Cloud has been in the news recently for not the right reasons. The main worry with cloud is not just where your data is located and who can have access to it but also if some rogue person or institution gets access what they will do with your data. Then there is also an issue of which third party programs are allowed to access your data and they may not be as strict in complying with the security requiremenys as the original cloud platform.
I like Dropbox (even though I am still a free user) but it is used as an example in many case studies for security related to cloud. A quick search on Google and some useful links summarising the issues with Dropbox security here, here and here.
A user on slideshare recently uploaded many presentations from the Cloud Asia 2013 in Singapore here. One of the presentations that I really liked is embedded below.
The two main things from the presentation that I really want to highlight is the Worldwide compliance which can be a bit of an issue once you want to offer your service universally and the other is the different level of encryption that is required to keep the data secure. Pictures of both as follows:
Hotspot 2.0 is about certifying the hotspot itself, providing authentication using SIMs or certificates and the 802.11i standard, and using the recent 802.11u standard to provide performance and other information about the hotspots visible to a device. This will allow you to roam onto a hotspot with good connectivity that you have the right account to use, doing away with the need to select the network or enter your details into a web page, as you do today. The Wi-Fi Alliance deals with the Wi-Fi hardware and the authentication specification under the name Passpoint, but this certification doesn't cover everything. The Wireless Broadband Alliance is a group of mobile and Wi-Fi operators that takes the Passpoint certification and ensures interoperability with other parts of the network — including authenticating to carriers' remote access RADIUS (Remote Authentication Dial-In User Service) servers, as well as roaming and billing. "Next Generation Hotspot is the implementation of Hotspot 2.0 into a real, live network", explains Nigel Bird, the NGH Standardisation Manager at Orange Group.
A new program called Next Generation Hotspot (NGH) - using the latest HotSpot 2.0 specification1 - allows a mobile subscriber to connect automatically and securely to Hotspots using his service provider credentials while maintaining roaming visibility for the operator. NGH enables operators to continuously monitor and manage “cellular-like” service over Wi-Fi domestically and internationally so as to enhance performance and meet the demand for mobile data services over heterogeneous RANs - cellular and Wi-Fi. This enables mobile operators to simultaneously optimize backhaul throughput, offload specific traffic rapidly (e.g. video) and achieve better economics than traditional, cellular-only solutions.
The Wireless Broadband Appliance (WBA) and Small Cells Forum recently announced collaboration on this topic, see here.
More details are available in this presentation embedded below:
With the ease and availability of easy WiFi, it would be the preferred access technology whenever possible. Cellular access would be generally reserved for mobility scenarios or where there is no wifi network to allow access.
Another interesting observation from above is that the survey puts WiFi and Cellular security to the same level. Though the cellular is more secure in case of an open public WiFi scenario where an eavesdropper may be able to get hold of login/password information it is generally at the same level of security to a secured WiFi. On the other hand with cellular, lawful interception may be much more easy as compared to using secure WiFi.
I am sure that the content of last paragraph are debatable and am happy to hear your viewpoints.
A slidecast of the Cisco whitepaper mentioned above is embedded as follows:
This Work Item aims to provide service requirements for interworking of the operator-centric identity management with the user-centric Web services provided outside of an operator’s domain. Specifically, it addresses integration of SSO and the 3GPP services, which is essential for operators to leverage their assets and their customers’ trust, while introducing new identity services. Such integration will allow operators to become SSO providers by re-using the existing authentication mechanisms in which an end-user’s device effectively authenticates the end user.
For the operator to become the preferred SSO Identity Provider might require integration of the operator core with existing application service / content providers to allow the usage of credentials on the UE for SSO services. The 3GPP operator may leverage its trust framework and its reliable and robust secure credential handling infrastructure to provide SSO service based on operator-controlled credentials. Such SSO integration has to work with varied operator authentication configurations.
The Objective is to provide a comprehensive set of service requirements for the integration of SSO frameworks with 3GPP network by building upon the work done in the related feasibility study FS_SSO_Int (published in TR 22.895) as well as previously published related technical reports. This Work Item covers the following:
•Service requirements for integration of Identity Management and SSO frameworks, e.g. OpenID;
•Service requirements for Operators to enable users to access 3rd party services using Operator controlled user credentials;
•Service requirements associated with ensuring that the intended user is making use of the associated SSO capability (including the case when the UE has been stolen or lost).
3GPP TR 22.895 V12.0.0 - Study on Service aspects of integration of Single Sign-On (SSO) frameworks with 3GPP operator-controlled resources and mechanisms (Release 12) is an interesting read that provides use cases for SSO
The diagram above is from an interesting paper titled "Multi-domain authentication for IMS" that describes SSO and other authentication procedures and introduces the advantage of SSO.
When a UE registers on a network in 2G/3G or LTE, it has to perform Authentication. The Authentication Vectors are located in the USIM for the device and in Authentication Center (AuC) in the network. Once the Authentication is performed successfully, then the Keys for Ciphering and Integrity are derived and used during the call.
As I showed in my earlier post here, It is possible that the same AuC is used for 2G/3G and LTE networks. In this case if the UE has recently performed Authentication in one network then unless the keys are old, there is no need to perform the Authentication again in the other radio access technology (RAT). The Security keys (Ciphering and Integrity key) would be derived based on the keys in the previous RAT. 3GPP TS 33.102 and 3GPP TS 33.401 gives the details on how to derive the key from the previous RAT while in the new RAT using this mapped security concept.
Couple of weeks back, The Hacker’s Choice (THC) made available some documents about how the Vodafone's (UK) Femtocell (a.k.a. SureSignal) is unsecure and can be hacked. Everyone seemed to jump on this bandwagon with some news articles even sounding like the whole Vodafone network has been hacked and hackers may be sending messages and making calls via your phone number.
In the end it came to light that the problem was fixed over a year back when Vodafone was made aware of this problem. THC is still arguing that there is an architecture fault and the Femto can be compromised.
As a result I decided to think about what could happen if the Femtocell is hacked.
Lets take case of UMTS Femtocell. A simple network architecture with femtocell (oficially known as Home NodeB) is as follows:
As you can see, the signalling over the air interface is encrypted and integrity protected. If a hacker is able to get into the Femto and able to listen to all the packets using some tool like WireShark, he would be able to get hold of the Ciphering and Integrity Keys as they come in cleartext in the RANAP Security Mode Command message.
It wouldnt be difficult to have a device that can listen to the conversations once provided with this keys. In fact if the hacker is able to listen to the messages, there is no reason he cannot stick his own messages at the right interval (when a voice call is ongoing) to send SMS and would appear that the message actually went from the phone number. Note that this message would be inserted in the Home NodeB and would be a NAS message. The end user would generally never find out that a message has been sent on behalf of his phone.
One thing that should be remembered though is that the phone would have to be in the range of the Femtocell and connected successfully to the network (via the Femto). One question someone may have is that can I not reverse engineer the key so that I can clone the SIM card. Fortunately for us, this is not easily possible. There are multiple levels of protection and generally it would be difficult to get the algorithms for generating the key. Also it should be noted that the authentication algorithms are confidential and only the operators know the algorithm.
Now lets look at the LTE Femtocell (a.k.a. Home eNodeB) as shown below:
One of the differences you may notice is that the signalling from Femto to the Core Network over S1 is encrypted and Integrity Protected. In case of the LTE Femto, there are multiple keys and only the required key (Kenb) is provided to the Femto. See the key hierarchy below:
This would sound like an ideal protection from the end user perspective but some of the problems still remain. If the hacker can get hold of the Kenb which is sent in cleartext over the S1 interface via Initial Context Setup Request message then he could easily use it to listen to the packets. Since there is no voice support as of yet in LTE, it would only be the packets that the hacker can listen to.
As you may notice, there is now an Integrity and Ciphering on the S1 interface for the UE messages, the hacker cannot get hold of the Kasme or the master keys K, CK and IK. This means that he cannot insert rouge messages that would for example send unsolicited SMS on behalf of the user as he would be able to do in case of UMTS.
There is a small caveat though. There are multiple Ciphering and Integrity algorithms defined in the standard. No ciphering is defined as eea0 algorithm. In Release-8 of LTE, there was no possibility to have Integrity switched off as there was no eia0 algorithm defined. In Release-9 though, the new eia0 has been defined which means that the network can set the Integrity to NULL. I am sure that the network would not want to do so as it makes absolutely no sense but the hacker can force it to do so.
When the Network requests the UE to send the capability information, the hacker can force it to say that it only supports eia0 and eea0 which would mean that the integrity and ciphering in the call would be off. To be honest, this is quite a difficult thing to do in real time and also the network would not accept a UE that does not support other Integrity and Ciphering algorithms.
3GPP has already forseen these kind of threats that could be affecting the networks in the future when they roll out the Femtocells. As a result they have produced 3GPP TR 33.820 that lists all the possible threats and the best practices that can help to minimise the chances of the network being compromised. If that document is too big and technical, you can go though this presentation as it summarises some of the problems.
Feel free to comment or correct any mistakes that you think I have made.
I have in the past discussed about Smart Grids and Smart meters in this post and have mentioned some of the privacy concerns. Each electrical device has its signature which could be exploited by some rogue elements to find out if there are any people in the household or itss empty. If its empty they could take advantage by breaking in the house, etc.
Last week I heard a presentation by Onzo in a Cambridge Wireless event about Smart meters (embedded below). This was the most detailed presentation I saw that explained how this data from the smart meters
If you browse the slides you will notice that the device signatures can be used to pinpoint the type of device and in most cases also the make and model of the device. It can even point out if a device is malfunctioning or about to breakdown. The customers can get a detailed summary of the main appliances in the house and how much electricity they consume and this would be without any physical intervention in the electrical circuit in the place.
I am sure that are many positive uses of this data and can be used by various governmental agencies to learn more about people behaviour, use it for monitoring crimes (think CSI) and many other advanced services that may not yet be imaginable but the privacy concerns and worries will remain.
The presentation below starts from slide 21 that shows the data part but feel free to view the previous slides.
Finally, I would like to mention that most of the information I have seen about Smart meters actually only include Electric meters. I find it difficult to foresee how we would have smart meters for Gas, Water and Sewage and how the data can be exploited in a positive way.
Regular readers may have realised that Security is one of my favourite topics. Having worked on Security extensively in UMTS and now in LTE, I am always keen to have a complete understanding of the Security aspects of UMTS / LTE.Here is a presentation from a 3GPP workshop held in Bangalore in May 2011. 3GPP LTESecurity Aspects
I did mention in my earlier blog post about the new algorithm for 3GPP LTE-A Security. The good news is that this would be out hopefully in time for the Release-11.
The following from 3GPP Docs:
The current 3GPP specifications for LTE/SAE security support a flexible algorithm negotiation mechanism. There could be sixteen algorithms at most to support LTE/SAE confidentiality and integrity protection. In current phase, 3GPP defines that there are two algorithms used in EPS security, i.e. SNOW 3G and AES. The remaining values have been reserved for future use. So it is technically feasible for supporting new algorithm for LTE/SAE ciphering and integrity protection.
Different nations will have different policies for algorithm usage of communication system. The current defined EPS algorithm may not be used in some nations according to strict policies which depend on nation’s security laws. Meanwhile, operators shall implement their networks depending on national communication policies. To introduce a new algorithm for EPS security will give operators more alternatives to decide in order to obey national requirements.
Some work has been done to adapt LTE security to national requirements about cryptography of LTE/SAE system, i.e. designing a new algorithm of EPS security, which is named ZUC (i.e. Zu Chongzhi, a famous Chinese scientist name in history). Certainly the new algorithm should be fundamentally different from SNOW 3G and AES, so that an attack on one algorithm is very unlikely to translate into an attack on the other.
The objective of this work item is to standardise a new algorithm in EPS. This will include the following tasks:
•To develop new algorithms for confidentiality and integrity protection for E-UTRAN
•To enable operators to quickly start to support the new algorithm
•Not to introduce any obstacle for R8 roaming UE
The following issues should at least be handled in the WI:
•Agree requirement specification with ETSI SAGE for development of new algorithms
•Delivery of algorithm specification, test data and design and evaluation reports
The algorithm is provided for 3GPP usage on royalty-free basis.
The algorithm shall undergo a sequential three-stage evaluation process involving first ETSI SAGE, then selected teams of cryptanalysts from academia and finally the general public.
The documents related to the EEA3 and EIA3 algorithm could be downloaded from here.