Chapter 5:

Wireless Network Security

TE – Wireless Technology
Leena Ladge
Assistant Professor
Dept. of Information Technology,
SIES Graduate School of Technology

1
Leena Ladge
 Chapter 5: Wireless Network Security

1. Wireless Communications, T.L. Singal, McGraw Hill Education.

2. Wireless Communications and Networking, Vijay Garg, Morgan Kaufmann
Publishers.

2
Leena Ladge
 Lecture No 35-37:

GSM Security, Bluetooth Security, UMTS

Security, WEP and WPA
TE – Wireless Technology
Leena Ladge
Assistant Professor
Dept. of Information Technology,
SIES Graduate School of Technology

3
Leena Ladge
Learning Objectives:
• Discuss the features of GSM Security.

• Describe Bluetooth security in brief.

• Explain UMTS security.

• Differentiate between WEP and WPA.

4
Leena Ladge
GSM Security
In GSM, security is implemented in three entities:
1. SIM card,
2. GSM handset
3. Network.
• SIM is a single chip computer containing the operating system
(OS), the file system, and applications.
• SIM is protected by a PIN and owned by an operator.
• SIM applications can be written with a SIM tool kit.
• GSM handset contains ciphering algorithm A5.

5
Leena Ladge
GSM Security
Subscriber identity module (SIM) contains: -
• IMSI (International Mobile Subscriber Identity)
• TMSI (Temporary Mobile Subscriber Identity)
• PIN (Personal Identification Number),
• MSISDN ((Mobile Station Integrated Services Digital Network)
• Authentication key Ki (64-bit)
• Ciphering key (Kc) generating algorithm A8,
• Authentication algorithm A3.

6
Leena Ladge
GSM Security
• Network uses algorithms A3 for Authentication,
• A5 for encryption: A5 is a stream cipher. It can be implemented
very efficiently on hardware. Its design was never made public.
A5 has several versions: A5/1 (most widely used today), A5/2
(weaker than A5/1; used in some countries), and A5/3 (newest
version based on the Kasumi block cipher).
• A8 for ciphering the data; Ki and IMEI and IMSI of each
subscribers are stored in the authentication center.
• Both A3 and A8 algorithms are implemented on the SIM. The
operator can decide which algorithm is to be used.
• Implementation of an algorithm is independent of hardware
manufacturers and network operators.

7
Leena Ladge
GSM Security - Authentication of GSM mobiles
• Authentication in
the GSM system
is achieved by the
Base Station
sending out a
challenge to the
mobile station.
• The MS uses a
key stored on its
SIM to send back
a response that is
then verified.
This only
authenticates the
MS, not the user.

8
Leena Ladge
GSM Security - Authentication of GSM mobiles
To request for a call or to receive a call, the MS has to get
authenticated. The process is as follows:
✓ A unique subscriber authentication key is programmed on every SIM
card.
✓ The authentication center (AuC) has a list which maps Ki number with
the SIM card. It is a secure database.
✓ When a SIM card requests for a call, a 128 bit random number is
instantaneously generated by the AuC and transmitted to the SIM card.
✓ The A3 algorithm which is programmed inside the SIM card processes
the RAND number and Ki number and generates a 32 bit output called
the Signed RESponse number (SRES).
✓ The same process is done on the AuC side. The SIM card transmits this
SRES number to the AuC. The AuC compares the received SRES with
the SRES that’s generated on the network side.
✓ The SIM is authenticated if and only if the two SRES are same.

9
Leena Ladge
GSM Security - Authentication of GSM mobiles
✓ The authentication centre contains a database of identification and
authentication information for subscribers including IMSI, TMSI,
location area identity (LAI), and authentication key (Ki).
✓ It is responsible for generating (RAND),response(RES), and ciphering
key (Kc) which are stored in HLR / VLR for authentication and
encryption processes.
✓ The distribution of security credentials and encryption algorithms
provides additional security.

10
Leena Ladge
GSM Security – Encryption in GSM
✓ GSM uses information stored on the SIM card within the phone to
provide encrypted communications and authentication.
✓ GSM encryption is only applied to communications between a mobile
phone and the BS.
✓ The rest of the transmission over the normal fixed network or radio
relay is unprotected, where it could easily be eavesdropped or
modified.
✓ In some countries, the base station encryption facility is not activated
at all, leaving the user completely unaware of the fact that the
transmission is not secure.
✓ GSM encryption is achieved by the use of a shared secret key.

11
Leena Ladge
GSM Security – Encryption in GSM
✓ If this key is compromised it will be possible for the transmission to be
eavesdropped and for the phone to be cloned (i.e., the identity of the
phone can be copied).
✓ A 64-bit key is divided to provide data confidentiality. It is not possible
to encrypt all the data; for example, some of the routing information
has to be sent in clear text.
✓ The detailed process of Encrypting the data is as shown in Figure next
slide.

12
Leena Ladge
GSM Security – Encryption in GSM

13
Leena Ladge
GSM Security – Encryption in GSM
✓ The AuC generates a random number (RAND ) of 128 bits and sends it
to the MS.
✓ The RAND and the Ki number is processed by the A8 algorithm on
both the sides.
✓ The A8 algorithm produces a 64 bit ciphering key (Kc). Ciphering
means scrambling or randomizing the data.
✓ The A5 algorithm takes Kc key and data to be transmitted as input and
and accordingly encrypts the data.
✓ A5 algorithm is different for each service provider and is highly
secretive.

14
Leena Ladge
GSM Security – GSM token based challenge
✓ The security-related information consisting of triplets of RAND,
signature response (SRES), and Kc are stored in the VLR.
✓ When a VLR has used a token to authenticate an MS, it either discards
the token or marks it used.
✓ When a VLR needs to use a token, it uses a set of tokens that is not
marked as used in preference to a set that is marked used. When a VLR
successfully requests a token from the HLR or an old VLR, it discards
any tokens that are marked as used.

15
Leena Ladge
GSM Security – GSM token based challenge
✓ When an HLR receives a request for tokens, it sends any sets that are
not marked as used.
✓ Those sets shall then be deleted or marked as used. The system
operator defines how many times a set may be reused before being
discarded. When HLR has no tokens, it will query the authentication
centre for additional tokens.
✓ The token-based challenge can be integrated into various call flows
(e.g., registration, handoff).

16
Leena Ladge
GSM Security – GSM token based challenge

17
Leena Ladge
GSM Security – GSM token based challenge
✓ The serving system sends a RAND to the MS.
✓ The MS computes the SRES using RAND and the authentication key
(Ki) in the encryption algorithm.
✓ The MS transmits the SRES to the serving system.
✓ The MSC sends a message to the VLR requesting authentication.
✓ The VLR checks the SRES for validity.
✓ The VLR returns the status to the MSC.
✓ The MSC sends a message to the MS with a success or failure
indication.

18
Leena Ladge
GSM Security – GSM token based challenge
✓ Both GSM and North American systems use the international mobile
equipment identity (IMEI) stored in the equipment identity register
(EIR) to check malfunctions and fraudulent equipment. The EIR
contains a valid list (list of valid mobiles), a suspect list (list of mobiles
under observation), and a fraudulent list (list of mobiles for which
service is barred).

19
Leena Ladge
Bluetooth Security
There are two kinds of security levels:

1) Authentication
2) Authorization.

20
Leena Ladge
Bluetooth Security
Authentication:

• Authentication verifies who is at the other end of the link.

• In Bluetooth this is achieved by the authentication procedure

based on the stored link key or by the pairing procedure.

• To meet different requirements on availability of services

without user intervention, authentication is performed after
determining what the security level of the requested service
is. Thus, authentication cannot be performed when the ACL link
is established.

21
Leena Ladge
Bluetooth Security
Authentication:

1. The connect
request to
L2CAP is sent.
2. L2CAP requests
access from the
security manager.
3. The security
manager enquires
the service
database.
4. The security
manager enquires
the device
database.
22
Leena Ladge
Bluetooth Security
Authentication:

5. If necessary, the
security manager
enforces the
authentication and
encryption procedure.
6. The security manager
grants access, and
L2CAP continues to
set up the connection.

Authentication can be
performed in both directions:
client authenticates server
and vice versa.
23
Leena Ladge
Bluetooth Security
Authorization:

• When one device is allowed to access the other, the concept of trust
comes into existence.
• Trusted devices are allowed access to services.
• Untrusted devices may require authorization based on user interaction
before access to services is granted.
• Trusted device: A device with a fixed relationship (paired) that has
trusted and unrestricted access to all services.
• Untrusted device: This device has been previously authenticated, a
link key is stored, but the device is not marked as trusted in the device
database.
• An unknown device is also an untrusted device. No security
information is available for this device.
• For services, the requirement for authorization, authentication, and
encryption are set independently.
24
Leena Ladge
Bluetooth Security
Three security levels: Access requirement

• Services that require authorization and authentication: automatic

access is only granted to trusted devices, Other devices need a manual
authorization.
• Services that require authentication only: Authorization is not
necessary.
• Services open to all devices: Authentication is not required, no access
approval is required before service access is granted.

25
Leena Ladge
Bluetooth Security

26
Leena Ladge
Bluetooth Security
Limitations

• Only a device is authenticated, and not its user.

• There is no mechanism to preset authorization per service.
• A more flexible security policy can be implemented with the
present architecture without a need to change the Bluetooth
protocol stack.
• It is not possible to enforce unidirectional traffic.

27
Leena Ladge
UMTS Security
• The security in UMTS is built upon the security of GSM and
GPRS.
• UMTS uses the robust security features from GSM and new
security features are added as necessary for new services offered
by UMTS and the changes in network architecture.
• In UMTS the SIM is called UMTS SIM (USIM).
• UMTS uses public keys.
• It has increased key lengths and provides end-to-end security.

28
Leena Ladge
UMTS Security
Security Features

1. Subscriber individual key K;

2. Authentication center and USIM share
o User specific secret key K,
o Message authentication functions f1, f2
o Key generating functions f3, f4, f5
3. The authentication center has a random number generator and
has a scheme to generate fresh sequence numbers(SEQ).
4. USIM has a scheme to verify freshness of received sequence
numbers.
5. Authentication functions f1, f2 are:
o MAC (XMAC)
o RES: Response for the network
o Expected Response (XRES).
29
Leena Ladge
UMTS Security
Security Features

6. Key generating functions f3, f4, f5 are:

o f3: ciphering / Confidentiality key CK (128 bits);
o f4: integrity key IK (128 bits) and
o f5: anonymity key AK (128 bits).
7. Key management is independent of equipment. Subscribers
can change handsets without compromising security.
8. Assure user and network that CK / IK have not been used
before.
9. For operator specific functions, UMTS provides an example
called Milenage based on the Rijndael block cipher.
10. Integrity function f9 and ciphering function f8 are based on the
Kasumi block cipher.
30
Leena Ladge
UMTS Security
Security Mechanism

• The security mechanism is called Authentication and Key

Agreement (AKA).
• The mechanism is based on a mutual authentication between
the MS and BS by a challenge/response authentication
protocol.
• The key concept is that each MS must prove that it knows the
pass word key without revealing or transmitting such a
password.

31
Leena Ladge
UMTS Security
Security Mechanism

• Step 1: Requests of Authentication Vectors (AVs): Visited

network’s VLR or SGSN requests a set of (AVs) from the
HLR/AuC from the MS’s home network.
• Step 2: Computation of Authentication Vectors (AVs): HLR/
AuC computes an array of AVs by means of authentication
algorithm (using functions f1, f2) and MS’s.
• Step 3: Transmission of Authentication Vectors (AVs): HLR
/AuC responds by sending n authentication vectors back to to
the visited network’s VLR/SGSN.

32
Leena Ladge
UMTS Security
Security Mechanism

• Step 4: Challenge to MS: Visited network’s VLR/SGSN

chooses one AV and challenges the MS’s USIM by sending
the RAND and AUTN fields in the vector to it. private secret
key K ( using f3, f4, f5). This key is stored in HLR/AuC and
the user Identity module(USIM).

33
Leena Ladge
UMTS Security
Security Mechanism

• Step 5: Verification of AVs & Generation of RES: The MS’s

USIM processes the AUTN. With the help of private secret
key K, the MS is able to verify that the received challenged
data could only have been constructed by some one who had
access to the same secret key. USIM also verifies that the AV
has not been expired by checking the sequence number (SEQ)
field. If the AV is still valid and network is authenticated, the
USIM proceeds to generate a confidentiality Key (CK),
Integrity key (IK) and response for the network (RES).

34
Leena Ladge
UMTS Security
Security Mechanism

• Step 6: Reply by MS via RES: The MS responds with RES to

the visited network.
• Step 7: Verification of RES: Visited network’s VLR/ SGSN
verifies that the response is correct by comparing with the
Expected Response (XRES) from the current AV with the
response received from the mobile subscriber’s USIM.

35
Leena Ladge
Wired Equivalent Privacy (WEP)
Wi-fi security

• Wired Equivalent Privacy (WEP) is a security protocol,

specified in the IEEE Wireless Fidelity (Wi-Fi) standard,
802.11b. (1997)
• That standard is designed to provide a wireless local area
network (WLAN) with a level of security and privacy
comparable to what is usually expected of a wired LAN.
• Physical security mechanisms protect a wired LAN to some
degree.
• For example, controlled access to a building prevents outsiders
from walking in and plugging their devices into the LAN.
Outsiders can gain access to WLANs via the radio waves that
connect to the network
36
Leena Ladge
Wired Equivalent Privacy (WEP)
Wi-fi security

• The Wired Equivalent Privacy protocol adds security similar to

a wired network's physical security by encrypting data
transmitted over the WLAN.
• Data encryption protects the vulnerable wireless link between
clients and access points.
• After WEP secures wireless data transmissions, other LAN
security mechanisms can ensure privacy and data
confidentiality.
• These include
✓ password protection,
✓ end-to-end encryption,
✓ virtual private networks
✓ authentication.
37
Leena Ladge
Wired Equivalent Privacy (WEP)

38
Leena Ladge
Wired Equivalent Privacy (WEP)
Services offered by WEP

Privacy

• WEP initially used a 64-bit key with the RC4 stream

encryption Algorithm to encrypt data transmitted wirelessly.
• Later versions of the protocol added support for 128-bit keys
and 256-bit keys for improved security.
• WEP uses a 24-bit initialization vector, which resulted in
effective key lengths of 40, 104 and 232 bits.

39
Leena Ladge
Wired Equivalent Privacy (WEP)

40
Leena Ladge
Wired Equivalent Privacy (WEP)
Services offered by WEP

Data Integrity

• WEP uses the CRC-32 checksum algorithm to check that

transmitted data is unchanged at its destination.
• The sender uses the CRC-32 cyclic redundancy check to
generate a 32-bit hash value from a sequence of data.
• The recipient uses the same check on receipt.
• If the two values differ, the recipient can request a
retransmission.

41
Leena Ladge
Wired Equivalent Privacy (WEP)
Services offered by WEP

Data Integrity

• WEP authenticates clients when they first connect to the

wireless network access point.
• It enables authentication of wireless clients with these two
mechanisms:
➢ Open System Authentication(OSA). With OSA, Wi-Fi-
connected systems can access any WEP network access
point, as long as the connected system uses a service set
identifiers, that matches the access point SSID.
➢ Shared Key Authentication (SKA). With SKA, Wi-Fi-
connected systems use a four-step challenge-response
algorithm to authenticate.
42
Leena Ladge
Wired Equivalent Privacy (WEP)
Drawbacks of WEP

• Stream cipher: Encryption algorithms applied to data streams,

called stream ciphers, can be vulnerable to attack when a key is
reused. The protocol's relatively small key space makes it
impossible to avoid reusing keys.
• RC4 weaknesses: The RC4 algorithm itself has come under
scrutiny for cryptographic weakness and is no longer
considered safe to use.
• Optional: As designed, the protocol use is optional. Because
it's optional, users often failed to activate it when installing
WEP-enabled devices.
• Shared key: The default configuration for these systems uses a
single shared key for all users. You can't authenticate
individual users when all users share the same key.
43
Leena Ladge
WEP vs. WPA
• The weaknesses doomed WEP. Most standards
bodies deprecated the protocol soon after the Wi-Fi Protected
Access (WPA) protocol became available in 2003.
• The IEEE introduced Wired Equivalent Privacy(WEP-64bit) in
the 802.11 wireless networking standard in 1997 and then
released WPA as a proposed replacement five years later.
Efforts to fix WEP during its short lifetime failed to produce a
secure solution to wireless network access. WPA2 formally
replaced it in 2004.
• WPA: The first version of WPA increased key length to 128
bits, and replaced the CRC-32 integrity check with
the Temporary Key Integrity Protocol(TKIP). However, WPA
still uses the RC4 encryption algorithm, and retained other
weaknesses from WEP.

44
Leena Ladge
WPA-Wi-Fi Protected Access
• WPA uses the temporal key integrity protocol (TKIP), which
dynamically changes the key that systems use. This prevents
intruders from creating their own encryption key to match the
one used by the secure network. The TKIP encryption standard
was later superseded by the Advanced Encryption Standard
(AES).
• In addition, WPA included message integrity checks to
determine if an attacker had captured or altered data packets.
The keys used by WPA were 256-bit, a significant increase
over the 64 bit and 128-bit keys used in the WEP system.
However, despite these improvements, elements of WPA came
to be exploited – which led to WPA2.
• WPA key is a password that you use to connect to a wireless
network.

45
Leena Ladge
WPA2
• This WPA update added stronger encryption and integrity
protection.
• It uses the Counter Block Chaining Message Authentication
Code Protocol, which incorporates the Advanced Encryption
Standard algorithm for encryption and integrity verification of
wireless transmissions.
• WPA2 comes in the following two modes:
1. WPA2-Enterprise requires a Remote authentication dial in
user services authentication server to authenticate users.
This is more suited to organizational or business use.
2. WPA2-Pre-Shared Key is intended for personal use and
relies on pre-shared keys given to authorized users and is
usually used in home environments.

46
Leena Ladge
WPA2

47
Leena Ladge
WPA3
• The current version of WPA became available in 2018.
• It provides much improved security for wireless network
users.
• WPA3 improvements include:
✓ Stronger encryption in both enterprise and personal modes
✓ Improved authentication for personal mode
✓ Perfect Forward Secrecy for personal mode
communications.

48
Leena Ladge
How is WEP used?
• Wireless hardware manufacturers implemented WEP in
hardware, which meant updates to the security protocol had to
fit into the flash memory of wireless network interface cards
(NICs) and network access point devices.
• This limited the scope of improvements that were possible
with WEP and WPA.
• It also meant systems using older hardware could be
vulnerable to well-known attacks.

49
Leena Ladge
WEP Vs WPA

50
Leena Ladge
Thank You!
Email : leenal@sies.edu.in

51
Leena Ladge