Home Page Icon
Home Page
Table of Contents for
Table of Contents
Close
Table of Contents
by Jyrki T. J. Penttinen
Wireless Communications Security
Cover
Title Page
About the Author
Preface
Acknowledgements
Abbreviations
1 Introduction
1.1 Introduction
1.2 Wireless Security
1.3 Standardization
1.4 Wireless Security Principles
1.5 Focus and Contents of the Book
References
2 Security of Wireless Systems
2.1 Overview
2.2 Effects of Broadband Mobile Data
2.3 GSM
2.4 UMTS/HSPA
2.5 Long Term Evolution
2.6 Security Aspects of Other Networks
2.7 Interoperability
References
3 Internet of Things
3.1 Overview
3.2 Foundation
3.3 Development of IoT
3.4 Technical Description of IoT
References
4 Smartcards and Secure Elements
4.1 Overview
4.2 Role of Smartcards and SEs
4.3 Contact Cards
4.4 The SIM/UICC
4.5 Contents of the SIM
4.6 Embedded SEs
4.7 Other Card Types
4.8 Contactless Cards
4.9 Electromechanical Characteristics of Smartcards
4.10 Smartcard SW
4.11 UICC Communications
References
5 Wireless Payment and Access Systems
5.1 Overview
5.2 Wireless Connectivity as a Base for Payment and Access
5.3 E‐commerce
5.4 Transport
5.5 Other Secure Systems
References
6 Wireless Security Platforms and Functionality
6.1 Overview
6.2 Forming the Base
6.3 Remote Subscription Management
6.4 Tokenization
6.5 Other Solutions
References
7 Mobile Subscription Management
7.1 Overview
7.2 Subscription Management
7.3 OTA Platforms
7.4 Evolved Subscription Management
References
8 Security Risks in the Wireless Environment
8.1 Overview
8.2 Wireless Attack Types
8.3 Security Flaws on Mobile Networks
8.4 Protection Methods
8.5 Errors in Equipment Manufacturing
8.6 Self‐Organizing Network Techniques for Test and Measurement
References
9 Monitoring and Protection Techniques
9.1 Overview
9.2 Personal Devices
9.3 IP Core Protection Techniques
9.4 HW Fault and Performance Monitoring
9.5 Security Analysis
9.6 Virus Protection
9.7 Legal Interception
9.8 Personal Safety and Privacy
References
10 Future of Wireless Solutions and Security
10.1 Overview
10.2 IoT as a Driving Force
10.3 Evolution of 4G
10.4 Development of Devices
10.5 5G Mobile Communications
References
Index
End User License Agreement
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Title Page
Table of Contents
Cover
Title Page
About the Author
Preface
Acknowledgements
Abbreviations
1 Introduction
1.1 Introduction
1.2 Wireless Security
1.3 Standardization
1.4 Wireless Security Principles
1.5 Focus and Contents of the Book
References
2 Security of Wireless Systems
2.1 Overview
2.2 Effects of Broadband Mobile Data
2.3 GSM
2.4 UMTS/HSPA
2.5 Long Term Evolution
2.6 Security Aspects of Other Networks
2.7 Interoperability
References
3 Internet of Things
3.1 Overview
3.2 Foundation
3.3 Development of IoT
3.4 Technical Description of IoT
References
4 Smartcards and Secure Elements
4.1 Overview
4.2 Role of Smartcards and SEs
4.3 Contact Cards
4.4 The SIM/UICC
4.5 Contents of the SIM
4.6 Embedded SEs
4.7 Other Card Types
4.8 Contactless Cards
4.9 Electromechanical Characteristics of Smartcards
4.10 Smartcard SW
4.11 UICC Communications
References
5 Wireless Payment and Access Systems
5.1 Overview
5.2 Wireless Connectivity as a Base for Payment and Access
5.3 E‐commerce
5.4 Transport
5.5 Other Secure Systems
References
6 Wireless Security Platforms and Functionality
6.1 Overview
6.2 Forming the Base
6.3 Remote Subscription Management
6.4 Tokenization
6.5 Other Solutions
References
7 Mobile Subscription Management
7.1 Overview
7.2 Subscription Management
7.3 OTA Platforms
7.4 Evolved Subscription Management
References
8 Security Risks in the Wireless Environment
8.1 Overview
8.2 Wireless Attack Types
8.3 Security Flaws on Mobile Networks
8.4 Protection Methods
8.5 Errors in Equipment Manufacturing
8.6 Self‐Organizing Network Techniques for Test and Measurement
References
9 Monitoring and Protection Techniques
9.1 Overview
9.2 Personal Devices
9.3 IP Core Protection Techniques
9.4 HW Fault and Performance Monitoring
9.5 Security Analysis
9.6 Virus Protection
9.7 Legal Interception
9.8 Personal Safety and Privacy
References
10 Future of Wireless Solutions and Security
10.1 Overview
10.2 IoT as a Driving Force
10.3 Evolution of 4G
10.4 Development of Devices
10.5 5G Mobile Communications
References
Index
End User License Agreement
List of Tables
Chapter 01
Table 1.1 OMA DM specifications as of December 2015
Table 1.2 ISO/IEC 7816 standard definitions
Table 1.3 Some of the most important IEEE standards related to encryption
Table 1.4 Some of the key 3GPP security specifications
Table 1.5 The complete list of 3GPP security‐related 33‐series documents
Table 1.6 The EAL classes of CC
Table 1.7 Comparison of ciphering techniques relevant for mobile communications
Chapter 02
Table 2.1 Variables used by AKA in UMTS
Table 2.2 Comparison of MBMS security solutions
Table 2.3 Current security solutions for Wi‐Fi/WLAN connectivity
Chapter 03
Table 3.1 The key WLAN IEEE 802 standards
Table 3.2 The theoretical distances of Bluetooth devices per class
Chapter 04
Table 4.1 The ISO/IEC 7816‐2 ICC contacts
Table 4.2 Consumer‐grade SIM FF
Table 4.3 The environmental classification; the main categories for M2M UICCs
Table 4.4 UICC environmental classes and required values
Table 4.5 File types of smartcards
Table 4.6 Some of the key commands of the SIM/UICC
Table 4.7 An example of the SIM/UICC card response messages. The complete list can be found in ISO/IEC 7816‐4 documentation
Chapter 06
Table 6.1 Comparison of SE, TEE and HCE
Table 6.2 Comparison of mobile security solutions
Chapter 07
Table 7.1 The options for the NAA as defined in Ref. [21]
Chapter 09
Table 9.1 Key roles of DPI
List of Illustrations
Chapter 01
Figure 1.1 The contents of this handbook
Chapter 02
Figure 2.1 The statistics of data consumption of mobile laptop and smartphone users
Figure 2.2 The general trends of 3G and 4G data rates. The planned 5G will offer considerably higher speeds
Figure 2.3 The app ecosystem depends on the available technologies and services
Figure 2.4 The development procedure for Android app development
Figure 2.5 The main elements of 3GPP networks. The evolution of LTE brings new elements for, e.g., eMBMS, as well as cell extensions like relay nodes and Home eNB elements, while LTE also extends to unlicensed bands (LTE‐U) and is optimized for IoT/M2M environment (LTE‐M)
Figure 2.6 The signalling chart for the delivery of triplets from the AuC/HLR to VLR
Figure 2.7 The subscriber‐specific Ki, as well as the A3 and A8 algorithms are stored in the SIM and the AuC for the authentication, authorization and session key creation. The A5 algorithm is stored, in turn, in the HW of the Mobile Terminal (MT) and in the Base Transceiver Station (BTS) equipment for protecting the radio interface
Figure 2.8 By utilizing Ki, A3 and A8, the AuC calculates the triplet, i.e., values for the Kc, RAND and SRES. The triplet is stored in the VLR
Figure 2.9 The authentication and authorization is done by A3, RAND and Ki
Figure 2.10 Kc is calculated with the A8 algorithm, based on Ki stored permanently within SIM, and RAND produced in the AuC/VLR
Figure 2.11 The encryption of the GSM radio interface takes place via the A5 algorithm
Figure 2.12 The 3GPP security architecture. The symbols of the figure refer to the following: (A) network access security; (B) provider domain security; (C) user domain security; and (D) application security
Figure 2.13 The role of the UMTS interfaces in 3GPP security procedures.
Figure 2.14 The principle of the 3G authentication vector generation as described in 3GPP TS 33.102
Figure 2.15 The principle of the vendor certificate process
Figure 2.16 The eNB protocol stacks with embedded IPSec layer
Figure 2.17 LTE Key hierarchy concept
Figure 2.18 Key handling procedure in handover
Figure 2.19 The mutual authentication procedure of LTE
Figure 2.20 The architecture of the combined IPSec and PKI. The light dotted line indicates signalling, and solid line represents user plane data flow. The thick dotted line symbolizes the IPSec tunnel. The communication between SecGW as well as Operations Administration and Maintenance (OAM) can be done via Transport Layer Security (TLS) or Secure HTTP (HTTPS)
Figure 2.21 The PKI design with the architecture and interfaces
Figure 2.22 An integration example for the gateway attached to the access router
Figure 2.23 The security zone principle
Figure 2.24 The MBMS reference architecture.
Figure 2.25 The eMBMS reference architecture.
Figure 2.26 The elements and key management procedures for ME‐based eMBMS security as described in 3GPP TS 33.246. The events in the radio interface are the following: (1) HTTP Digest authentication with the MRK key; (2) MIKEY MSK key distribution which is protected with the MUK key; (3) MIKEY MTK key distribution which is protected by the MSK key; and (4) user data which is protected via the MTK key.
Figure 2.27 The protocol layers of FLUTE
Figure 2.28 The flowchart of successful EAP authentication
Figure 2.29 The LTE‐UE states and the inter‐RAT mobility procedures with the GSM network as interpreted from Ref. [38].
Figure 2.30 The LTE‐UE states and the inter‐RAT mobility procedures with the UMTS network as interpreted from Ref. [38].
Figure 2.31 Mobility procedures between E‐UTRA and CDMA2000 as interpreted from Ref. [38].
Figure 2.32 Enhanced Packet System (EPS) architecture for CSFB and SMS over
SGs
interface
Figure 2.33 Wi‐Fi Offload architecture
Figure 2.34 Femtocell architecture
Chapter 03
Figure 3.1 IoT consists of devices that are able to perform functions such as measurements and data processing, as stated in Refs. [1,2]. The connectivity can be based on all known data transfer techniques, including mobile communications networks, local wireless and wired networks, and even direct connectivity. IoT may have communications with other consumer devices, and furthermore, part of the devices can act as hubs to connect the local equipment to the Internet
Figure 3.2 Individuals using the Internet [16]
Figure 3.3 The main components of IoT
Figure 3.4 The IoT environment is developing along with the technological enablers, each phase or wave influencing the further planning of the enablers in an iterative way
Figure 3.5 An example of the potential LTE spectrum plans of Latin America
Figure 3.6 Typical LTE/LTE‐A band scenarios and potential carrier aggregation deployment in the rest of the world
Figure 3.7 High‐level examples of wireless connectivity solutions with respective coverage and data rate
Figure 3.8 The RFID system architecture
Figure 3.9 The principle of the TSM
Figure 3.10 The principle of the SD
Figure 3.11 SG model as interpreted from the IEEE 2030‐2011
Chapter 04
Figure 4.1 The physical connections of the UICC
Figure 4.2 Physical interfaces of the 8‐PIN UICC based on ISO, SWP and USB
Figure 4.3 The 1FF of SIM cards (dimensions in mm), which is also called ID‐1. The thickness is 0.76 mm. The ID‐1 is used in practice only for delivering the plug‐in units which are further snapped out from the card body when inserting them to mobile devices
Figure 4.4 SIM card’s 2FF, 3FF and 4FF plug‐in units (dimensions in mm)
Figure 4.5 The plug‐in units of 2FF or 3FF can be delivered within a single ID‐1 card body. This eases the logistics and enhances user experience upon inserting the plug‐in units into mobile devices.
Figure 4.6 The physical building blocks of a smartcard. The ID‐1 card body can be of plastics or recyclable materials, while the frame material of the plug‐in needs to comply with typically stricter mechanical and environmental requirements making plastics the most feasible material
Figure 4.7 An example of the system level building blocks of a multi‐application card based on the UICC. The applications may also include other subscription containers like RUIM for CDMA systems, and applets for many areas such as transit access and payments
Figure 4.8 The eUICC logical architecture as interpreted from ETSI TS 103 383
Figure 4.9 Some ETSI eUICC use cases for redundant subscription management
Figure 4.10 The embedded UICC architecture of GSMA as interpreted from Ref. [33]
Figure 4.11 Some examples of the physically embedded SEs. At present, the MFF2 is the only standardized variant of embedded UICC. The smallest ones are typically based on wafer‐level which can be very small in volume, such as the WLCSP which can measure, e.g., 2.7 × 2.5 × 0.4 mm
3
, depending on each chip manufacturer’s own specifications
Figure 4.12 Typical use cases for NFC
Figure 4.13 The block diagram of the UICC
Figure 4.14 The overall principle of the file structure of the smartcard
Figure 4.15 The principle of ADFs
Figure 4.16 The format of the Command and Response APDU
Chapter 05
Figure 5.1 The development of mobile payment
Figure 5.2 An example of the QR code with embedded web link leading to further information about this
Wireless Security
book
Figure 5.3 Example of the architecture of an NFC device. The NFC radio interface is connected to payment associations such as Visa, MasterCard, AmEx and Discover via the merchant processor
Figure 5.4 The NFC architecture as defined by the NFC Forum
Figure 5.5 NFC device based on SE in microSD form and NFC chip residing within the device
Figure 5.6 Device without NFC functionality can be used with microSD that is equipped with NFC antenna, NFC chip and SE
Figure 5.7 Some options for mobile payment solutions
Chapter 06
Figure 6.1 An example of the utilization of the UICC or eUICC as a part of the mobile payment service
Figure 6.2 The NFC payment architecture based on the SE or eSE
Figure 6.3 Examples of the TSM models
Figure 6.4 An example of the TEE architecture based on ARM TrustZone t‐Base. The TEE is connected to the external world via communications protocols designed between the TEE and REE which provide the means for the safe execution of the trustlets
Figure 6.5 An example of the t‐Base ecosystem
Figure 6.6 An example of the TEE secured application OTA lifecycle management
Figure 6.7 The payment application of the cloud service can be, in its basic form, within the SW‐based OS located outside of the SE
Figure 6.8 Example of HCE‐based payment architecture
Figure 6.9 Comparison of selected protection mechanisms
Chapter 07
Figure 7.1 An example of ODA as described in Ref. [17]
Figure 7.2 The high‐level signalling flow of the real‐time provisioning procedure as applied in the SmartTrust SmartAct solution
Figure 7.3 An example of the UICC activation, i.e., provisioning by utilizing a POS card reader
Figure 7.4 The principle of SIM OTA messaging
Figure 7.5 Data exchange as defined in ETSI TS 102 124
Figure 7.6 The OMA DM philosophy
Figure 7.7 OMA Lightweight M2M architecture. The LWM2M communications between the client and the server is optimized via efficient payload, and is able to support interfaces for bootstrapping, registration, object/source access and reporting for very low‐cost devices
Figure 7.8 Remote eUICC provisioning architecture for M2M environment as defined by GSMA (version 2.1).
Figure 7.9 The contents of eUICC in GSMA remote provisioning systems.
Figure 7.10 The contents of a GSMA profile.
Figure 7.11 The mapping of the card entities with the provisioning system.
Figure 7.12 The ISD‐P stages of GSMA remote provisioning eUICC. The transitions may be triggered by ISD‐R or ISD‐P itself. There also is a fall‐back (FB) mechanism
Figure 7.13 The evolved GSMA subscription management architecture (version 4) that includes the consumer environment
Figure 7.14 The GSMA RSP V1 architecture
Chapter 08
Figure 8.1 The principle of CEIR. Each of the connected operator‐specific EIRs is synchronized upon the reporting of devices in their black lists
Figure 8.2 The original Phase 1 GSM system’s protocol stack from the 1990s, added by the GPRS functionality of Release 97 from the early 2000s
Figure 8.3 The principle of the spoof GSM BTS may be based on the minimum set of the radio interface protocol stack as well as the essential protocols in connectivity and mobility management layers. In this way, all the additional functionality like encryption, frequency hopping etc. can be eliminated from the connection while the interception and relaying of the clear‐code call can be done, e.g., via a separate VoIP call
Figure 8.4 The LTE/SAE security chain includes various aspects
Figure 8.5 The C‐plane security principle of LTE/SAE
Figure 8.6 The U‐plane security principle of LTE/SAE
Figure 8.7 The M‐plane security principle of LTE/SAE
Figure 8.8 The S‐plane security principle of LTE/SAE
Figure 8.9 The correct timing for the equipment ordering has impact on the RoI
Figure 8.10 General principles of equipment manufacturing
Figure 8.11 An example of a real‐world scenario which sometimes may experience delays in commercial market entrance due to issues that are identified too late prior to launch
Figure 8.12 Issues resulting in delayed market entrance can be minimized via preliminary testing activities as soon as the equipment prototypes are ready
Figure 8.13 Process for the error ticket opening applicable to LTE/LTE‐A UE and network elements. The optimal way is to assess deeply the background information prior to the error ticket opening in order to speed up corrections
Chapter 09
Figure 9.1 An example of CGN firewall deployment based on Check Point
Figure 9.2 An example of Check Point deployment in an IPSec gateway mode, delivering the S1‐MME signalling (SCTP) and S1‐U traffic (GTP‐U over UDP)
Figure 9.3 An example of Check Point acting as a roaming gateway
Figure 9.4 An example of Check Point protecting roaming networks
Figure 9.5 The configuration for the MME intercept
Figure 9.6 The configuration for the HSS intercept
Figure 9.7 The configuration for the S‐GW and P‐GW intercept
Figure 9.8 Write‐Replace warning procedure
Figure 9.9 Kill procedure
Chapter 10
Figure 10.1 LTE‐A and WiMAX2 are the result of their own evolution paths, but can be used in a cooperative environment via data offloading and inter‐working
Guide
Cover
Table of Contents
Begin Reading
Pages
iv
xii
xiii
xiv
xv
xvi
xvii
xviii
xix
xx
xxi
xxii
xxiii
xxiv
xxv
xxvi
xxvii
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset