Gprs security threats and solutions

1. A SEMINAR REPORT ON
“GPRS SECURITY THREATS AND
SOLUTION”
PRESENTED BY
SYED JAUWAD
GUIDED BY
Miss. Sarita Agrawal

2. TOPICS COVERED ….
• INTRODUCTION
• GPRS CORE NETWORK NETWORK ARCHITECTURE
• CLASSIFICATION OF SECURITY SREVICES
• DATA SERVICES ON Gp AND Gi INTERFACE
• THREATS ON Gp INTERFACE
• THREATS ON Gi INTERFACE
• SECURITY SOLUTION FOR THE Gp INTERFACE
• Gp NETWORK SOLUTION
• SECURITY SOLUTION FOR THE Gi INTERFACE
• Gi NETWORK SOLUTION
• DEPLOYING GPRS SECURITY SOLUTION ON
NETSCREEN SECURITY SYSTEM
• CONCLUSION

3. INTRODUCTION
 DEFINATION OF GPRS
 PROVIDE AN OPPORTUNITY
 BENEFITS FROM GPRS
 CONNECTED TO EXTERNAL DATA
 OPERATOR PROTECTS NETWORK
FROM EXTERNAL NETWORK

4. GPRS CORE NETWORK ARCHITECTURE

5. CLASSIFICATION OF SECURITY SERVICESCLASSIFICATION OF SECURITY SERVICES
 INTEGRITYINTEGRITY
 CONFIDENTIALITYCONFIDENTIALITY
 AUTHENTICATIONAUTHENTICATION
 AUTHORIZATIONAUTHORIZATION
 AVAILABILITYAVAILABILITY

6. DATA SERVICES ON THE Gp AND Gi INTERFACESDATA SERVICES ON THE Gp AND Gi INTERFACES
 DATA SERVICES ON GpDATA SERVICES ON Gp
 GTPGTP
 BGPBGP
 DNSDNS
 DATA SERVICES ON GiDATA SERVICES ON Gi
 MS SENT OUT TOWORDS INTERNETMS SENT OUT TOWORDS INTERNET
 TRAFIC SENT OUT FROM GGSN ON GiTRAFIC SENT OUT FROM GGSN ON Gi
INTERFACEINTERFACE

7. THREATS ON Gp INTERFACETHREATS ON Gp INTERFACE
 AVAILABILITYAVAILABILITY
o DNS FLOODDNS FLOOD
o GTP FLOODGTP FLOOD
o SPOOFED GTP PDP CONTEXT DELETESPOOFED GTP PDP CONTEXT DELETE
o BAD BGP ROUTING INFORMATIONBAD BGP ROUTING INFORMATION
 AUTHENTICATION AND AUTHORIZATIONAUTHENTICATION AND AUTHORIZATION
o SPOOFED CREATE PDP CONTEXT REQUESTSPOOFED CREATE PDP CONTEXT REQUEST
o SPOOFED UPDATE PDP CONTEXT REQUESTSPOOFED UPDATE PDP CONTEXT REQUEST

8. THREATS ON Gi INTERFACETHREATS ON Gi INTERFACE
 AVAILABILITYAVAILABILITY
o Gi BANDWIDTH SATURATIONGi BANDWIDTH SATURATION
o FLOODING ON MSFLOODING ON MS
 CONFIDENTIALITYCONFIDENTIALITY
o NO PROTECTION OF DATA FROM AN MSNO PROTECTION OF DATA FROM AN MS
o CAN BE SEEN BY THIRD PARTY IF IP SECURITY IS NOTCAN BE SEEN BY THIRD PARTY IF IP SECURITY IS NOT
BEING USEDBEING USED
 INTEGRITYINTEGRITY
o DATA SENT OVER NETWORK CAN CHANGE BYDATA SENT OVER NETWORK CAN CHANGE BY
INTERMEDIARIES IF HIGHER SECURITY IS NOT USEDINTERMEDIARIES IF HIGHER SECURITY IS NOT USED

9. SECURITY SOLUTION FOR THE Gp INTERFACESECURITY SOLUTION FOR THE Gp INTERFACE
 INGRESS AND EGRESS PACKET FILTERINGINGRESS AND EGRESS PACKET FILTERING
 STATEFUL GTP PACKET FILTERINGSTATEFUL GTP PACKET FILTERING
 GTP TRAFFIC SHAPPINGGTP TRAFFIC SHAPPING
 IMPLEMENT IPSEC TUNNELS WITH ROMINGIMPLEMENT IPSEC TUNNELS WITH ROMING
PARTNERSPARTNERS

10. Gp NETWORK SOLUTION DIAGRAMGp NETWORK SOLUTION DIAGRAM

11. SECURITY SOLUTION ON THE Gi INTERFACESECURITY SOLUTION ON THE Gi INTERFACE
 LOGICAL TUNNELS FROM THE GGSN TOLOGICAL TUNNELS FROM THE GGSN TO
CORPPORATE NETWORKCORPPORATE NETWORK
 TRAFFIC RATE LIMITINGTRAFFIC RATE LIMITING
 INGRESS AND EGRESS PACKET FILTERINGINGRESS AND EGRESS PACKET FILTERING

12. Gi NETWORK SOLUTION DIAGRAMGi NETWORK SOLUTION DIAGRAM

13. DEPLOYING GPRS SECURITY SOLUTIONDEPLOYING GPRS SECURITY SOLUTION
ON NETSCREEN SECURITY SYSTEMON NETSCREEN SECURITY SYSTEM
 GTP stateful packet filteringGTP stateful packet filtering
 GTP security policies includingGTP security policies including
 GTP management and logging featuresGTP management and logging features
 High availability fail over includingHigh availability fail over including
 Virtual router supports to separateVirtual router supports to separate
intranet destined trafficintranet destined traffic

14. CONCLUSIONCONCLUSION
GPRS promises to benefit mobile data users
greatly by providing always on higher
bandwidth connections than are widely
available today. In order to be successful,
data connections must be secure and be
available all the time from anywhere.