Unlicensed Mobile Access (UMA) provides transparent access to 2G and 3G networks for Mobile Stations over the unlicensed radio interface. Unlicensed radio tehnologies such as Bluetooth or WLAN technology connects the Mobile Station to the fixed IP network of the home or office and delivers high bandwith to the Mobile Station.The purpose of this report is to examine if subscribers can feel as secure using UMA as they do when using any of the alternetive mobile technologies that UMA supports. The security evaluation is performed by first investigating the current security level of GSM, GPRS and UMTS and then compares them to the security mechanisms of UMA…
Contents
1 Introduction
1.1 Background
1.2 Purpose
1.3 Reading instructions
1.3.1 Part 1 – Security Concepts
1.3.2 Part 2 – Mobile Communications systems
1.3.3 Part 3 – Security Evaluation
I Security concepts
2 What is security?
2.1 The CIA model
2.2 Security requirements for mobile communications
2.3 Cryptography
2.3.1 Secret Key System
2.3.2 Public Key Cryptography
2.3.3 Hash Algorithms
2.4 Security Attacks
2.4.1 Man-in-the-Middle
2.4.2 Passive / Active
2.4.3 Replay attacks
2.4.4 Session Hijack
2.4.5 Packet Manipulation
2.4.6 Spoofing
2.4.7 Authentication method downgrading
2.4.8 Denial of Service
II Mobile Communications systems
3 GSM
3.1 System overview
3.2 Security Features
3.2.1 Subscriber identity confidentiality
3.2.2 Subscriber identification authentication
3.2.3 Confidentiality of signalling
3.3 GSM flaws
3.3.1 Network authentication
3.3.2 IMSI sent in clear text
3.3.3 Ciphering occurs after FEC
3.3.4 Weak authentication algorithm
3.3.5 Weak ciphering algorithm
3.3.6 Clear text traffic in backbone network
3.3.7 Other flaws
3.3.8 DoS attacks
4 GPRS
4.1 System overview
4.2 Security Features
4.2.1 Confidentiality and authentication
4.2.2 GPRS backbone
4.3 GPRS vulnerabilities
4.3.1 Flaws inherited from GSM
4.3.2 Overbilling attacks
4.3.3 No Authentication in GTP
4.3.4 No encryption in GTP traffic
4.3.5 No end-to-end security
4.3.6 Mobile Station is not protected from Internet
4.3.7 DoS attacks
5 UMTS
5.1 System overview
5.2 Security Features
5.2.1 2G security features to be retained
5.2.2 2G security weaknesses
5.3 Security Architecture
5.3.1 Network access security
5.3.2 Network Domain Security
5.3.3 User Domain Security
5.3.4 Application Domain Security
5.3.5 Security visibility and Configurability
5.4 UMTS Weaknesses
5.4.1 IMSI could be sent in clear text
viii5.4.2 Internal security
5.4.3 WAP security features cannot guarantee protection
5.4.4 Interoperability with GSM
6 Unlicensed Mobile Access
6.1 System overview
6.2 Security features
6.3 Security mechanisms
6.3.1 Authentication mechanisms
6.3.2 Confidentiality Mechanisms
6.3.3 Integrity Mechanisms
6.4 UMA weaknesses
6.4.1 IMSI not protected enough
6.4.2 Mobile Station authentication optional
6.4.3 DoS attacks
III Discussions and Conclusions
7 Security evaluation
7.1 Confidentiality
7.1.1 User anonymity
7.1.2 Data, voice and signaling confidentiality
7.2 Integrity
7.3 Availability
7.4 Known vulnerabilities and flaws
8 Conclusions
9 Future work
References
Author: Eriksson, Martin
Source: Linköping University
Download URL 2: Visit Now