Term
| What does GSM provide security for? |
|
Definition
|
|
Term
| What was the purpose of designing GSM? |
|
Definition
| To be as secure as wired networks |
|
|
Term
| When was lawful interception considered? |
|
Definition
|
|
Term
| Where the limitations of GSM considered? |
|
Definition
|
|
Term
| Why was radio channel hijack still a problem? |
|
Definition
| Because it relies on encryption, but encryption isn't necessarily used |
|
|
Term
| Where is trust misplaced? |
|
Definition
| Terminal identity, it's an unsecured environment |
|
|
Term
| GSM is inflexible, what does this mean? |
|
Definition
| Hard to upgrade and improve security function over time |
|
|
Term
|
Definition
| There is none that security is being applied |
|
|
Term
| There's 4 problems with the crypto, what are they? |
|
Definition
Lack of opennes in design of A5/1
Misplaced belief in the effectiveness of crypto
Key length is too short but hard to be updated
THe frames are XORed with the keystream |
|
|
Term
| Summarise the limitations of GSM Security (9) |
|
Definition
There's only access security
Not addressing active attacks
Only as secure as fixed networks
Lawful interception was an afterthought
The encryption that was needed to guard against radio channel hijack isn't necessarily used
Trust in the terminal identity is misplaced
Inadequate flexibility to upgrade and improve security
Lack of visibility
Shit crypto |
|
|
Term
|
Definition
- Cryptography ended too quickly
- Shit crypto
- You can camp on a false BTS
- Network keys are sent in cleartext |
|
|
Term
|
Definition
- Eavesdropping
- Impersonation of user
- Impersonation of network
- Man in the middle
- Compromising auth vectors |
|
|
