Documente Academic
Documente Profesional
Documente Cultură
GSM - Architecture
GSM networks have of many functional units. These functions and interfaces are explained in
this chapter. The GSM network can be broadly divided into:
The additional components of the GSM architecture include of databases and messaging
systems functions:
MSC(mobile switching center : used for setup and clear down voice call, Deliver text messages and
tracking of mobile under its management.
GSM - Operations
Once a Mobile Station initiates a call, a series of events takes place. Analyzing these events can
give an insight into the operation of the GSM system.
The MSC/VLR checks if the mobile station is authorized to access the network. If so, the mobile
station is activated. If the mobile station is not authorized, then the service will be denied.
MSC/VLR analyzes the number and initiates a call setup with the PSTN.
MSC/VLR asks the corresponding BSC to allocate a traffic channel (a radio channel and a time slot).
The BSC allocates the traffic channel and passes the information to the mobile station.
The called party answers the call and the conversation takes place.
The mobile station keeps on taking measurements of the radio channels in the present cell and the
neighbouring cells and passes the information to the BSC. The BSC decides if a handover is
required. If so, a new traffic channel is allocated to the mobile station and the handover takes place.
If handover is not required, the mobile station continues to transmit in the same frequency.
PSTN to Mobile Phone
When a PSTN subscriber calls a mobile station, the following sequence of events takes place:
The Gateway MSC receives the call and queries the HLR for the information needed to route the call
to the serving MSC/VLR.
The MSC checks the VLR for the location area of the MS.
The MSC contacts the MS via the BSC through a broadcast message, that is, through a paging
request.
The BSC allocates a traffic channel and sends a message to the MS to tune to the channel. The MS
generates a ringing signal and, after the subscriber answers, the speech connection is established.
To transmit the sp;heech over the radio channel in the stipulated time, the MS codes it at the
rate of 13 Kbps. The BSC transcodes the speech to 64 Kbps and sends it over a land link or a
radio link to the MSC. The MSC then forwards the speech data to the PSTN. In the reverse
direction, the speech is received at 64 Kbps at the BSC and the BSC transcodes it to 13 Kbps
for radio transmission.
GSM supports 9.6 Kbps data that can be channelled in one TDMA timeslot. To supply higher
data rates, many enhancements were done to the GSM standards (GSM Phase 2 and GSM Phase
Genuine
k
Security Mechanisms in GSM (2G)
GSM has a lot of security systems to build safe communication. It includes a lot of different types of
algorithms and different type of devices.
The main security measurements of GSM security can be written in 4 principles;
1. Authentication of a user; it provides the ability for mobile equipment to prove that it has
access to a particular account with the operator.
2. Ciphering of the data and signaling; it requires that all signaling and user data (such as
text messages and speech) are protected against interception by means of ciphering.
3. Confidentiality of a user identity; it provides IMSI’s (international mobile subscriber
identity) security. GSM communication uses IMSI rarely, it uses TMSI (Temporary Mobile
Subscriber Identity) to provide more secure communication and to avoid disclosing of user’s
identity. This means someone intercepting communications should not be able to learn if a
particular mobile user is in the area.
4. Using SIM as security module; Incase SIM card was taken by opponent, there is still
PIN code measurement.
A3 and A8 Algorithms
A3 and A8 algorithms are A3 and A8 algorithms are symmetric algorithms which the encryption
and decryption use the same key. Both of the algorithms are one way function, it means that
output can be found if the inputs are known but it is mostly impossible to find inputs incase the
output is known. A3 and A8 algorithms are kept and implemented in SIM card
The SIM itself is protected by an optional PIN code. The PIN is entered on the phone’s keypad,
and passed to the SIM for verification. If the code does not match with the PIN stored by the
SIM, the SIM informs the user that code was invalid, and refuses to perform authentication
functions until the correct PIN is entered. To further enhance security, the SIM normally “locks
out” the PIN after a number of invalid attempts (normally 3). After this, a PUK (PIN Unlock)
code is required to be entered, which must be obtained from the operator. If the PUK is entered
incorrectly a number of times (normally 10), the SIM refuses local access to privileged
information (and authentication functions) permanently, rendering the SIM useless.
Therefore the SIM card contains all of the details necessary to obtain access to a particular
account. It contains 4 important information; IMSI, Ki, A3 and A8 algorithms
Ki: Root encryption key. This is a randomly generated 128-bit number allocated to a particular
subscriber that seeds the generation of all keys and challenges used in the GSM system. The Ki
is highly protected, and isk only known in the SIM and the network’s AuC (Authentication
Centre). The phone itself never learns of the Ki, and simply feeds the SIM the information it
needs to know to perform the authentication or generate ciphering keys. Authentication and key
generation is performed in the SIM, which is possible because the SIM is an intelligent device
with a microprocessor.
A3 Algorithm:
It provides authentication to the user that it has privilege to access the system. The network
authenticates the subscriber through the use of a challenge-response method.
Firstly, a 128 bit random ;gnumber (RAND) is transmitted to the mobile station over the air
hinterface. The RAND is passed to the SIM card, where it is sent through the A3 authentication
algorithm together with the KI. The output of the A3 algorithm, the signed response (SRES) is
transmitted via the air interface from the mobile station back to the network. On the network, the
AuC compares its value of SRES with the value of SRES it has received from the mobile station.
If the two values of SRES match, authentication is successful and the subscriber joins the
network. The AuC actually doesn’t store a copy of SRES but queries the HLR or the VLR for it,
as needed
Figure 4: A3 Algorithm
A8 Algorithm:
GSM makes use of a ciphering key to protect both user data and signaling on the vulnerable air
interface. Once the user is authenticated, the RAND (delivered from the network) together with
the Ki (from the SIM) is sent through the A8 ciphering key generating algorithm, to produce a
ciphering key (Kc). The A8 algorithm is stored on the SIM card. The Kc created by the A8
algorithm, is then used with the A5 ciphering algorithm to encipher or decipher the data. The A5
algorithm is implemented in the hardware of the mobile phone, as it has to encrypt and decrypt
data on the air
Whenever the A3 algorithm runs to generate SRES, the A8 algorithm is run as well The A8
algorithm uses the RAND and Ki as input to generate a 64-bit ciphering key, the Kc, which is
then stored in the SIM and readable by the phone. The network also generates the Kc and
distributes it to the base station (BTS) handling the connection
- Ki is the 128-bit Individual Subscriber Authentication Key utilized as a secret key shared between the Mobile
Station and the Home Location Register of the subscriber’s home network.
- RAND is 128-bit random challenge generated by the Home Location Register.
- SRES is the 32-bit Signed Response generated by the Mobile Station and the Mobile Services Switching
Center.
- Kc is the 64-bit ciphering key used as a Session Key for encryption of the over-the-air channel. Kc is
generated by the Mobile Station from the random challenge presented by the GSM network and the Ki from
the SIM utilizing the A8 algorithm.
COMP128
COMP128 is hash function which is an implementation of the A3 and A8 algorithms in the GSM
standard.
The COMP128 takes the RAND and the Ki as input; it generates 128 bits of output. The first 32
bits of the 128 bits form the SRES response; the last 54 bits of the COMP128 output form the
session key
A5 Algorithm
A5 is a stream cipher which can be implemented very efficiently on hardware. There exist
several implementations of this algorithm, the most commonly used ones are A5/0, A5/1 and
A5/2 (A5/3 is used in 3G systems). The reason for the different implementations is due to
export restrictions of encryption technologies. A5/1 is the strongest version and is used widely
in Western Europe and America, while the A5/2 is commonly used in Asia. Countries under UN
Sanctions and certain third world countries use the A5/0, which comes with no encryption.
The algorithm takes 228 bits of plain text as input and outputs 228 bits of cipher text. Each block of
228 bits is called a ”frame”, where the first 114 bits represents data sent from unit A to unit B, and the
last 114 bits are data received by unit A from unit B. Each frame has a duration of 4.615 ms, allowing
2ˆ8 frames to be sent every second[8]. Over time, several A5-versions have been developed, but they all
share the same main idea. a A5 algorithm takes the session key Kc (symmetric) and a frame counter
Fn, and generates 228 pseudo random bits (PRAND), called a key stream. The key stream is then
XORed with a 228 bit segment of plain text, yielding 228 bits of ciphertext. Figure 1 shows a schema of
the A5 data flow.
As a stream cipher, A5 works on a bit by bit basis (and not on blocks, as DES and AES). So, an
error in the received cipher text will only result in the corresponding plaintext bit being in error.
None of the algorithms are published by GSM Association. They are all discovered by using
reverse engineering methods.
Over-the-air privacy of GSM telephone conversations is protected using the A5 stream cipher
Figure A5 algorithm
Kc is the key which was produced by A8 algorithm. Plaintext is the data which is wanted to
transmit. Fn is the frame bits which come from LFSR (Linear Feedback Shift Register) process.
The encryption itself is just a simple XOR operation for each bit, which may seem very naive. If the
encryption itself is simple, what makes A5 secure? In A5, it is the generation of pseudo random bits
(function GEN in figure 1) that is important. The different A5-versions offer different levels of security by
implement GEN differently.
Weakness of GSM Security
1. First of all, most of the operators do not have expertise enough to create new A3/8
algorithms. So they use COMP128 function without even changing it. This is big security
problem because all the COMP128 function has found by reverse engineering.
2. Moreover, authentication query only exists BTS-MS communication. There is no
authentication for MS-BTS. It means that, fake base stations can behave like real BTS and
MS will answer each SRES request from them. The network does not authenticate itself to a
phone. This is the most serious fault in GSM security, which allows a man-in-the-middle
attack.
3. Another serious vulnerability of the GSM is the lack of proper Caller ID or Sender ID
verification. In other words, the caller number or SMS sender number could be spoofed. The
caller ID and the voice is transmitted in different channels. So, Called ID or SMS ID can be
spoofed.
4. Weak authentication and encryption algorithms (COMP128 has a weakness allowing user
impersonation; A5 can be broken to reveal the cipher key)
5. No network authentication (false base station attack possible)
6. Limited encryption scope (Encryption terminated at the base station, in clear on microwave
hklink s)k
UMTS (3G)
UMTS (Universal Mobile oTelecommunications Service) is a third-generation
(3G) broadband, packet-based transmission of text, digitized voice, video, and multimedia at data
rates up to 2 megabits per second (Mbps).
UMTS uses wideband code division multiple access (W-CDMA) radio access
technology to provide greater spectral efficiency and bandwidth mobile network
operators.
The main idea behind 3G is to prepare a universal infrastructure able to carry
existing and also future services. The infrastructure should be so designed that
technology changes and evolution can be adapted to the network without
causing uncertainties to the existing services using the existing network
structure.
UMTS Architecture
The UMTS network architecture can be divided into three main elements:
User Equipment (UE): The User Equipment or UE is the name given to what was
previous termed the mobile, or cellphone. The new name was chosen because the
considerably greater functionality that the UE could have. It could also be anything
between a mobile phone used for talking to a data terminal attached to a computer
with no voice capability.
Radio Network Subsystem (RNS): The RNS also known as the UMTS Radio Access
Network, UTRAN, is the equivalent of the previous Base Station Subsystem or BSS in
GSM. It provides and manages the air interface for the overall network.
Core Network: The core network provides all the central processing and
management for the system. It is the equivalent of the GSM Network Switching
Subsystem or NSS.
The core network is then the overall entity that interfaces to external networks
including the public phone network and other cellular telecommunications networks.
1. User Equipment, UE
The USER Equipment or UE is a major element of the overall 3G UMTS network
architecture. It forms the final interface with the user
There are a number of elements within the UE that can be described separately:
UE RF circuitry: The RF areas handle all elements of the signal, both for the
receiver and for the transmitter
Baseband processing: The base-band signal processing consists mainly of
digital circuitry
Battery: While current consumption has been minimised as far as possible
within the circuitry of the phone, there has been an increase in current drain on
the battery
l Subscriber Identity Module, USIM: The UE also contains a SIM card, although
in the case of UMTS it is termed a USIM (Universal Subscriber Identity Module).
This is a more advanced version of the SIM card used in GSM and other systems,
but embodies the same types of information. It contains the International Mobile
Subscriber Identity number (IMSI) as well as the Mobile Station International
ISDN Number (MSISDN)
The radio network subsystem is also known as the UMTS Radio Access Network or
UTRAN.
In view of the different ways in which data may be carried, the UMTS core network may
be split into two different areas:
Circuit switched elements: These elements are primarily based on the GSM network
entities and carry data in a circuit switched manner, i.e. a permanent channel for the
duration of the call.
Packet switched elements: These network entities are designed to carry packet
data. This enables much higher network usage as the capacity can be shared and
data is carried as packets which are routed according to their destination.
Some network elements, particularly those that are associated with registration are
shared by both domains and operate in the same way that they did with GSM.
Serving GPRS Support Node (SGSN): The SGSN provides a number of functions within
the UMTS network architecture.
Mobility management
Session management:
Interaction with other areas of the n
Billing
Shared elements
The shared elements of the 3G UMTS core network architecture include the following
network entities:
Home location register (HLR): This database contains all the administrative
information about each subscriber along with their last known location. In this way,
the UMTS network is able to route calls to the relevant RNC / Node B. When a user
switches on their UE, it registers with the network and from this it is possible to
determine which Node B it communicates with so that incoming calls can be routed
appropriately. Even when the UE is not active (but switched on) it re-registers
periodically to ensure that the network (HLR) is aware of its latest position with their
current or last known location on the network.
Equipment identity register (EIR): The EIR is the entity that decides whether given
UE equipment may be allowed onto the network. Each UE equipment has a number
known as the International Mobile Equipment Identity. This number, as mentioned
above, is installed in the equipment and is checked by the network during
registration.
Authentication center (AuC) : The AuC is a protected database that contains the
secret key also contained in the user's USIM card.
1. Network Access Security: This feature enables users to securely access services provided by
the 3G network. This feature is responsible for providing identity confidentiality,
authentication of users, confidentiality, integrity and mobile equipment authentication. ; User
Identity confidentiality is obtained by using a temporary identity called the International
Mobile User Identity. Authentication is achieved using a challenge response method using a
secret key. Confidentiality is obtained by means of a secret Cipher Key (CK) which is
exchanged as part of the Authentication and Key Agreement Process (AKA). Integrity is
provided using an integrity algorithm and an integrity key (IK). Equipment identification is
achieved using the International Mobile Equipment Identifier (IMEI)
2. Network Domain Security: This feature enables nodes in the provider domain to securely
exchange signaling data, and prevent attacks on the wired network
3. User Domain Security: This feature enables a user to securely connect to mobile stations
4. Application Security: This feature enables applications in the user domain and the provider
domain to securely
5. Visibility And Configurability Of Security: This feature allows users to enquire what
security features are available
UMTS Authentication
The UMTS Authentication and Key Agreement (UMTS AKA) mechanism is responsible for
providing authentication and key agreement using the challenge/response mechanism.
Challenge/Response is a mechanism where one entity in the network proves to another entity that
it knows the password without revealing it. AKA provides mutual authentication for the user and
the network. Also, the user and the network agree upon a cipher key (CK) and an integrity key
(IK) which are used until their Control Signaling Communication between the mobile station and
the network is sensitive and therefore its integrity must be protected. This is done using the
UMTS Integrity Algorithm (UIA) which is implemented both in the mobile station and the
RNC. This is known as the f9 algorithm which is used to protect data integrity and authenticate
the data origin of signaling data at the RRC layer. FIRST the F9 algorithm in the user
equipment calculates a 32 bit MAC-I for data integrity using the signaling message as an input
parameter This, along with the original signal message is sent to the RNC, where the XMAC-I is
calculated and then compared to the MAC-I. If both are same, then we know that the integrity of
the message has not been compromised
Integrity Key(IK): The length of IK is 128 bits.
One time random number (FRESH): The length of fresh is 32 bits.The same IK
may be used for several consecutive connections. This fresh value is input to the algorithm
to assure the network side that the user is not replaying old MAC-ls.
UMTS CONFIDENTIALITY
The confidentiality algorithm is known as f8 and it operates on the signaling data as well as the
user data. The user's device uses a Cipher Key CK and some other information and calculates an
output bit stream. Then this output stream is xored bit by bit with the data stream to generate a
cipher stream. This stream is then transmitted to the RNC, where the RNC uses the same CK and
input as the user's device and the f8 algorithm to calculate the output stream. This is then xored
with the cipher stream to get the original data stream.
For more information on the inputs to the f8 and f9 algorithms, please refer to [Xenakis04]. A
block cipher known as the KASUMI cipher is central to both the f9 and the f8 algorithm. This
cipher is based on the feistel structure using 64 bit data blocks and a 128 bit key.
It has eight rounds of processing, with the plain text (can be any form of data) as input to the first
round and the cipher text the result after the last round. An encryption key is used to generate
round keys (KLi,KOi,KIi) for each round Each round calculates a separate function since the
round keys are different. The same algorithm is used for encryption and decryption. The
KASUMI cipher is based on the MISTY1 cipher which was chosen by 3GPP due to its proven
security against many advanced cipher breaking techniques. It has been optimized for hardware
implementation which is important concerning the hardware constraints of cellular devices, such
as limited power and limited memory.
Problems with 3G(UMTS) Security
1. All that can happen to a fixed host attached to the Internet could happen to a 3G terminal
2. IMSI is sent in clear text when the user is registering for the first time in the serving
network (trusted third party can be a solution)
3. A user can be enticed to camp on a false BS. Once the user camps on the radio channels
of a false BS, the user is out of reach of the paging signals of SN
4. Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The
intruder poses as a man-in-the-middle and drops the user once the call is set-up
CHAPTER-FOUR
Biometric Security
Biometrics is a technology used to identify, analyze, and measure an individual’s physical and behavioral
characteristics
Biometric security is a security mechanism used to authenticate and provide access to a facility
or system based on the automatic and direct verification of an individual's physical
characteristics. Because biometric security evaluates an individual’s bodily elements or
biological data, it is the strongest and most foolproof physical security technique used for
identity verification.
Biometric security-based systems or engines store human body characteristics that do not change
over an individual's lifetime. These include fingerprints, eye texture, voice, hand patterns and
facial recognition.
Biometric authentication refers to verifying individuals based on their physiological and
behavioral characteristics such as face, fingerprint, hand geometry, iris, keystroke, signature,
voice, etc. It is inherently more reliable than password-based authentication, as biometric
characteristics cannot be lost or forgotten (cf. passwords being lost or forgotten); they are
extremely difficult to copy, share, and distribute
Biometrics is used for authenticating and authorizing a person. Though these terms are often
coupled; they mean different.
Authentication (Identification)
This process tries to find out answer of question, “Are you the same who you are claiming to
be?”, or, “Do I know you?” This is one-to-many matching and comparison of a person’s
biometrics with the whole database.
Verification
This is the one-to-one process of matching where live sample entered by the candidate is
compared with a previously stored template in the database. If both are matching with more
than 70% agreeable similarity, then the verification is successful.
Authorization
It is the process of assigning access rights to the authenticated or verified users. It tries to find
out the answer for the question, “Are you eligible to have certain rights to access this resource?”
For example,
A Metal Oxide Semiconductor (CMOS) imager or a Charge Coupled Device (CCD) in the case of
face recognition, handprint recognition, or iris/retinal recognition systems.
Processing Unit
The processing component is a microprocessor, Digital Signal Processor (DSP), or computer
that processes the data captured from the sensors.
Feature extraction
Output Interface
The output interface communicates the decision of the biometric system to enable the access to
the user. This can be a simple serial communication protocol RS232, or the higher bandwidth
USB protocol. It could also be TCP/IP protocol, Radio Frequency Identification (RFID),
Bluetooth, or one of the many cellular protocols.
Law enforcement.
Biometrics – Modalities/types
A biometric modality is nothing but a category of a biometric system depending upon the
type of human trait it takes as input.
Physiological
Behavioral
The following table collects the points that differentiate these three modalities −
Physiological Modalities
As depicted earlier, the physiological modalities are based on the direct measurement of parts of
human body such as iris, fingerprint, shape, and position of fingers, etc.
There are some physical traits which remain unaltered throughout a person’s life. They can be
an excellent resource for identification of an individual.
Every person has a unique fingerprint which is composed of ridges, grooves, and direction of
the lines. There are three basic patterns of ridges namely, arch, loop, and whorl. The
uniqueness of fingerprint is determined by these features as well as minutiae features such as
bifurcation and spots (ridge endings).
Fingerprint is one of oldest and most popular recognition technique. Fingerprint matching
techniques are of three types −
Minutiae Based Techniques − In these minutiae points are found and then mapped to their relative
position on finger. There are some difficulties such as if image is of low quality, then it is difficult to
find minutiae points correctly. Another difficulty is, it considers local position of ridges and furrows;
not global.
Correlation Based Method − It uses richer gray scale information. It overcomes problems of
minutiae-based method, by being able to work with bad quality data. But it has some of its own
problems like localization of points.
Pattern Based (Image Based) Matching − Pattern based algorithms compare the basic fingerprint
patterns (arch, whorl, and loop) between a stored template and a candidate fingerprint.
They leave the pattern of finger behind at the time of entering sample.
Applications of Finger Recognition System
Verification of driver-license authenticity.
Facial Metrics − In this type, the distances between pupils or from nose to lip or chin are measured.
Eigen faces − It is the process of analyzing the overall face image as a weighted combination of a
number of faces.
Skin Texture Analysis − The unique lines, patterns, and spots apparent in a person’s skin are
located.
If a candidate face shows different expressions such as light smile, then it can affect the result.
Human-Computer Interaction.
Criminal Identification.
Surveillance.
It involves taking the picture of iris with a capable camera, storing it, and comparing the same
with the candidate eyes using mathematical algorithms
It is highly scalable as the iris pattern remains same throughout a person’s lifetime.
The candidate need not remove glasses or contact lenses; they do not hamper the accuracy of the
system.
A person is required to keep his/her head very still for accurate scanning.
Applications of Iris Recognition System
National security and Identity cards such as Adhaar card in India.
Behavioral Modalities
Behavioral biometrics l to the behavior shown by people or the manner in which people
perform tasks such as walking, signing, and typing on the keyboard.
Behavioral biometrics modalities have higher variations as they primarily depend on the
external factors such as fatigue, mood, etc. This causes higher FAR and FRR as compared to
solutions based on a physiological biometrics.
Gait Recognition
Gait is the manner of a person’s walking. People show different traits while walking such as
body posture, distance between two feet while walking, swaying, etc., which help to recognize
them uniquely.
;A gait recognition based on the analyzing the video images of candidate’s walk. The sample of
candidate’s walk cycle is recorded by Video. The sample is then analyzed for position of joints
such as knees and ankles, and the angles made between them while walking.
A respective mathematical model is created for every candidate person and stored in the
database. At the time of verification, this model is compared with the live sample of the
candidate walk to determine its identity
The behavioral patterns include the changes in the timing of writing, pauses, pressure, direction
of strokes, and speed during the course of signing. It could be easy to duplicate the graphical
appearance of the signature but it is not easy to imitate the signature with the same behavior the
person shows while signing.
This technology consists of a pen and a specialized writing tablet, both connected to a computer
for template comparison and verification. A high quality tablet can capture the behavioral traits
such as speed, pressure, and timing while signing.
The Chase Manhattan Bank, Chicago is known as the first bank to adopt Signature Recognition
technology.
Voice Recognition
Voice recognition biometric modality is a combination of both physiological and behavioral
modalities. Voice recognition is nothing but sound recognition. It relies on features influenced
by −
Physiological Component − Physical shape, size, and health of a person’s vocal cord, and lips, teeth,
tongue, and mouth cavity.
Behavioral Component − Emotional status of the person while speaking, accents, tone, pitch, pace
of talking, mumbling, etc.
It is easy to implement.
Demerits of Voice Recognition
It is susceptible to quality of microphone and noise.
The inability to control the factors affecting the input system can significantly decrease performance.
Some speaker verification systems are also susceptible to spoofing attacks through recorded voice.
Working with Interactive Voice Response (IRV)-based banking and health systems.
Uniqueness − It determines how uniquely a biometric system can recognize a user from a group of
users. It is a primary criterion.
Universality − It indicates requirement for unique characteristics of each person in the world, which
cannot be reproduced. It is a secondary criterion.
Permanence − It indicates that a personal trait recorded needs to be constant in the database for a
certain time period.
Collectability − It is the ease at which a person’s trait can be acquired, measured, or processed
further.
Performance − It is the efficiency of system in terms of accuracy, speed, fault handling, and
robustness.
Acceptability − It is the user-friendliness, or how good the users accept the technology such that they
are cooperative to let their biometric trait captured and assessed.
Circumvention − It is the ease with which a trait is possibly copied using an artifact or substitute.
The more vulnerable a biometric system is, the more insecure it is.
System Failures
There are two ways in which a biometric system can fail to work −
Intrinsic failures − They are failures such as non-working sensors, failure of feature extraction,
matching, or decision making modules, etc.
Failures due to attacks − They are due to loopholes in the biometric system design, availability of
any computations to the attackers, insider attacks from unethical system administrators, etc.
Non-secure Infrastructure
The biometric system can be accessible to malicious users if its hardware, software, and
user data are not safeguarded
Biometric System Security
A number of solutions are proposed to address the biometric system security issue. Biometric
templates are never stored in the raw form. They are encrypted; sometimes even twice.
In the case of biometrics, there are various resources involved such as humans (subjects or
candidates), entities (system components or processes), and biometric data (information). The
security requirements of confidentiality, integrity, authenticity, non-repudiation,
and availability are essential in biometrics. Let us go through them briefly
Authenticity
It is the quality or the state of being pure, genuine, or original, rather than being reproduced.
Information is authentic when it is in the same state and quality when it was created, stored, or
transferred.
There are two authenticities in a biometric system − entity authenticity and data origin
authenticity. Entity authenticity confirms that all entities involved in the overall processing are
the ones they claim to be. Data origin authenticity ensures genuineness and originality of data.
For example, the biometrics data is captured with sensor devices. The captured data that came
from a genuine sensor is not spoofed from a previous recording.
Confidentiality
It is limiting information access and disclosure to authorized users and preventing access by or
disclosure to unauthorized people. In cases of a biometric system, it mainly refers to biometric
and related authentication information when it is captured and stored, which needs to be kept
secret from unauthorized entities.
The biometric information should only be accessible completely to the person it belongs.
During identification and variation, the accessing candidate needs to be restricted with
appropriate security measures.
Integrity
It is the condition of being complete and unaltered that refers to its consistency, accuracy, and
correctness. For a biometric system, the integrity should be high. Any malicious manipulations
during operation and storage should be kept away or detected earliest by including its
notification and correction.
Non-repudiation
It is identification of involved resources such as entities and components. It is also seen as
accountability. For example, it prohibits a sender or a recipient of biometric information from
denying having sent or received biometric information.
Availability
A resource has the property of availability with respect to a set of entities if all members of the
set can access the resource. An aspect called reachabilityensures that the humans or system
processes either can or cannot be contacted, depending on user interests.
Attackers can make the system unusable for genuine users, thus preventing them from using
authenticated applications. These attackers target the availability of the information.
some of the common reasons for biometric signal/representation variations.
1 Inconsistent Presentation: The signal captured by the sensor from a biometric identifier
depends upon both the
intrinsic identifier characteristic as well as the way the identifier was presented. Thus, an
acquired biometric signal
is a nondeterministic composition of physiological trait, the user characteristic behavior, and the
user interaction
facilitated by the acquisition interface
Temporary identification numbers are assigned to the subscriber’s number to maintain the
privacy of the user. The privacy of the communication is maintained by applying encryption
algorithms and frequency hopping that can be enabled using digital systems and signalling.
This chapter gives an outline of the security measures implemented for GSM subscribers.
The calculation of the signed response is processed within the SIM. It provides enhanced
security, as confidential subscriber information such as the IMSI or the individual subscriber
authentication key (Ki) is never released from the SIM during the authentication process.
GSM provides an additional level of security by having a way to change the ciphering key,
making the system more resistant to eavesdropping. The ciphering key may be changed at
regular intervals as required. As in case of the authentication process, the computation of the
ciphering key (Kc) takes place internally within the SIM. Therefore, sensitive information such
as the individual subscriber authentication key (Ki) is never revealed by the SIM.
Encrypted voice and data communications between the MS and the network is accomplished by
using the ciphering algorithm A5. Encrypted communication is initiated by a ciphering mode
request command from the GSM network. Upon receipt of this command, the mobile station
begins encryption and decryption of data using the ciphering algorithm (A5) and the ciphering
key (Kc).
Web services are self-contained, modular, distributed, dynamic applications that can be described, published,
located, or invoked over the network to create products, processes, and supply chains. These applications can
be local, distributed, or web-based. Web services are built on top of open standards such as TCP/IP, HTTP,
Java, HTML, and XML.
Web services are XML-based information exchange systems that use the Internet for direct application-to-
application interaction. These systems can include programs, objects, messages, or documents
XML-Based
Web services use XML at data representation and data transportation layers. Using XML
eliminates any networking, operating system, or platform binding. Web services based
applications are highly interoperable at their core level.
Loosely Coupled
A consumer of a web service is not tied to that web service directly. The web service
interface can change over time without compromising the client's ability to interact with
the service. A tightly coupled system implies that the client and server logic are closely
tied to one another, implying that if one interface changes, the other must be updated.
Adopting a loosely coupled architecture tends to make software systems more
manageable and allows simpler integration between different systems.
Coarse-Grained
Object-oriented technologies such as Java expose their services through individual
methods. An individual method is too fine an operation to provide any useful capability
at a corporate level. Building a Java program from scratch requires the creation of
several fine-grained methods that are then composed into a coarse-grained service that is
consumed by either a client or another service.
Businesses and the interfaces that they expose should be coarse-grained. Web services
technology provides a natural way of defining coarse-grained services that access the
right amount of business logic.
Ability to be Synchronous or Asynchronous
Synchronicity refers to the binding of the client to the execution of the service. In
synchronous invocations, the client blocks and waits for the service to complete its
operation before continuing. Asynchronous operations allow a client to invoke a service
and then execute other functions.
Asynchronous clients retrieve their result at a later point in time, while synchronous
clients receive their result when the service has completed. Asynchronous capability is a
key factor in enabling loosely coupled systems.
Supports Remote Procedure Calls(RPCs)
Web services allow clients to invoke procedures, functions, and methods on remote
objects using an XML-based protocol. Remote procedures expose input and output
parameters that a web service must support.
Component development through Enterprise JavaBeans (EJBs) and .NET Components
has increasingly become a part of architectures and enterprise deployments over the past
couple of years. Both technologies are distributed and accessible through a variety of
RPC mechanisms.
A web service supports RPC by providing services of its own, equivalent to those of a
traditional component, or by translating incoming invocations into an invocation of an
EJB or a .NET component.
Supports Document Exchange
One of the key advantages of XML is its generic way of representing not only data, but
also complex documents. These documents can be as simple as representing a current
address, or they can be as complex as representing an entire book or Request for
Quotation (RFQ). Web services support the transparent exchange of documents to
facilitate business integration.
The first is to examine the individual roles of each web service actor.
XML-RPC
This is the simplest XML-based protocol for exchanging information between computers.
XML-RPC is platform-independent.
SOAP
SOAP is an XML-based protocol for exchanging information between computers.
WSDL is an XML based protocol for information exchange in decentralized and distributed
environments.
WSDL definition describes how to access a web service and what operations it will perform.
UDDI
UDDI is an XML-based standard for describing, publishing, and finding web services.
UDDI can communicate via SOAP, CORBA, and Java RMI Protocol.
UDDI is seen with SOAP and WSDL as one of the three foundation standards of web services.
Confidentiality
Authentication
Network Security
Confidentiality
If a client sends an XML request to a server, can we ensure that the communication remains
confidential?
A single web service may consist of a chain of applications. For example, one large service
might tie together the services of three other applications. In this case, SSL is not adequate; the
messages need to be encrypted at each node along the service path, and each node represents a
potential weak link in the chain. Currently, there is no agreed-upon solution to this issue, but
one promising solution is the W3C XML Encryption Standard. This standard provides a
framework for encrypting and decrypting entire XML documents or just portions of an XML
document. You can check it at www.w3.org/Encryption
Authentication
If a client connects to a web service, how do we identify the user? Is the user authorized to use
the service?
The following options can be considered but there is no clear consensus on a strong
authentication scheme.
HTTP includes built-in support for Basic and Digest authentication, and services can therefore be
protected in much the same manner as HTML documents are currently protected.
SOAP Digital Signature (SOAP-DSIG) leverages public key cryptography to digitally sign SOAP
messages. It enables the client or server to validate the identity of the other party.
The Organization for the Advancement of Structured Information Standards (OASIS) is working on
the Security Assertion Markup Language (SAML).
Network Security
There is currently no easy answer to this problem, and it has been the subject of much debate.
For now, if you are truly intent on filtering out SOAP or XML-RPC messages, one possibility is
to filter out all HTTP POST requests that set their content type to text/xml.
Another alternative is to filter the SOAPAction HTTP header attribute. Firewall vendors are also
currently developing tools explicitly designed to
What is SOAP?
SOAP is an acronym for Simple Object Access Protocol. It is an XML-based messaging
protocol for exchanging information among computers. SOAP is an application of the XML
specification.
SOAP is a simple XML-based protocol that allows applications to exchange information over
HTTP.
Points to Note
SOAP is a communication protocol designed to communicate via Internet.
SOAP is the XML way of defining what information is sent and how.
SOAP enables client applications to easily connect to remote services and invoke remote
methods.
Envelope − Defines the start and the end of the message. It is a mandatory element.
Header − Contains any optional attributes of the message used in processing the
message, either at an intermediary point or at the ultimate end-point. It is an optional
element.
Body − Contains the XML data comprising the message being sent. It is a mandatory
element.
Fault − An optional Fault element that provides information about errors that occur
while processing the message.
SOAP - Transport
SOAP is not tied to any transport protocol. SOAP can be transported via SMTP, FTP, IBM's
MQSeries, or Microsoft Message Queuing (MSMQ).
SOAP specification includes details on HTTP only. HTTP remains the most popular SOAP
transport protocol.
Additionally, both HTTP requests and responses are required to set their content type to
text/xml.
WSDL
WSDL stands for Web Services Description Language. It is the standard format for describing a
web service. WSDL was developed jointly by Microsoft and IBM.
WSDL is an XML-based language for describing web services and how to access them.
WSDL describes a web service, along with the message format and protocol details for the web
service
Features of WSDL
WSDL is an XML-based protocol for information exchange in decentralized and distributed
environments.
WSDL definitions describe how to access a web service and what operations it will perform.
WSDL is an integral part of Universal Description, Discovery, and Integration (UDDI), an XML-
based worldwide business registry.
WSDL Usage
WSDL is often used in combination with SOAP and XML Schema to provide web services over
the Internet. A client program connecting to a web service can read the WSDL to determine
what functions are available on the server. Any special datatypes used are embedded in the
WSDL file in the form of XML Schema. The client can then use SOAP to actually call one of
the functions listed in the WSDL.
WSDL Elements
A WSDL document contains the following elements −
Definition − It is the root element of all WSDL documents. It defines the name of the web service,
declares multiple namespaces used throughout the remainder of the document, and contains all the
service elements described here.
Data types − The data types to be used in the messages are in the form of XML schemas.
Message − It is an abstract definition of the data, in the form of a message presented either as an
entire document or as arguments to be mapped to a method invocation.
Operation − It is the abstract definition of the operation for a message, such as naming a method,
message queue, or business process, that will accept and process the message.
Port type − It is an abstract set of operations mapped to one or more end-points, defining the
collection of operations for a binding; the collection of operations, as it is abstract, can be mapped to
multiple transports through various bindings.
Binding − It is the concrete protocol and data formats for the operations and messages defined for a
particular port type.
Port − It is a combination of a binding and a network address, providing the target address of the
service communication.
Service − It is a collection of related end-points encompassing the service definitions in the file; the
services map the binding to the port and include any extensibility definitions.
In addition to these major elements, the WSDL specification also defines the following utility
elements −
Import − This element is used to import other WSDL documents or XML Schemas.
Access control
Network access control is a method of enhancing the security of a private
organizational network by restricting the availability of network resources to
endpoint devices that comply with the organization’s security policy. A
typical network access control scheme comprises of two major components
such as Restricted Access and Network Boundary Protection.
access control also helps you effectively protect your data from various
types of intruders and it is up to your organization’s access control policy to
address which method works best for your needs.
The Three Types of Access Control Systems
In brief, access control is used to identify an individual who does a specific job,
authenticate them, and then proceed to give that individual only the key to the
door or workstation that they need access to and nothing more
Cross-site scripting
XSS attacks occur when an attacker uses a web application to send malicious code, generally in
the form of a browser side script, to a different end user
The end user’s browser has no way to know that the script should not be trusted, and will execute
the script. Because it thinks the script came from a trusted source, the malicious script can access
any cookies, session tokens, or other sensitive information retained by the browser and used with
that site
The attacker does not directly target his victim. Instead, he exploits a
vulnerability in a website that the victim visits, in order to get the website
to deliver the malicious JavaScript for him. To the victim's browser, the
malicious JavaScript appears to be a legitimate part of the website, and the
website has thus acted as an unintentional accomplice to the attacker.
These attacks can be carried out using HTML, JavaScript, VBScript, ActiveX,
Flash, but the most used XSS is malicious JavaScript.
Reflected XSS, where the malicious string originates from the victim's request.
DOM-based XSS, where the vulnerability is in the client-side code rather than
the server-side code.
Ex
<script>
alert(‘I am Vulnerable’)
</script>