Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Saturday 1 November 2014

4G Security and EPC Threats for LTE

This one is from the LTE World Summit 2014. Even though I was not there for this, I think this has some useful information about the 4G/LTE Security. Presentation as follows:


Tuesday 9 September 2014

LTE Device-to-device (D2D) Use Cases

Device-to-device is a popular topic. I wrote a post, back in March on LTE-Radar (another name) which has already had 10K+ views. Another post in Jan, last year has had over 13K views. In the LTE World Summit, Thomas Henze from Deutsche Telekom AG presented some use cases of 'proximity services via LTE device broadcast'


While there are some interesting use cases in his presentation (embedded below), I am not sure that they will necessarily achieve success overnight. While it would be great to have a standardised solution for applications that rely on proximity services, the apps have already come up with their own solutions in the meantime.

Image iTunes

The dating app Tinder, for example, finds a date near where you are. It relies on GPS and I agree that some people would say that GPS consumes more power but its already available today.



Another example is "Nearby Friends" from Facebook that allows to find your friends if they are nearby, perfect for a day when you have nothing better to do.

With an App, I can be sure that my location is being shared only for one App. With a standardised solution, all my Apps have info about location that I may not necessarily want. There are pros and cons, not sure which will win here.

Anyway, the complete presentation is embedded below:



For anyone interested in going a bit more in detail about D2D, please check this excellent article by Dr. Alastair Bryon, titled "Opportunities and threats from LTE Device-to-Device (D2D) communication"

Do let me know what you think about the use cases.

Saturday 14 June 2014

AT&T on Mobile Security


Nice presentation from Ed Amoroso from AT&T outlining how the security is evolving to cope with the new technologies and threats. He points to encryption, containerization, proxy & virtualization as the four key pillars of technology for enabling operators to protect the network in a mobility era where the perimeter can no longer do the job it used to do.

Here is the video:

If you cant see the video, click on this link to watch it on Light Reading's website.

Wednesday 21 May 2014

Connected and Autonomous Car Revolution

Last week we had the Automotive and Transport SIG event in Cambridge Wireless. There is already some good writeup on that event here and here. In this post my interest in looking at the technologies discussed.

R&S (who were the sponsors) gave their introduction presentation quite well highlighting the need and approaches for the connected car. He also introduced the IEEE 802.11p to the group.

As per Wikipedia, "IEEE 802.11p is an approved amendment to the IEEE 802.11 standard to add wireless access in vehicular environments (WAVE), a vehicular communication system. It defines enhancements to 802.11 (the basis of products marketed as Wi-Fi) required to support Intelligent Transportation Systems (ITS) applications. This includes data exchange between high-speed vehicles and between the vehicles and the roadside infrastructure in the licensed ITS band of 5.9 GHz (5.85-5.925 GHz). IEEE 1609 is a higher layer standard based on the IEEE 802.11p."

Back in December, Dr. Paul Martin did an equally useful presentation in the Mobile Broadband SIG and his presentation is equally relevant here as he introduced the different terms live V2X, V2i, V2V, V2P, etc. I have embedded his presentation below:



Roger Lanctot from Strategy Analytics, gave us some interesting facts and figures. Being based in the US, he was able to give us the view of both US as well as Europe. According to him, “LTE is the greatest source of change in value proposition and user experience for the customer and car maker. Bluetooth, Wi-Fi, NFC and satellite connectivity are all playing a role, but LTE deployment is the biggest wave sweeping the connected car, creating opportunities for new technologies and applications.” His officially released presentation is embedded below (which is much smaller than his presentation on that day.



There were also interesting presentations that I have not embedded but other may find useful. One was from Mike Short, VP of Telefonica and the other was from Dr. Ireri Ibarra of MIRA.


The final presentation by Martin Green of Visteon highlighted some interesting discussions regarding handovers that may be required when the vehicle (and the passengers inside) is moving between different access networks. I for one believe that this will not be an issue as there may be ways to work the priorities of access networks out. Anyway, his presentation included some useful nuggets and its embedded below:


Sunday 23 March 2014

Securing the backhaul with the help of LTE Security Gateway


An excellent presentation from the LTE World Summit last year, that is embedded below. The slide(s) that caught my attention was the overhead involved when using the different protocols. As can be seen in the picture above, the Ethernet MTU is 1500 bytes but after removing all the overheads, 1320 bytes are left for data. In case you were wondering, MTU stands for 'maximum transmission unit' and is the largest size packet or frame, specified in octets (8-bit bytes), that can be sent in a packet or frame based network such as the Internet.

Anyway, the presentation is embedded below:


Saturday 25 January 2014

Security and other development on the Embedded SIM


Its no surprise that GSMA has started working on Embedded SIM specifications. With M2M getting more popular every day, it would make sense to have the SIM (or UICC) embedded in them during the manufacturing process. The GSMA website states:

The GSMA’s Embedded SIM delivers a technical specification to enable the remote provisioning and management of Embedded SIMs to allow the “over the air” provisioning of an initial operator subscription and the subsequent change of subscription from one operator to another.
The Embedded SIM is a vital enabler for Machine to Machine (M2M) connections including the simple and seamless mobile connection of all types of connected vehicles. In the M2M market the SIM may not easily be changed via physical access to the device or may be used in an environment that requires a soldered connection, thus there is a need for ‘over the air’ provisioning of the SIM with the same level of security as achieved today with traditional “pluggable” SIM. It is not the intention for the Embedded SIM to replace the removable SIM currently used as the removable SIM still offers many benefits to users and operators in a number of different ways – for example, the familiarity of the form factor, easy of portability, an established ecosystem and proven security model.
















The last time I talked about embedded SIM was couple of years back, after the ETSI security workshop here. Well, there was another of these workshops recently and an update to these information.


The ETSI presentation is not embedded here but is available on Slideshare here. As the slide says:

An embedded UICC is a “UICC which is not easily accessible or replaceable, is not intended to be removed or replaced in the terminal, and enables the secure changing of subscriptions” (ETSI TS 103 383)


Finally, Embedded SIM should not be confused with Soft-SIM. My last post on Soft-SIM, some couple of years back here, has over 15K views which shows how much interest is there in the soft SIM. As the slide says:

Soft or Virtual SIM is a completely different concept that does not use existing SIM hardware form factors and it raises a number of strong security issues:

  • Soft SIM would store the Operator secret credentials in software within the Mobile device operating system - the same system that is often attacked to modify the handset IMEI, perform SIM-Lock hacking and ‘jail-break’ mobile OS’s
  • Operators are very concerned about the reduction in security of their credentials through the use of Soft SIM. Any SIM approach not based on a certified hardware secure element will be subject to continual attack by the hacking community and if compromised result in a serious loss of customer confidence in the security of Operator systems
  • Multiple Soft SIM platforms carrying credentials in differing physical platforms, all requiring security certification and accreditation would become an unmanageable overhead – both in terms of resource, and proving their security in a non-standardised virtual environment

The complete GSMA presentation is as follows:



You may also like my old paper:

Thursday 16 January 2014

3GPP Rel-12 and Future Security Work


Here is the 3GPP presentation from the 9th ETSI Security workshop. Quite a few bits on IMS and IMS Services and also good to see new Authentication algorithm TUAK as an alternative to the widely used Milenage algorithm.



Friday 23 August 2013

How Cyber-Attacks Can Impact M2M Infrastructure


An Interesting presentation from Deutsche Telekom in the Network Security Conference which highlights some of the issues faced by the M2M infrastructure. With 500 Billion devices being predicted, security will have to be stepped up for the M2M infrastructures to work as expected. Complete presentation embedded below:


Thursday 8 August 2013

2 Factor and 3 Factor Authentication (2FA / 3FA)

Found an interesting slide showing 2 Factor Authentication in picture from a presentation in LTE World Summit


You can also read more about this and Multi-factor Authentication (MFA) on Wikipedia here.

Monday 29 July 2013

Big Data and Vulnerability of Cellular Systems

I am sure most of you are aware of Big Data, if not watch this video on my old post here. Moray Rumney from Agilent recently gave a talk in #FWIC on how Big Data techniques can be used to exploit the vulnerabilities in a cellular system. Though the talk focussed on GSM and 3G, it is always a good intro. The presentation embedded below:



You can also listen to the audio of his presentation here.

Sunday 2 June 2013

Everything you wanted to know on Cloud Encryption

Cloud has been in the news recently for not the right reasons. The main worry with cloud is not just where your data is located and who can have access to it but also if some rogue person or institution gets access what they will do with your data. Then there is also an issue of which third party programs are allowed to access your data and they may not be as strict in complying with the security requiremenys as the original cloud platform.

I like Dropbox (even though I am still a free user) but it is used as an example in many case studies for security related to cloud. A quick search on Google and some useful links summarising the issues with Dropbox security here, here and here.

A user on slideshare recently uploaded many presentations from the Cloud Asia 2013 in Singapore here. One of the presentations that I really liked is embedded below.

The two main things from the presentation that I really want to highlight is the Worldwide compliance which can be a bit of an issue once you want to offer your service universally and the other is the different level of encryption that is required to keep the data secure. Pictures of both as follows:



Enjoy the presentation:



Thursday 29 November 2012

Hotspot 2.0, Next Generation Hotspot (NGH), etc.


From ZDNET:


Hotspot 2.0 is about certifying the hotspot itself, providing authentication using SIMs or certificates and the 802.11i standard, and using the recent 802.11u standard to provide performance and other information about the hotspots visible to a device. This will allow you to roam onto a hotspot with good connectivity that you have the right account to use, doing away with the need to select the network or enter your details into a web page, as you do today.

The Wi-Fi Alliance deals with the Wi-Fi hardware and the authentication specification under the name Passpoint, but this certification doesn't cover everything. The Wireless Broadband Alliance is a group of mobile and Wi-Fi operators that takes the Passpoint certification and ensures interoperability with other parts of the network — including authenticating to carriers' remote access RADIUS (Remote Authentication Dial-In User Service) servers, as well as roaming and billing.

"Next Generation Hotspot is the implementation of Hotspot 2.0 into a real, live network", explains Nigel Bird, the NGH Standardisation Manager at Orange Group.

From Next Generation Hotspot whitepaper:


A new program called Next Generation Hotspot (NGH) - using the latest HotSpot 2.0 specification1 - allows a mobile subscriber to connect automatically and securely to Hotspots using his service provider credentials while maintaining roaming visibility for the operator. NGH enables operators to continuously monitor and manage “cellular-like” service over Wi-Fi domestically and internationally so as to enhance performance and meet the demand for mobile data services over heterogeneous RANs - cellular and Wi-Fi. This enables mobile operators to simultaneously optimize backhaul throughput, offload specific traffic rapidly (e.g. video) and achieve better economics than traditional, cellular-only solutions.

The Wireless Broadband Appliance (WBA) and Small Cells Forum recently announced collaboration on this topic, see here.

More details are available in this presentation embedded below:



Thursday 1 November 2012

‘Small Cells’ and the City



My presentation from the Small Cells Global Congress 2012. Please note that this presentation was prepared at a very short notice so may not be completely accurate. Comments more than welcome.

Monday 3 September 2012

Cellular or WiFi: Which is the preferred network access?

I was going through this report by Cisco on "What do Consumers want from WiFi" and came across this interesting picture. 

With the ease and availability of easy WiFi, it would be the preferred access technology whenever possible. Cellular access would be generally reserved for mobility scenarios or where there is no wifi network to allow access.

Another interesting observation from above is that the survey puts WiFi and Cellular security to the same level. Though the cellular is more secure in case of an open public WiFi scenario where an eavesdropper may be able to get hold of login/password information it is generally at the same level of security to a secured WiFi. On the other hand with cellular, lawful interception may be much more easy as compared to using secure WiFi.

I am sure that the content of last paragraph are debatable and am happy to hear your viewpoints.

A slidecast of the Cisco whitepaper mentioned above is embedded as follows:



Tuesday 17 April 2012

Release-12 Study on Integration of Single Sign-On (SSO) frameworks with 3GPP networks



This Work Item aims to provide service requirements for interworking of the operator-centric identity management with the user-centric Web services provided outside of an operator’s domain. Specifically, it addresses integration of SSO and the 3GPP services, which is essential for operators to leverage their assets and their customers’ trust, while introducing new identity services. Such integration will allow operators to become SSO providers by re-using the existing authentication mechanisms in which an end-user’s device effectively authenticates the end user.

For the operator to become the preferred SSO Identity Provider might require integration of the operator core with existing application service / content providers to allow the usage of credentials on the UE for SSO services. The 3GPP operator may leverage its trust framework and its reliable and robust secure credential handling infrastructure to provide SSO service based on operator-controlled credentials. Such SSO integration has to work with varied operator authentication configurations.

The Objective is to provide a comprehensive set of service requirements for the integration of SSO frameworks with 3GPP network by building upon the work done in the related feasibility study FS_SSO_Int (published in TR 22.895) as well as previously published related technical reports. This Work Item covers the following:

Service requirements for integration of Identity Management and SSO frameworks, e.g. OpenID;
Service requirements for Operators to enable users to access 3rd party  services using Operator controlled user credentials;
Service requirements associated with ensuring that the intended user is making use of the associated SSO capability (including the case when the UE has been stolen or lost).

3GPP TR 22.895 V12.0.0 - Study on Service aspects of integration of Single Sign-On (SSO) frameworks with 3GPP operator-controlled resources and mechanisms (Release 12) is an interesting read that provides use cases for SSO

The diagram above is from an interesting paper titled "Multi-domain authentication for IMS" that describes SSO and other authentication procedures and introduces the advantage of SSO.