diff options
Diffstat (limited to '2010/gsm-deepsec2010')
-rw-r--r-- | 2010/gsm-deepsec2010/abstract.txt | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/2010/gsm-deepsec2010/abstract.txt b/2010/gsm-deepsec2010/abstract.txt new file mode 100644 index 0000000..38eb15b --- /dev/null +++ b/2010/gsm-deepsec2010/abstract.txt @@ -0,0 +1,55 @@ +Deepsec 2010 GSM Security Workshop +====================================================================== + + +* attacks from malicious phone + * RACH DoS using OsmocomBB + * IMSI DETACH flood + * L2 fuzzing + * BSC fuzzing using RR messages + * MSC fuzzing using MM / CC messages + * use 'emergency call' RACH but then regular SETUP +* passive attacks + * GSM intercept using airprobe + * extended GSM intercept with A5/1 decryption + +* best security practises when deploying GSM + * TMSI reallocation as often as possible + * VLR large enough to never expire VLR records + * offer A5/3 + * don't offer A5/2 + * randomized padding of L2 frames + * encrypted/authenticated backhaul + * heuristics-based IMSI DETACH protection or DETACH disable + * use 'late assignment' of TCH + * use SMS over GPRS whenever possible + * do SDCCH-reassignment on CS-SMS + * always use frequency hopping over wide spectrum + * make SI5/SI6 on SACCH less predictable + * offer GEA3 and use whenever possible + + +In recent years, we have seen a significant increase of research in GSM +protocol-level and cryptographic security attacks: The existing theoretical +weaknesses of A5/1 have been implemented and proven as practical, rainbow +tables have been computed and distributed widely on the internet. A new +open-source GSM baseband software facilitates fine-grained control over all +information sent from a malicious user, enabling protocol fuzzing and flooding +attacks. + +However, the publicly available attack tools are hard to use, and it is +difficult to reproduce the published attacks and assess how easy it is to +perform which type of attack on GSM networks. + +This two-day workshop will re-visit all GSM security features and their +publicly know weaknesses. It will introduce and demonstrate the various +publicly available attack tools; Workshop participants will be trained +by the creators of the attack tools on how to use them against actual GSM +networks. + +After extensive hands-on sessions performing the various attacks, +counter-measures will be presented, followed by a discussion of the best +current practises for configuring a secure-as-possible GSM network. + +The target audience of this workshop is GSM network operators and IT security +consultants in the telecommunications industry. |