Dr. Deepak Tyagi,
3G Security Threats
The aim of the research was to study the 3G (third generation) wireless networks security threats. From the data gathered through observations and literature review, security threats that may be possible in 3G mobile networks were identified and the methods which may be used to minimize such security threats in networks were determined. Recommendations are given to minimize the security threats 3G networks.
3G or 3rd generation is technology for mobile network is based on the IMT-2000 standards according to specification by International Telecommunication Union (ITU). It helps users in getting greater network capacity through improved spectrum efficiency like video conference support, IPTV (TV through the internet), broadband wireless data, music downloads, receiving streaming video from the Web, sending and receiving faxes, instantly downloading e-mail messages with attachments etc. 3G networks have potential transfer speeds of up to 3 Mbps (it takes around 15 seconds to download a 3-minute MP3 song). They are intended to provide a global mobility. In 1998 Third Generation Partnership Project (3GPP) was formed for the technical specification work. 3G is a set of technologies and standards that include W-CDMA, WLAN and cellular radio, among others. Figure below shows the UMTS network and its elements:
3. 3G Mobile network are more vulnerable now:
•IMSI is sent in clear-text when allocating TMSI to the user •3G mobile network is based on Internet Protocol (IP) which provide high speed wireless connection, allowing user to do more things while connected. •Evolving of network with IMS, enable interconnected networks running on IP. •A user can be lured to camp on a false BS. Once the user camps on the radio channels of a false BS, the user is out of reach of the paging signals of SN •Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The intruder poses as a man-in-the-middle and drops the user once the call is set-up •Most of the security gaps of GSM implementation are addressed by the 3G standards. But still security is not full proof. •IMEI transmission is not protected hence it not a security feature. •Number of security concerns in the KASUMI cipher have been identified •Hapless security features of 3G-based devices and phones. Example: 3G mobile device comes with different OS and high speed processors. Any security lapse in mobile OS may be of point of concern for 3G network also. •Possible to hijack outgoing/incoming calls in networks with disabled encryption.
4. Security Threats in 3G
4.1 IP Security Issues in 3G
In addition to the issues already raised, we must remember that a 3G network is essentially an IP network. Because so many of the services on offer are basically Internet type services (e.g. E-mail, Browsing, Calendar Services, etc.) the 3G network and its handsets will be exposed to the full range of attacks that ISPs and consumers currently face on the Internet. Some examples are: 1. Hacking- Hacking is a remote attack typically intended to break or circumvent computer system or mobile network security. In case of AT&T’s iPad 3G, Hackers found a way to access AT&T’s iPad 3G registry and, using a brute-force attack based on unique ICC-ID numbers in mid of 2010. Hackers managed to pull down details of email addresses of users including members of the defense, executive branch, media companies etc. Day-by-day we’re showing trust on online services, and providing our personal and financial information through web based transactions. Similar attack took place in 2004 in USA. Hacker managed to access the social security number, date of birth, voice mail PIN, email account passwords etc. of millions of customers. High-profile incident like this, if nothing else, forces everyone to re-examine what we trust and to what...