WiFi-Based IMSI Catcher

Similar documents
Security in cellular-radio access networks

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

GSM and UMTS security

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

UMTS security. Helsinki University of Technology S Security of Communication Protocols

EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server

Security Engineering Part III Network Security. Security Protocols (II): IPsec

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

LTE Security How Good Is It?

Protocol Security Where?

Internet Protocol Security IPSec

IPsec Details 1 / 43. IPsec Details

Security and Authentication Concepts

Cisco Wireless Security Gateway R2

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Network Security. Lecture 3

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

Chapter 3. Network Domain Security

How To Use A Femtocell (Hbn) On A Cell Phone (Hbt) On An Ipad Or Ipad (Hnt) On Your Cell Phone On A Sim Card (For Kids) On The Ipad/Iph

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Wireless Networks. Welcome to Wireless

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Introduction to Security and PIX Firewall

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

End User Devices Security Guidance: Apple ios 8

How To Create A Virtual Network With A Router And Network Operating System (Ip) For A Network (Ipv) (Ip V2) (Netv) And A Virtualization) (Network) (Wired) (Virtual) (Wire)

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

Your Wireless Network has No Clothes

Application Note: Onsight Device VPN Configuration V1.1

Wireless security. Any station within range of the RF receives data Two security mechanism

Securing IP Networks with Implementation of IPv6

Chapter 6 CDMA/802.11i

Implementing and Managing Security for Network Communications

IP Security. Ola Flygt Växjö University, Sweden

CS 4803 Computer and Network Security

Security vulnerabilities in the Internet and possible solutions

ETSI TS V8.9.0 ( )

Configuring IKEv2 Load Balancer

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Dr. Arjan Durresi. Baton Rouge, LA These slides are available at:

VPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Lecture 17 - Network Security

LTE and IMSI catcher myths

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

IPSEC: IKE. Markus Hidell Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers

Network Authentication X Secure the Edge of the Network - Technical White Paper

Cisco CCNP Optimizing Converged Cisco Networks (ONT)

21.4 Network Address Translation (NAT) NAT concept

Mobile Security. Practical attacks using cheap equipment. Business France. Presented the 07/06/2016. For. By Sébastien Dudek

Extensible Authentication Protocol (EAP) Security Issues

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

FMC (Fixed Mobile Convergence)

CSC574: Computer and Network Security

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Analysis of Methods for Mobile Device Tracking. David Nix Chief Scientific Advisor

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

SecureCom Mobile s mission is to help people keep their private communication private.

Recommended Wireless Local Area Network Architecture

VPN. VPN For BIPAC 741/743GE

Nokia Mobile VPN Client

Wireless Local Area Networks (WLANs)

Network Access Control and Cloud Security

IPsec VPN Application Guide REV:

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Authentication in WLAN

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Authentication and Security in IP based Multi Hop Networks

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

Developing Network Security Strategies

WIRELESS NETWORK SECURITY

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Internetwork Security

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

The OpenEapSmartcard platform. Pr Pascal Urien ENST Paris

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

CS 356 Lecture 29 Wireless Security. Spring 2013

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Laboratory Exercises V: IP Security Protocol (IPSec)

United States Trustee Program s Wireless LAN Security Checklist

Transcription:

Department of Computer Science WiFi-Based IMSI Catcher Piers O Hanlon Ravishankar Borgaonkar BlackHat, London, 3rd November 2016

Overview What is an IMSI? Conventional IMSI Catchers WiFi-based IMSI Catcher WiFi Network Authentication WiFi Calling Authentication Operator/Vendor/OS Mitigations User Mitigations Demo

What is an IMSI? International Mobile Subscriber Identity 15 digit number e.g. 234123456789012 Allows for mutual authentication of a device to the network Using SIM s secret authentication Key (K i ) and for 3/4G the Sequence Number (SQN) Stored in two places: In the SIM Card (USIM/UICC) IMSI is accessible in read only section of SIM Secret key (K i ) and SQN are not directly readable At the Operator IMSI indexes K i and SQN from HSS/AuC Database An identifier that can be used for tracking One of a few like WiFi/Bluetooth/NFC Hardware address (e.g. MAC), IMEI, MSISDN (Phone number), etc.

Conventional IMSI Catchers Typical features Tracking: IMSI/IMEI, Location Interception: Call/SMS/Data Operates on licensed Mobile Bands: GSM/3G/4G Acts as a fake base station to lure nearby mobile devices Operates in two modes Passive - mainly for tracking (interception when no/weak ciphering) Active interception and tracking Cost Commercial solutions expensive - but now possible with Laptop+SDR board Been around since the early 1990s Patented in Europe in 1993

Techniques in Conventional IMSI Catchers 2G Exploits protocol flaws (no mutual authentication..) Tracking & Interception Easily available to buy online Use of fake base station 3G/4G Exploits architecture issues (Base station > UE..) Tracking & difficult to intercept traffic w.r.t 2G Commercial products usually downgrades Use of legitimate base station also possible http://www.epicos.com/epcompanyprofileweb/content/ability/em_gsm.jpg http://edge.alluremedia.com.au/m/g/2016/05/nokia_ultra_compact_network.jpg

Protection against IMSI Catchers No protection for commercial non-rooted mobile devices Special phones (expensive though) and apps for rooted phones Turn off cellular connection or use WiFi platform for secure calls/data??

WiFi-Based IMSI Catcher Features Tracking: IMSI, Location No interception (yet) Operates in unlicensed ISM Bands: WiFi Range - few hundred meters can be extended Fake Access Points Redirect/Spoofs mobile packet data gateway Exploits protocol & configuration weaknesses Based on two separate techniques [3GPP TS33.234] WiFi Network Authentication ( WLAN direct IP access ) WiFi-Calling Authentication ( WLAN 3GPP IP access ) Cost Low: Virtually any WiFi capable computer

WiFi Network attachment Unencrypted WiFi access points Captive Portal approaches Wireless Internet Service Provider roaming(wispr) etc Normal Encrypted WiFi access points Pre-shared password/credentials Auto Connect Encrypted WiFi access points WiFi key is negotiated without user intervention Based on credentials in the USIM/UICC ( SIM Card ) Controlled by operator provided configuration Manual Automatic/pre-installed

Automatic configuration Some Android and Windows phones automatically connect based on SIM ios configures phone based on inserted SIM Activates an operator specific.mobileconfig file Configures a range of operator specific options Including a list of Auto/EAP supported WiFi SSIDs Our analysis of ios9 profiles showed More than 50 profiles for Auto/EAP WiFi Also other config info

Manual Configuration Some Android devices require initial manual config After which it automatically connects Instructions on operator websites Follow simple steps to set up Android provides various Carrier controlled mechanisms Lollipop (v5.1 MR1): UICC Carrier Privileges Marshmallow (v6.0): Carrier Configuration Privileged applications to provide carrier-specific configuration to the platform

Automatic WiFi Authentication Port Based Network Access Control [IEEE 802.1X] Uses Extensible Authentication Protocol (EAP) [RFC3748] over LAN (EAPOL) over WiFi Based upon two EAP Methods EAP-SIM [RFC 4186] GSM based security - Currently most widely used EAP-AKA [RFC 4187] 3G based security - Being deployed Support in Android, ios, Windows Mobile, and Blackberry devices We ve reported the issue to them all and to operators & GSMA No privacy bounties Apple included conservative peer support due to our work Deployed in many countries adoption growing

EAP-SIM/AKA Identities Three basic identity types for authentication Permanent-identity (IMSI) Typically used initially after which temporary ids are used Pseudonym identity A pseudonym for the IMSI has limited lifetime Fast reauthentication-identity Lower overhead re-attachment after initial exchange Behaviour affected by peer policy Liberal peer - Current default Responds to any requests for permanent identity Conservative peer Future deployment option Only respond to requests for permanent identity when no Pseudonym identity available

EAP-SIM/AKA transport Basic EAP protocol is not encrypted Currently EAP-SIM/AKA in EAPOL is unencrypted Thus IMSI is visible (to a passive attacker) when permanent identity used for full authentication Also open to active attacks by requesting full auth WiFi Access keys not compromised All content still protected There are encrypted tunnel EAP methods EAP-TTLSv0, EAP-TLS But support required in both mobile OS and operator

WiFi-Calling Connection Phone connects to Edge Packet Data Gateway (EPDG) over WiFi Voice calls over WiFi Phone connects on low/no signal Also connects in Airplane mode + WiFi Connection to EPDG uses IPsec Authenticates using Internet Key Exchange Protocol (IKEv2) Supported on ios, Android, and Windows devices WiFi-Calling available in a number of countries The issue also been reported to OS makers and Operators

IPsec brief overview Internet Protocol Security Confidentiality, data integrity, access control, and data source authentication Recovery from transmission errors: packet loss, packet replay, and packet forgery Authentication Authentication Header (AH) - RFC 4302 Confidentiality Encapsulating Security Payload (ESP) - RFC 4303 Key management Internet Key Exchange v2 (IKEv2) - RFC7296 Two modes Tunnel - used for connection to Gateway (EPDG) Transport

Internet Key Exchange (IKEv2) Initiates connection in two phases IKE_SA_INIT Negotiate cryptographic algorithms, exchange nonces, and do a Diffie-Hellman exchange IKE_AUTH Authenticate the previous messages, exchange identities (e.g. IMSI), and certificates, and establish the child Security Association(s) (SA) IKE_AUTH uses EAP-AKA IMSI exchange not protected by a certificate Open to MitM attacks on identity (IMSI) IPsec ESP keys are not compromised Call content still safe

Operator/Vendor Mitigations Deprecate EAP-SIM in favour of EAP-AKA EAP-SIM is weaker as it only uses GSM triplets Deploy EAP-AKA/SIM with conservative peer pseudonym Deploy Certificate based approach Deploy certificates on suitable AAA infrastructure Deploy certificate protected tunnelled EAP-AKA for WLAN access E.g. EAP-TTLS+EAP-AKA on 802.1X Deploy certificate protected IPsec/IKEv2 to EPDG E.g. EAP-TTLS+EAP-AKA for IKE_AUTH, or multiple IKEv2 auth exchange (Re)investigate other potential solutions IMSI encryption 5G-ENSURE project has proposed an enabler E.g. 3GPPP TD S3-030081 Certificate-Based Protection of IMSI for EAP-SIM/AKA Standards bodies should re-evaluate approaches

Mobile OS Mitigations Support conservative peer for EAP-AKA/SIM with pseudonym support Emerging in some Oses (e.g. ios10) Certificate based approach Support for EAP-TTLv0 + EAP-AKA in IKEv2 & EAPOL Other approaches? Allow for more user choice with automatic WiFi network access Preferably allow for editing of all stored associations

User Mitigation WiFi Network Access Control ios Turn off Auto-Join toggle for Auto-WiFi networks Only possible when network in range ios10 may provide better protection (once operators deploy support) It has conservative peer pseudonym support due to us Android Forget Auto-WiFi profiles Depending on version only possible when network in range WiFi-Calling Android/iOS: Selectively disable WiFi-Calling Switch off WiFi in untrusted environments

Summary Exposed two IMSI catching new techniques WiFi Network authentication protocols WiFi-Calling authentication protocols Most of the world s smartphones implement these protocols Both techniques rely upon installed operator automatic configuration for these popular services We ve been working with Operators/Vendors/ OS companies to fix the issue But it s a complex issue

Conclusions & Future Work Investigating other uses of EAP-SIM/AKA Exploring use of USIM credentials in other WiFi based protocols Continuing work in 5GENSURE.EU Project Security Architecture and enablers

Demo and Questions

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information