 3 entities over the GSM radio interface
 The protocol implements the following basic functions:
 The organization of the information issued by Layer 3 into cells (or frames).
  The peer-to-peer transformation of signaling data using well-defined frame formats.
 The establishment, the supervision, and the termination of one or more data links on the
signaling channels
 The acknowledgment of transmission and reception of numbered information frames.
 The non-acknowledgment of unnumbered information frame transmission

3. Message Layer(Layer 3) : uses a protocol that contains all the functions necessary to
establish, maintain, and terminate mobile connections for the services offered within a GSM
PLMN.
Radio resource management (RR): The RR sub-layer is responsible for the management of
the frequency spectrum, the GSM system’s reaction to the changing radio environment
Mobility management (MM): The MM sub-layer is in charge of coping with the tasks of
handling mobile users that are not directly related to radio functions.
Connection management (CM): The CM sub-layer manages all the functions essential for
circuit-switched call control in the GSM.

Security Requirements : in GSM network it is required for protection in the following activities: call
setup, voice-based services protection, privacy of location, privacy of calling patterns, privacy of user
identity, and protection of data

Protection of Call-Setup Information and Communication Services : All information(like caller

number) which is sent to GSM network must be protected from eavesdropping

Privacy of User-Location, Calling Patterns, and User-Data : Information related to traffic generated by
a particular user and his/her calling patterns (such as the caller-id) should not be made available to
attackers

Replication and Clone Resistant Design : GSM systems can be attacked through replication or cloning,
where an intruder duplicates a personal mobile terminal's information(it includes data stored in SIM
card) . The GSM network's cryptographic protection should include tools for clone-resistance.

Equipment Identifiers : personal equipments should have unique (worldwide) identification

information that is permanently integrated and tamper-resistant. It will help to prevent reuse of
stolen equipment

GSM Security Model :

Anonymity : When a mobile user powers

on his/her mobile terminal, the real
identity (IMSI) is used to identify the MS
to the network and then a temporary
identifier Temporary Mobile Subscriber
Identity (TMSI) is allocated as a
temporary local identifier of the MS to
the network in future sessions
Authentication : Authentication involves two functional components, the SIM
card in the mobile and the Authentication Center (AuC). The network generates a random number
and challenges the MS to prove its identity, which is done by sending back the expected value of
SRES.

Confidentiality : Using RAND and secret key Ku, the SIM runs the A8 algorithm to produce the 64-bit
long session key called Ks. Ks is then used by the A5 algorithm to produce a 228-bit key stream. For
each new frame to be transferred, a new 228-bit key stream is produced by the algorithm A5 to
encrypt (and decrypt) the frame.

Basic Attacks on GSM

Attacks on the Authentication Algorithm :

The algorithm used in SIM cards is difficult to change, as it is embedded in the card itself , despite
attempts to keep the COMP128 algorithm secret, it has been reverse-engineered and crypt-analyzed.
This means that cloning a SIM card only requires knowledge of the secret key and the IMSI, which is
embedded in the card.

Impersonation Attacks :

Impersonation attacks involve an attacker impersonating either the network or the mobile station
(MS), or both, to perform a man-in-the-middle attack. This allows the attacker to eavesdrop on
private traffic, modify, delete, reorder or replay messages, and behave as a repeater. A man-in-the-
middle attack requires a modified base transceiver station (BTS) and a modified MS, where the rogue
BTS impersonates the network to the MS, while the modified MS impersonates the MS to the
network. The rogue BTS is also referred to as a rogue base station (RBTS).

Attack Against Anonymity :

Attackers can track the movements and calling patterns of subscribers by obtaining their IMSI or
TMSI, and use this information to impersonate individuals or perform traffic analysis

Session 15
LTE, or Long-Term Evolution, is a fourth-generation cellular technology standard developed
by the 3rd Generation Partnership Project (3GPP) as an evolutionary step from GSM to
UMTS. It is a completely packet-switched network that provides increased data rates. LTE
networks are deployed worldwide, and installations are rapidly increasing.
LTE networks have three main components: user equipment (UE), evolved universal
terrestrial radio access network (E-UTRAN), and evolved packet core (EPC).

Components
UE is the cellular device that connects to the E-UTRAN, which is a mesh network of radio
components (eNodeBs) that transmit and receive signals to and from the UE. The EPC
connects the E-UTRAN to the internet via a core network that includes the Mobility
Management Entity (MME), the Serving Gateway (S-GW), the Packet Data Gateway (P-
GW), and the Home Subscriber Server (HSS). LTE networks use multiple planes of
communication that are routed to different endpoints.

Protocols
The protocols used in LTE include Radio Resource Control (RRC), Packet Data Convergence
Protocol (PDCP), Radio Link Control (RLC), and Medium Access Control (MAC). LTE uses
several defenses to ensure security, including SIM cards and UICC tokens, device and
network authentication, air interface protection, and backhaul and network protection. LTE's
security architecture is defined by 3GPP's TS 33.401.