Which is the critical infrastructure of a country that is most exposed to cyber threat? The question is difficult to answer, without doubts. Communication infrastructure is a vital component of every country and we add that unlike other infrastructure it could be targeted in an attack also with the only destructive purpose with the intent to steal sensitive information, in civil as military.
The industry is constantly evolving, and parallel security mechanisms should be improved. But is it really so? Are really secure our communication? What are the possible attacks leading to them? These days we read nearly all the vulnerabilities that can be exploited to undermine the communications, backdoors imposed by governments in the surveillance of mobile devices, flaws in authentication protocols that allow you to very easily pierce our wifi networks, and malware hacking used to control the VOIP communications from our PC.
As we have repeatedly reaffirmed, governments and hackers are extremely attentive to the possibility of infiltrating the communication systems. The motivations historically hackers to try their communications systems are different from being able to operate in anonymity so they can avoid being traced, the desire to test their skills with systems that were safe from the masses.
Particularly critical mobile communications due to the nature of the medium. It is my intention to dissolve any doubt about the main mobile communication systems that we encounter in our daily lives.
Let’s start with what we call 2G communication, is short for second-generation wireless telephone technology. Is has been launched commercially on the GSM standard in 1991. Main benefits of 2G networks over phone conversations are that the communication are digitally encrypted more efficient respect predecessors, and it has been introduced 2G data services for mobile (e.g. SMS text messages) .
Which are main security issues for 2G?
GSM only authenticates the user to the network and not vice versa. The security model, therefore, offers confidentiality and authentication, but limited authorization capabilities, and no non-repudiation. GSM uses several cryptographic algorithms for security. The A5/1 and A5/2 stream ciphers are used for ensuring over-the-air voice privacy. Both algorithms have been exploited:
From a purely technological perspective 3G networks use the KASUMI block crypto instead of the older A5/1 stream cipher, but also KASUMI cipher has been identified several serious weaknesses. Consider also that the increasing of connectivity means a sensible grow of the security exposure harder to manage. Main security problems related to 3G networks
According to ETSI TS 121 133 specification 3G threats could be classified as
Unauthorized access to sensitive data (violation of confidentiality)
Unauthorized manipulation of sensitive data (Violation of integrity)
Disturbing or misusing network services (leading to denial of service or reduced availability)
Repudiation: A user or a network denies actions that have taken place.
Unauthorized access to services
We could spend months on the subject of networks communication and their protection, but I haven’t deliberately depth issues related to other types of networks such as wireless and WiMax, IP communications, and satellite networks. Communication infrastructures representing the nerve-center for a country and that must be preserved from external and internal attacks ensuring the security to end-user.
Unfortunately, the speech is very complex, and the implementation of security mechanisms clashes with security issues of government surveillance on one hand and with issues related to the technologies used on the other hand.
As always, to mediate the situation is necessary a compromise that must have an acceptable cost for the community and that must provide an high level of safe. The need is to bring that level up and up just to deal with cyber threats.
… to be continued
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.