I have decided to blog about mobile security and security in general here.
San Diego Telecom Council had arranged a talk by Greg Rose of Qualcomm today with the topic "Hackers and Mobile Phones: who will win ?". Greg Rose is an Australlian cryptographer who had "accidentally" cracked the weaknesses in CDMA on air ciphering. I had attended one of his earlier talks while I was at Qualcomm. So I had to attend this...
It was a very short talk (only about 45 mins). Greg explained the basics of security:
Protocols - Usually assume agreed upon behaviour.
Attack breaks it by unagreed upon behaviour.
Risk = Threats * Loss
Security is a process of managing the cost of the risk due to attacks.
Why bother about security ? (depends on what is to be protected) It needs to be designed in and not added on later.
Threat analysis - develop an approach that works! Think about assets (something that you are protecting), Brainstorm attacks (play the devil), compute risk, determine countermeasures.
Current practices in 2G/3G - Use of keys (only symmetric due to hardware costs for asymmetric?). Smaller length (64 bits?) Message Authentication Codes (digest), ciphering. Attacks - evesdropping, impersonation. He emphasized end-to-end security as the ultimate end. So it is not enough to protect the radio protocols and ignore the security of the backhauls. With the introduction of downloadable code (Brew/Java/Bluetooth) and COTS operating systems on the phones like WinCE, Symbian, it will be easier for hackers to be able to inject unauthorized code & viruses on the phones. Service providers need to demand more security from the chipset designers, e.g. memory protection. Many times, security is just not properly implemented by the service providers. e.g. TMSI. Canada e.g. does not turn on encryption.
There is a need for the phones to authenticate base stations as well. Usually only the base stations authenticate the phones on their network. (Fake network attack - addressed in 3G) Discussion of an attack where authentication based on SIM card fails if it only uses the authentication in the beginning. (Need for base station to optionally verify that the phone still has the SIM card)
If we trust everyone, we don't need security.
Early day security based on some wrong assumptions/optimizations. (e.g. Base station costs 0.5 million dollars, nobody will go to that extent to steal some secrets. Test equipment costs much less and even 0.5 million is not much for governments/mafia)
Kirkoff's maxim: Only thing secret should be the key (not the algorithm or implementation)
Security Protocols should be open to analysis.
If I am in a crowd of 100 phones, how many are infected with worms/spyware ? Answer - 1-2 (writing spyware for cellphones not very common). But if the question is how many can be compromised, then the answer is 99! (I just thought to myself, the remaining must be switched off due to dead battery)
How important is hardware security for overall security - Ans: Very important 🙂
What is current status of security of 3G wireless as opposed to Wireless Lan security ? - Both are equally bad!
P.S. Greg was kind to send the presentation slides. I will link to it whenever sdtelecom.org updates the website.