GPRS Security as a QoS in the ... - Semantic Scholar

GPRS Security as a QoS in the Telecommunication Industry Case of Vodafone Egypt Sherif Kamel The American University in Cairo [email protected] Khaled Wahba Cairo University [email protected]

Abstract The changes taking place in the world today are largely due to the developments and evolution in a number of industries; one of which is information and communication technology. Focusing on communications solutions with an emphasis on business applications, it is obvious to claim that business applications that are being deployed with 2.5G wireless networks fall into two general categories: (a) horizontal applications “mobile office” such as electronic mailing, voice communications, Internet access, short messaging and personal information management (PIM) tools and (b) vertical applications “sales force automation”(SFA) and field force automation (FFA), fleet management, government communications and public safety, telemetry and remote monitoring, point-of-sale as well as financial services. The new generation of wireless devices being introduced to the market for 2.5G global system for mobile communications (GSM) and general packet radio service (GPRS) services is designed to support these applications, with features ranging from small standard keyboards to high resolutions rich colored screens. The impressive growth of cellular mobile telephony as well as the number of Internet users promises an exciting potential for a market that combines both innovations. The general packet radio service (GPRS) is a new non-voice value-added service that allows information to be sent and received across a mobile telephone network. Users of GPRS benefit from shorter access time and higher data rates. It is important to note that the standard GPRS network itself does not offer a reasonably secure solution for providing mobile access to a corporate local area network (LAN). Although, the air interface ciphering and the GPRS authentication process are secured, the IP traffic is unencrypted all the way from the serving GPRS support node (SGSN) to the corporate LAN gateway. The most feasible solution for secure remote connections would be to use an end-to-end virtual private network (VPN) solution from the mobile station (MS) to the corporate LAN gateway where the traffic is encrypted for the whole connection and the user can slip to the Internet from the nearest access point. It is important to separate the user traffic from the control traffic to guarantee high level of security with a minor impact on quality of service (QoS) which means providing consistent and predictable

data delivery service that can lead to customer application requirement satisfaction. However, to achieve that security has to be looked at as the key player in the new GSM data networks when deploying GPRS. This chapter1 demonstrates the case of Vodafone Egypt, one of the mobile operators, in deploying GPRS networks while focusing on exploring the business opportunities and motivating factors to implement GPRS. Moreover, the chapter proposes solutions on how to create secure connections over GPRS networks while proposing a security policy for Vodafone Egypt. Introduction Wireless communications have entered an extraordinary new era and more is expected to be realized in the few years to come. The new transformations provide new opportunities for organizations to increase its productivity, efficiency and effectiveness; create strategic differentiation in highly fierce and competitive marketplaces; and enable better and more customized communications and support to customers and vendors. The evolution of wireless communications is occurring against a backdrop of economic uncertainty, decision-making processes that are taking place in a crisis management mode of operation, increased competition on all fronts and one that brings competition from all corners of the world in a fast growing digital economy with the forces and drivers of the information and communication technology evolution such as the Internet and the World Wide Web. Moreover, technology ads to the challenges and opportunities faced by societies around the world at both local and global levels. The power and efficiency of being remotely located from the office and having a conversation or a dialog with a customer while reading and responding to an electronic mail from another customer and using a wireless handheld device. The competitive implications are enormous and evolving all the time with regard to being able to instantly alerting field personnel to different developments and having mobile field staff update central databases in real time modality. Envision the ability to rely on a wireless voice and data network in a crisis or maintain continuous wireless voice and data communications channels with various vendors and customers. Today, these capabilities and more are prevailing and are already being successfully deployed by some of the world’s most innovative and competitive organizations. These different evolutionary developments are made possible by technology giants such as wireless carriers known as second-and-a-half generation (2.5G) services which represent a major evolutionary step towards third-generation (3G) services that will provide additional capabilities such as streaming audio and video to meet future evolving communication needs. This chapter addresses wireless strategies and demonstrates how 2.5G wireless services are already delivering solutions to today’s business communications challenges and how IT managers, functional area vice presidents and chief technology officers (CTOs) should consider their wireless strategies today. Many leading edge organizations have recognized that they do not need to wait for future 3G services. They have already discovered the key to a number of benefits and 1

The chapter is based on a research conducted by Mohammed M M El Sayed in 2002 as part of fulfilling his Master of Science requirements for a degree in business information technology from Middlesex University in the UK.

advantages of 2.5G wireless communications in addressing many of its most pressing business issues such as; (a) driving down costs and inefficiencies, (b) increasing competitive differentiation, (c) leveraging IT investments, and (d) creating flexibility and mobility. With respect to costs and inefficiencies; the amount of time list when officers and employees in general are out of the office or commuting can be transformed into productive and useful time when employees have constant voice and messaging access to each other and wireless access to key corporate local area network applications. Additionally, increasing the efficiency and speed of communications, information sharing, and decision making can drive additional cost down and hence the result is a more effective business model that can be used by various organizations (www.idc.com). As for competitive differentiation; wireless communication can increase the quality and depth of customer interaction by allowing faster response rate and time and respectively contributing to the overall customer satisfaction and retention rate from an organizational perspective. With respect to leveraging IT investment; wireless accessibility can increase the utilization of existing IT investments by making essential applications available from remote locations where the problem of time and distance are gradually disappearing from daily operations. Finally, creating flexibility and mobility could be a major function of secured wireless communications by allowing non-stop access to mobile personnel and applications with wireless mobility creating inherent geographic distribution capabilities for disaster readiness and crisis response and management. The chapter focuses on the case of Vodafone Egypt, a subsidiary of the world’s GSM leader Vodafone Group (UK) which also owns 60% of Vodafone Egypt and other share holders include Egyptian, British and French companies (www.vodafone.com.eg). Vodafone Egypt is one of two mobile operators in Egypt. It services started in November 1998. The company mission is to provide customer-driven, innovative, world-class communication profitably and to be the employer of first choice in Egypt. Vodafone Egypt is a mobile centric and a customer-driven company with a very special and focused interest in the latest GSM and communication technologies such as (a) high speed circuit switched data (HSCSD) which enables GSM subscribers to connect to the Internet at a speed comparable to that of traditional land network (34K); (b) general packet radio service (GPRS) which enables the GSM to connect to the Internet at higher speeds approaching (110K) and (c) third generation mobiles which enables GSM subscribers to have enhanced mobile experience with real time multimedia tools, features and applications. Telecommunications in Egypt It is important to note that since 1999 and until the end of the second quarter of 2003 a number of achievements in the quest of building the nation’s telecommunications infrastructure were realized. This includes the liberalization of the telecommunications sector by providing private-sector companies with new licenses for mobile telephones, payphones, Internet, data networks and portal services; the establishment of the Telecommunications Regulatory Authority (TRA) for licensing telecommunications services and for the drafting of a unified telecommunications act; continuous

collaboration between the government and the private sector for the development and policy setting of the sector; partially modernizing the core backbone of the network; restructuring the tariffs of the sector; increasing the number of available land lines. Moreover, the Internet was introduced to Egypt in 1993 with 2000 users (Kamel, 1998a). Within the context of the market in Egypt, its use developed from being used solely by the government and academic institutions to becoming more of a standardized search and communication tool used by everyone from the government to academic institutions to individual users, to companies and other commercial organizations, to hospitals and medical centers. The Internet use is constantly being encouraged by the government and by private investors who establish their own Internet service providers. The Internet was first introduced to Egypt by the Egyptian Universities Network of the Supreme Council of Egyptian Universities. In 1994, as an attempt to diffuse the Internet usage among the society, the Cabinet of Egypt Information and Decision Support Center (IDSC) and the Regional Information Technology and Software Engineering Center (RITSEC) provided free Internet access on a trail basis to the public, private, government and nongovernment organizations to entice the users to venture into the new technology. This was done with the financial support of the government of Egypt, in an attempt to aid in the global exposure of the local market and to pave the way for the commercialization of the Internet services. The free access formula was accredited for contributing to the boost in the rate of growth of Internet users, especially within small and medium sized enterprises and industry and sector professionals (Kamel, 1998b). In 1996, the government replaced its free Internet access policy with an open access policy and Internet services for the commercial domain were privatized, and 12 Internet service providers started their operation. Today, there are around 50 ISPs serving over 2.2 million Internet users (Fahmi, 2003). Most of the Internet usage in Egypt is for business information gathering (Loch, Straub and Kamel, 2000). It is fair to say that Egypt tops the index of bandwidth with a score of 2.11 (American Chamber of Commerce in Egypt Report, 2002). In January 2002, the government of Egypt launched a new initiative through it ministry of communications and information technology providing free nationwide access to the Internet to all citizens of the country. This has created a larger demand for connectivity and had also an impact on the streets of Egypt with the establishment of Internet cyber-cafes reflecting a sign that there is a strong market demand for the Internet in Egypt. However, it is important to note that to-date it is not clear how the impact of the free Internet model has really affected in the growth of the number of Internet users (Palmgren, 2003). The Internet evolution in Egypt demonstrated the active role played by the government. With the privatization of the Internet in 1996, the role of the government did not come to an end. The government still provides strong support for the ISPs in the form of upgrading the infrastructure to enable them to offer better connection speeds to their users as well as providing them with technical support in the administration of their servers. In addition to the hardware and infrastructure, the Internet market is witnessing a growth in the software market with more web programmers being trained and more web

design companies being established encouraging commercial users to utilize the web as a business development engine (Loch, Straub and Kamel, 2003). General Packet Radio Service – An Overview The rapid development and growth of the mobile industry coupled with the increasing number of Internet users promises many potentials in the near future for a massive global market that combines both innovations and technologies leading to an extensive demand for wireless data services in the future. Users in general will be looking for highperformance wireless Internet access. However, existing cellular data services do not fulfill the needs of different users and providers. From a user’s perspective, data rates are too slow and the connection setup takes too long and is rather complicated. Moreover, the service is too expensive exceeding the amount that could be afforded by the general citizen, let alone in developing nations such as in the case of Egypt. From a technical perspective, the drawbacks could be explored from the fact that the current wireless data services are based on circuit switched radio transmission where in the case of heavy traffic such as the Internet traffic this leads to highly inefficient case of resource utilization because under that framework a complete traffic channel is allocated for every single user for the entire duration of the call. Therefore, whenever traffic is high and congested, packet switched bearer services perform better results than in the case of traffic channels and that is because the channel will only be allocated when needed and released right after the transmission of the packets allowing the concept of a multi-user sharing the same physical channel (Faccin, Hsu, Koodli, Le and Purnadi, 1999). In order to address such inefficiencies, two cellular packet data technologies have been developed to date; (a) cellular digital packet data (CDPD) and (b) general packet radio service (GPRS). GPRS is a new bearer service for GSM that greatly improves and simplifies wireless access to packet data networks such as the Internet. It applies a packet radio principle to transfer user data packets in an efficient way between GSM mobile stations and external packet data networks. Packets can be directly routed from the GPRS mobile stations to packet switched networks. It is important to note that networks based on the Internet protocol (IP) such as the Internet and private and corporate intranets and X.25 networks are supported in the current version of GPRS. Users of GPRS benefit from shorter access times and higher data rates. In conventional GSM, the connection set up takes several seconds and rates for data transmission are restricted to 9.6K bits per second. GPRS in practice offers session establishment times below one second and ISDN-like data rates up to several 10K bits per second. Moreover, GPRS packet transmission offers more user friendly billing than that offered by circuit switched services. In circuit switched services, billing is based on the duration of the connection which is unsuitable for applications with heavy traffic. Respectively, the user has to pay for the entire airtime even for idle periods when no packets were sent (e.g. when the reader browses a website). However, with packet switched services, billing is only based on the amount of transmitted data. GPRS has a number of unique features that could be described as follows (a) speed, (b) immediacy; and (c) new and better application. In terms of speed, GPRS theoretically

could go up in terms of speed to 171.2 kbps using all 8 time slots at the same time which is about 3 times as fast as data transmission speeds possible over today’s fixed telecommunications network and 10 times as fast as current circuit switched data services on GSM networks. Therefore, by allowing information to be transmitted more quickly and more efficiently across the mobile network GPRS will be a relatively less costly mobile data service compared to SMS and circuit switched data. With respect to immediacy, GPRS facilitates instant connections subject to radio coverage and no dial-up modem connection will be required. Immediacy is important for applications such as remote credit card authorization avoiding holding customers for long periods at the counters. With respect to new and better applications, GPRS facilitates many Internet applications that were hindered with speed and message length and that includes web browsing and chatting over the mobile network as well as file transfer, home automation through remote access and controlling in-house appliances and machines. The World Wide Web is becoming the primary communications interface-people access the Internet for entertainment and information acquisition and knowledge dissemination, the intranet for accessing company information and connecting with colleagues and the extranet for accessing customers, suppliers and partners in the supply chain. All the entities mentioned above are derivatives of the World Wide Web that aim at connecting different communities of interest together. Additionally, there is trend and an encouragement away from storing information locally on personal computers but rather remotely on the Internet. Therefore, web browsing is becoming a vital application for GPRS because it uses the same protocol, GPRS can be seen as a sub-network of the Internet with GPRS capable mobile phones being viewed as mobile hosts. In that sense, each GPRS terminal can potentially have its own IP address and will be addressed accordingly just like the URLs and the World Wide Web (www.mobilegprs.com). GPRS Importance and Usage for Business In today’s business environment, business communications solutions is being delivered using 2.5G and business applications that are being deployed both horizontal and vertical will be better served with the new generation of wireless devices being introduced to the market for 2.5G GSM/GPRS services that are designed to support these applications with features ranging from small standard keyboards to high-resolution and rich color screens. The applications include: sales force automation, field force automation, fleet management, government communications and public safety, telemetry and remote monitoring, point of sale, customized solutions and financial services. In general it is important to note that there is no doubt that GPRS will increase GSM mobile operators revenues as they are expected to capitalize on the newly introduced portfolio of new services and applications (www.strategyanalytics.com). Quality of Service (QoS) The concept of quality of service reflects the provision of consistent and predictable data delivery service, in other words attempting strongly to satisfy customer application requirements. Quality of service (QoS) is the ability of a network element (e.g. an application, a host or a router) to have some level of assurance that its traffic and service requirements can be satisfied to the maximum capacity. It is important to note that for

QoS to be enabled there need to be a cooperation of all network players from top to bottom as well as every network element from end-to-end. QoS is there to manage bandwidth according to application demands and network management settings. Respectively, QoS is to guarantee high quality of service requires resources allocation to individual data streams. QoS is important to assure customer satisfaction and continuous growth of the network. The Internet Protocol (IP) and the architecture of the Internet itself is based on the simple concept that data grams with sources and destinations addresses can traverse a network of (IP) routers independently without the help of their sender(s) or receiver(s). The Internet was historically built on the concept of a dumb network with smart agents at either end (sender and receiver). However, for such simplicity IP provided only a few services. Reliability was not maximized because there was no guarantees that the delivery of data at the other end, it was more or less a best effort service. Such a problem was relatively controlled with applications such as electronic mail, web browsing, and files transfer, however new applications such as audio and video streaming demand high data throughput capacity such as bandwidth and have low-latency requirements when used in two-way communications such as conferencing and telephony. In that respect, QoS can offer some services and benefits that can render the service of data and other forms of content sent delivered quicker and in better form. QoS can offer a range of services and benefits to applications, enterprises and service providers. In terms of benefits to applications and with the increasing use of the Internet and the World Wide Web in business development, there is a growing need for QoS technologies to provide the tools for IT managers to deliver mission critical business over the public network and to ensure that they are delivered with the maximum level of quality. In terms of benefits for enterprises, applications are getting more demanding and mission-critical applications deployed over IP networks increasingly require quality, reliability and continuous assurances. In that sense, QoS technologies allow IT managers to (a) manage jitter sensitive applications such as audio and video playbacks, (b) manage delay-sensitive traffic such as real-time voice and (c) control loss in times of inevitable congestions. As for the benefits to the service providers, with the industry increasingly aware of the issues of quality and the outsourcing trends of network services to service providers there is an opportunity to excel on the grounds of quality and try to attract growing enterprise businesses since QoS will allow service providers to offer new and more services such as real-time traffic support creating additional revenue generation streams (www.3gpp.org). QoS addresses heavily the issue of security since it is an integral element of quality service delivery (www.ietf.org). The new GSM data network should be addressing the issue of quality and security as a critical element for its operability. Respectively, security issues should be well addressed when deploying GPRS in GSM networks.

GPRS Security The threats to GPRS are very different from the circuit switched GSM. For GSM security problems are limited and not many hackers can crack the obscurity SS7 protocol. However, this is not the case with GPRS which is exposed to a lot more intruders because of the IP based backbone. Intruders to GPRS can be people or organizations that attempt to breach the confidentiality, integrity and availability if not defraud users. The GPRS backbone is implemented on IP networks, which means that the routing and access control issues have to be carefully considered when implementing the network. IP is a connectionless and stateless protocol that was designed to connect friendly and cooperative users on an unreliable network. At the time of its development, IP security was not the most important factor and it is factual that it is quite difficult to create adequate security solutions to an already implemented protocol. The major security weaknesses in basic IP are that IP packets are readable to anyone having access to an intermediate router. IP packets from one node to another also tend to follow the best route so that the potential intruder has most likely access to all IP packets between all communicating nodes. In that respect, IPSec has been developed to solve the security weaknesses of IP by protecting both integrity and confidentiality of the IP packet without changing the interface of IP. IPSec is also invisible to upper layer protocols however its drawbacks can be seen in increased protocol processing cost and the overhead traffic it creates. When GPRS is implemented it is important that the security is taken care of because users both private individuals and corporations can feel more safe and use the different services that the operators offer where some of which might require high security measures such as financial transactions, transfer of medical information and exchange of personal electronic mail messages. Confidentiality, Integrity and Authentication (CIA) are 3 different services that computer and network security should handle properly. Moreover, it is important to have strict control for who should have access control with denial-of-service for unauthorized users. Network Elements under Threat The network elements can be divided into 2 different types based on the fact whether they use GPRS transport protocol (GTP) or not. It is important to note that MS is the most vulnerable part of the GPRS network and its security depends mainly on the skills and capacities of the owner which makes MS an interesting and vulnerable target for different hackers. The operating system of MS – TE is usually designed to be operating in secure environments which leave the node insecure in an open environment regardless the skills and precautions of the user. This deficiency in security could lead to anything including operating system crash or unauthorized access to confidential security. All routes leading to the backbone can be used to attack the GGSN which unwraps the GTP envelops and can be used to tunnel rogue packets. Lawful Interception Gateway (LIG) and Charging Gateway (CG) could also be attacked. IP nodes such as Network Management Station (NMS) is another target for attack by trying to bypass the GGSN firewall and Domain Name Server (DNS) which could be attacked if a successful attack is on the Disk Operating System (DOS) could disable the DNS then the network could be severely crippled (ETSI TS 121 133, 1999).

Types of Information to be Protected Within the network environment, there is a variety of information that needs to be protected and they relate to different stakeholders associated with the network management and operation and that includes; (a) user data transmitted by different individuals (both subscribers and roaming users) on the GPRS network which is mainly the responsibility of the operators; (b) charging information reflecting the tickets that the charging system generates which should be also protected. They are generated by GSN devices and collected by GC and should be reliable and secure. Their integrity and confidentiality is vital because it is based on the volume of data so that users should be protected from needless data which are not initiated by the user however come from external networks such as the Internet; (c) customer information which should be located in a secured database where HLR should be located in the NSS segment of the network and VLR databases should be integrated with SGSN devices and (d) technical information of the GPRS network where the configuration and management related has to be well protected. Types of Potential Hackers There is a wide variety of potential hackers to different types of networks and that includes internal as well as external hackers. One the one hand externally intruders could include crackers, subscribers, subcontractors, and associates. On the other hand internally intruders reflect the staff of the organization across different levels. Security Threats to GPRS Cell phones are faced with the same problems of personal computers that are connected to a network that is accessing the Internet. Intruders to a cell phone or a personal computer or a terminal can modify, insert or delete an application or data stored in the terminal which is comparable to a virus attack. Moreover, the SIM card is also vulnerable to the integrity of the data just like the terminal. Access to both could be done locally or remotely. This could be done through a modality of ways including (a) stolen terminal and SIM card, (b) borrowed terminal and SIM, (c) data manipulation, (d) confidentiality and authentication of user data, (e) cloned SIM card, and (f) non-type approved terminals and defective equipment. The significant point of attack between the MS and the SGSN is actually the radio interface between the terminal and the BSS. Such threats can be separated in 4 different ways; (a) unauthorized access to data, (b) threats of integrity, (c) denial of service attack and (d) unauthorized access to services. Respectively, there are a number of technical security solutions against the threats presented to GPRS and that includes (a) encryption, (b) authentication, (c) firewalls, (d) routing, (e) IP addressing, (f) secure protocols, and (g) frequent back-ups. Case of Vodafone Egypt There are a number of forces that made Vodafone Egypt go for deploying GPRS as its new data service in an attempt to gain a competitive advantage in the mobile network market in Egypt. The objective was to improve the service and lower the cost and hence, as in any industry, the quality of service (QoS) was critical to keep current customers or

attract new customers. The competitive forces model shows how any firm can handle the external threats and opportunities (?). From Vodafone Egypt’s perspective, there was a number of threats that motivated the firm to deploy GPRS against the 5 forces model which could be demonstrated as follows (a) Vodafone Egypt main competitor MobiNil was planning to deploy GPRS by the end of the 2nd quarter of 2003, (b) threats of another operator planned to be launched around the same period offering GPRS services as well was increasing, (c) Egypt being a tourist destination receiving an increasing number of tourists every year leading to an increasing number of roamers which could be a major revenue vehicle for the firm, (d) having to handle local competition from free internet service providers and wireless application protocol enablers by demonstrating the advantages of GPRS services and (e) keeping the pressure on other technology providers and third party application providers by promoting a unique service and becoming its leader in the marketplace. Vodafone Egypt is facing some vital technological and economic decisions and changes to be taken and properly implemented. Vodafone, the parent company is the largest mobile operator worldwide comprising 28 operators of which 16 operators are Vodafone owned with more than 50% shareholding and Vodafone Egypt is one of them. It is important to note that the telecommunications sector at large is undergoing dramatic and major changes due to new entrants as operators for 3G networks or information technology giants such as IBM, Sun Microsystems and Microsoft which are continuously addressing telecommunications applications and tools as a valuable platform for their information technology products and services. Due to the introduction of the new 3G networks which started with GPRS and other services are envisioned in the near future, it is probably a must that organization, maintenance and management of networks will be soon changing. In that respect, Vodafone is in a period of transition from being a full voice service provider towards becoming an enabler for 3G services some of them might be provided by third parties. Such transition and the changes to be introduced should well put on its focus the security issue and how to properly handle it. From a Vodafone perspective security includes operational, technical and customer elements. The firm’s objective making sure the availability and quality of Vodafone mobile communication services and applications against attacks causing malfunction of service or loss of service quality. Figure 1 demonstrates Vodafone Egypt security target areas which include availability, quality and reliability of Vodafone interfaces to other business partners; the firm’s data and information assets protection as well as that of its wide customer base in addition to the protection of the intellectual property of the firm, its financial investments and brand; finally the ability to monitor and invoice all events and customers and also the ability to deny access and retain control over all assets that are part of its network.

Services and applications

Network Interfaces

Availability and Integrity Communication Privacy

Customer Data

Operational Control

Vodafone

Availability and Integrity

Security

Data and Information Assets

Customer Data

Brand image and shareholder value Vodafone Brand

Figure 1 –Vodafone security target areas

Proposed Security Solution With a mission to provide optimal quality service for its customers Vodafone Egypt is always striving to improve its different systems and provide better solutions for its customers. In terms of security there are a number of alternatives and following is an option that could be well considered since it helps realize the objectives of the organization especially while embarking on a full-fledged implementation using GPRS. It is important to note that the proposed security solutions realizes the conditions of the market in Egypt as well as puts into consideration and environmental framework of the Vodafone itself as an organization. First, it is important to define the security policy issue which reflects a set of rules and practices that specify and regulate how a system or an organization provides security services to protect its vital resources irrespective of the type of such resource. This is usually followed by the need to inform different users, staff and managers of their obligations for protecting technology, information and other vital and sensitive organizational resources. However, it is vital that the policy itself identifies the mechanisms through which these requirements are to be met. Moreover, there is a need to identify what exactly is to be protected (determination of assets) and what are the identified and known versus potential threats. Severity is scaled in the range from [0] to [5] where [0] is the least and [5] is the highest and in that respect the risk factor is an element and a product of both scaled-probability ([0] to [5]) and severity and the results usually range between [0] and [25]. The risk factor is believed to be between [0] and [5] this reflects a low risk margin, [6] to [10]

means medium risk, [12] to [16] means high risk and finally [20] to [25] means serious risk. Figure 2 demonstrates the colors associated with the level of risk with their corresponding ranges. Appendices 1 to 4 reflect the different scenarios and information related to the possible attacks on different kinds of environments which need to be put into consideration when developing a safer environment for the resources and assets of Vodafone Egypt. 1

2

3 4 Low [Dark Green]

5

6

8 9 10 Medium [Light Green]

12

15 16 High [Orange]

20 25 Serious [Red]

Figure 2 –Security Zones in GPRS

The new policy structure proposed to be implemented at Vodafone Egypt includes a number of features that could be presented as follows: (a) the external traffic should path by at least 2 firewalls to reach Vodafone Egypt data network area; (b) each cascades firewalls has to be from different brands; (c) each firewall should be compiled with a set of features such as supporting multiple processors and scaling out with server clustering, firewalls should be able to handle high speed traffic 10/100 LAN traffic and apply security policies with minimal delays and impact on network performance, being able to support additional modules or hardware to expand the number of demilitarized zone (DMZ) or the processing power, being able to detect a range of attacks, have its own log analysis, being able to allow online and real time monitoring of active connections and dropped connections, should apply security policy by users, groups, machine(s) names, IP(s) or combination of them as well as according to a daily schedule, should come with most of the common protocol used and already defined in order to minimize the need to define new protocols by the network administrator; (d) each critical area in the network traffic should be checked by an intrusion detection tool; (e) each firewall should be compiled with security policy customization, administration and graphical user interface requirements and reporting capabilities. Currently, at Vodafone Egypt, each desktop logged on the corporate LAN can access any of the GSM network elements regardless if he/she is authorized or not. All what is needed to know is the IP address and attempting to hack the username and password. The proposed solution is directed and aiming at securing the GSM VLANs located at each GSM site from traffic originating from non GSM VLANs. Any user located at any nonGSM VLAN (located within the GSM site or from a remote site) must be authenticated before accessing any device in the GSM VLANs. It is required to authenticate, authorize and account for all traffic accessing the GSM VLANs from non-GSM VLANs. Vodafone Egypt currently operates and maintains the GSM networks deployed across Egypt incorporating an extensive investment in cell site equipment complemented by associated switching and cross-connect infrastructure. Such design and the proposed policy solution will represent a major rollout of access control for GSM nodes within the Vodafone Egypt network that will expand as the network continues to grow. The objective of the new proposed solution is to (a) to minimize the risks of failure due to human intervention, (b) to deal with security vulnerabilities in the infrastructure including

external audit elements, (c) to increase the overall infrastructure tolerance to failure by increasing its availability and introducing measures to contain disasters in the impact areas only, and (d) to ensure protection of GSM network against known and potential intrusion factors. The proposed solution will ensure complete independency between GSM data network and corporate data network and will offer required quality of service to GSM traffic. The access from infrastructure LAN to GSM LAN will be authenticated through firewalls deployed through all sites with high availability failover. There is IDS attached to the backbone switch in order to achieve more security to the GSM VLANs. Such setup will be applied into all GSM sites. Certain brands only will be used as part of the build-up of the infrastructure. Therefore, vendors will be required to provide specific brands in certain sites. Moreover, Vodafone Egypt will need to upgrade its data network to be able to successfully implement the suggested solution. As the infrastructure of the current backbone is carrying a live traffic that means that there is no option for a downtime and the operation can not be interrupted. However, the performance of the design of the new infrastructure should also be tested and implemented on a prototype before full-fledged implementation. Respectively, a methodology is proposed for the phasing-in and phasing-out of the old system currently in place and the new system proposed. However, first a pilot project needs to be implemented including all real state functions and features. Second, a use of the phased change over technique should be in place. The new proposed solution will have its pros and cons and the tentative evaluation includes in terms of pros; (a) firewall can be easily configured to cover all business needs; (b) firewall can support any number of subnets without affecting the GSM backbone CPUs; (c) firewall has the ability to protect nodes from application and operating systems backdoors; (d) firewall ensures that suppliers support do not access other GSM network elements; (e) it protects GSM subnets from many fraud behind authentication; (f) provides more secured solution through separate GSM LAN and finally (g) enables a full redundancy solution. As for the cons, the potential is that there will be a firewall for each site which will add more cost on the firm. The cost of the security solution is high but security in GPRS network is highly needed in order to reduce the risk of threats. Respectively, it is important to note that the more security provided, the more secured the network, the data and the customers would be, and the more the cost of security will be. In that respect, security is divided into (a) security performance cost; (b) security management cost; and (c) security monetary cost. Conclusion GPRS enables fast access to packet switched data networks such as corporate intranets or the Internet which means that even suspicious or unlawful services can now be accessed by mobile users. Additionally, GPRS network gateways in the near future when public IP addresses will be used even mobile stations behind gateways will be open to the Internet. It is important to note that to be able to provide secure access, the security of the

connection has to be on a good level for the whole connection. Both authentication and encryption have to be well taken care of. Authentication is a risky issue because when contracts are made, other participants security has to be trusted however if a security breach occurs in one operator’s network it represents a threat to all other operators’ networks. The standard GPRS network itself does not offer a reasonably secure solution for providing mobile access to a corporate LAN. Despite the air interface ciphering and the GPRS network authentication process are secure, the IP traffic goes unencrypted all the way from the SGSN to the corporate LAN gateway. The most feasible solution for secure remote connections would be to use an end-to-end VPN solution from the MS to the corporate LAN gateway which is the best solution for both the subscriber and the operator. The traffic is encrypted for the whole connection and the user can slip to the Internet from the nearest access point. IPSec solutions using public addresses can not be used in a large scale at the moment for the operators will be willing to provide the mobile phones with public IP addresses. The best way to achieve that is to separate the user traffic from the control traffic to guarantee high level of security with minor impact on the quality of service. References American Chamber of Commerce in Egypt (2002) Information Technology in Egypt, Business Studies and Analysis Center, April. ETSI TS 121 133 (1999) Universal Mobile Telecommunication System (UMTS), 3G Security, Security Threats and Requirements – V3 1.0. Faccin, S, Liangchi, H, Koodli, R, Le, K and Purnadi, R (1999) GPRS and IS-136 Integration for Flexible Network and Services Evolution, IEEE Personal Communications, Volume 6, Number 3, pp 48-54, June. Fahmi, H (2003) The World of Telecommunications, Al Ahram Newspaper, 8 June. Kamel, S (1998a) Humanware Investment in Egypt. Proceedings of the IFIP-WG9.4 Conference on Implementation and Evaluation of Information Systems in Developing Countries, Asian Institute of Technology, Bangkok, Thailand, 18-20 February. Internet Engineering Task Force (2002) [website] www.ietf.org [Last accessed 10 May 2002]. Kamel, S (1998b) IT Diffusion through education and training. Proceedings of the 8th Annual BIT Conference on Business Information Management-Adaptive Futures, Manchester, United Kingdom, 4-5 November. Loch, K, Straub, D and Kamel, S (2003) Diffusing the Internet in the Arab World: The Role of Social Norms and Technological Culturation. IEEE Transactions on Engineering Management, Volume #50, Number #1, February.

Loch, K, Straub, D. W and Kamel, S (2000) Use of the Internet: A Study of Individuals and Organizations in the Arab World. Proceedings of the First Annual Global Information Technology Management World Conference, Memphis, Tennessee, USA, 11-13 June, pp 191. Palmgren, M. A (2003) Internet numbers unclear, PC sales plummet, Business Monthly, June. International Data Corporation (2003) [website] www.idc.com [Last accessed 20 June 2003]. The 3rd generation partnership project-3GPP (1999) Technical Specification Group Services and Systems Aspects – QoS Concept and Architecture, December. Vodafone Egypt (2003) [website] www.vodafone.com.eg [Last accessed 04 July 2003].

Appendix 1 – External Network Attacks2 A. Roaming Partner (GRX) and Corporate Attacks No.

Threat Level

Cause

Target

Consequences

ScaledProbability 3

Severity

Risk

1

Unauthorized network access

URNC network and host

Disclosure of traffic data

2

Unauthorized network access

3

Denial of service (intended)

Bad configuration, security evasion techniques Successful unauthorized network access Several DOS techniques

2

6

Internal host, other connected networks Internal host

Disclosure and modification of host and traffic data From performance decrease to system breakdown

2

3

6

3

4

12

Consequences

ScaledProbability 4

Severity

Risk

2

8

3

3

9

4

4

16

B. Internet (Via ISP) Attacks No.

Threat Level

Cause

Target

1

Unauthorized network access

URNC network and host

Disclosure of traffic data

2

Unauthorized network access

3

Denial of service (intended)

Bad configuration, security evasion techniques Successful unauthorized network access Several DOS techniques

Internal host, other connected networks Internal host

Disclosure and modification of host and traffic data From performance decrease to system breakdown

2

These include attacks from external networks that have connectivity to the packet backbone network in some way. It does not include attacks coming from any packet backbone network access area including the backbone there are regarded as internal.

Appendix 2 – External Physical Attacks3 A. O & M Access Area Physical Attacks No.

Threat Level

Cause

Target

1

Unauthorized network access

Burglary, access control circumvention

URNC network element

2

Unauthorized network access

Connection of own host to O&M LAN

3

Unauthorized network access

Host with low or non-existent authentication mechanism

Any packet backbone network, host Any O&M LAN, host

4

Denial of service (intended)

None

Packet backbone network, O&M site facilities

Consequences Disclosure of information lying around, theft of equipment Disclosure and modification of traffic data Disclosure and modification of host and traffic O&M data, information, back door placement O&M disabled

ScaledProbability 3

Severity

Risk

2

6

2

3

6

3

4

12

1

4

4

ScaledProbability 2

Severity

Risk

3

6

2

4

8

2

4

8

1

5

5

B. Functional Equipment Access Area Physical Attacks No.

Threat Level

1

Unauthorized network access

Burglary, access control circumvention

URNC network element

2

Unauthorized network access

Connection of own host to O&M LAN

Any packet backbone network, host

3

Unauthorized network access

Host with low or non-existent authentication mechanism

Any packet backbone network, host

4

Denial of service (intended)

None

Main packet backbone network, site facilities

3

Cause

Target

Consequences Disclosure of information lying around, theft of equipment Disclosure and modification of traffic data (all packet backbone networkVLANs) Disclosure and modification of traffic data, back door placement (all packet backbone networkVLANs) Total packet backbone network, system breakdown

It includes attacks from internal networks. It should be differentiated between allowed network access from the O&M access area and network access caused by previous access security violations which could be from external sources.

C. Backbone Access Area Physical Attacks No.

Threat Level

Cause

Target

Consequences

1

Unauthorized network access

Burglary, access control circumvention

Packet backbone network, backbone equipment Any packet backbone network, host

Theft of equipment, DOS possible

2

Unauthorized network access

Connection of own host to O&M LAN

3

Unauthorized network access

Host with low or non-existent authentication mechanism

Any packet backbone network, host

4

Denial of service (intended)

None

Main packet backbone network, site facilities

Disclosure and modification of traffic data (VLANs: O&M, Gn, Gp Gi) Disclosure and modification of host and traffic data, back door placement (VLANs: O&M, Gn, Gp Gi) Packet backbone network, intersite communication breakdown

ScaledProbability 4

Severity

Risk

2

8

4

2

8

2

3

6

1

3

3

Appendix 3 – Internal Network Attacks4 A. Attacks within the O&M LAN No.

Cause

Target

Consequences From performance decrease to system breakdown (entire packet backbone network) From performance decrease to system breakdown (entire packet backbone network) Password and other exploitable information gathering Configurations and other exploitable information gathering Malfunction data loss

ScaledProbability 3

Severity

Risk

4

12

4

3

12

3

2

6

3

3

9

2

4

8

1

Denial of service (intended)

Several DOS techniques

Primary O&M VPN internal host, possibly other VPN hosts

2

Denial of service (unintended)

Employee ( bad configuration), Hacker (attacks side effects)

Primary O&M VPN internal host, possibly other VPN hosts

3

Disclosure of traffic data (intended)

None

O&M traffic

4

Disclosure of host data (intended)

None

O&M host data

5

Modification of traffic data (intended) Modification of host data (intended) Modification of host data (unintended)

None

O&M traffic

After host access

O&M hosts

Malfunction data loss (charging)

2

4

8

After host access Employee (bad configuration) Hacker (attacks side effects Only if email is installed on O&M hosts

O&M hosts

Malfunction data loss

4

2

8

O&M hosts

Malfunction data loss

1

2

2

6 7

8

4

Threat Level

Email, viruses, Trojan horses

Internal networks attacks can have 2 main causes: an internal employee or an external attacker (hacker) who has already circumvented the external security mechanisms. It should be assumed that the external attacker has a more destructive intention whereas the internal employee has the better knowledge about the networks making the attack easier for him/her.

B. Attacks within the O&M VPN No.

Threat Level

Cause

Target

Consequences From performance decrease to system breakdown (entire packet backbone network) From performance decrease to system breakdown (entire packet backbone network) Password and other exploitable information gathering Configurations and other exploitable information gathering Malfunction data loss

ScaledProbability 4

Severity

Risk

5

20

3

4

12

3

4

12

4

4

16

4

5

20

1

Denial of service (intended)

Several DOS techniques

Primary O&M VPN internal host, secondary O&M LAN, under circumstances other VPNs

2

Denial of service (unintended)

Employee ( bad configuration), Hacker (attacks side effects)

Primary O&M VPN internal host, secondary O&M LAN, under circumstances other VPNs

3

Disclosure of traffic data (intended)

None

O&M traffic

4

Disclosure of host data (intended)

None

O&M traffic

5

Modification of traffic data (intended) Modification of host data (intended) Modification of host data (unintended)

None

O&M traffic

After host access

Any O&M VPN internal host Any O&M VPN internal host

Malfunction data loss

3

5

15

Malfunction data loss

4

4

16

Any O&M VPN internal host

Malfunction data loss

0

3

0

6 7

8

Email, viruses, Trojan horses

After host access Employee (bad configuration) Hacker (attacks side effects Only if email is installed on hosts

C. Attacks within the Gp VPN5 No.

Cause

Target

Consequences

Severity

Risk

4

20

3

3

9

3

2

6

Denial of service (intended)

Several DOS techniques

Gp routers, under circumstances other VPNs

2

Denial of service (unintended)

Employee ( bad configuration), Hacker (attacks side effects)

Gp routers, under circumstances other VPNs

3

Disclosure of traffic data (intended) Disclosure of host data (intended) Modification of traffic data (intended)

None

Gp traffic

None

Gp traffic

Mobile user data corruption

3

3

9

None

Gp routers

3

2

6

Modification of host data (intended) Modification of host data (unintended)

After host access

Gp routers

Configurations and other exploitable information gathering Malfunction data loss (charging)

2

3

6

After host access Employee (bad configuration) Hacker (attacks side effects Only if email is installed on hosts

Gp routers

Malfunction data loss

4

2

8

Gp routers

Malfunction data loss

0

2

0

5

6 7

8

Email, viruses, Trojan horses

From performance decrease to system breakdown (entire packet backbone network) From performance decrease to system breakdown (entire packet backbone network) Mobile user privacy violation

ScaledProbability 5

1

4

5

Threat Level

In contrast to the VPNs above, the VPN is extended to areas that are not under administrative control of the packet backbone network operator which means that a hacker having physical or network access is considered to be likely.

D. Attacks within the DMZ VPN6 No.

Cause

Target

Consequences

Severity

Risk

4

8

3

3

9

1

2

2

1

3

3

2

2

4

1

3

3

Denial of service (intended)

Several DOS techniques

External DNS server, under circumstances other VPNs

2

Denial of service (unintended)

Employee ( bad configuration), Hacker (attacks side effects)

External DNS server, under circumstances other VPNs

3

Disclosure of traffic data (intended)

None

DNS traffic

4

Disclosure of host data (intended) Modification of traffic data (intended)

None

DNS traffic

None

DNS traffic

Modification of host data (intended) Modification of host data (unintended)

After host access

External DNS traffic

Configurations and other exploitable information gathering Malfunction data loss (charging)

After host access Employee (bad configuration) Hacker (attacks side effects Only if email is installed on hosts

External DNS traffic

Malfunction data loss

3

2

6

External DNS traffic

Malfunction data loss

0

2

0

6 7

8

Email, viruses, Trojan horses

From performance decrease to system breakdown (entire packet backbone network) From performance decrease to system breakdown (entire packet backbone network) Password and other exploitable information gathering Malfunction, data loss

ScaledProbability 2

1

5

6

Threat Level

The attacker has to have access to this area that is not intended to be a walk-up area that means that prior to the attacks the attacker must have either physical access or already has broken into this VPN by network attacks.

E. Attacks within the Gn VPN7 No.

Cause

Target

Consequences

Severity

Risk

4

16

3

3

9

3

2

6

Denial of service (intended)

Several DOS techniques

GSNs, under circumstances other VPNs

2

Denial of service (unintended)

Employee ( bad configuration), Hacker (attacks side effects)

GSNs, under circumstances other VPNs

3

Disclosure of traffic data (intended) Disclosure of host data (intended) Modification of traffic data (intended)

None

Gn traffic

None

Gn traffic

Mobile user data corruption

3

4

12

None

GSNs

3

3

9

Modification of host data (intended) Modification of host data (unintended)

After host access

GSNs

Configurations and other exploitable information gathering Malfunction data loss (charging)

2

4

8

After host access Employee (bad configuration) Hacker (attacks side effects Only if email is installed on hosts

GSNs

Malfunction data loss

4

3

12

GSNs

Malfunction data loss

0

3

0

5

6 7

8

Email, viruses, Trojan horses

From performance decrease to system breakdown (entire packet backbone network) From performance decrease to system breakdown (entire packet backbone network) Mobile user privacy violation

ScaledProbability 4

1

4

7

Threat Level

The attacker has to have access to this area that is not intended to be a walk-up area that means that prior to the attacks the attacker must have either physical access or already has broken into this VPN by network attacks.

F. Attacks within the Gi VPN8 No.

Threat Level

Cause

Target

Consequences

ScaledProbability 5

Severity

Risk

4

20

3

3

9

3

1

3

1

Denial of service (intended)

Several DOS techniques

Gi routers, GSN, under circumstances other VPNs

2

Denial of service (unintended)

Employee ( bad configuration), Hacker (attacks side effects)

Gi routers, GGSN, under circumstances other VPNs

3

Disclosure of traffic data (intended) Disclosure of host data (intended) Modification of traffic data (intended)

None

Gi traffic

None

Gi traffic

Mobile user data corruption

3

2

6

None

Gi routers, GGSN

3

3

9

Modification of host data (intended) Modification of host data (unintended)

After host access

Gi routers, GGSN

Configurations and other exploitable information gathering Malfunction data loss (charging)

2

4

8

After host access Employee (bad configuration) Hacker (attacks side effects Only if email is installed on hosts

Gi routers, GGSN

Malfunction data loss

4

3

12

Gp routers

Malfunction data loss

0

3

0

4 5

6 7

8

Email, viruses, Trojan horses

From performance decrease to system breakdown (entire packet backbone network) From performance decrease to system breakdown (entire packet backbone network) Mobile user privacy violation

8 In contrast to the VPNs mentioned above, this VPN is extended to areas that are not under administrative control of the packet backbone network operator that means that a hacker having physical or network access is considered to be likely.

Appendix 4 – Human Engineering9 No.

9

Threat Level

Cause

1

Unintended disclosure of information

Too communicative or unsuspicious employee

2

Intended disclosure of information

Corrupt or blackmailed employee

Target

Consequences

Packet backbone network operator employee Packet backbone network operator employee

Disclosure of company secrets, easy, simplification of security attack Disclosure of company secrets, easy, simplification of security attack

ScaledProbability 4

Severity

Risk

2

8

2

5

10

Human engineering is a very important part of security; hacker usually gets close to employees on a private basis, and tries to elicit exploitable information from the unsuspecting person.