Page 29 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 29
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
Authentication
Described below in more detail, the ability to compromise a communication through an active adversary
interposing on a transaction (e.g., through a “man-in-the-middle” attack) also compromises the ability to
ensure authentication of both parties, as there are no guarantees that the client is communicating with an
authenticated base station.
Non-repudiation
The lack of use of digital signatures across the wireless link, or any use of message authentication codes, has the
consequence that non-repudiation cannot be provided as a property within this portion of the communication.
Such guarantees would have to be provided from protocols employed by the encapsulated data (e.g., SSL over
IP).
Data confidentiality
In legacy networks where mobile banking primarily occurs through SMS, any security provided by the
network is based on GSM network encryption algorithms such as A5/1 and A5/2. These algorithms have
been demonstrated to be vulnerable, with attacks against A5/1 in 6 hours if 64 bits of keystream information
are known [2]. Recent work has demonstrated that similar approaches can be used to compromise the A5/3
cipher [3]. In some systems, the A5/0 algorithm is specified, which provides null encryption and hence no
protection of data confidentiality.
Communication security
Legacy networks relying on GSM encryption are also subject to “man-in-the-middle” attacks from base
stations that are placed by an attacker, maliciously claiming to be legitimate provider towers and decrypting
communication before re-sending it into the mobile carrier’s network. Such a scheme can allow the attacker
to gain full access to all communicated information, including transaction and financial data.
Data integrity
Attacks such as the “man in the middle” rogue base station attack described above can compromise the
integrity of financial and transactional data that originates from a DFS application. A malicious adversary actively
interposing on a communication between the mobile handset and the back-end services has the ability to
arbitrarily add, delete or modify data, thus removing all guarantees of integrity.
Furthermore, and as discussed in more detail in section 3.6.2.5, vulnerabilities in the Signalling System 7 (SS7)
protocol can impair the integrity of SMS messages. Using SS7 requests, a bad actor can pose as a short message
service centre (SMSC) to obtain inter alia the IMSI of the target customer, and even the location. This may
2
1
be used to gain access via SS7 to all SS7 traffic relating to that IMSI, wherein the attacker is able to intercept
a customer’s SMS messages and request the customer’s account balance. They can even initiate a transfer of
funds from the target DFS customer’s account to the attacker’s DFS account.
While these attacks may appear to be mitigated through two-factor authentication via an OTP in parallel with a
USSD-based DFS or banking session, a SS7 attack to gain access to the customer’s account to change messages
1 An IMSI is the serial number of the subscriber SIM card. The IMSI is sent as rarely as possible to avoid it being identified and
tracked. Instead, the temporary mobile subscriber identity (TMSI) is the identity that is most commonly sent between the mobile
phone and the MNO, and is randomly assigned.
2 An attacker for example would send a specific “update-location” (UL) request message directly to the customer’s MNO via SS7.
See Cellusys (2016) SS7 Vulnerabilities Ebook, available fromhttp:// www. cellusys. com/ thank- you/ ss7- vulnerabilities/? source= Ibn
15