CIS 6930 - Cellular and Mobile Network Security: Phreaking and - - PowerPoint PPT Presentation

Florida Institute for Cybersecurity (FICS) Research

CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping

Professor Patrick Traynor 11/15/18

Florida Institute for Cybersecurity (FICS) Research

Closing Notes

• Remember, 50% of the course grade comes from this project.
• So how do you do well?
• Practice your presentation.
• Be ready for tough questions.
• Work very hard on the presentation within the final report.
• Tell me something I don’t already know.
• Impress me with your effort.
• Please take the course survey!

2

Florida Institute for Cybersecurity (FICS) Research

You’re Pretty Lucky…

• Few universities have courses that

describe the inner workings of our telephony infrastructure.

• We’ve learned a lot this

semester!

• How did people learn about these

systems before classes like this?

3

Florida Institute for Cybersecurity (FICS) Research

Let’s Set the Stage…

• For a long time, there was only one

network: American Telephone and Telegraph.

• Calls were expensive!
• From the outside, nobody

understood how the system worked.

• Interested in learning more, some

clever folks started to probe.

• Let’s learn more!

4

Florida Institute for Cybersecurity (FICS) Research

Phreaks

5

Florida Institute for Cybersecurity (FICS) Research

Secrets of the Little Blue Box

• What is in-band signaling?

• Why would a network be designed in this fashion?

• Name a network core that supported in-band signaling.

6

Florida Institute for Cybersecurity (FICS) Research

The Exploit

• How did phone Phreaks take advantage of in-band signaling?

• What does a Blue Box do?

• How did Phreaks learn to exploit the network?

7

Florida Institute for Cybersecurity (FICS) Research

The Reality

• What happened to all the Phreaks?

• What did the networks do to effectively end their activities?

• Is this the last we’ll hear about in-band signaling?

8

Florida Institute for Cybersecurity (FICS) Research

Want to Learn More?

• Phil Lapsley’s “Exploding the Phone”

is a great and detailed history of phreaking.

• You can watch a his talk at USENIX

Security 2014 here: 
 https://www.usenix.org/conference/ usenixsecurity14/technical-sessions/ presentation/phone-phreaks-what- we-can-learn-first

9

Florida Institute for Cybersecurity (FICS) Research

Eavesdropping

10

Florida Institute for Cybersecurity (FICS) Research

Review of PSTN

11 DTMF

Florida Institute for Cybersecurity (FICS) Research

Wiretapping

12

Alice

LEA

DTMF

Florida Institute for Cybersecurity (FICS) Research

Wiretapping Legal History

• The advent of the telephone created important legal questions.
• Is there a right to privacy? What are the expectations?
• Core thoughts on “the right to be let alone” were by Justice Louis Brandeis.
• Olmstead v United States (1928) gave LEOs the right to wiretap.
• Supreme Court reversed Olmstead in 1968 (Katz v United States).
• Justice Brandeis’ ruling remains the foundational legal opinion on this topic.
• While others sometimes argue for much lower barriers, overturning these

protections would be extremely difficult.

13

Florida Institute for Cybersecurity (FICS) Research

Wiretapping and US Law

• Pen Register / Dialed Number Recorder (DNR)
• Captures dialed digits and signaling information
• Full Audio Interception (Title III or FISA)
• Captures signaling information plus call audio
• Typically only authorized for particular a party
• More laborious; higher standard of proof and judicial scrutiny

14

Florida Institute for Cybersecurity (FICS) Research

Communications Assistance for Law Enforcement Act (CALEA)

• Mandates a standard (J-STD-025A) between TSP and LEAs
• Data separated into two channels:
• Call Data Channel (CDC)
• Signaling data: call times, numbers dialed, line status, etc
• Call Content Channel (CCC)
• Live audio
• Channels can be sent over POTS line, ISDN, or IP

15

Florida Institute for Cybersecurity (FICS) Research

VoIP and CALEA

• Traffic on IP networks can be intercepted without a warrant.
• What is the implication for voice traffic carried on IP networks?
• Traditional voice telephony is not end-to-end encrypted, but VoIP 


sometimes is…

• Is there a requirement to implement CALEA 


compliance into VoIP apps?

• Some apps are highly suspected to provide such 


compliance (e.g., Skype).

• So, should VoIP providers play ball?

16

Florida Institute for Cybersecurity (FICS) Research

Law Enforcement Perspective

17

Florida Institute for Cybersecurity (FICS) Research

Civil Liberties Perspective

18

Florida Institute for Cybersecurity (FICS) Research

Key Escrow

• What if law enforcement could get access to encrypted calls when they really

needed it?

• What mechanism would allow them to “break” your crypto?
• Key escrow schemes provide a “trusted entity” (e.g., a judge) with a

cryptographic key that can be used only when necessary.

• Work in the late 80s/early 90s resulted in the 


developed the first deployable key escrow system, the 
 Clipper chip.

• 3600E (right) was sold by AT&T, primarily to 


government from 1992-1993.

19

Florida Institute for Cybersecurity (FICS) Research

Key Escrow: A Fair Compromise?

• All encrypted communications would have a backdoor.
• With that key kept only by a trusted party, abuse could be minimized.
• Just like traditional legal wiretapping, a judge would have to allow

eavesdropping to occur…

• People and businesses could still rely on strong encryption to protect their

communications.

• What’s not to like?
• The. Devil. Is. In. The. Details…

20

Florida Institute for Cybersecurity (FICS) Research

Key Escrow: Clipper Details

21

• 1. DH Key Exchange
• 2. Generate LEAF from K
• 2. Generate LEAF from K
• 3. Load/Verify LEAF, IV
• 5. Load/Verify LEAF, IV
• 4. Transmit LEAF, IV
• 6. Encrypted Voice Communication

Florida Institute for Cybersecurity (FICS) Research

Clipper LEAF Generation

• Skipjack (classified at the time)

served as the core of LEAF generation.

• Unit Key split into two parts,

kept by two different federal agencies.

• Encrypted key paired with Unit ID

and 16-bit Checksum.

• This entire data structure is Skipjack

encrypted, creating the LEAF.

22

Florida Institute for Cybersecurity (FICS) Research

Clipper Problems

• LEAF integrity only protected by 16-bit field.
• We can easily brute force this value, ensuring that everything “checks out”

while the LEO can’t decrypt the session key.

• Maybe we could fix this by…
• … increasing the CRC size?
• … restrict devices only to trusted parties?

23

Florida Institute for Cybersecurity (FICS) Research

Key Escrow: General Problems

• Keys under doormats
• Goes against best practices including forward secrecy.
• Makes systems far more complex, and likely vulnerable.
• Concentrated targets (key repositories) would attract powerful adversaries.
• These problems are fundamental.
• There are no easy technical solutions.

24

Florida Institute for Cybersecurity (FICS) Research

Key Escrow: Recent Proposals

• Ray Ozzie proposed the “Clear” key escrow system in 2018.
• Each phone receives a public key, and a copy of the private key is kept by the

phone maker.

• Passcode encrypted with the public key, and LEO can recover it with a warrant.
• Ozzie’s proposal has a number of technical and practical problems.
• Ozzie tries to move the technical discussion forward in this proposal, arguing that

a lack of any solution may itself be a problem.

• “The reason so few of us are willing to bet on massive-scale key escrow systems is

that we've thought about it and we don't think it will work.” -Matt Green

25

Florida Institute for Cybersecurity (FICS) Research

Weaknesses in CALEA Infrastructure

• Now that we have this infrastructure in place, how secure is it?
• That’s a little hard to measure - access to CALEA infrastructure is extremely

difficult to obtain.

• Turns out, you need the right team and most of what we’ve talked about in this

lecture to learn more.

26

Florida Institute for Cybersecurity (FICS) Research

Loop Extender

27

Florida Institute for Cybersecurity (FICS) Research

Wiretapping Reliability

• Assume end-to-end (bilateral techniques), e.g., encryption, are not used.

• Can we trust wiretapping transcripts and audio?

28

Florida Institute for Cybersecurity (FICS) Research

Dialed Digit Spoofing

• Evasion: use tolerance accepted by switch, but ignored by wiretap
• Confusion: use tolerance not accepted by switch, but processed by wiretap
• Eavesdropper's Dilemma: wiretap will either be more or less sensitive than

switch

• If less sensitive, vulnerable to evasion
• If more sensitive, vulnerable to confusion

29

Florida Institute for Cybersecurity (FICS) Research

Loop Extender Weaknesses

• Use in-band signaling
• Do not authenticate control data (e.g., C-tones)
• Are inherently unreliable

30

Florida Institute for Cybersecurity (FICS) Research

Serious Criminal Enterprise

31

Florida Institute for Cybersecurity (FICS) Research

Implications

• In some systems, caller or called-party can disrupt interception
• Recording suppression

• In some cases, caller or called-party can mislead interceptors
• DTMF confusion and evasion

32

Florida Institute for Cybersecurity (FICS) Research

Conclusions

• Wiretapping has a long history of policy and technical questions.
• These are really hard problems, for which there are no clear answers and

massive risks to society.

• Sometimes very old modes of operation (even ones we thought were long

dead) can come back to bite you.

• Backwards compatibility has historically been a danger…
• This will not be the last discussion you have about this topic.

33