Showing posts with label Mobile Book. Show all posts

A hands-on guide to mastering mobile forensics for the iOS, Android, and the Windows Phone platforms

Rohit Tamma . Oleg Skulkin . Heather Mahalik . Satish Bommisetty


e-books shop
e-books shop
Purchase Now !
Just with Paypal



Book Details
 Price
 3.50
 Pages
 392 p
 File Size 
 17,694 KB
 File Type
 PDF format
 ISBN
 978-1-78883-919-8
 Copyright©   
 2018 Packt Publishing 

About the Authors
Rohit Tamma is a security program manager currently working with Microsoft. With over
8 years of experience in the field of security, his background spans management and
technical consulting roles in the areas of application and cloud security, mobile security,
penetration testing, and security training. Rohit has also coauthored couple of books, such
as Practical Mobile Forensics and Learning Android Forensics, which explain various ways to
perform forensics on the mobile platforms. You can contact him on Twitter at @RohitTamma.
Writing this book has been a great experience because it has taught me several things,
which could not have been otherwise possible. I would like to dedicate this book to my
parents for helping me in every possible way throughout my life.

Oleg Skulkin is a digital forensics "enthusional" (enthusiast and professional) from Russia
with more than 6 years of experience, and is currently employed by Group-IB, one of the
global leaders in preventing and investigating high-tech crimes and online fraud. He holds
a number of certifications, including GCFA, MCFE, and ACE. Oleg is a coauthor of Windows
Forensics Cookbook, and you can find his articles about different aspects of digital forensics
both in Russian and foreign magazines. Finally, he is a very active blogger, and he updates
the Cyber Forensicator blog daily.
I would like to thank my mom and wife for their support and understanding, my friend,
Igor Mikhaylov, and my teammates from Group-IB Digital Forensics Lab: Valeriy Baulin,
Sergey Nikitin, Vitaliy Trifonov, Roman Rezvuhin, Artem Artemov, Alexander Ivanov,
Alexander Simonyan, Alexey Kashtanov, Pavel Zevahin, Vladimir Martyshin, Nikita
Panov, Anastasiya Barinova, and Vesta Matveeva.

Heather Mahalik is the director of forensic engineering with ManTech CARD, where she
leads the forensic effort focusing on mobile and digital exploitation. She is a senior
instructor and author for the SANS Institute, and she is also the course leader for the
FOR585 Advanced Smartphone Forensics course. With over 15 years of experience in digital
forensics, she continues to thrive on smartphone investigations, digital forensics, forensic
course development and instruction, and research on application analysis and smartphone forensics.

Satish Bommisetty is a security analyst working for a Fortune 500 company. His primary
areas of interest include iOS forensics, iOS application security, and web application
security. He has presented at international conferences, such as ClubHACK and C0C0n. He
is also one of the core members of the Hyderabad OWASP chapter. He has identified and
disclosed vulnerabilities within the websites of Google, Facebook, Yandex, PayPal, Yahoo!,
AT&T, and more, and they are listed in their hall of fame.

About the reviewer
Igor Mikhaylov has been working as a forensics expert for 21 years. During this time, he
has attended a lot of seminars and training classes in top forensic companies and forensic
departments of government organizations. He has experience and skills in cellphones
forensics, chip-off forensics, malware forensics, and other fields. He has worked on several
thousand forensic cases.

He is the reviewer of Windows Forensics Cookbook by Oleg Skulkin and Scar de Courcier, Packt Publishing, 2017.

He is the author of Mobile Forensics Cookbook, Packt Publishing, 2017.

Preface
The exponential growth in smartphones has revolutionized several aspects of our lives.
Smartphones are one of the most quickly adopted consumer technologies in recent history.
Despite their small size, smartphones are capable of performing many tasks, such as
sending private messages and confidential emails, taking photos and videos, making online
purchases, viewing sensitive information such as medical records and salary slips,
completing banking transactions, accessing social networking sites, and managing business
tasks. Hence, a mobile device is now a huge repository of sensitive data, which could
provide a wealth of information about its owner. This has in turn led to the evolution of
mobile device forensics, a branch of digital forensics, which deals with retrieving data from
a mobile device. Today, there is a huge demand for specialized forensic experts, especially
given the fact that the data retrieved from a mobile device is court-admissible.

Mobile forensics is all about using scientific methodologies to recover data stored within a
mobile phone for legal purposes. Unlike traditional computer forensics, mobile forensics
has limitations in obtaining evidence due to rapid changes in technology and the fast-paced
evolution of mobile software. With different operating systems and a wide range of models
being released onto the market, mobile forensics has expanded over the past few years.
Specialized forensic techniques and skills are required in order to extract data under
different conditions.

This book takes you through various techniques to help you learn how to forensically
recover data from different mobile devices with the iOS, Android, and Windows Mobile
operating systems. This book also covers behind the scenes details, such as how data is
stored and what tools actually do in the background, giving you deeper knowledge on
several topics. Step-by-step instructions enable you to try forensically recovering data yourself.

The book is organized in a manner that allows you to focus independently on chapters that
are specific to your required platform.

Table of Contents
Chapter 1: Introduction to Mobile Forensics 6
Why do we need mobile forensics? 7
Mobile forensics 8
Challenges in mobile forensics 10
The mobile phone evidence extraction process 12
The evidence intake phase 13
The identification phase 14
The legal authority 14
The goals of the examination 14
The make, model, and identifying information for the device 14
Removable and external data storage 15
Other sources of potential evidence 15
The preparation phase 15
The isolation phase 16
The processing phase 16
The verification phase 16
Comparing extracted data to the handset data 17
Using multiple tools and comparing the results 17
Using hash values 17
The documenting and reporting phase 17
The presentation phase 18
The archiving phase 18
Practical mobile forensic approaches 18
Overview of mobile operating systems 19
Android 19
iOS 20
Windows Phone 20
Mobile forensic tool leveling system 20
Manual extraction 22
Logical extraction 22
Hex dump 22
Chip-off 23
Micro read 23
Data acquisition methods 24
Physical acquisition 24
Logical acquisition 24
Manual acquisition 25
Potential evidence stored on mobile phones 25
Examination and analysis 26
Rules of evidence 28
Good forensic practices 29
Securing the evidence 29
Preserving the evidence 29
Documenting the evidence and changes 30
Reporting 30
Summary 31
Chapter 2: Understanding the Internals of iOS Devices 32
iPhone models 33
Identifying the correct hardware model 33
iPhone hardware 41
iPad models 42
Understanding the iPad hardware 44
Apple Watch models 45
Understanding the Apple Watch hardware 46
The filesystem 48
The HFS Plus filesystem 48
The HFS Plus volume 49
The APFS filesystem 50
The APFS structure 51
Disk layout 52
iPhone operating system 53
The iOS architecture 54
iOS security 55
Passcodes, Touch ID, and Face ID 56
Code Signing 56
Sandboxing 56
Encryption 57
Data protection 57
Address Space Layout Randomization 57
Privilege separation 57
Stack-smashing protection 57
Data execution prevention 58
Data wipe 58
Activation Lock 58
The App Store 58
Jailbreaking 59
Summary 60
Chapter 3: Data Acquisition from iOS Devices 61
Operating modes of iOS devices 62
The normal mode 62
The recovery mode 64
DFU mode 67
Setting up the forensic environment 70
Password protection and potential bypasses 70
Logical acquisition 71
Practical logical acquisition with libimobiledevice 72
Practical logical acquisition with Belkasoft Acquisition Tool 73
Practical logical acquisition with Magnet ACQUIRE 78
Filesystem acquisition 81
Practical jailbreaking 82
Practical filesystem acquisition with Elcomsoft iOS Forensic Toolkit 83
Physical acquisition 83
Practical physical acquisition with Elcomsoft iOS Forensic Toolkit 84
Summary 87
Chapter 4: Data Acquisition from iOS Backups 88
iTunes backup 89
Creating backups with iTunes 92
Understanding the backup structure 94
info.plist 95
manifest.plist 96
status.plist 96
manifest.db 97
Extracting unencrypted backups 99
iBackup Viewer 99
iExplorer 101
BlackLight 103
Encrypted backup 105
Elcomsoft Phone Breaker 105
Working with iCloud backups 107
Extracting iCloud backups 109
Summary 110
Chapter 5: iOS Data Analysis and Recovery 111
Timestamps 112
Unix timestamps 112
Mac absolute time 113
WebKit/Chrome time 113
SQLite databases 114
Connecting to a database 115
SQLite special commands 116
Standard SQL queries 117
Accessing a database using commercial tools 117
Key artifacts – important iOS database files 121
Address book contacts 122
Address book images 124
Call history 126
SMS messages 127
Calendar events 128
Notes 129
Safari bookmarks and cache 130
Photo metadata 131
Consolidated GPS cache 132
Voicemail 133
Property lists 133
Important plist files 134
The HomeDomain plist files 135
The RootDomain plist files 136
The WirelessDomain plist files 137
The SystemPreferencesDomain plist files 137
Other important files 137
Cookies 138
Keyboard cache 139
Photos 139
Thumbnails 140
Wallpaper 140
Recordings 141
Downloaded applications 141
Apple Watch 141
Recovering deleted SQLite records 144
Summary 145
Chapter 6: iOS Forensic Tools 146
Working with Cellebrite UFED Physical Analyzer 147
Features of Cellebrite UFED Physical Analyzer 147
Advanced logical acquisition and analysis with Cellebrite UFED Physical
Analyzer 148
Working with Magnet AXIOM 156
Features of Magnet AXIOM 156
Logical acquisition and analysis with Magnet AXIOM 157
Working with Belkasoft Evidence Center 166
Features of Belkasoft Evidence Center 166
iTunes backup parsing and analysis with Belkasoft Evidence Center 167
Working with Oxygen Forensic Detective 172
Features of Oxygen Forensic Detective 172
Logical acquisition and analysis with Oxygen Forensic Detective 173
Summary 178
Chapter 7: Understanding Android 179
The evolution of Android 180
The Android model 181
The Linux kernel layer 183
The Hardware Abstraction Layer 183
Libraries 184
Dalvik virtual machine 184
Android Runtime (ART) 185
The Java API framework layer 186
The system apps layer 186
Android security 186
Secure kernel 187
The permission model 188
Application sandbox 189
Secure inter-process communication 189
Application signing 189
Security-Enhanced Linux 190
Full Disk Encryption 190
Trusted Execution Environment 191
The Android file hierarchy 191
The Android file system 194
Viewing file systems on an Android device 194
Common file systems found on Android 197
Summary 199
Chapter 8: Android Forensic Setup and Pre-Data Extraction
Techniques 200
Setting up the forensic environment for Android 201
The Android Software Development Kit 201
The Android SDK installation 202
An Android Virtual Device 204
Connecting an Android device to a workstation 208
Identifying the device cable 209
Installing the device drivers 209
Accessing the connected device 210
The Android Debug Bridge 211
USB debugging 212
Accessing the device using adb 214
Detecting connected devices 214
Killing the local adb server 214
Accessing the adb shell 214
Basic Linux commands 215
Handling an Android device 218
Screen lock bypassing techniques 219
Using adb to bypass the screen lock 220
Deleting the gesture.key file 220
Updating the settings.db file 221
Checking for the modified recovery mode and adb connection 222
Flashing a new recovery partition 222
Using automated tools 223
Using Android Device Manager 225
Smudge attack 226
Using the Forgot Password/Forgot Pattern option 227
Bypassing third-party lock screens by booting into safe mode 228
Securing the USB debugging bypass using adb keys 228
Securing the USB debugging bypass in Android 4.4.2 229
Crashing the lock screen UI in Android 5.x 230
Other techniques 231
Gaining root access 232
What is rooting? 232
Rooting an Android device 233
Root access - adb shell 236
Summary 237
Chapter 9: Android Data Extraction Techniques 238
Data extraction techniques 239
Manual data extraction 240
Logical data extraction 240
ADB pull data extraction 240
Using SQLite Browser to view the data 243
Extracting device information 244
Extracting call logs 245
Extracting SMS/MMS 246
Extracting browser history 247
Analysis of social networking/IM chats 248
ADB backup extraction 249
ADB dumpsys extraction 251
Using content providers 253
Physical data extraction 257
Imaging an Android phone 257
Imaging a memory (SD) card 261
Joint Test Action Group 262
Chip-off 264
Summary 265
Chapter 10: Android Data Analysis and Recovery 266
Analyzing an Android image 267
Autopsy 267
Adding an image to Autopsy 267
Analyzing an image using Autopsy 271
Android data recovery 272
Recovering deleted data from an external SD card 273
Recovering data deleted from internal memory 280
Recovering deleted files by parsing SQLite files 280
Recovering files using file-carving techniques 283
Recovering contacts using your Google account 287
Summary 289
Chapter 11: Android App Analysis, Malware, and Reverse Engineering 290
Analyzing Android apps 291
Facebook Android app analysis 292
WhatsApp Android app analysis 294
Skype Android app analysis 294
Gmail Android app analysis 296
Google Chrome Android app analysis 297
Reverse engineering Android apps 299
Extracting an APK file from an Android device 300
Steps to reverse engineer Android apps 302
Android malware 304
How does malware spread? 307
Identifying Android malware 308
Summary 311
Chapter 12: Windows Phone Forensics 312
Windows Phone OS 312
Security model 315
Chambers 315
Encryption 316
Capability-based model 316
App sandboxing 318
Windows Phone filesystem 318
Data acquisition 321
Commercial forensic tool acquisition methods 322
Extracting data without the use of commercial tools 325
SD card data extraction methods 328
Key artifacts for examination 332
Extracting contacts and SMS 332
Extracting call history 333
Extracting internet history 333
Summary 334
Chapter 13: Parsing Third-Party Application Files 335
Third-party application overview 336
Chat applications 337
GPS applications 339
Secure applications 340
Financial applications 341
Social networking applications 341
Encoding versus encryption 345
Application data storage 348
iOS applications 349
Android applications 350
Windows Phone applications 353
Forensic methods used to extract third-party application data 353
Commercial tools 354
Oxygen Detective 354
Magnet IEF 357
UFED Physical Analyzer 360
Open source tools 361
Autopsy 361
Other methods of extracting application data 365
Summary 366
Other Books You May Enjoy 367
Index 370


Bookscreen
e-books shop

Who this book is for
This book is intended for forensic examiners with little or basic experience in mobile
forensics or open source solutions for mobile forensics. The book will also be useful to
computer security professionals, researchers, and anyone seeking a deeper understanding
of mobile internals. It will also come in handy for those who are trying to recover
accidentally deleted data (photos, contacts, SMS messages, and more).

Radius, Diameter, EAP, PKI, & IP Mobility

Madjid Nakhjiri Mahsa Nakhjiri

Motorola Labs, USA & Motorola Personal Devices, USA


e-books shop
AAA & Network Security for Mobile Access
Radius, Diameter, EAP, PKI, & IP Mobility


Foreword
The market for mobile computers and commmunication devices continues to grow, which
means that every year there are more and more of them. This is creating numerous opportunities for network providers and operators of all sorts, because many of these devices derive their usefulness from their ability to get access to the Internet. Recently, within the IETF, there has been a surge of interest in creating new protocols and protocol interfaces to better enable operators to take advantage of these opportunities. These new protocols, taken as a whole, bring about a new kind of operator operation known as “AAA services”, thus the title of the book. Madjid, one of the two authors of this book, is known to me as a regular in several IETF
working groups, and his work is well represented within this book.
There is no doubt that AAA services are already of tremendous importance in today’s
Internet, given that much of the access control is mediated already by RADIUS servers and
associated protocols. Even so, I think that the true value of AAA services is still in the
process of emerging, as we transition from laptop computing to wireless mobile communications
in the future. As we begin to store more of our credentials on our wireless gadgets, and as the needs for user authentication continue to expand, it seems very natural that today’s AAA
practice will adapt to the needs of the new wireless technologies. These needs include higher
performance, improved roaming facilities, and interface to a multiplicity of security technologies.
Already, my experience is that I have to carry around a bag of strange connectors, security
cards, credit cards, and telephone numbers in order to be mobile. It seems that when
traveling, leaving any of these behind is much worse than forgetting to pack a toothbrush,
soap, or even shirts or socks. After all, I can usually find a place to buy those latter items.
Within the book, we can see the first glimmerings of how this new wireless mobile world
will look to the user desiring to make use of local Internet connectivity. Several recent specifications have been finally approved and are dutifully described in this book. In particular, the ideas of seamless mobility and context transfer provide great hope for the desired user productivity and the experience of well-engineered convenience. Clearly, there is a big gap separating the barebones specification and widespread deployment. It is to fill just these gaps that books such as this one are needed. But filling known gaps is only the beginning. Once the basic hurdles are cleared, I am confident that many new applications will soon be imagined and built to use the simplified access models provided by the new AAA services.
Charlie Perkins


About the Author
Madjid Nakhjiri is currently a researcher and network architect with Motorola Labs. He has been involved in the wireless communications industry since 1994. Over the years, Madjid has participated in the development of many cellular and public safety mission-critical projects, ranging from cellular location detection receiver design and voice modeling simulations to the design of architecture and protocols for QoS-based admission, call control, mobile VPN access and AAA procedures for emergency response networks. Madjid has been active in the standardization of mobility and security procedures in IETF, 3G and IEEE since 2000 and is a coauthor of a few IETF RFCs. Madjid has also authored many IEEE papers, chaired several IEEE conference sessions and has many patent applications in process.

Mahsa Nakhjiri is currently a systems engineer with Motorola Personal Devices and is involved in future cellular technology planning. Mahsa holds degrees in Mathematics and Electrical Engineering and has specialized in mathematical signal processing for antenna arrays. She has been involved in research on cellular capacity planning and modeling, design and simulation of radio and link layer protocols and their interaction with transport protocols in wireless environments. Mahsa has also worked with cellular operators on mobility and AAA issues from an operator perspective.


Preface
In today’s world, where computer viruses and security threats are common themes in
anything from Hollywood movies and TV advertisements to political discussions, it seems
unthinkable to ignore security considerations in the design and implementation of any
network. However, it is only in the past 4–5 years that talkative security experts have been
invited to the design table from the start. The common thinking only 5 years ago was either:
this is somebody else’s problem or let us design the major functionalities first, then bring in a
cryptographer to secure it! This treatment of security as an add-on feature typically led either
to design delays, overheads and extra costs when the “feature” had to be included, or to
ignored security provisioning when the “feature” was not a must. The problem, of course,
stemmed from the fact that security “features” have rarely been revenue-makers. As we all
know, many political, social and economic events in the last half decade have forced the
designers, regulators and businessmen to adjust their attitudes towards security considerations.
People realized that although security measures are not revenue-makers, their lack is
indeed a deal breaker, to say the least, or has catastrophic aftermaths, at worst.

The Internet Engineering Task Force (IETF) has also played an important role in establishing
the aforementioned trend by making a few bold moves. The rejection of some very
high profile specifications due to the lack of proper security considerations was a message to
the industry that security is not to be taken lightly. This was done in a dot.com era where the
Internet and its applications seemed to have no boundaries and security provisioning seemed
to be only a barrier rather than an enabler.
As a result of this trend, the field of network security gained a lot of attention. A profession
that seemed to belong only to a few mathematically blessed brains opened up to a community
of practitioners dealing with a variety of networking and computing applications. Many standards, such as 802.1X, IPsec and TLS, were developed to apply cryptographic concepts and
algorithms to networking problems. Many books were written on the topics of security and
cryptography, bringing the dark and difficult secrets of fields such as public key cryptography
to a public that typically was far less mathematically savvy than the original inventors.

Many protocols and procedures were designed to realize infrastructures such as PKIs to bring
these difficult concepts to life. Still, cryptographic algorithms or security protocols such as
IPsec are not enough alone to operate a network that needs to generate services and revenues
or to protect its constituency. Access to the network needs to be controlled. Users and devices
need to be authorized for a variety of services and functions and often must pay for their
usage. This is where the AAA protocols came in. In its simpler form a AAA protocol such as
a base RADIUS protocol only provides authentication-based access control. A few service
types are also included in the authorization signaling. RADIUS was later augmented with
accounting procedures. Diameter as a newer protocol was only standardized less than 2 years ago.
Both RADIUS and Diameter are still evolving at the time of writing. This evolution is to
enable AAA mechanisms and protocols to provide powerful functions to manage many
complicated tasks ranging from what is described above to managing resources and mobility
functions based on a variety of policies. In the near future the networks need to allow the
user through a variety of interfaces, devices and technologies to gain access to the network.
The user will require to be mobile and yet connected. The provision of the connection may
at times have to be aided by third parties. The interaction between AAA and security procedures
with entities providing mobility and roaming capabilities is a very complicated one and
is still not completely understood. Despite this complexity, there seem to be very few books
on the market that discuss more than a single topic (either security, or mobility or wireless
technology). The topic of AAA is largely untouched. Very little text in the way of published
literature is available on AAA protocols, let alone describing the interaction of these
protocols with security, mobility and key management protocols.

The idea for writing this book started from an innocent joke by the IETF operation and
management area director during an IETF lunch break a few years ago. When we asked
about the relations between the use of EAP for authentication and Mobile IP-AAA signaling,
the answer was “Maybe you should write a book about the subject”. Even though this was
considered a joke at a time, as we started to work on deploying AAA infrastructure for
Mobile IP and EAP support, the need for easy-to-understand overview material was felt so
strongly that the joke now sounded like black humor. We had to write a book on AAA as a
community service!

The book is geared towards people who have a basic understanding of Internet Protocol
(IP) and TCP/IP stack layering concepts. Except for the above, most of the other IP-related
concepts are explained in the text. Thus, the book is suitable for managers, engineers,
researchers and students who are interested in the topic of network security and AAA but do
not possess in-depth IP routing and security knowledge. We aimed at providing an overview
of IP mobility (Mobile IP) and security (IPsec) to help the reader who is not familiar with
these concepts so that the rest of the material in the book can be understood. However, the
reader may feel that the material quickly jumps from a simple overview of Mobile IP or IPsec
to sophisticated topics such as bootstrapping for IP mobility or key exchange for IP security.
Our reasoning here was that we felt that there are a number of excellently written books on
the topics of Mobile IP and IPsec, to which the reader may refer, so it would not be fair to fill
this book with redundant information. Instead, the book provides just enough material on
those topics to quickly guide the reader into the topics that are more relevant to the rest of the
material in this book. The book may also serve as a reference or introduction depending on the
reader’s need and background, but it is not intended as a complete implementation reference
book. The tables listing the protocol attributes are intentionally not exhaustive to avoid
distractions. Most of the time, only subsets that pertain to the discussions within the related
text are provided to enable the reader to understand the principles behind the design of these
attributes. At the same time, references to full standards specifications are provided for
readers interested in implementation of the complete feature sets.

Chapter 1 of this book provides an overview of what AAA is and stands for. It provides
thorough descriptions of both authorization and accounting mechanisms. Unfortunately the
field and standardization on authorization mechanisms is in the infancy stage at this point and
accounting, compared to authentication, has received far less attention in the research and
standards community due to its operator-specific nature. Due to the enormous amount of
research done on authentication, we devote Chapter 2 entirely to authentication concepts and
mechanisms and also provide a rather unique classification (from IAB) of authentication
mechanisms in that chapter. We will come back to the topic of authentication and describe
more sophisticated EAP-based authentications in Chapter 10, but after Chapter 2, we go
through the concepts of key management in Chapter 3 to lay the groundwork for most of the
security and key management discussions in Chapter 4 and the rest of the book. Chapter 4
discusses IPsec and TLS briefly, but provides a thorough discussion on IKE as an important
example of a key management and security association negotiation protocol. As mentioned
earlier, the aim of that chapter is not to describe IPsec or TLS thoroughly. Both these protocols
are provided for completeness and to provide the background for the later discussion of
security topics. Chapter 5 discusses mobility protocols for IP networks. It describes basic
Mobile IP procedures and quickly goes through the latest complementary work in IETF, such
as bootstrapping. This chapter also describes two IETF seamless mobility protocols, context
transfer and candidate access router discovery, which may be required to achieve seamless
handovers. This chapter also describes the security procedures for Mobile IPv4 and lays the
groundwork for Mobile IP-AAA discussions in Chapter 8. Chapters 6 and 7 describe the two
most important AAA protocols, namely RADIUS and Diameter and their applications for
authentication and accounting. Many of the specifications that are considered work in
progress in IETF are covered here.

Chapter 8 finally covers the topic discussed in the IETF joke we mentioned earlier: Mobile
IP-AAA signaling to provide authentication and key management for Mobile IP signaling.

Chapter 9 goes on to provide a description of public key infrastructures (PKI) and the
issues and concerns with management of PKIs, certificates and their revocation.

Chapter 10 describes the EAP authentication framework, EAP signaling transport and the
structure for a generic EAP-XXX mechanism. It also provides overviews of a variety of EAP
authentication methods, such as EAP-TLS, EAP-TTLS, EAP-SIM, and so on.

Finally, Chapter 11 makes a humble attempt at describing the overall problem of AAA and
identity management in a multi-operator environment and discusses various architectural
models to tackle the problem. This chapter also provides an overview of the Liberty Alliance.
We wish the readers a joyful read.


Table of Contents
Foreword xv
Preface xvii
About the Author xxi
Chapter 1 The 3 “A”s: Authentication, Authorization, Accounting 1
1.1 Authentication Concepts 1
1.1.1 Client Authentication 2
1.1.2 Message Authentication 4
1.1.3 Mutual Authentication 5
1.1.4 Models for Authentication Messaging 6
1.1.4.1 Two-Party Authentication Model 6
1.1.4.2 Three-Party Authentication Model 6
1.1.5 AAA Protocols for Authentication Messaging 7
1.1.5.1 User–AAA Server 7
1.1.5.2 NAS–AAA Server Communications 7
1.1.5.3 Supplicant (User)–NAS Communications 8
1.2 Authorization 8
1.2.1 How is it Different from Authentication? 8
1.2.2 Administration Domain and Relationships with the User 9
1.2.3 Standardization of Authorization Procedures 10
1.2.3.1 Authorization Messaging 12
1.2.3.2 Policy Framework and Authorization 12
1.3 Accounting 13
1.3.1 Accounting Management Architecture 13
1.3.1.1 Accounting Across Administrative Domains 14
1.3.2 Models for Collection of Accounting Data 15
1.3.2.1 Polling Models for Accounting 15
1.3.2.2 Event-Driven Models for Accounting 15
1.3.3 Accounting Security 17
1.3.4 Accounting Reliability 17
1.3.4.1 Interim Accounting 18
1.3.4.2 Transport Protocols 18
1.3.4.3 Fail-Over Mechanisms 18
1.3.5 Prepaid Service: Authorization and Accounting in Harmony 19
1.4 Generic AAA Architecture 19
1.4.1 Requirements on AAA Protocols Running on NAS 21
1.5 Conclusions and Further Resources 23
1.6 References 23
Chapter 2 Authentication 25
2.1 Examples of Authentication Mechanisms 25
2.1.1 User Authentication Mechanisms 26
2.1.1.1 Basic PPP User Authentication Mechanisms 27
2.1.1.2 Shortcoming of PPP Authentication Methods 29
2.1.1.3 Extensible Authentication Protocol (EAP) as Extension to PPP 30
2.1.1.4 SIM-Based Authentication 30
2.1.2 Example of Device Authentication Mechanisms 31
2.1.2.1 Public Key Certificate-Based Authentication 32
2.1.2.2 Basics of Certificate-Based Authentication 32
2.1.3 Examples of Message Authentication Mechanisms 33
2.1.3.1 HMAC-MD5 34
2.2 Classes of Authentication Mechanisms 36
2.2.1 Generic Authentication Mechanisms 41
2.2.1.1 Extensible Authentication Protocol (EAP) 41
2.2.1.2 EAP Messaging 42
2.3 Further Resources 44
2.4 References 45
Chapter 3 Key Management Methods 47
3.1 Key Management Taxonomy 47
3.1.1 Key Management Terminology 47
3.1.2 Types of Cryptographic Algorithms 49
3.1.3 Key Management Functions 50
3.1.4 Key Establishment Methods 51
3.1.4.1 Key Transport 51
3.1.4.2 Key Agreement 52
3.1.4.3 Manual Key Establishment 53
3.2 Management of Symmetric Keys 54
3.2.1 EAP Key Management Methods 54
3.2.2 Diffie–Hellman Key Agreement for Symmetric Key Generation 58
3.2.2.1 Problems with Diffie–Hellman 60
3.2.3 Internet Key Exchange for Symmetric Key Agreement 61
3.2.4 Kerberos and Single Sign On 62
3.2.4.1 Kerberos Issues 65
3.2.5 Kerberized Internet Negotiation of Keys (KINK) 66
3.3 Management of Public Keys and PKIs 67
3.4 Further Resources 68
3.5 References 69
Chapter 4 Internet Security and Key Exchange Basics 71
4.1 Introduction: Issues with Link Layer-Only Security 71
4.2 Internet Protocol Security 73
4.2.1 Authentication Header 74
4.2.2 Encapsulating Security Payload 74
4.2.3 IPsec Modes 75
4.2.3.1 Transport Mode 76
4.2.3.2 Tunnel Mode 76
4.2.4 Security Associations and Policies 77
4.2.5 IPsec Databases 78
4.2.6 IPsec Processing 78
4.2.6.1 Outbound Processing 78
4.2.6.2 Inbound Processing 79
4.3 Internet Key Exchange for IPsec 79
4.3.1 IKE Specifications 79
4.3.2 IKE Conversations 81
4.3.2.1 IKE Phase 1 81
4.3.2.2 IKE Phase 2 82
4.3.2.3 Round Trip Optimizations 82
4.3.3 ISAKMP: The Backstage Protocol for IKE 83
4.3.3.1 ISAKMP Message Format 83
4.3.3.2 ISAKMP Payloads in IKE Conversations 86
4.3.4 The Gory Details of IKE 86
4.3.4.1 Derivation of ISAKMP Short-Term Keys 86
4.3.4.2 IKE Authentication Alternatives 88
4.3.4.3 IKE Deployment Issues 90
4.4 Transport Layer Security 91
4.4.1 TLS Handshake for Key Exchange 93
4.4.2 TLS Record Protocol 95
4.4.2.1 TLS Alert Protocol 95
4.4.3 Issues with TLS 96
4.4.4 Wireless Transport Layer Security 96
4.5 Further Resources 96
4.6 References 97
Chapter 5 Introduction on Internet Mobility Protocols 99
5.1 Mobile IP 99
5.1.1 Mobile IP Functional Overview 102
5.1.1.1 Mobile IP Registration 103
5.1.1.2 Mobile IP Reverse Tunneling 106
5.1.2 Mobile IP Messaging Security 107
5.1.2.1 Caveat: Key Establishment 109
5.2 Shortcomings of Mobile IP Base Specification 109
5.2.1 Mobile IP Bootstrapping Issues 110
5.2.1.1 Dynamic Home Address Assignment 111
5.2.1.2 Dynamic Home Agent Assignment 111
5.2.1.3 Dynamic Key Establishment 113
5.2.2 Mobile IP Handovers and Their Shortcomings 113
5.2.2.1 Layer-2 Triggers and Fast Handovers 114
5.2.2.2 Candidate Router Discovery Issues 115
5.2.2.3 Delay and Disruption Tolerance by Applications 116
5.2.2.4 Establishment of Network Services 116
5.3 Seamless Mobility Procedures 117
5.3.1 Candidate Access Router Discovery 118
5.3.2 Context Transfer 120
5.3.2.1 Design Considerations 122
5.3.2.2 Messaging Overview 124
5.4 Further Resources 125
5.5 References 126
Chapter 6 Remote Access Dial-In User Service (RADIUS) 127
6.1 RADIUS Basics 127
6.2 RADIUS Messaging 128
6.2.1 Message Format 129
6.2.2 RADIUS Extensibility 130
6.2.3 Transport Reliability for RADIUS 130
6.2.4 RADIUS and Security 131
6.2.4.1 RADIUS Message Integrity Protection 131
6.2.4.2 Attribute Hiding 132
6.2.4.3 Security Vulnerabilities of RADIUS 134
6.2.4.4 RADIUS over IPsec 135
6.3 RADIUS Operation Examples 135
6.3.1 RADIUS Support for PAP 135
6.3.2 RADIUS Support for CHAP 136
6.3.3 RADIUS Interaction with EAP 138
6.3.4 RADIUS Accounting 139
6.3.4.1 Basic Operation 139
6.3.4.2 Security and Reliability of RADIUS Accounting 140
6.4 RADIUS Support for Roaming and Mobility 141
6.4.1 RADIUS Support for Proxy Chaining 142
6.4.1.1 Roaming Concepts 142
6.4.1.2 Proxy Chaining Operation 143
6.4.1.3 Issues with Proxy Chaining 143
6.5 RADIUS Issues 143
6.6 Further Resources 144
6.6.1 Commercial RADIUS Resources 144
6.6.2 Free Open Source Material 145
6.7 References 145
Chapter 7 Diameter: Twice the RADIUS? 147
7.1 Election for the Next AAA Protocol 147
7.1.1 The Web of Diameter Specifications 148
7.1.1.1 Diameter Base Specification 148
7.1.1.2 Security Specifications 149
7.1.1.3 Diameter Transport Profile 150
7.1.1.4 Diameter NAS Application 150
7.1.2 Diameter Applications 151
7.1.3 Diameter Node Types and their Roles 152
7.2 Diameter Protocol 153
7.2.1 Diameter Messages 153
7.2.1.1 Diameter Message Format 154
7.2.1.2 Diameter Command Code (Message Types) 154
7.2.1.3 Attribute-Value Pair (AVP) Format 155
7.2.1.4 Examples of Diameter Base Specification AVPs 156
7.2.2 Diameter Transport and Routing Concepts 157
7.2.2.1 Diameter Transport Concepts 157
7.2.2.2 Diameter Routing Concepts 158
7.2.2.3 Diameter Message Routing and Forwarding 159
7.2.3 Capability Negotiations 159
7.2.4 Diameter Security Requirements 160
7.2.4.1 Use of IPsec or TLS for Diameter 161
7.2.4.2 Path Authorization: Impact of Security on Authorization and Accounting 161
7.3 Details of Diameter Applications 162
7.3.1 Accounting Message Exchange Example 162
7.3.2 Diameter-Based Authentication, NASREQ 163
7.3.2.1 Commands Introduced by NASREQ 164
7.3.2.2 NASREQ AVPs 164
7.3.2.3 Diameter NAS Messaging 165
7.3.3 Diameter Mobile IP Application 167
7.3.4 Diameter EAP Support 167
7.4 Diameter Versus RADIUS: A Factor 2? 168
7.4.1 Advantages of Diameter over RADIUS 168
7.4.1.1 Fail-Over 168
7.4.1.2 Server-initiated Messages 169
7.4.1.3 Reliable Transport 169
7.4.1.4 Capability Negotiation 169
7.4.1.5 Security and Audibility Issues 169
7.4.1.6 Diameter Support for Agents and Inter-Domain Roaming 170
7.4.1.7 Peer Discovery and Configuration 170
7.4.1.8 Backward Compatibility with RADIUS 170
7.4.2 Issues with Use of Diameter 170
7.4.3 Diameter-RADIUS Interactions (Translation Agents) 171
7.5 Further Resources 172
7.6 References 172
Chapter 8 AAA and Security for Mobile IP 175
8.1 Architecture and Trust Model 177
8.1.1 Timing Characteristics of Security Associations 178
8.1.1.1 Pre-established SAs (PSA) 178
8.1.1.2 Mobility Security Associations (MSA) 179
8.1.1.3 AAASA 179
8.1.1.4 Lifetimes 180
8.1.1.5 Security Parameter Index (SPI) 180
8.1.2 Key Delivery Mechanisms 181
8.1.3 Overview of Use of Mobile IP-AAA in Key Generation 182
8.2 Mobile IPv4 Extensions for Interaction with AAA 184
8.2.1 MN-AAA Authentication Extension 184
8.2.2 Key Generation Extensions (IETF work in progress) 186
8.2.3 Keys to Mobile IP Agents? 187
8.3 AAA Extensions for Interaction with Mobile IP 187
8.3.1 Diameter Mobile IPv4 Application 188
8.3.1.1 Diameter Model for Mobile IP Support 188
8.3.1.2 New Diameter AVPs for Mobile IP Support 190
8.3.1.3 Diameter Mobile IP Messaging Overview 193
8.3.2 Radius and Mobile IP Interaction: A CDMA2000 Example 196
8.3.2.1 Mobile IP Support Within CDMA2000 196
8.3.2.2 RADIUS Support, or Not! 197
8.3.2.3 CDMA2000 Messaging Procedure 199
8.4 Conclusion and Further Resources 200
8.5 References 201
Chapter 9 PKI: Public Key Infrastructure: 
Fundamentals and Support for IPsec and Mobility 203
9.1 Public Key Infrastructures: Concepts and Elements 204
9.1.1 Certificates 204
9.1.2 Certificate Management Concepts 205
9.1.3 PKI Elements 209
9.1.4 PKI Management Basic Functions 210
9.1.4.1 Basic PKI Transactions 211
9.1.4.2 Enrollment and Authentication 211
9.1.5 Comparison of Existing PKI Management Protocols 212
9.1.5.1 PKCS #10 213
9.1.5.2 SSL Protection for PKCS #10 214
9.1.5.3 PKCS #7 Protection for PKCS #10 215
9.1.5.4 IETF Certificate Management Protocol (CMP) 219
9.1.5.5 Certificate Management Using CMS (CMC) 221
9.1.5.6 Simple Certificate Enrollment Protocol (SCEP) 221
9.1.6 PKI Operation Protocols 221
9.1.6.1 PKI Certificate Discovery and Validation Protocols 222
9.2 PKI for Mobility Support 222
9.2.1 Identity Management for Mobile Clients: No IP Addresses! 222
9.2.1.1 Certificate Subjects for Mobile Devices 223
9.2.1.2 Certificate Subjects for Human Users 224
9.2.2 Certification and Distribution Issues 225
9.2.2.1 Validity Checking and CRL Distribution 225
9.2.2.2 Roaming and Certification 226
9.2.2.3 Device Certificates 226
9.2.2.4 User Certificates 226
9.3 Using Certificates in IKE 227
9.3.1 Exchange of Certificates within IKE 229
9.3.1.1 Certificate Data Type Profiling for ISAKMP 229
9.3.1.2 In-Band Versus Out-of-Band Exchanges 230
9.3.1.3 Certificate Authority and Certificate Chains 230
9.3.2 Identity Management for ISAKMP: No IP Address, Please! 231
9.4 Further Resources 232
9.5 References 232
9.6 Appendix A PKCS Documents 233
Chapter 10 Latest Authentication Mechanisms, EAP Flavors 235
10.1 Introduction 235
10.1.1 EAP Transport Mechanisms 237
10.1.2 EAP over LAN (EAPOL) 237
10.1.3 EAP over AAA Protocols 238
10.2 Protocol Overview 239
10.3 EAP-XXX 242
10.3.1 EAP-TLS (TLS over EAP) 244
10.3.1.1 EAP-TLS Architecture and Message Format 244
10.3.1.2 Protocol Overview 246
10.3.1.3 Drawbacks with EAP-TLS 248
10.3.2 EAP-TTLS 248
10.3.2.1 EAP-TTLS Functional Elements 250
10.3.2.2 Messaging Overview 252
10.3.2.3 Protocol Overview 253
10.3.2.4 Session Resumption: EAP-TTLS Support for Mobility 254
10.3.2.5 Example: CHAP Over EAP-TTLS 255
10.3.3 EAP-SIM 257
10.4 Use of EAP in 802 Networks 259
10.4.1 802.1X Port-Based Authentication 259
10.4.1.1 EAPOL in 802.1X and Interaction with RADIUS 260
10.4.1.2 Security Flaws of 802.1X, WPA/RSN and 802.1aa 260
10.4.2 Lightweight Extensible Authentication Protocol (LEAP) 260
10.4.3 PEAP 262
10.5 Further Resources 262
10.6 References 263
Chapter 11 AAA and Identity Management for Mobile Access: 
The World of Operator Co-Existence 265
11.1 Operator Co-existence and Agreements 265
11.1.1 Implications for the User 266
11.1.2 Implications for the Operators 267
11.1.3 Bilateral Billing and Trust Agreements and AAA Issues 269
11.1.3.1 Identity Management and Security Issues 271
11.1.4 Brokered Billing and Trust Agreements 272
11.1.5 Billing and Trust Management through an Alliance 274
11.2 A Practical Example: Liberty Alliance 275
11.2.1 Building the Trust Network: Identity Federation 276
11.2.1.1 Identity Services 276
11.2.1.2 Circle of Trust 278
11.2.1.3 Building the Circle of Trust 278
11.2.2 Support for Authentication/Sign On/Sign Off 279
11.2.2.1 Enabling Protocols 281
11.2.3 Advantages and Limitations of the Liberty Alliance 282
11.3 IETF Procedures 283
11.4 Further Resources 285
11.5 References 285
Index 287


Screenshot

e-books shop

Purchase Now !
Just with Paypal



Product details
 Price
 Pages
 318 p
 File Size
 8,722 KB
 File Type
 PDF format
 ISBN-13
 ISBN-10
 978-0-470-01194-2
 0-470-01194-7
 Copyright
 2005 John Wiley & Sons Ltd 
  ●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●

═════ ═════

Loading...
DMCA.com Protection Status