Thursday, 5 January 2012

GPRS Security Feature, Threats and Solution

What is GPRS?

GPRS stands for General Packet Radio Service. It is a wireless data service that extends GSM data capabilities for Internet access, multimedia messaging services, and early mobile Internet applications via the wireless application protocol (WAP), as well as other wireless data services.







GPRS system architecture






GPRS Security Feature
Security services are protections and assurances that provide mitigation against various threats. They are generally known as:





  • Integrity: Integrity is a security service that assures that data cannot be altered in an unauthorized or malicious manner.


  • Confidentiality: Confidentiality is the protection of data from disclosure to unauthorized third parties.


  • Authentication: Authentication provides assurance that a party in data communication is who or what they claim to be.


  • Authorization: Authorization is a security service that ensures that a party may only perform the actions that they’re allowed to perform.


  • Availability: Availability means that data services are usable by the appropriate parties in the manner intended.



GPRS Threats and Solution




  • Subscriber Identity Confidentiality
    It may lead an active attacker to pretend to be a new serving network, to which the user has to reveal his permanent identity.

  • Subscriber Authentication
    The authentication procedure is one-way, and, thus, it does not assure that a mobile user is connected to an authentic serving network. This fact enables active attacks using a false base station identity.

  • Data and Signalling Protection
    An important weakness of the GPRS security architecture is related to the fact that the encryption of signalling and user data over the highly exposed radio interface is not mandatory. Causing signalling and data traffic are conveyed in clear-text over the radio path.


Let's look at the solution.




  • Identity Confidentiality
    To limit the exposure of the permanent identities (IMSI) of mobile users over the vulnerable radio interface, the additional usage of two complementary temporary identities for each mobile subscriber that is attached to the network has been proposed


  • Signalling Protection
    To address the lack of security measures in the signalling plane of the GPRS backbone, we propose the incorporation of the Network Domain Security (NDS) features into the GPRS security architecture. NDS features, which have been designed for the latter version of UMTS, ensure that signalling exchanges in the backbone network, as well as in the whole wire line network are protected.



Reference


netscreen.com

Posted by at

1 comment:

  1. wallace5 January 2012 at 11:23

    Theres also threat from internet like trojan, viruses and worm that could cause security problem

    ReplyDelete

Subscribe to: Post Comments (Atom)