Secrecy in storage
Storage encryption refers to the application of cryptographic techniques on data, both during transit and while on storage media.
Storage encryption is gaining popularity among enterprises that use storage area networks (SANs). Secrecy in storage is
maintained by storing data in encrypted form. The user has to provide the key to the computer only at the beginning of a session
to access the data and it then takes care of encryption and decryption throughout the course of normal use. Hardware devices
can also be used for PCs to automatically encrypt all information stored on disk. When the computer is turned on, the user must
supply a key to the encryption hardware. The information is plain gibberish without its key thus preventing misuse if the disk is stolen.
Storage encryption is gaining popularity among enterprises that use storage area networks (SANs). Secrecy in storage is
maintained by storing data in encrypted form. The user has to provide the key to the computer only at the beginning of a session
to access the data and it then takes care of encryption and decryption throughout the course of normal use. Hardware devices
can also be used for PCs to automatically encrypt all information stored on disk. When the computer is turned on, the user must
supply a key to the encryption hardware. The information is plain gibberish without its key thus preventing misuse if the disk is stolen.
Multiple ciphers can be used for individual files and folders. The ciphers and keys should be changed frequently to ensure
security of data. However, if the user forgets a key, all of the information encrypted with it makes no sense and is rendered useless.
This is why backups of encrypted information are advised to be stored in plaintext. The data is only encrypted while in storage,
not when in use. This leaves a loophole for the attackers. The system is vulnerable to a security breach if the encryption and
decryption are done in software, or if the key is stored somewhere in the system.
Sim card is protected by
- -A PIN (Personal Identification Number)
- -A PUK (Personal Unblocking Code)
File ID is used to address/identify each specific file: 3F = Master File 7F = Dedicated File 2F = Elementary File under Master File 6F = Elementary File under Dedicated File File ID shall be assigned at the time of creation of the file
No two files under the same parent shall have the same ID
A child and any parent, anywhere in the hierarchy, shall
never have the same File IDKi can not normally be obtained directly as it
is derived from encryption algorithm stored
on SIM
The serial number and IMSI all provide a unique identification of the customer. The serial number,which is possible to obtain without
providing PIN,identifies the SIM itself.
providing PIN,identifies the SIM itself.
Threats to SIM Data:
1.Cloning SIM data for illicit use IMSI
IMSI can be obtained from SIM using scanning software
–Eaves-dropping on networks for unencrypted transmission
of the IMSI
2.Data Encryption Key (Ki)
Ki can not normally be obtained directly as it is derived from encryption algorithm stored on SIM
Security features
-authentication algorithm (A3)
-subscriber authentication key (Ki)
-cipher key generation algorithm (A8)
-cipher key (Kc)
Authentication
-Authentication involves two functional entities:
1.The SIM Card in mobile device
2.The Authentication Center (AC)
-Each subscriber is given a secret key, one copy of which is stored in the SIM card and the other in the AC
-During authentication, AC generates a random number that it sends to the mobile.
-Both mobile and AC use the random number, in conjunction with subscriber's secret key and a ciphering algorithm called A3, to generate a
number that is sent back to the AC.
-If number sent by mobile matches number calculated by AC, then subscriber is authenticated.
Encryption
A stream cipher known as the A5 algorithm.
– A5/0: no encryption.
– A5/1: original A5 algorithm used in Europe.
– A5/2: weaker encryption algorithm created for export, in removal.
– A5/3: strong encryption algorithm created as part of the 3rd Generation Partnership Project (3GPP).
Stream cipher is initialised with the Session Key (Kc) and the number of each frame.
–The same Kc is used throughout the call, but the 22-bit frame number changes during the call, thus generating a unique key stream for every frame.
The same Session Key (Kc) is used as long as the Mobile Services Switching Center (MSC) does not authenticate the Mobile Station again.
Key Generation
A8 algorithm generates 64-bit Session Key (Kc)
One Session Key (Kc) is used until the Mobile Services Switching Center (MSC) decides to authenticate the MS again
–This might take days.
A8 actually generates 128 bits of output
The last 54 bits of those 128 bits form the Session Key (Kc).
Ten zero-bits are appended to this key before it is given as input to the A5 algorithm.
The A8 algorithm is implemented in the Subscriber Identity Module (SIM).
Encryption Detailed
PIN (Personal Identification Number )
– locks the SIM card until correct code is entered
– entered incorrectly 3 times -> SIM blocked -> PUK
PUK (Personal Unblocking Code)
– resets PIN and the attempt counter
Caution: if PUK entered 10 times incorrectly, SIM is permanently disabled and the SIM must be exchanged.
Ki can not normally be obtained directly as it is derived from encryption algorithm stored on SIM
Security features
-authentication algorithm (A3)
-subscriber authentication key (Ki)
-cipher key generation algorithm (A8)
-cipher key (Kc)
Authentication
-Authentication involves two functional entities:
1.The SIM Card in mobile device
2.The Authentication Center (AC)
-Each subscriber is given a secret key, one copy of which is stored in the SIM card and the other in the AC
-During authentication, AC generates a random number that it sends to the mobile.
-Both mobile and AC use the random number, in conjunction with subscriber's secret key and a ciphering algorithm called A3, to generate a
number that is sent back to the AC.
-If number sent by mobile matches number calculated by AC, then subscriber is authenticated.
Encryption
A stream cipher known as the A5 algorithm.
– A5/0: no encryption.
– A5/1: original A5 algorithm used in Europe.
– A5/2: weaker encryption algorithm created for export, in removal.
– A5/3: strong encryption algorithm created as part of the 3rd Generation Partnership Project (3GPP).
Stream cipher is initialised with the Session Key (Kc) and the number of each frame.
–The same Kc is used throughout the call, but the 22-bit frame number changes during the call, thus generating a unique key stream for every frame.
The same Session Key (Kc) is used as long as the Mobile Services Switching Center (MSC) does not authenticate the Mobile Station again.
Key Generation
A8 algorithm generates 64-bit Session Key (Kc)
One Session Key (Kc) is used until the Mobile Services Switching Center (MSC) decides to authenticate the MS again
–This might take days.
A8 actually generates 128 bits of output
The last 54 bits of those 128 bits form the Session Key (Kc).
Ten zero-bits are appended to this key before it is given as input to the A5 algorithm.
The A8 algorithm is implemented in the Subscriber Identity Module (SIM).
Encryption Detailed
PIN (Personal Identification Number )
– locks the SIM card until correct code is entered
– entered incorrectly 3 times -> SIM blocked -> PUK
PUK (Personal Unblocking Code)
– resets PIN and the attempt counter
Caution: if PUK entered 10 times incorrectly, SIM is permanently disabled and the SIM must be exchanged.
No comments:
Post a Comment