Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
MobilePrivacyin2025Dr. RavishankarBorgaonkar
KaitiakiLabsLLP&UniversityofOxford
21September2017
2
• CellularNetworks
• 1Gto4G– architecture
• 1Gto4G- vulnerabilities
• 5Garchitecture
• 5Gvision2025
• Securitychallenges
Outline
3
• Firstdemonstrationin1877– Stockholm,Sweden
• “TelephoneistheinstrumentofDevil”**
• Innovations- wireline(1877)towireless(2017)
• Foundation– seamlessconnectivityandlowlatency
• Features- qualityofservice&availability
MagicofCellularNetworks
** & Figure Source- Ericsson History
4
• Noauthentication&encryption
• Heavydevices
• Noroaming– internationalcalls
1GNetworksto4G
figure- Ericsson History
• Authentication&encryption
• Smartdevices
• RoamingandhighspeedInternet
DesignStakeholders
5
• Cellularnetworkproviders
• End-userequipmentvendors
• Standardorganizations
• Infrastructure&supportservices
• Over-The-Topservices
SecureCellularCommunication
BaseStationMobile
CoreNetwork
2G/3G/4G
Authentication
Availability
Confidentiality
Integrity
Arewesecured?
6
PrivacyAssets
7
• Deviceinformation
� IMEI,identitiesetc.
� Locationdata
� Sensitivedata(forexampleuserhealthinfo)
• Personalinformation
� IMEI,IMSI,phonenumberetc.
� SMSandcall/Internetdata
� Locationdata
Attackers
• Fraudsters
• Cybercriminals
• Insiderthreats
• Cyberwarfareactors(arguable)
ThreatsandAttackerModel
BaseStationMobile
CoreNetwork
9
Vulnerabilities&Attacks
BaseStationMobilePracticalattacksoncorenetworkandend-users
• architectureissuesandrisksIMSICatchers
10
Attacksagainst3operatingsystems• Baseband,(U)SIM&Android
vulnerabilities
Standards&Regulations
CellularSecurityStandards• Standardizationbodies
� 3GPP(3rdGenerationPartnershipProject)� ETSI(EuropeanTelecommunicationsStandardsInstitute)� GSMA(GSMAssociation)� ITU(InternationalTelecommunicationUnion)
• Mandatorysecurityandprivacyrequirements
• Internationalandnationalregulations(useofencryption,dataretention)
Standards&DeploymentIssues
• PadlocksymbolforHTTPS
• Haveyouseenduringmobilecalllately?
SecurityIndicatorsonMobile
5GNetworks
14
• 5G- Nextgenerationcellularnetworks� Handlesmoredata� Connectsmoredevices� Lowlatency�Morereliability
• 1-10Gbps speed
• Drivenbynewuse-cases,forexample� Connecteddriverlesscars� Remotesurgery
5GNetworksCharacteristics
15Figure Source- Vodafone
Cloud-Native5GArchitecture
16
Movingtowardsnetworksoftwarization andprogrammability
� Radionetwork
� Networkclouds
� SDN(Software-DefinedNetworks)
� NFV(NetworkFunctionsVirtualization)
BaseStation
CloudRadioAccessNetwork
Vision2025– 5G
17Figure Source- 5GPPP Project
5GDevicesin2025?
18
• Non-removableUSIMcards- eSIM era
• Non-removablebattery
• ChangecellularoperatorwithoutgoingtoashopandUSIM
• Alwaysconnected(5Gspeed>WiFi speed)
• Smallcells– connectedtoclouds
CurrentCellularNetworkIssues
• Privacyengineering
• OSandBasebandsoftwareupdate
• Targetedattacks
• Capabilitytodetectthreats
5GPrivacyChallengesfor2025
20
• Radiointerfacesecurity� Essentialfordeliverydronesandself-drivingconnectedcars
• Mandatorysecuritymeasuresinthenetwork� Protectionofcellulardatainthirdpartyservices(cloud)� Quantumsafecryptographytechniques
• Regulatoryframework� Privacyawarenessandlaws� Effectivepoliciesandenforcements� Dataretention
• DoS attacks
• SecurityinSDNandNFV
ThankYou.
Questions
21