Académique Documents
Professionnel Documents
Culture Documents
2
Agenda
GPRS basics
Mitigation measures
3
GPRS provides the communication backbone for
mobile societies
Industry Mobility
automation management
4
GPRS can encrypt data packets
Layer 3 – Data packets of typically 1,520 bytes are exchanged with backend.
Encryption should prevent intercept over-the-air and on transport links.
5
GPRS support different encryption levels, but
predominantly the weak ones are used
Protection
function Encryption Key length Used by
No encryption N/A Anybody?
GEA/0
6
Agenda
GPRS basics
Mitigation measures
7
GPRS networks are valuable to multiple attacks
Covered in this talks Covered in 27C3, 28C3 talks
Attacks
Passive Active
Fake base
GEA/0 Simple intercept
station
GEA/1
Crypt- Rainbow Phones
analysis tables downgrade
(where to GEA/0
GEA/2 IV is when asked
constant) by (fake)
base
GEA/3 station
8
GPRS interception only requires open source tools
Imple- 1. Start with Sylvain’s 4. Multiplex data from 7. LLC parsing (more
mented burst_ind branch multiple phones block defrag)
Adapta- 2. Pimp the USB cable 5. Channel decoding 8. Optional – Native
tions 3. Add multi-time-slot 6. RLC parsing (block RLC / LLC decoder
support defrag)
9
GPRS decode consists of 16 decoding chains
Channel
Frame RLC TBF LLC
TS0 decoding
2x FIFO parsing queues message
4 modes
(UL, DL) + block
defrag
TS1...TS7 [ Same decode process ]
10
GPRS “overcapsulates”
Example
X X …
BSN 0 1 2 3 4 5 127
Demux of 32
identifiers in
2 directions BSN 3 BSN 4 BSN 5
LLC 0 LLC 1 LLC 2 LLC 3 LLC 4 Padding
[ 63 x the same decode chain ]
11
Some GPRS networks do not use any encryption
Supposedly encryption hinders in-line data monitoring.
Hence some commercial networks use GEA/0—no encryption!
12
GEA/1 mostly mitigates A5/1’s rainbow table
attacks but opens new crypto holes Bold = better
13
GPRS lacks
good non-
linearity
14
Agenda
GPRS basics
Mitigation measures
15
Not securing mobile data would be negligent
GPRS is here Mobile data traffic* [TB/month]
to stay
A B
Securing GPRS Short term mitigation: Mid/long term need:
requires actions Application must Networks must
from networks and protect themselves upgrade encryption
application authors
16
*Source: Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update (February 1, 2011)
A Mobile applications should start using internet-
grade encryption Well encrypted* Not encrypted
Example – iPhone
applications GPRS / Internet
Some mobile
Mail
application and
most mobile web
Most critical sites send data
applications
unencrypted over
GPRS
SMS
20% of tested
messaging apps SSL, proudly used
on the internet
since 1994, could
Many mobile
web sites easily protect all
this data
17
*Some iOS versions use vulnerable SSL implementations that can be abused in a fake base station attack
B GPRS network wish list – Continuous
improvements
Immediately – Mid term – Long term – Mobile data finally
Switch on Add mutual Upgrade to USIM + secure against todays
encryption authentication 128bit GEA/4 threats
2. Execute mutual
authentication from
Java Applet before
generating GPRS key
3. Use GEA/3 to
secure connection
18
GPRS currently is a risk to mobile societies
Questions?
Karsten Nohl, nohl@srlabs.de
Luca Melette, luca@srlabs.de
19