Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Lessons learned from 2G,3G,4G – what we need to fix in 5G
ETSI Security Week 2017 – 5G Security
Adrian Dabrowski [email protected] @atrox_at
Co-Authors: David Rupprecht, Thorsten Holz, Edgar Weippl, Christina Pöpper
What are the lessons from the past?
What is the future of mobile network security
research?
Numerous publicaions towards individual quesions.
We need the big picture to shape
future research!
Numerous publicaions towards individual quesions.
We need the big picture to shape
future research!
Systematization Methodology How to get the big picture?
7
Methodology
Attack Aims
Attack Aims
Attack Characteristi
cs
Attack Characteristi
cs
Security Requirement
s
Security Requirement
s
Challenges, Research Questions
Challenges, Research Questions
Literature
Literature
DefensesDefensesDefense
Characteristics
DefenseCharacteristi
cs
AttacksAttacks FlawsFlaws CausesCauses Root Causes
Root Causes
8
• Security requirements for the system
• Each attack aim challenges a security requirement
• Attack Aims:
Security Requirements and Attack Aims
Attack Aims
Attack Aims
Attack Characteristics
Attack Characteristics
Security Requirement
s
Security Requirement
s
Challenges, Research Questions
Challenges, Research Questions
Literature
Literature Defenses
Defenses DefenseCharacteristics
DefenseCharacteristics
AttackAttack
FlawsFlaws
CauseCause Root
Cause
Root Cause
Denial of Service
Attacks on
Secrecy
Attacks on
Privacy
Attacks on
Integrity
Fraud Attacks
9
• Attacks the act of assailing the system with a deinite attack aim.
• An attack exploits on distinct law of the system
• Impact analyses based on attack characteristics • Target
• Technology (2G/3G/4G)
• Attacker capabilities
Attacks, Attack Characteristics and Flaws
Attack Aims
Attack Aims
Attack Characteristics
Attack Characteristics
Security Requirement
s
Security Requirement
s
Challenges, Research Questions
Challenges, Research Questions
Literature
Literature Defenses
Defenses DefenseCharacteristics
DefenseCharacteristics
AttackAttack
FlawsFlaws
CauseCause Root
Cause
Root Cause
SS7
10
Impact and feasibility of defenses
• Defense Characteristics• Type of Defense
• Detection or Mitigation
• Realization Method• Speciication or Implementation
• Research Status• Vague Proposal or Evaluated Proposal
Defenses and Defense Characteristics
Attack Aims
Attack Aims
Attack Characteristics
Attack Characteristics
Security Requirement
s
Security Requirement
s
Challenges, Research Questions
Challenges, Research Questions
Literature
Literature Defenses
Defenses DefenseCharacteristics
DefenseCharacteristics
AttackAttack
FlawsFlaws
CauseCause Root
Cause
Root Cause
11
From the concrete to the abstract
• Flaws that have similar technical are grouped by a common cause
• Root causes are the underlying reason for certain cause
Causes and Root CausesAttack Aims
Attack Aims
Attack Characteristics
Attack Characteristics
Security Requirement
s
Security Requirement
s
Challenges, Research Questions
Challenges, Research Questions
Literature
Literature Defenses
Defenses DefenseCharacteristics
DefenseCharacteristics
AttackAttack
FlawsFlaws
CauseCause Root
Cause
Root Cause
12
Research Questions andChallenges
• Research Questions • Shortcomings of existing work
• Shortcomings of new technologies
• Challenges of a cause
Attack Aims
Attack Aims
Attack Characteristics
Attack Characteristics
Security Requirement
s
Security Requirement
s
Challenges, Research Questions
Challenges, Research Questions
Literature
Literature Defenses
Defenses DefenseCharacteristics
DefenseCharacteristics
AttackAttack
FlawsFlaws
CauseCause Root
Cause
Root Cause
Challenges and Research Questions
Flaws
Attacks
Defenses
Assessment
Root Cause
Cause Cause Cause
Challenges and Research Questions
Challenges and Research Questions
Challenges and Research Questions
14
Scope
SystematizationThe big picture!
18
Root Causes
Implementation Issue
Speciication Issue
Wireless Channel
Protocol Context
Discrepancy
Overview
Implementation Issue
• Insecure Implementation
• Leaky Implementation
Speciication Issue
• Unsecured Pre-authentication Traic
• Non-Existing Mutual Authentication
• Weak Crypto
• Insecure Inter-network Protocols
• Resource Usage Asymmetry
Wireless Channel
• Wireless Channel
Protocol Context Discrepancy
• Cross-Layer Information Loss
• Routing Coniguration
• Accounting Policy Inconsistency
Implementation Issue
21
Deinition
• Mistakes in the implementation
• Deviations from the speciication
Causes
• Insecure Implementation
• Leaky Implementation
Implementation IssueImplementation
Issue
• Insecure Implementation
• Leaky Implementation
Example: Baseband exploits
Others: SMS of Death, ASN.1 decoder heap, Crypto State Machine
Attack Aim: Integrity, Secrecy
Insecure ImplementationImplementation
Issue
• Insecure Implementation
• Leaky Implementation
22
Intermediate defenses
• Filtering SMS for SMS attacks
Detection of vulnerabilities:
Defenses
Test Cases
Test Cases
Reverse Engineering
CMP r0, r1
ADDGE r2, r2, r3
ADDLT r2, r2, r4
Automated detecion Manual detecion
23
Implementation Issue
• Insecure Implementation
• Leaky Implementation
Detection of vulnerabilities
• Existing testing frameworks focus on one particular type of law and do not exhaust all laws
• Manual detection for memory bugs
• Automated testing of baseband is not recommend
• Reliable detection of vulnerabilities is needed
• Decoding function of messages and protocol state machine
• Research Scope: mobile phone vs. mobile network
Challenges
24
Implementation Issue
• Insecure Implementation
• Leaky Implementation
Implementation of countermeasures
• Classical system security • Memory safe languages
• ASLR (Address Space Layout Randomization)
• CFI (Control Flow Integrity)
• Hard to realize • Closed basebands
• Real-time capability
Challenges
25
Implementation Issue
• Insecure Implementation
• Leaky Implementation
Speciication Issue
Deinition
• Security implications in speciication
• Protocols and state machines
Causes
• Unsecured pre-authentication traic
• Non-existing mutual authentication
• Weak Cryptography
• Insecure Inter-network protocols
• Resource Usage asymmetry
Speciication IssueSpeciication
Issue
• Unsecured Pre-authentication Traic
• Non-Existing Mutual Authentication
• Weak Crypto• Insecure Inter-
network Protocols
• Resource Usage Asymmetry
27
Example: Downgrade Attacks and IMSI Request Attack
The phone cannot verify the authenticity of the network before authentication and key agreement run
Unsecured Pre-authentication TraicSpeciication
Issue
• Unsecured Pre-authentication Traic
• Non-Existing Mutual Authentication
• Weak Crypto• Insecure Inter-
network Protocols
• Resource Usage Asymmetry
28
Detection
• Mapping and probing
• Behavioral analysis
• Baseband irewall
Mitigations:
• Proposal for specialized protocol changes for certain attacks
• ephemeral Identiiers (e.g., P-IMSI)
• PKI
• TESLA
Unsecured Pre-authentication TraicSpeciication
Issue
• Unsecured Pre-authentication Traic
• Non-Existing Mutual Authentication
• Weak Crypto• Insecure Inter-
network Protocols
• Resource Usage Asymmetry
30
How to secure the pre-authentication traic?
• Shortcoming: speciic protocol changes
• No sustainable solution for all attacks vectors (some messages are needed)
• We are keeping inding new excessive functionality that actually should be authenticated
• Shouldn’t we look for a generic solution?
• Encrypt also the broadcast traic?
ChallengesSpeciication
Issue
• Unsecured Pre-authentication Traic
• Non-Existing Mutual Authentication
• Weak Crypto• Insecure Inter-
network Protocols
• Resource Usage Asymmetry
31
How to secure the pre-authentication traic?
• Concrete Challenge:General solution to secure pre-authentication traic:
• What exactly should be secured:• Protect pre-authentication traic towards the phone!
• Optional pre-authentication traic towards the network?
• Suggestion: PKI and TELSA
• Certain constraints
• Limited bandwidth (specs such as NB LTE?) => And on which
layers?
• Resource constrained devices
• Focus on availability
ChallengesSpeciication
Issue
• Unsecured Pre-authentication Traic
• Non-Existing Mutual Authentication
• Weak Crypto• Insecure Inter-
network Protocols
• Resource Usage Asymmetry
32
Cause:
● An „cheap“ operation on one side triggers an expensive operation on the other.
● e.g., HLR updates, resource allocation
Mostly used for DoS Attacks, resource exhaustion
Challenges:
● Prove of commitment protocols
– e.g., prove of work such as Merkle puzzles, ...
Ressource Usage AsymmetrySpeciication
Issue
• Unsecured Pre-authentication Traic
• Non-Existing Mutual Authentication
• Weak Crypto• Insecure Inter-
network Protocols
• Resource Usage Asymmetry
33
Protocol Context Discrepancy
Deinition
• Telcos impose (legacy) billing methods on IP data that was never meant for that purpose
• Translation between IP data identity, the radio layer identity and service billing identity.
Causes
• Cross-Layer Information Loss
• Routing Coniguration
• Accounting Policy Inconsistency
Protocol Context DiscrepancyProtocol Context
Discrepancy
• Cross-Layer Information Loss
• Routing Coniguration
• Accounting Policy Inconsistency
41
Example: IMS based SMS spooing
• Several options
• IMS proves identity based on SIM with AKA protocol
• Transport layer security (ipsec) provides no protection against data manipulation on the client
• E.g., spooing SIP headers• Changing caller-ids
• Additional problems: RTP-streams do not pass IMS
Cross-Layer Information LossProtocol Mobile
Network Context Discrepancy
• Cross-Layer Information Loss
• Routing Coniguration
• Accounting Policy Inconsistency
42
ConclusionThe big picture!
Conclusion
Implementation Issue
• Insecure Implementation
• Leaky Implementation
Speciication Issue
• Unsecured Pre-authentication Traic
• Non-Existing Mutual Authentication
• Weak Crypto
• Insecure Inter-network Protocols
• Resource Usage Asymmetry
Wireless Channel
• Wireless Channel
Protocol Context Discrepancy
• Cross-Layer Information Loss
• Routing Coniguration
• Accounting Policy Inconsistency
Thank You! Questions?
47