Thursday, 2 February 2012

CMC3P22-P03-1004606H

802.11i
802.1x for authentication (entailing the use of EAP and an authentication server), RSN for keeping track of associations and AES-based CCMP to provide confidentiality, integrity and origin authentication. Another important element of the authentication process is the four-way handshake. 


Once the authentication handshake takes place, a 4-way handshake is performed with the actual keys used for encryption. For protecting broadcast and multicast packets group key handshake takes place. In this whole process the Master Key (MK) is available with Supplicant and Authenticator server and is never sent on the medium.


802.11k
802.11k is intended to improve the way traffic is distributed within a network. In a wireless LAN, each device normally connects to the access point (AP) that provides the strongest signal. Depending on the number and geographic locations of the subscribers, this arrangement can sometimes lead to excessive demand on one AP and underutilization of others, resulting in degradation of overall network performance. In a network conforming to 802.11k, if the AP having the strongest signal is loaded to its full capacity, a wireless device is connected to one of the underutilized APs. Even though the signal may be weaker, the overall throughput is greater because more efficient use is made of the network resources.

802.11r



The technology is designed to keep a secure Wi-Fi connection active by anticipating the needed security settings at the next access point. The format can determine the security settings and quality of service info for the next access point before actually hopping to the next point and thus reduces the delay in switching networks to where time-sensitive apps will remain active.

The standard would allow seamless connections across many private networks but is said to be particularly useful for VoIP, which can often drop calls altogether when moving between access points. Updating to 802.11r may also be important for offices, which often need secure Wi-Fi but often have more than one access point to provide coverage over a large area.
802.11w
It is the standard to increase the security of its management frames. Wireless LANs send system management information in unprotected frames, which makes them vulnerable. This standard will protect against network disruption caused by malicious systems that forge disassociation requests that appear to be sent by valid equipment.

Wednesday, 11 January 2012

LDAP Security Feature

The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate electronic mail directory. Similarly, a telephone is a list of subscribers with an address and a phone number.

The Bind operation establishes the authentication state for a connection. Simple Bind can send the user's DN and password in plaintext, so the connection should be protected using Transport Layer Security (TLS). The server typically checks the password against the userPassword attribute in the named entry. Anonymous Bind (with empty DN and password) resets the connection to anonymous state. SASL (Simple Authentication and Security Layer) Bind provides authentication services through a wide range of mechanisms, e.g. Kerberos or the client certificate sent with TLS.

The StartTLS operation establishes Transport Layer Security (the descendant of SSL) on the connection. It can provide data confidentiality (to protect data from being observed by third parties) and/or data integrity protection (which protects the data from tampering). During TLS negotiation the server sends its X.509certificate to prove its identity. The client may also send a certificate to prove its identity. After doing so, the client may then use SASL/EXTERNAL. By using the SASL/EXTERNAL, the client requests the server derive its identity from credentials provided at a lower level (such as TLS). Though technically the server may use any identity information established at any lower level, typically the server will use the identity information established by TLS.

X.500 Security Feature


X.500 Directory Service is a standard way to develop an electronic directory of people in an organization so that it can be part of a global directory available to anyone in the world with Internet access.

Providing an X.500 directory allows an organization to make itself and selected members known on the Internet. Two of the largest directory service providers are InterNIC, the organization that supervises domain name registration in the U.S., and ESnet, which maintains X.500 data for all the U.S. national laboratories. ESNet and similar providers also provide access to looking up names in the global directory, using a number of different user interfaces including designated Web sites,whois, and finger. These organizations also provide assistance to organizations that are creating their own Directory Information Tree (DIT).

X.500 directories are quite often used in government and military environments where X.500's ability to offer a higher-level of security and secure replication in a distributed environment is appreciated.

X.400 and X.500 use the X.509 authentication framework directly:
  • Peer to peer server applications, such as X.500 DISP replication, will generally use two way authentication.
  • Client applications such as X.400 P7 or X.500 DAP may use two way authentication. In some situations one way authentication is also used, which may be when the client does not wish to authenticate the server, and when a client not using strong authentication wishes to strongly authenticate the server.
In addition,there are a number of standard protocols that support strong authentication. Strong authentication was initially developed for X.400 and X.500, and all of the peer protocols support strong authentication. In particular:
  • X.500 DAP, DSP and DISP.
  • X.400 P1, P3 and P7.

Microsoft’s Active Directory Security Feature

Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments.


Active Directory Features Includes:
·      Support for the X.500 standard for global directories
·      The capability for secure extension of network operations to the Web
·      A hierarchical organization that provides a single point of access for system administration      
(management of user accounts, clients, servers, and applications, for example) to reduce redundancy 
and errors. Examples: File directory of a operating system (UNIX, Windows), Domain Name Server 
(DNS), Network Information System
·      An object-oriented storage organization, which allows easier access to information
·      Support for the Lightweight Directory Access Protocol (LDAP) to enable inter-directory operability
·      Designed to be both backward compatible and forward compatible


References:
www.manageengine.com/ADManagerPlus
technet.microsoft.com/en-us/library/bb742424.aspx
technet.microsoft.com/en-us/library/cc737139(v=ws.10).aspx

Thursday, 5 January 2012

GPRS Security Feature, Threats and Solution


Figure 1: GPRS Security Model

2.1 GPRS SECURITY THREATS
There are mainly few main categories for security threats such as: Availability, Authentication & Authorization and Integrity & Confidentiality.

2.1.1 Availability
The most common type of attack on availability is a denial of service (DoS) attack. Several types of DoS attacks that are possible on the Gp interface:

-          Border Gateway bandwidth saturation: Malicious operation having the ability to generate a sufficient amount of network traffic directed at a Border Gateway such that legitimate traffic is starved for bandwidth in or out of the PLMN, thus denying roaming access to or from the network.

-          DNS Flood: DNS servers on the network can be flooded with either correctly or malformed DNS queries or other traffic thereby denying subscribers the ability to locate proper GGSN to use as an external gateway

2.1.2 Authentication & Authorization
It may be possible for an imposter to appear to be a legitimate subscriber when they are not.

-          Spoofed Create PDP Context Request: An attacker can use their own SGSN or a compromised SGSN to send an Update PDP Context Request to an SGSN which is handling an existing GTP session. The attacker can then insert their own SGSN into the GTP session and hijack the subscriber data connection.

2.1.3 Integrity & Confidentiality
- Should an attacker be in a position to access GTP or DNS traffic, they can potentially alter it mid-stream or discover confidential subscriber information.


References:
www.brookson.com/gsm/gprs.pdf
netscreen.com/solutions/literature/white_papers/200074.pdf
ijns.femto.com.tw/contents/ijns-v6.../ijns-2008-v6-n2-p158-169.pdf
www.tml.tkk.fi/Opinnot/Tik-110.501/2000/papers/peng.pdf
http://netscreen.com/solutions/literature/white_papers/200074.pdf

Wednesday, 4 January 2012

GSM Security Feature, Threats and Solution



Figure 1: GSM Architecture

1.1 GSM SECURITY


Figure 2: GSM Security Model

GSM security is needed to provide the client of a network with anonymity and privacy (confidentiality of user data) when making a call, to ensure the network operator bills the bills the correct client. In addition, it ensures that operators do not interfere with each other either accidentally or intentionally.


Therefore, the three key points is the security is: Authentication, Signal and Data Confidentiality and Identity Confidentiality.

1.1.1      Authentication
Figure 3: GSM Authentication

The GSM Security Model is based on a shared secret between the subscriber's home network's HLR and the subscriber's SIM. The shared secret, called Ki, is a 128-bit key. When the MS first comes to the area of a particular MSC, the MSC sends the Challenge of the first triple to the MS. The MS calculates a SRES with the A3 algorithm using the given Challenge and the Ki residing in the SIM. The MS then sends the SRES to the MSC, which can confirm that the SRES really corresponds to the Challenge sent by comparing the SRES from the MS and the SRES in the triple from the HLR. Thus, the MS has authenticated itself to the MSC.

1.1.2 Signal and Data Confidentiality
The SIM contains the ciphering key generating algorithm (A8) which is used to produce the 64-bit ciphering key (Kc). The ciphering key is computed by appling the same random number (RAND) used in the authentication process to the ciphering key generating algorithm (A8) with the individual subscriber authentication key (Ki). The ciphering key (Kc) is used to encrypt and decrypt the data between the MS and the BS.

1.1.3 Identity Confidentiality
To ensure subscriber identity confidentiality, the Temporary Mobile Subscriber Identity (TMSI) is used. The TMSI is sent to the mobile station after the authentication and encryption procedures have taken place. The MS then responds by confirming reception of the TMSI

In simple words: A3 (Authentication algorithm)
                         A8 (Key generation algorithm)
                         A5 (Encryption algorithm)



1.2 GSM THREATS

1.2.1 Denial of Service

-          However, due to the lack of authentication in the preliminary part of a mobile originated call, the GSM technology is vulnerable to denial of service (DoS) attacks (which takes place before authentication). In the DoS attacks, it may take on several forms of which the most common are causing the network not to transmit messages it should be sending in order to provide a service to legitimate clients or causing the network to send messages it should not; resulting in the failure of the network to distinguish legitimate traffic from the fake one.


1.2.2 Unilateral authentication and vulnerability to the man-in-the-middle attack
-    This is the network that authenticates users while the user does not authenticate network. Therefore, the attacker can use a false BTS with the same mobile network code as the subscriber’s legitimate network to impersonate himself and perform a man-in-the-middle attack.

1.2.2 Flaws in implementation of A3/A8 algorithm
-     Most of the operator uses COMP128 and through reverse engineering and some revealed documentations, many security flaws were subsequently discovered. In addition, COMP128 makes revealing Ki possible especially when specific challenges are introduced. It deliberately sets ten rightmost bits of Session Key equal to zero that makes the deployed cryptographic algorithms 1024 times weaker and more vulnerable due to the decreased key space.

1.3 GSM SOLUTIONS
Using secure algorithms for A3/A8 implementations:
-    This can thwart the dangerous SIM card cloning attack. This solution is profitable since the network operators can perform such improvement themselves without any need to the software and hardware manufacturers or the GSM consortium. However, this solution requires providing and distributing new SIM cards and modifying the software of the HLR.




References:
www.gsm-secure.co.uk/www.gsmworld.com/using/algorithms/
www.blackhat.com/presentations/bh-asia-01/gadiax.ppt
www.brookson.com/gsm/contents.htm
http://www.slideshare.net/Garry54/gsm-and-gprs-security
www.cs.huji.ac.il/~sans/students_lectures/GSM%20Security.ppt