summaryrefslogtreecommitdiff
path: root/2010/gsm-deepsec2010
diff options
context:
space:
mode:
Diffstat (limited to '2010/gsm-deepsec2010')
-rw-r--r--2010/gsm-deepsec2010/abstract.txt55
1 files changed, 55 insertions, 0 deletions
diff --git a/2010/gsm-deepsec2010/abstract.txt b/2010/gsm-deepsec2010/abstract.txt
new file mode 100644
index 0000000..38eb15b
--- /dev/null
+++ b/2010/gsm-deepsec2010/abstract.txt
@@ -0,0 +1,55 @@
+Deepsec 2010 GSM Security Workshop
+======================================================================
+
+
+* attacks from malicious phone
+ * RACH DoS using OsmocomBB
+ * IMSI DETACH flood
+ * L2 fuzzing
+ * BSC fuzzing using RR messages
+ * MSC fuzzing using MM / CC messages
+ * use 'emergency call' RACH but then regular SETUP
+* passive attacks
+ * GSM intercept using airprobe
+ * extended GSM intercept with A5/1 decryption
+
+* best security practises when deploying GSM
+ * TMSI reallocation as often as possible
+ * VLR large enough to never expire VLR records
+ * offer A5/3
+ * don't offer A5/2
+ * randomized padding of L2 frames
+ * encrypted/authenticated backhaul
+ * heuristics-based IMSI DETACH protection or DETACH disable
+ * use 'late assignment' of TCH
+ * use SMS over GPRS whenever possible
+ * do SDCCH-reassignment on CS-SMS
+ * always use frequency hopping over wide spectrum
+ * make SI5/SI6 on SACCH less predictable
+ * offer GEA3 and use whenever possible
+
+
+In recent years, we have seen a significant increase of research in GSM
+protocol-level and cryptographic security attacks: The existing theoretical
+weaknesses of A5/1 have been implemented and proven as practical, rainbow
+tables have been computed and distributed widely on the internet. A new
+open-source GSM baseband software facilitates fine-grained control over all
+information sent from a malicious user, enabling protocol fuzzing and flooding
+attacks.
+
+However, the publicly available attack tools are hard to use, and it is
+difficult to reproduce the published attacks and assess how easy it is to
+perform which type of attack on GSM networks.
+
+This two-day workshop will re-visit all GSM security features and their
+publicly know weaknesses. It will introduce and demonstrate the various
+publicly available attack tools; Workshop participants will be trained
+by the creators of the attack tools on how to use them against actual GSM
+networks.
+
+After extensive hands-on sessions performing the various attacks,
+counter-measures will be presented, followed by a discussion of the best
+current practises for configuring a secure-as-possible GSM network.
+
+The target audience of this workshop is GSM network operators and IT security
+consultants in the telecommunications industry.
personal git repositories of Harald Welte. Your mileage may vary