SlideShare a Scribd company logo

4g security presentation

Kyle Ly, profile picture
Kyle Ly

The key security elements for 4G include key security for authentication between network components, authorization using authentication vectors, and key management for key establishment and distribution. However, 4G networks are susceptible to interference, jamming, location tracking, bandwidth theft, and denial of service attacks due to their open and standardized nature. Proper security mechanisms must be implemented to protect users and critical network infrastructure.

1 of 25
1
2
3
Most read
4
5
6
7
8
9
10
11
12
13
14
Most read
15
16
17
Most read
18
19
20
21
22
23
24
25
4G Network Security By: Kyle Ly
Schedule What Is 4G? LTE Architecture & Design WiMAX Architecture & Design 4G Security Issues
What is 4G 4G is the fourth generation of mobile phone mobile communications standard Offers mobile ultra-broadband Internet access, for example to laptops with USB wireless modems, to smartphones, and to other mobile devices Two 4G candidate systems are commercially deployed: - the Mobile WiMAX standard (at first in South Korea in 2006), - the first-release Long Term Evolution(LTE) standard (in Oslo, Norway since 2009).
4G vs 3G 4G wireless communications allow for significant increases in data rates over 2G (second generation), 3G (third generation) and 3.5G wireless technologies. 4G wireless networks is based on the TCP/IP architecture By moving to an open set of communication protocols (TCP/IP suite) there is an anticipated increase in security issues compared previous generations Intended to drive costs down since other type of networks used IP for networking as well.
LTE Standard for wireless communication of high-speed data for mobile phones and data terminals Based on the GSM/EDGE and UMTS/HSPA network technologies Increases the capacity and speed using a different radio interface together with core network improvement Developed by the 3GPP (3rd Generation Partnership Project) 
LTE Architecture • Smart phones or laptops connect to the wireless network through the eNodeB within the Evolved UMTS Terrestrial Radio Access Network (E-UTRAN). • The E-UTRAN connects to the Evolved Packet Core (EPC) which is IP-based. • The EPC connects to the provider wire line IP network. • Mobility Management Entity (MME) does all the control and security related tasks such as authentication and integrity protection • PDN Gateway (PGW) allows the user to connect to external data networks. • Home Subscriber Server (HSS) contains all the information regarding the static subscriber for authentication purposes
LTE Architecture
LTE Security Design 4 main elements: •Key Security: generates key that allows the E-UTRAN and EPS to communicate each other as well as protecting the traffic between different components of the E-UTRAN and EPS. The keys are generated by the Key Derivation Function. •Authorization: authentication vectors are generated based on sequence numbers that are retrieved between the messages. The authentication vector is then passed into security algorithms for further processing with ciphering •Key Management: Key establishment, key distribution, and key generation done via the EPS procedure. •Unique Identifiers: Every user has unique id to prevent confusion.
WiMAX Refers to interoperable implementations of the IEEE 802.16 family of wireless-networks standards ratified by the WiMAX Forum WiMAX can provide at-home or mobile Internet access across whole cities or countries. Wireless communications standard designed to provide 30 to 40 megabit-per-second data rates
WI Max Architecture • Authentication, Authorization, and Accounting (AAA) server located in the Connectivity Service Network (CSN) processes control signals from the Access Service Network (ASN-GW) to authenticate the Mobile Station (MS) against the MS’s profile stored in the AAA server’s database. • Once authenticated, the AAA server sends the MS’s profile to the ASN-GW. • The Home Agent (HA) processes control signals from the ASN-GW and assigns a Mobile IP address to the MS and anchors the IP payload. • The HA server provides connectivity to the Internet for data traffic
WI Max Architecture
WiMax Security Design • The IEEE 802.16 standard defines the medium access control (MAC) layer for the wireless link between a BS and a MS. • The MAC layer is the security layer. • This security layer handles (i) authentication and authorization (ii) key management/distribution (iii) encryption.
4G Security Issues Interference Scrambling Attacks Signal Jamming Location Tracking Issues Key Management Issues Bandwidth Issues Denial Of Service Attacks Open Nature
Interference • Inserting man-made interference onto a medium, a communication system can stop functioning due to a high signal-to-noise ratio. • Interference attacks can be easily carried out as the equipment and knowledge to carry out such attacks are widely available • Interference is easy to detect using radio spectrum monitoring equipments.
Scrambling Attacks • Scrambling is a form of interference which is activated for short intervals of time. • It is targeted against a specific frame or parts of frames. • The attacker may target management or control information of a particular user to disrupt service. • However, the attacker has to be sophisticated and knowledgeable since specific frames and time slots must be identified for the attack to be successful. • Difficult to implement successfully
Signal Jamming • High-speed wireless data networks are vulnerable to a simple jamming technique that could block service across much of a city • Radio frequency can be blocked, or “jammed,” if a transmitter sends a signal at the same frequency, • The LTE signal is very complex, made up of many subsystems, and in each case, if you take out one subsystem, you take out the entire base station. • All that is required is a laptop and an inexpensive software-defined radio unit and battery power.
Location tracking • Tracking the UE presence in a particular cell or across multiple cells. • Location tracking is made possible by tracking a combination of the Cell Radio Network Temporary Identifier (C-RNTI) with handover signals or with packet sequence numbers • C-RNTI is transmitted in clear text, an attacker can determine whether the UE using the C-RNTI is still in the same cell or not. • An attacker can link the new C-RNTI from the Handover Command message and the old C-RNTI
Key Management • Key management for WiMAX at the MS has been designed to safeguard it from replay attacks. • The MS can determine if a Key Reply message is new or old. This is possible since the old Traffic Encryption Key (TEK) and new TEK are included in the Key Reply message. • However, if an attacker replays Key Request messages to the BS, it can trigger frequent exchange of keying materials. • This will cause confusion at the MS and exhaust resources at the BS
Bandwidth Stealing • Leech the bandwidth from the user's device. • Buffer status reports are used as input information for packet scheduling, load balancing, and admission control. • Due to the nature of the packet scheduling algorithm, by sending a false buffer report the eNodeB will think that the user's device has nothing to send.
Denial of service attacks Denial of Service (DoS) attacks are a concern for WiMAX networks. A DoS attack can be initiated via simple flooding, attacking unauthenticated management frames. The MS authenticates the BS using RSA authentication. The BS has to sign and reply with its public key. Processing of public key encryption and signature is CPU intensive. If flooded with false requests, the BS will be very busy computing and evaluating digital signatures and will be unable to serve any other requests
Open Nature • Departure from proprietary operating systems for hand held devices to open and standardized operating systems • Open nature of the network architecture and protocols (IP-based). • With this move to open protocols and standards, 4G wireless networks are now susceptible to computer attack techniques present on the Internet. • Such networks will be increasingly vulnerable to a range of security attacks including for example Malware, Trojans and Viruses
Conclusion • 4G is still relatively new technology that provides high speed data rates to mobile devices. • 4G consists of the LTE and WiMAX networks • 4G network are prone to many security threats due to the open nature of the architecture and standards.
References [1] A. Bikos, “LTE/SAE Security Issues on 4G Wireless Networks”, Security & Privacy, IEEE, vol. PP, issue 99, pp. 1, Oct. 2012.  [2] N. Seddigh et al., “Security advances and challenges in 4G wireless networks”, in Privacy Security and Trust (PST), 2010 Eighth Annual International Conf., Ottawa., ON, 2010, pp. 62 - 71.  [3] Chan-Kyu Han, Hyoung-Kee Choi, "Security Analysis of Handover Key Management in 4G LTE/SAE Network," IEEE Transactions on Mobile Computing, vol. PP, issue 99, pp. 1, Nov. 2012.  [4] D. Talbot, "One Simple Trick Could Disable a City’s 4G Phone Network," blog, 14 Nov. 2012; http://www.technologyreview.com/news/507381/one-simple-trick-could-disable-a- citys-4g-phone-network. [5] Krio Media, “Security in 4G and Other Mobile Networks”, blog, http://www.krio.me/security-in-4g-and-other-mobile-networks.
Questions?
Thank You !

More Related Content

PPTX
carrier aggregation for LTE
Jenil. Jacob
 
PDF
IEEE 802.11 Architecture and Services
Sayed Chhattan Shah
 
PPT
HANDOFF
AJAL A J
 
ODP
UMTS, Introduction.
Mateen Shahid
 
PDF
Signalling in EPC/LTE
Leliwa
 
PPT
SPREAD SPECTRUM
METHODIST COLLEGE OF ENGG & TECH
 
PPTX
Sim cards
faizlap
 
PDF
Simplified Call Flow Signaling: 2G/3G Voice Call
3G4G
 
carrier aggregation for LTE
Jenil. Jacob
 
IEEE 802.11 Architecture and Services
Sayed Chhattan Shah
 
HANDOFF
AJAL A J
 
UMTS, Introduction.
Mateen Shahid
 
Signalling in EPC/LTE
Leliwa
 
SPREAD SPECTRUM
METHODIST COLLEGE OF ENGG & TECH
 
Sim cards
faizlap
 
Simplified Call Flow Signaling: 2G/3G Voice Call
3G4G
 

What's hot (20)

PDF
Lte system signaling procedures
tharinduwije
 
PPTX
WCDMA
Harshal Tiwari
 
PPTX
2 g data call flow
Alfred Ongere
 
PPT
LTE - Long Term Evolution
Arief Gunawan
 
PDF
Lte ue initial attach & detach from networkx
tharinduwije
 
PDF
UMTS core network and its evolution
Naveen Jakhar, I.T.S
 
PPT
UMTS OVERVIEW
Abdulqader Al-kaboudei
 
PPTX
Introduction to Mobile Core Network
yusufd
 
PPTX
Lte(long term evolution) 4G LTE
kaishik gundu
 
PDF
Gsm interfaces
Sai Sankar Gochhayat
 
PDF
LTE EPC Technology Essentials
Hussien Mahmoud
 
PPTX
cellular concepts in wireless communication
asadkhan1327
 
PPT
10 Slides to SMS
seanraz
 
PDF
LTE network: How it all comes together architecture technical poster
David Swift
 
PPTX
Communication Asymmetry - Mobile Computing
Akshay Nagpal
 
PPTX
Evolution of mobile cellular communication
Md. Saddam Hossain Noyon
 
PPT
Ethernet
T Uppili Srinivasan
 
PPT
GSM ARCHITECTURE
Abhishek Shringi
 
PPTX
Gsm security and encryption
RK Nayak
 
PDF
An Introduction to Macrocells & Small Cells
3G4G
 
Lte system signaling procedures
tharinduwije
 
WCDMA
Harshal Tiwari
 
2 g data call flow
Alfred Ongere
 
LTE - Long Term Evolution
Arief Gunawan
 
Lte ue initial attach & detach from networkx
tharinduwije
 
UMTS core network and its evolution
Naveen Jakhar, I.T.S
 
UMTS OVERVIEW
Abdulqader Al-kaboudei
 
Introduction to Mobile Core Network
yusufd
 
Lte(long term evolution) 4G LTE
kaishik gundu
 
Gsm interfaces
Sai Sankar Gochhayat
 
LTE EPC Technology Essentials
Hussien Mahmoud
 
cellular concepts in wireless communication
asadkhan1327
 
10 Slides to SMS
seanraz
 
LTE network: How it all comes together architecture technical poster
David Swift
 
Communication Asymmetry - Mobile Computing
Akshay Nagpal
 
Evolution of mobile cellular communication
Md. Saddam Hossain Noyon
 
Ethernet
T Uppili Srinivasan
 
GSM ARCHITECTURE
Abhishek Shringi
 
Gsm security and encryption
RK Nayak
 
An Introduction to Macrocells & Small Cells
3G4G
 
Ad

Viewers also liked (7)

PDF
4G LTE Security - What hackers know?
Stephen Kho
 
PDF
LTE :Mobile Network Security
Satish Chavan
 
PDF
Security In LTE Access Network
Sukhvinder Singh Malik
 
DOCX
Lte security solution white paper(20130207)
Mohamed Tharwat Waheed
 
PDF
Lte security concepts and design considerations
Mary McEvoy Carroll
 
PDF
Lte security overview
aliirfan04
 
PDF
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
hmatthews1
 
4G LTE Security - What hackers know?
Stephen Kho
 
LTE :Mobile Network Security
Satish Chavan
 
Security In LTE Access Network
Sukhvinder Singh Malik
 
Lte security solution white paper(20130207)
Mohamed Tharwat Waheed
 
Lte security concepts and design considerations
Mary McEvoy Carroll
 
Lte security overview
aliirfan04
 
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
hmatthews1
 
Ad

Similar to 4g security presentation (20)

PPTX
Lecture 5,6 [Autosavedaot IOT ]slides.pptx
sarfarazkhanwattoo
 
PPTX
1.pptx
VenkatesanSatheeswar
 
PPTX
Mobile Compute ( Transmitter & receiver)
LaxmiPrasannaKumarEC
 
PPTX
Wireless communication technologies
Chandrakant Choure
 
PPT
5G 2
IGDTUW
 
PPT
ET_M.Tech_.SEM I_BWT_MMD_ MODULE 5.ppt
AquibKhan273848
 
PPTX
Lecturlecturelecture lecture lecture e 1.pptx
AbdelhameedRabieaaKh
 
PPTX
IOT PROTOCOLS.pptx
DRREC
 
DOC
networking tutorial
Raj Alam
 
PDF
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...
IRJET Journal
 
PPTX
Recent Trends in Wireless communication
JigsAshley
 
PDF
A novel password based authentication technique for 4 g mobile communications
eSAT Journals
 
PDF
A novel password based mutual authentication technique for 4 g mobile communi...
eSAT Publishing House
 
PPTX
Wireless Network security
Fathima Rahaman
 
PDF
wns-unit-1-i-need-a-notes-that-has-to-be-useful-for-preparing-my-sem-examinat...
TalluriMeghana
 
PDF
Advanced Security Management in Metro Ethernet Networks
IJNSA Journal
 
PPTX
WPAN technologies and its wipe spread usage
hodcse768718
 
PDF
IoT Standards & Ecosystem
Harish Vadada
 
DOCX
1Table of Contents.docx
felicidaddinwoodie
 
PDF
Module 03 IoT Networking.............pdf
arabnuradin
 
Lecture 5,6 [Autosavedaot IOT ]slides.pptx
sarfarazkhanwattoo
 
1.pptx
VenkatesanSatheeswar
 
Mobile Compute ( Transmitter & receiver)
LaxmiPrasannaKumarEC
 
Wireless communication technologies
Chandrakant Choure
 
5G 2
IGDTUW
 
ET_M.Tech_.SEM I_BWT_MMD_ MODULE 5.ppt
AquibKhan273848
 
Lecturlecturelecture lecture lecture e 1.pptx
AbdelhameedRabieaaKh
 
IOT PROTOCOLS.pptx
DRREC
 
networking tutorial
Raj Alam
 
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...
IRJET Journal
 
Recent Trends in Wireless communication
JigsAshley
 
A novel password based authentication technique for 4 g mobile communications
eSAT Journals
 
A novel password based mutual authentication technique for 4 g mobile communi...
eSAT Publishing House
 
Wireless Network security
Fathima Rahaman
 
wns-unit-1-i-need-a-notes-that-has-to-be-useful-for-preparing-my-sem-examinat...
TalluriMeghana
 
Advanced Security Management in Metro Ethernet Networks
IJNSA Journal
 
WPAN technologies and its wipe spread usage
hodcse768718
 
IoT Standards & Ecosystem
Harish Vadada
 
1Table of Contents.docx
felicidaddinwoodie
 
Module 03 IoT Networking.............pdf
arabnuradin
 

4g security presentation

  • 1. 4G Network Security By: Kyle Ly
  • 2. Schedule What Is 4G? LTE Architecture & Design WiMAX Architecture & Design 4G Security Issues
  • 3. What is 4G 4G is the fourth generation of mobile phone mobile communications standard Offers mobile ultra-broadband Internet access, for example to laptops with USB wireless modems, to smartphones, and to other mobile devices Two 4G candidate systems are commercially deployed: - the Mobile WiMAX standard (at first in South Korea in 2006), - the first-release Long Term Evolution(LTE) standard (in Oslo, Norway since 2009).
  • 4. 4G vs 3G 4G wireless communications allow for significant increases in data rates over 2G (second generation), 3G (third generation) and 3.5G wireless technologies. 4G wireless networks is based on the TCP/IP architecture By moving to an open set of communication protocols (TCP/IP suite) there is an anticipated increase in security issues compared previous generations Intended to drive costs down since other type of networks used IP for networking as well.
  • 5. LTE Standard for wireless communication of high-speed data for mobile phones and data terminals Based on the GSM/EDGE and UMTS/HSPA network technologies Increases the capacity and speed using a different radio interface together with core network improvement Developed by the 3GPP (3rd Generation Partnership Project) 
  • 6. LTE Architecture • Smart phones or laptops connect to the wireless network through the eNodeB within the Evolved UMTS Terrestrial Radio Access Network (E-UTRAN). • The E-UTRAN connects to the Evolved Packet Core (EPC) which is IP-based. • The EPC connects to the provider wire line IP network. • Mobility Management Entity (MME) does all the control and security related tasks such as authentication and integrity protection • PDN Gateway (PGW) allows the user to connect to external data networks. • Home Subscriber Server (HSS) contains all the information regarding the static subscriber for authentication purposes
  • 8. LTE Security Design 4 main elements: •Key Security: generates key that allows the E-UTRAN and EPS to communicate each other as well as protecting the traffic between different components of the E-UTRAN and EPS. The keys are generated by the Key Derivation Function. •Authorization: authentication vectors are generated based on sequence numbers that are retrieved between the messages. The authentication vector is then passed into security algorithms for further processing with ciphering •Key Management: Key establishment, key distribution, and key generation done via the EPS procedure. •Unique Identifiers: Every user has unique id to prevent confusion.
  • 9. WiMAX Refers to interoperable implementations of the IEEE 802.16 family of wireless-networks standards ratified by the WiMAX Forum WiMAX can provide at-home or mobile Internet access across whole cities or countries. Wireless communications standard designed to provide 30 to 40 megabit-per-second data rates
  • 10. WI Max Architecture • Authentication, Authorization, and Accounting (AAA) server located in the Connectivity Service Network (CSN) processes control signals from the Access Service Network (ASN-GW) to authenticate the Mobile Station (MS) against the MS’s profile stored in the AAA server’s database. • Once authenticated, the AAA server sends the MS’s profile to the ASN-GW. • The Home Agent (HA) processes control signals from the ASN-GW and assigns a Mobile IP address to the MS and anchors the IP payload. • The HA server provides connectivity to the Internet for data traffic
  • 12. WiMax Security Design • The IEEE 802.16 standard defines the medium access control (MAC) layer for the wireless link between a BS and a MS. • The MAC layer is the security layer. • This security layer handles (i) authentication and authorization (ii) key management/distribution (iii) encryption.
  • 13. 4G Security Issues Interference Scrambling Attacks Signal Jamming Location Tracking Issues Key Management Issues Bandwidth Issues Denial Of Service Attacks Open Nature
  • 14. Interference • Inserting man-made interference onto a medium, a communication system can stop functioning due to a high signal-to-noise ratio. • Interference attacks can be easily carried out as the equipment and knowledge to carry out such attacks are widely available • Interference is easy to detect using radio spectrum monitoring equipments.
  • 15. Scrambling Attacks • Scrambling is a form of interference which is activated for short intervals of time. • It is targeted against a specific frame or parts of frames. • The attacker may target management or control information of a particular user to disrupt service. • However, the attacker has to be sophisticated and knowledgeable since specific frames and time slots must be identified for the attack to be successful. • Difficult to implement successfully
  • 16. Signal Jamming • High-speed wireless data networks are vulnerable to a simple jamming technique that could block service across much of a city • Radio frequency can be blocked, or “jammed,” if a transmitter sends a signal at the same frequency, • The LTE signal is very complex, made up of many subsystems, and in each case, if you take out one subsystem, you take out the entire base station. • All that is required is a laptop and an inexpensive software-defined radio unit and battery power.
  • 17. Location tracking • Tracking the UE presence in a particular cell or across multiple cells. • Location tracking is made possible by tracking a combination of the Cell Radio Network Temporary Identifier (C-RNTI) with handover signals or with packet sequence numbers • C-RNTI is transmitted in clear text, an attacker can determine whether the UE using the C-RNTI is still in the same cell or not. • An attacker can link the new C-RNTI from the Handover Command message and the old C-RNTI
  • 18. Key Management • Key management for WiMAX at the MS has been designed to safeguard it from replay attacks. • The MS can determine if a Key Reply message is new or old. This is possible since the old Traffic Encryption Key (TEK) and new TEK are included in the Key Reply message. • However, if an attacker replays Key Request messages to the BS, it can trigger frequent exchange of keying materials. • This will cause confusion at the MS and exhaust resources at the BS
  • 19. Bandwidth Stealing • Leech the bandwidth from the user's device. • Buffer status reports are used as input information for packet scheduling, load balancing, and admission control. • Due to the nature of the packet scheduling algorithm, by sending a false buffer report the eNodeB will think that the user's device has nothing to send.
  • 20. Denial of service attacks Denial of Service (DoS) attacks are a concern for WiMAX networks. A DoS attack can be initiated via simple flooding, attacking unauthenticated management frames. The MS authenticates the BS using RSA authentication. The BS has to sign and reply with its public key. Processing of public key encryption and signature is CPU intensive. If flooded with false requests, the BS will be very busy computing and evaluating digital signatures and will be unable to serve any other requests
  • 21. Open Nature • Departure from proprietary operating systems for hand held devices to open and standardized operating systems • Open nature of the network architecture and protocols (IP-based). • With this move to open protocols and standards, 4G wireless networks are now susceptible to computer attack techniques present on the Internet. • Such networks will be increasingly vulnerable to a range of security attacks including for example Malware, Trojans and Viruses
  • 22. Conclusion • 4G is still relatively new technology that provides high speed data rates to mobile devices. • 4G consists of the LTE and WiMAX networks • 4G network are prone to many security threats due to the open nature of the architecture and standards.
  • 23. References [1] A. Bikos, “LTE/SAE Security Issues on 4G Wireless Networks”, Security & Privacy, IEEE, vol. PP, issue 99, pp. 1, Oct. 2012.  [2] N. Seddigh et al., “Security advances and challenges in 4G wireless networks”, in Privacy Security and Trust (PST), 2010 Eighth Annual International Conf., Ottawa., ON, 2010, pp. 62 - 71.  [3] Chan-Kyu Han, Hyoung-Kee Choi, "Security Analysis of Handover Key Management in 4G LTE/SAE Network," IEEE Transactions on Mobile Computing, vol. PP, issue 99, pp. 1, Nov. 2012.  [4] D. Talbot, "One Simple Trick Could Disable a City’s 4G Phone Network," blog, 14 Nov. 2012; http://www.technologyreview.com/news/507381/one-simple-trick-could-disable-a- citys-4g-phone-network. [5] Krio Media, “Security in 4G and Other Mobile Networks”, blog, http://www.krio.me/security-in-4g-and-other-mobile-networks.