lessons learned from 2g,3g,4g – what we need to fix in 5g ... · lessons learned from 2g,3g,4g...

Lessons learned from 2G,3G,4G – what we need to fix in 5G

ETSI Security Week 2017 – 5G Security

Adrian Dabrowski [email protected] @atrox_at

Co-Authors: David Rupprecht, Thorsten Holz, Edgar Weippl, Christina Pöpper

What are the lessons from the past?

What is the future of mobile network security

research?

Numerous publicaions towards individual quesions.

We need the big picture to shape

future research!

Systematization Methodology How to get the big picture?

7

Methodology

Attack Aims

Attack Aims

Attack Characteristi

cs

Attack Characteristi

cs

Security Requirement

s


s

Challenges, Research Questions


Literature

Literature

DefensesDefensesDefense

Characteristics

DefenseCharacteristi

cs

AttacksAttacks FlawsFlaws CausesCauses Root Causes

Root Causes

8

• Security requirements for the system

• Each attack aim challenges a security requirement

• Attack Aims:

Security Requirements and Attack Aims

Attack Aims

Attack Aims

Attack Characteristics



s


s



Literature

Literature Defenses

Defenses DefenseCharacteristics

DefenseCharacteristics

AttackAttack

FlawsFlaws

CauseCause Root

Cause

Root Cause

Denial of Service

Attacks on

Secrecy

Attacks on

Privacy

Attacks on

Integrity

Fraud Attacks

9

• Attacks the act of assailing the system with a deinite attack aim.

• An attack exploits on distinct law of the system

• Impact analyses based on attack characteristics • Target

• Technology (2G/3G/4G)

• Attacker capabilities

Attacks, Attack Characteristics and Flaws

Attack Aims

Attack Aims




s


s



Literature

Literature Defenses



AttackAttack

FlawsFlaws

CauseCause Root

Cause

Root Cause

SS7

10

Impact and feasibility of defenses

• Defense Characteristics• Type of Defense

• Detection or Mitigation

• Realization Method• Speciication or Implementation

• Research Status• Vague Proposal or Evaluated Proposal

Defenses and Defense Characteristics

Attack Aims

Attack Aims




s


s



Literature

Literature Defenses



AttackAttack

FlawsFlaws

CauseCause Root

Cause

Root Cause

11

From the concrete to the abstract

• Flaws that have similar technical are grouped by a common cause

• Root causes are the underlying reason for certain cause

Causes and Root CausesAttack Aims

Attack Aims




s


s



Literature

Literature Defenses



AttackAttack

FlawsFlaws

CauseCause Root

Cause

Root Cause

12

Research Questions andChallenges

• Research Questions • Shortcomings of existing work

• Shortcomings of new technologies

• Challenges of a cause

Attack Aims

Attack Aims




s


s



Literature

Literature Defenses



AttackAttack

FlawsFlaws

CauseCause Root

Cause

Root Cause

Challenges and Research Questions

Flaws

Attacks

Defenses

Assessment

Root Cause

Cause Cause Cause




14

Scope

SystematizationThe big picture!

18

Root Causes

Implementation Issue

Speciication Issue

Wireless Channel

Protocol Context

Discrepancy

Overview


• Insecure Implementation

• Leaky Implementation

Speciication Issue

• Unsecured Pre-authentication Traic

• Non-Existing Mutual Authentication

• Weak Crypto

• Insecure Inter-network Protocols

• Resource Usage Asymmetry

Wireless Channel

• Wireless Channel

Protocol Context Discrepancy

• Cross-Layer Information Loss

• Routing Coniguration

• Accounting Policy Inconsistency

21

Deinition

• Mistakes in the implementation

• Deviations from the speciication

Causes



Implementation IssueImplementation

Issue



Example: Baseband exploits

Others: SMS of Death, ASN.1 decoder heap, Crypto State Machine

Attack Aim: Integrity, Secrecy

Insecure ImplementationImplementation

Issue



22

Intermediate defenses

• Filtering SMS for SMS attacks

Detection of vulnerabilities:

Defenses

Test Cases

Test Cases

Reverse Engineering

CMP r0, r1

ADDGE r2, r2, r3

ADDLT r2, r2, r4

Automated detecion Manual detecion

23




Detection of vulnerabilities

• Existing testing frameworks focus on one particular type of law and do not exhaust all laws

• Manual detection for memory bugs

• Automated testing of baseband is not recommend

• Reliable detection of vulnerabilities is needed

• Decoding function of messages and protocol state machine

• Research Scope: mobile phone vs. mobile network

Challenges

24




Implementation of countermeasures

• Classical system security • Memory safe languages

• ASLR (Address Space Layout Randomization)

• CFI (Control Flow Integrity)

• Hard to realize • Closed basebands

• Real-time capability

Challenges

25




Speciication Issue

Deinition

• Security implications in speciication

• Protocols and state machines

Causes

• Unsecured pre-authentication traic

• Non-existing mutual authentication

• Weak Cryptography

• Insecure Inter-network protocols

• Resource Usage asymmetry

Speciication IssueSpeciication

Issue



• Weak Crypto• Insecure Inter-

network Protocols


27

Example: Downgrade Attacks and IMSI Request Attack

The phone cannot verify the authenticity of the network before authentication and key agreement run

Unsecured Pre-authentication TraicSpeciication

Issue




network Protocols


28

Detection

• Mapping and probing

• Behavioral analysis

• Baseband irewall

Mitigations:

• Proposal for specialized protocol changes for certain attacks

• ephemeral Identiiers (e.g., P-IMSI)

• PKI

• TESLA

Unsecured Pre-authentication TraicSpeciication

Issue




network Protocols


30

How to secure the pre-authentication traic?

• Shortcoming: speciic protocol changes

• No sustainable solution for all attacks vectors (some messages are needed)

• We are keeping inding new excessive functionality that actually should be authenticated

• Shouldn’t we look for a generic solution?

• Encrypt also the broadcast traic?

ChallengesSpeciication

Issue




network Protocols


31

How to secure the pre-authentication traic?

• Concrete Challenge:General solution to secure pre-authentication traic:

• What exactly should be secured:• Protect pre-authentication traic towards the phone!

• Optional pre-authentication traic towards the network?

• Suggestion: PKI and TELSA

• Certain constraints

• Limited bandwidth (specs such as NB LTE?) => And on which

layers?

• Resource constrained devices

• Focus on availability

ChallengesSpeciication

Issue




network Protocols


32

Cause:

● An „cheap“ operation on one side triggers an expensive operation on the other.

● e.g., HLR updates, resource allocation

Mostly used for DoS Attacks, resource exhaustion

Challenges:

● Prove of commitment protocols

– e.g., prove of work such as Merkle puzzles, ...

Ressource Usage AsymmetrySpeciication

Issue




network Protocols


33

Deinition

• Telcos impose (legacy) billing methods on IP data that was never meant for that purpose

• Translation between IP data identity, the radio layer identity and service billing identity.

Causes




Protocol Context DiscrepancyProtocol Context

Discrepancy




41

Example: IMS based SMS spooing

• Several options

• IMS proves identity based on SIM with AKA protocol

• Transport layer security (ipsec) provides no protection against data manipulation on the client

• E.g., spooing SIP headers• Changing caller-ids

• Additional problems: RTP-streams do not pass IMS

Cross-Layer Information LossProtocol Mobile

Network Context Discrepancy




42

ConclusionThe big picture!

Conclusion




Speciication Issue



• Weak Crypto

• Insecure Inter-network Protocols


Wireless Channel

• Wireless Channel





Thank You! Questions?

Adrian Dabrowski [email protected]

@atrox_at

David Rupprecht [email protected]

46

Contacts

lessons learned from 2g,3g,4g – what we need to fix in 5g ... · lessons learned from 2g,3g,4g...

Documents