cis 6930 cellular and mobile network security phreaking
play

CIS 6930 - Cellular and Mobile Network Security: Phreaking and - PowerPoint PPT Presentation

Mar 26, 2023 •284 likes •624 views

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick Traynor 11/15/18 Florida Institute for Cybersecurity (FICS) Research Closing Notes Remember, 50% of the course grade comes from this project.

  1. CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick Traynor 11/15/18 Florida Institute for Cybersecurity (FICS) Research

  2. Closing Notes Remember, 50% of the course grade comes from this project. • So how do you do well? • Practice your presentation. ‣ Be ready for tough questions. ‣ Work very hard on the presentation within the final report. ‣ Tell me something I don’t already know. ‣ Impress me with your effort. ‣ Please take the course survey! • Florida Institute for Cybersecurity (FICS) Research 2

  3. You’re Pretty Lucky… • Few universities have courses that describe the inner workings of our telephony infrastructure. • We’ve learned a lot this semester! • How did people learn about these systems before classes like this? Florida Institute for Cybersecurity (FICS) Research 3

  4. Let’s Set the Stage… • For a long time, there was only one network: American Telephone and Telegraph. • Calls were expensive! • From the outside, nobody understood how the system worked. • Interested in learning more, some clever folks started to probe. • Let’s learn more! Florida Institute for Cybersecurity (FICS) Research 4

  5. Phreaks Florida Institute for Cybersecurity (FICS) Research 5

  6. Secrets of the Little Blue Box What is in-band signaling? 
 • Why would a network be designed in this fashion? 
 • Name a network core that supported in-band signaling. • Florida Institute for Cybersecurity (FICS) Research 6

  7. The Exploit How did phone Phreaks take advantage of in-band signaling? 
 • What does a Blue Box do? 
 • How did Phreaks learn to exploit the network? • Florida Institute for Cybersecurity (FICS) Research 7

  8. The Reality What happened to all the Phreaks? 
 • What did the networks do to effectively end their activities? 
 • Is this the last we’ll hear about in-band signaling? • Florida Institute for Cybersecurity (FICS) Research 8

  9. Want to Learn More? • Phil Lapsley’s “Exploding the Phone” is a great and detailed history of phreaking. • You can watch a his talk at USENIX Security 2014 here: 
 https://www.usenix.org/conference/ usenixsecurity14/technical-sessions/ presentation/phone-phreaks-what- we-can-learn-first Florida Institute for Cybersecurity (FICS) Research 9

  10. Eavesdropping Florida Institute for Cybersecurity (FICS) Research 10

  11. Review of PSTN DTMF Florida Institute for Cybersecurity (FICS) Research 11

  12. Wiretapping DTMF Alice LEA Florida Institute for Cybersecurity (FICS) Research 12

  13. Wiretapping Legal History • The advent of the telephone created important legal questions. • Is there a right to privacy ? What are the expectations? • Core thoughts on “the right to be let alone” were by Justice Louis Brandeis. • Olmstead v United States (1928) gave LEOs the right to wiretap. • Supreme Court reversed Olmstead in 1968 (Katz v United States). • Justice Brandeis’ ruling remains the foundational legal opinion on this topic. • While others sometimes argue for much lower barriers, overturning these protections would be extremely difficult. Florida Institute for Cybersecurity (FICS) Research 13

  14. Wiretapping and US Law Pen Register / Dialed Number Recorder (DNR) • Captures dialed digits and signaling information • Full Audio Interception (Title III or FISA) • Captures signaling information plus call audio • Typically only authorized for particular a party • More laborious; higher standard of proof and judicial scrutiny • Florida Institute for Cybersecurity (FICS) Research 14

  15. Communications Assistance for Law Enforcement Act (CALEA) Mandates a standard (J-STD-025A) between TSP and LEAs • Data separated into two channels: • Call Data Channel (CDC) • • Signaling data: call times, numbers dialed, line status, etc Call Content Channel (CCC) • • Live audio Channels can be sent over POTS line, ISDN, or IP • Florida Institute for Cybersecurity (FICS) Research 15

  16. VoIP and CALEA • Traffic on IP networks can be intercepted without a warrant. • What is the implication for voice traffic carried on IP networks? • Traditional voice telephony is not end-to-end encrypted, but VoIP 
 sometimes is… • Is there a requirement to implement CALEA 
 compliance into VoIP apps? • Some apps are highly suspected to provide such 
 compliance (e.g., Skype). • So, should VoIP providers play ball? Florida Institute for Cybersecurity (FICS) Research 16

  17. Law Enforcement Perspective Florida Institute for Cybersecurity (FICS) Research 17

  18. Civil Liberties Perspective Florida Institute for Cybersecurity (FICS) Research 18

  19. Key Escrow • What if law enforcement could get access to encrypted calls when they really needed it? • What mechanism would allow them to “break” your crypto? • Key escrow schemes provide a “trusted entity” (e.g., a judge) with a cryptographic key that can be used only when necessary. • Work in the late 80s/early 90s resulted in the 
 developed the first deployable key escrow system, the 
 Clipper chip. • 3600E (right) was sold by AT&T, primarily to 
 government from 1992-1993. Florida Institute for Cybersecurity (FICS) Research 19

  20. Key Escrow: A Fair Compromise? • All encrypted communications would have a backdoor. • With that key kept only by a trusted party, abuse could be minimized. • Just like traditional legal wiretapping, a judge would have to allow eavesdropping to occur… • People and businesses could still rely on strong encryption to protect their communications. • What’s not to like? • The. Devil. Is. In. The. Details… Florida Institute for Cybersecurity (FICS) Research 20

  21. Key Escrow: Clipper Details 1. DH Key Exchange 2. Generate LEAF from K 2. Generate LEAF from K 3. Load/Verify LEAF, IV 4. Transmit LEAF, IV 5. Load/Verify LEAF, IV 6. Encrypted Voice Communication Florida Institute for Cybersecurity (FICS) Research 21

  22. Clipper LEAF Generation • Skipjack (classified at the time) served as the core of LEAF generation. • Unit Key split into two parts, kept by two different federal agencies. • Encrypted key paired with Unit ID and 16-bit Checksum. • This entire data structure is Skipjack encrypted, creating the LEAF. Florida Institute for Cybersecurity (FICS) Research 22

  23. Clipper Problems • LEAF integrity only protected by 16-bit field. • We can easily brute force this value, ensuring that everything “checks out” while the LEO can’t decrypt the session key. • Maybe we could fix this by… • … increasing the CRC size? • … restrict devices only to trusted parties? Florida Institute for Cybersecurity (FICS) Research 23

  24. Key Escrow: General Problems • Keys under doormats • Goes against best practices including forward secrecy. • Makes systems far more complex, and likely vulnerable. • Concentrated targets (key repositories) would attract powerful adversaries. • These problems are fundamental. • There are no easy technical solutions . Florida Institute for Cybersecurity (FICS) Research 24

  25. Key Escrow: Recent Proposals • Ray Ozzie proposed the “Clear” key escrow system in 2018. • Each phone receives a public key, and a copy of the private key is kept by the phone maker. • Passcode encrypted with the public key, and LEO can recover it with a warrant. • Ozzie’s proposal has a number of technical and practical problems. • Ozzie tries to move the technical discussion forward in this proposal, arguing that a lack of any solution may itself be a problem. • “The reason so few of us are willing to bet on massive-scale key escrow systems is that we've thought about it and we don't think it will work.” -Matt Green Florida Institute for Cybersecurity (FICS) Research 25

  26. Weaknesses in CALEA Infrastructure • Now that we have this infrastructure in place, how secure is it? • That’s a little hard to measure - access to CALEA infrastructure is extremely difficult to obtain. • Turns out, you need the right team and most of what we’ve talked about in this lecture to learn more. Florida Institute for Cybersecurity (FICS) Research 26

  27. Loop Extender Florida Institute for Cybersecurity (FICS) Research 27

  28. Wiretapping Reliability Assume end-to-end (bilateral techniques), e.g., encryption, are not used. 
 • Can we trust wiretapping transcripts and audio? • Florida Institute for Cybersecurity (FICS) Research 28

  29. Dialed Digit Spoofing Evasion: use tolerance accepted by switch, but ignored by wiretap • Confusion: use tolerance not accepted by switch, but processed by wiretap • Eavesdropper's Dilemma: wiretap will either be more or less sensitive than • switch If less sensitive, vulnerable to evasion • If more sensitive, vulnerable to confusion • Florida Institute for Cybersecurity (FICS) Research 29

  30. Loop Extender Weaknesses Use in-band signaling • Do not authenticate control data (e.g., C-tones) • Are inherently unreliable • Florida Institute for Cybersecurity (FICS) Research 30

  31. Serious Criminal Enterprise Florida Institute for Cybersecurity (FICS) Research 31

  32. Implications In some systems, caller or called-party can disrupt interception • Recording suppression 
 • In some cases, caller or called-party can mislead interceptors • DTMF confusion and evasion • Florida Institute for Cybersecurity (FICS) Research 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: End-to-End Authentication Professor Patrick Traynor 11/8/2018 (Thanks to Adam Doup and Brad Reaves) Florida Institute for Cybersecurity (FICS) Research Announcements Abstracts for Course

1.38k views • 46 slides
CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18

CIS 6930 - Cellular and Mobile Network Security: GSM Overload Professor Patrick Traynor 11/1/18 Florida Institute for Cybersecurity (FICS) Research Reminders You need to start working on your project! Some of you have not yet built

1.22k views • 32 slides
CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Cellular Networking Professor Patrick Traynor 9/18/2018 Florida Institute for Cybersecurity (FICS) Research The Big Picture Details create the big picture. -Sanford I. Weill Florida Institute

1.13k views • 40 slides
CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor

CIS 6930 - Cellular and Mobile Network Security: Academic Writing Professor Patrick Traynor 10/9/18 Florida Institute for Cybersecurity (FICS) Research A Recap... How do phone calls happen in 3G networks? Our midterm is on 10/18

703 views • 33 slides
CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: CDMA/UMTS Air Interface Professor Patrick Traynor 10/11/2018 Florida Institute for Cybersecurity (FICS) Research UMTS and CDMA 3G technology - major change from GSM (TDMA) Based on

337 views • 22 slides
CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick

CIS 6930 - Cellular and Mobile Network Security: Classical Telephony Security Professor Patrick Traynor 10/30/18 Florida Institute for Cybersecurity (FICS) Research Ah, the Classics... Florida Institute for Cybersecurity (FICS) Research 2

887 views • 11 slides
CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018

CIS 6930 - Cellular and Mobile Network Security Introduction Professor Patrick Traynor 8/23/2018 Florida Institute for Cybersecurity (FICS) Research Rapid Communication Over Distance Florida Institute for Cybersecurity (FICS) Research 2

827 views • 19 slides
CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: GSM - In Detail Professor Patrick Traynor 10/2/18 Florida Institute for Cybersecurity (FICS) Research Cellular Telecommunications Architecture Background Air Interfaces Network

831 views • 39 slides
Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo University of Michigan AIMS-5 2013 Background Prevalence of cellular networks Mobile Traffic is expected to grow rapidly in the near future

510 views • 18 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular handsoffs. Mobile IP, cellular handsoffs. Mythili Vutukuru CS 653 Spring 2014 Feb 24, Monday Network layer: recap The network or IP layer

388 views • 11 slides
CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor

CS 8803 - Cellular and Mobile Network Security: Data Air Interface Professor Patrick Traynor 10/23/18 Florida Institute for Cybersecurity (FICS) Research Packet-Switched Mobile Data Florida Institute for Cybersecurity (FICS) Research 2

805 views • 21 slides
Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer: William Enck November 30, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 CSE 543 Computer (and Network) Security - Fall 2006 - Professor

677 views • 21 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
ONE DOES NOT T SIMPLY DEPLOY ML INTO PRODUCTI TION Henrik Brink Machine Learning Engineering @

ONE DOES NOT T SIMPLY DEPLOY ML INTO PRODUCTI TION Henrik Brink Machine Learning Engineering @

ONE DOES NOT T SIMPLY DEPLOY ML INTO PRODUCTI TION Henrik Brink Machine Learning Engineering @ Wise.io / GE Digital brinkar Agenda From space to industrial machine learning Challenges Optimization dimensions Infrastructure

649 views • 44 slides
rs Prt r sr r

rs Prt r sr r

rs Prt r sr r r SHIQ s tr 1 rt 1 ts s 1 r

859 views • 38 slides
EFL on Wayland Rafael Antognolli October, 22th - 2013 Wayland Simpler replacement for X

EFL on Wayland Rafael Antognolli October, 22th - 2013 Wayland Simpler replacement for X

EFL on Wayland Rafael Antognolli October, 22th - 2013 Wayland Simpler replacement for X Core protocol + extensions Weston is the reference compositor Toolkits (EFL, Qt, GTK) implement the client API EFL Enlightenment

541 views • 25 slides
RAN School Council February 2020 Nock/Molin Change of Start Time New times: Arrival 7:45,

RAN School Council February 2020 Nock/Molin Change of Start Time New times: Arrival 7:45,

RAN School Council February 2020 Nock/Molin Change of Start Time New times: Arrival 7:45, Dismissal 2:15 Operational Challenges Arrival and dismissal Elementary procedures vs middle level procedures Safety (875 students

321 views • 6 slides
TagSpaces Your versatile file manager by Ilian Sapundshiev, September 2019 WHAT IS TAGSPACES?

TagSpaces Your versatile file manager by Ilian Sapundshiev, September 2019 WHAT IS TAGSPACES?

TagSpaces Your versatile file manager by Ilian Sapundshiev, September 2019 WHAT IS TAGSPACES? KEY FEATURES NO BACKEND - NO LOGIN TWO WAYS FOR TAGGING

435 views • 18 slides
Clipper Cove WEEK STARTS COST 1 02-Jan 595.00 2 9 595.00 3 16 595.00 4 23

Clipper Cove WEEK STARTS COST 1 02-Jan 595.00 2 9 595.00 3 16 595.00 4 23

Clipper Cove WEEK STARTS COST 1 02-Jan 595.00 2 9 595.00 3 16 595.00 4 23 595.00 5 30 595.00 6 06-Feb 595.00 7 13 595.00 8 20 595.00 9 27 595.00 10 06-Mar 595.00 11 13 595.00 12 20 595.00

713 views • 3 slides
Transitioning to an Electric School Bus Fleet Presented by Tampa Bay Clean Cities Coalition

Transitioning to an Electric School Bus Fleet Presented by Tampa Bay Clean Cities Coalition

Transitioning to an Electric School Bus Fleet Presented by Tampa Bay Clean Cities Coalition Agenda Key Funding Updates for Florida School Districts Takeaways and Lessons Learned from South Shore Clean Cities and Carmel Clay Schools

452 views • 32 slides
Q2 2020 YTD 2020 2 $8.0 4000 $7.0 3500 Federal Reserve Balance Sheet: Total Assets, $

Q2 2020 YTD 2020 2 $8.0 4000 $7.0 3500 Federal Reserve Balance Sheet: Total Assets, $

Q2 2020 YTD 2020 2 $8.0 4000 $7.0 3500 Federal Reserve Balance Sheet: Total Assets, $ Trillions (Left Axis) S&P 500 (Right Axis) $6.0 3000 Federal Reserve Balance Sheet: Total Assets (trillions) $5.0 2500 $4.0 2000 $3.0 1500

486 views • 27 slides

More recommend