GSM Phone Security - Coursework Example

GSM PHONE SECURITY Table of Contents Table of Contents 2 Executive Summary 3 Introduction 4 Wireless Networks Security Features 4 GSM Networks Security Mechanisms 6 Recent Research on GSM Attacks 7 Risks and Threats 9 Countermeasures 10 Conclusion 11 References 13 Executive Summary Recently, there have been cases reported of eavesdropping on cell conversations. These stories have made it to the news as a result of research that was published in the late 2009. The research paper showed that it was possible for one to crack the encryption on a GSM cell phone. Today, GSM technology is the most popular as well as the most deployed. Just as the CEO is a GSM cell phone user, so are 80% of all cell phone users. There are four different types of encryption that is deployed on the GSM phones: A5/1, A5/3 as well as the A5/2. The most common of these is the A5/1. The A5/3 is the most recent standard and has proven to better than the previous standards in terms of security but has its loopholes too. The perceived weakness of the GSM cell phone is basically because of the encryption being deployed by the model. This is a loop hole that can be a security threat to the company as the CEO uses the phone for all her conversations as well as email communication. The phone can be hacked into and all the data can be accessed. The loss of data concerning future inventions and innovations that the organization is working on can be quite catastrophic on the organizations future as well as image. There are specific attacks that can be done on the GSM phone. There are however countermeasures that can as well be taken to try and prevent these attacks or limit the attacks for that matter. Since the organization is migrating to another communication method, this paper seeks to help the CEO understand the threats that the use of her GSM phone pose as well as the countermeasures. However these are only temporary solutions as to allow for the organization to migrate to another technology within three months without incidences. The paper also includes an action plan for the smooth migration. Introduction Global Communications Enterprises (GCE), might be a small technology company but has a bright and great future ahead. However, this future can prove to be dim if the right steps and paths are not followed. One such path is the communication methods that are employed at the organization. The CEO of GCE uses GSM (Global System for Mobile Communication) which is the most popular mobile phone technology being use by majority of mobile phone users in the whole world. The CEO uses the GSM phone for all her communication. The emails that she sends to fellow workers as well as employees are sent from her GSM phone, these include confidential emails concerning the organizations future technology plans. This is her only communication gadget. With the kind of encryption that is employed by the GSM phone, it would be and honest opinion to state that the company is at risk. The risk would be posed by the use of the GSM phone to communicate confidential information. There are several risks that are posed by the use of the GSM phone. The conversation can be eavesdropped upon by a third party when one uses the GSM phone. This is possible due to the fact that GSM encryption can be hacked (Nohl, 2009). There are other risks that a GSM phone user is prone to. Wireless Networks Security Features Security in the wireless networks is a key element in these networks as the users tend to store personal information in these phones. The users have a tendency to store mission critical and even organizational information on these phones. The weaknesses in the security of these networks originate from both the security protocol flaws as well as multiple security schemes that are incompatible. The user then makes a mistake of trusting the entire system and tends to convey personal or confidential information on it. There are many security issues that are posed by the wireless environment like, integrity, authentication, non-repetition as well as accessibility. Convenience of use as well as speed might also be an issue (Varshney U., 2003). Therefore, the type of data being transmitted will determine the type of security strategy to be employed. The estimated loss in the case of eavesdropping should also be considered (Figure 1). If denial of service occurs, then it is only right to assume the worst that another attack is on the way. Figure 1: Wireless Network Security Issues For best results, and end-to-end application of the security strategy is required i.e. from the data source to its destination. A good example is in WAP where encryption is between the wap gateway and the mobile device (Ghosh & Swaminatha, 2001). GSM Networks Security Mechanisms Confidentiality and security in the GSM network helped create an influence and perception that it was the most superior to other communication systems. Its success influenced the development of other innovations like the Personal Handy Phone System (PHS), Code Division Multiple Access (CDMA) as well as the Digital Enhanced Cordless Telecommunications (DECT). With the large number of users, GSM is always a potential target for attacks. These attacks are due to different reasons and types like; call forwarding, roaming fraud, bogus registration details as well as terminal theft. There are fraud management systems that have a variety of indicators which they use to monitor phone numbers to try and determine fraud. They check indicators like, large and indefinite variations in phone use, variations of call times as well as large variations of payment being made by a user (Emmanuel G., 2001). The GSM system has known security issues: When there is connection to fixed network, signaling and communication traffic are not usually protected. It therefore is as secure as the network it is connecting to. Active attacks such as camping on false BTS as well as identity cashing are not addressed by the GSM infrastructure (Steve L., 2003). Lawful interception of was not a forethought. The authentication and cryptographic mechanism in GSM is quite hard to upgrade (Niels F., Bruce S., 2003). There are five known and acknowledged attacker capabilities that affect the GSM networks security (Table 1). The easiest to do is the first while the last capability is the hardest and requires more investment in hardware as well as skill to be able to do (Emmanuel G., 2001). Table 1: Attacker Capabilities Easier Most difficult Eavesdropping This is the ability of an intruder to intercept signaling information as well as traffic associated to others. One requires a modified cell phone. User impersonation In this case, the hacker sends rogue data to the network. This data is made to appear as from another user. The equipment used is a modified cell phone. Network impersonation In this case, the hacker sends rogue data to the network. This data is made to appear as from another network. The equipment used is a modified cell phone. Man in the middle (MITM) In this case, the attackers place themselves between the genuine user and the network and access all communication between the two. The equipment used is a modified cell phone as well as a modified BTS. Compromise of a Network authentication The attacker creates a compromised authentication vector (integrity keys, cipher keys, challenge response pairs etc.). Recent Research on GSM Attacks There are security researches that have been conducted that show that the GSM phone has weaknesses on its encryption. The attacks have been categorized as passive as well as active. According to research, active research is done using a gadget called an ‘IMSI Catcher” which is also referred to as a VBTS (virtual base transmission station) (Frick, 2000). This device emulates a mobile phone base station. The gadget exploits the requirement that it is the GSM phone that supposedly authenticates to the network and it is not the other way around. The device acts by intercepting the communication from the middle by listening in on the conversation as it passes to be communicated to the required mobile phone. In passive scanning, the encryption of the GSM phone is broken into using a laptop and programmable antennae. The hacker acts by sniffing into the communication channels and grabs different traffic that is passing accessing a data file. The data is saved and taken offline where it is decrypted and the data can be accessed when it is raw. Weaknesses have been shown in the GSM phone in the past although it was considered to be almost impractical to carry out an attack on the mobile phones. In the years 2008 and 2009, practical methods that can be used to crack the GSM phone were presented in researches. This specifically targeted the GSM A5/1 encryption (William S., 2003). At Schmoo con, Hulton presented research that claimed that there was a possibility that GSM encryption could be cracked (Houlton, 2008). IN the research, FBGA (field programmable gate arrays) are used in the reduction of the computation time. He said that the encryption could be broken and cracked within 30 minutes and more so in 30 seconds if a multi-node cluster was deployed. There was a follow up on this research in the year 2009 where it was stated that open source components could be used to carry out interception (Nohl, 2009). Previously complicated hardware was used to set up stations. The pre-computed tables have been used to carry out attacks on the A5/1 algorithm. According to the Nohl research, the tables were calculated by the use of optimized algorithms on the GPUs (graphical processing units) and PlayStations as well. Researchers have proved that practical attacks carried out against the GSM A5/3 are also possible. Nohl proposed in his paper a semi-active attack using the A5/3 and A5/1 traffic (Nohl, 2009). Dunkelman on the other hand published a research stating the use of a “sandwich attack” to attack the block cipher in A5/3 (Dunkelman, 2010). Finally, the cell phone networks providers are obligated by their government’s regulations to provide the government agencies with access to their networks for the purpose of court ordered eavesdropping on cell phone conversations. Thereby, as much as the provider network might be secure, they are required to have a built in loop hole to allow for permitted or legalized eavesdropping. Risks and Threats There is a risk on the use of the GSM phone by the organizations CEO. This is due to one risk: snooping. This kind of risk is evaluated by taking a critical look at what the attackers would require as well as the likelihood that an attack will be carried out. For the attackers, the latest and most common types of attacks are the passive attacks. These are more popular as the past types where there was the use of rogue base stations were easily detected. The more recent passive attacks allow for attack without possible detection. The risks involved in this type of attack are therefore minimal. There is a premeditated code book that is used in these types of passive attacks. This book makes it easy to carry out attacks as well as reduce the risks of being detected. However, according to the author, a ‘Non-trivial RF setup’ (Nohl, 2009) is required. It is quite difficult to state all the possible threats to the GSM phone. However, the profile of an attacker can be identified. First of all, the hardware used to carry out the attack is quite expensive; thereby not anyone can afford the hardware. These persons would also have to hire personnel to manage the interceptor system. The persons would also be willing to break the law knowingly as hacking is illegal. With these kinds of characteristics, we are sure that the persons doing the hacking cannot be opportunist but people who are serious with what they are doing as well as have the resources to do it. So it would practically take an organization or group of persons to try and hack the CEO’s GSM phone and the organizations communication system. According to CellCrypt’s Simon Bransfield-Garth, it would take a well-funded criminal organization to carry out call interception (O’brien, 2009). As the CEO does her rounds in the facility and uses her GSM phone, she could be in danger of an attack as this is a static place that the attackers can stage the hack. The attackers would also need to know the phone numbers of the executives. These can be acquired from public places, social engineering as well as from other staff working at the organization. The organization should consider itself at risk of being attacked and should take counter measure to make sure that this does not take place. Overall this risk is rated as being a moderate risk though very possible. Countermeasures With regard to corporations such as GCE as well as individual users like the CEO, the greatest risk remains to be the capture and decryption of the wireless mobile phone signal. There are risks that are associated with the loss of data contained in the cell phones or that is transferred through the cell phones like through the email messaging system. There are several technical as well as non-technical steps to take: The organization should formulate a mobile phone usage policy that will prohibit the use of the GSM in the communication of confidential or organization information. A mobile phone security awareness training should be conducted to educate the staff on things such as: to always assume that the mobile phone conversations that take place are insecure just as the email and are susceptible to interception as well as eavesdropping, the text messages should be treated like the email, always use a complex password that has mixed digits as well as symbols, secure the messages as well as the conversations that are in the phone as much as possible, always make sure that your phone is attended to as the hacker would only need few minutes with your phone to install a malicious software or hardware or to even steal it. The mobile phone users should also be advised to always turn off the Bluetooth wireless of their phone unless in use. The Bluetooth headsets are not to be used at all when carrying out conversations that are sensitive. These Bluetooth devices can be sniffed. This attack would not even require the attacker to bypass any encryption. If an employee needs to carry out a conversation over the mobile phone, then they should go to a location where they cannot be overhead. As in the case of the CEO, she should not carry on conversations that are confidential in the factory by probably within the doors of her office. She should also use code words to communicate certain messages to the second party so that she can confuse anyone who might try to eavesdrop on her conversations. The coding should also apply to the email that she sends using her phone. She should at least ascertain that her phone uses the A5/3 standards which is more secure that the other two i.e. A5/1 and A5/2. It would also be better to use smartphones for more secure conversations and communication. An end to end voice encryption can also be employed (e.g. Rohde & Schwartz or CellCrypt). Conclusion Dealing with the security issues of the wireless technology is quite complex. Whereas in the wired network technology tapping is usually done though the accessing of the communication links physically, in the case of the wireless networks the relayed information is conveyed over radio waves. This makes the wireless technology more susceptible to eavesdropping. We have discussed the different security loop holes of the GSM mobile phone as well as the countermeasures that can be employed to minimize the risk. However, these are not enough as the technology is not secure enough to be used by the CEO for the communication of the company business especially at this time when at the verge of giving birth to a new innovation. I would advise and advocate for the application of these counter measures as we await the change within the coming three months. References Dunkelman, Orr. (2010). A Practical-time attack on the a5/3. Retrieved from http://eprint.iacr.org/2010/013.pdf Emmanuel Gadaix, “GSM and 3G Security”, Black Hat Conference Singapore, April 2001. Frick, J. (2000, November 8). Method for identifying a mobile phone user or for eavesdropping on outgoing calls. Retrieved from http://v3.espacenet.com/publicationDetails/biblio?CC=EP&NR=1051053&KC=&FT=E Ghosh and Swaminatha, (2001).“M-commerce Security”, Communications of the ACM. Hulton, D. (2008, February). Intercepting gsm traffic. Retrieved from http://blog.washingtonpost.com/securityfix/shmoocon-May8-gsm.pdf Niels Ferguson, Bruce Schneier, Practical Cryptography, Wiley Publishing, Inc., 2003 Alcatel University, Introduction to the Alcatel GSM Network, 2003 Nohl, K. (2009). Gsm srsly?. Retrieved from http://events.ccc.de/congress/2009/Fahrplan/attachments/1519_26C3.Karsten.Noh l.GSM.pdf OBrien, K. (2009). Cellphone encryption code is divulged. Retrieved from http://www.nytimes.com/2014/05/8/technology/29hack.html?_r=3&pagewanted=1 Steve Lord, “Bugwatch: GSM security flaws exposed”, VNU Business Publications Limited, 2003, http://www.vnunet.com/vnunet/news/2121449/bugwatchgsm-security-flaws-exposed Upkar Varshney, (2003). “Network access and security issues in ubiquitous computing”, Workshop on Ubiquitous Computing Environment, Cleveland, Valer Bocan, (2004). “Developments in DOS research and mitigating technologies”, Periodica Politehnica, Transactions on Automatic Control and Computer Science, Vol. 49 (63), William Stallings, Cryptography and Network Security, Principles and Practices, Third Edition, Prentice Hall,2003 Read More