imp4gt
play

IMP4GT IMPersonation Attacks in 4G NeTworks David Rupprecht , - PowerPoint PPT Presentation

Apr 15, 2023 •603 likes •766 views

IMP4GT IMPersonation Attacks in 4G NeTworks David Rupprecht , Katharina Kohls, Thorsten Holz, and Christina Ppper 25.02.2020 NDSS Symposium, San Diego, USA Motivation: Internet Passes 2 LTE Security Aims Mutual Authentication Traffic

  1. IMP4GT IMPersonation Attacks in 4G NeTworks David Rupprecht , Katharina Kohls, Thorsten Holz, and Christina Pöpper 25.02.2020 NDSS Symposium, San Diego, USA

  2. Motivation: Internet Passes 2

  3. LTE Security Aims Mutual Authentication Traffic Confidentiality Identity & Location Confidentiality 3

  4. Security Features Authentication and Key Agreement Connection 4

  5. Missing Integrity Protection Control User Plane Plane Encryption stream cipher Integrity Protection 5

  6. Malleable Encryption Stream Cipher 1 0 1 0 $10 0 1 0 1 $100 1 1 1 1 Decryption Encryption 6

  7. Already Known: Redirection Can it be worse? Yes, with IMP4GT /ˈɪmpækt/ Rupprecht, D., Kohls, K., Holz, T., & Pöpper, C. “ Breaking LTE on Layer 7 Two ”. In 2019 IEEE Symposium on Security and Privacy (SP)

  8. Impersonation in 4G Networks (IMP4GT) Uplink Breaks mutual authentication Downlink in both directions. Impersonation of a network Impersonation of a user towards towards the user on the user-plane the network on the user-plane 8

  9. The Basic Principle Encryption Oracle Malleable Encryption Decryption Oracle Impersonation Reflection 9

  10. Reflection: ICMP Ping IP / ICMP (ping) / Data IP / ICMP (ping) / Data 10

  11. Uplink Encryption Oracle Keystream Target Network Generation Server UE Relay Already Open. IP / UDP / Payload IP / UDP / Payload IP / PING Request / Payload IP / PING Reply / Payload IP (target_ip) / TCP / new Payload IP (target_ip) / TCP / new Payload Encrypted on the Radio Layer 11

  12. Uplink Enc + Downlink Dec = Full Impersonation Keystream Decryption Target Network Generation Server Server UE Relay Uplink Encryption Downlink Decryption Uplink Encryption Downlink Decryption 12

  13. Experiments • Commercial network and phone • Uplink impersonation • Visit a website only accessible by a victim: pass.telekom.de • Upload a 10KB file to a server • Downlink impersonation • TCP connection towards the phone • No interaction of the user • connectivitycheck.android.com • Checks if you have an Internet connection 13

  14. Consequences Providers Law Enforcement User • Over Billing • Lawful Interception • Privacy • Authorization • Lawful Disclosure • Firewall / NAT Process • IoT 14

  15. Conclusion: We need Integrity Protection! David Rupprecht Ruhr University Bochum david.rupprecht@rub.de https://imp4gt-attacks.net • Fully specified and deployed • Optional integrity protection • Unlikely… • Limited support in early implementations We emphasize the need for mandatory integrity protection. 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mix-Nets Lecture 19 Some tools for electronic-voting (and other things) Mix-Nets Mix-Nets

Mix-Nets Lecture 19 Some tools for electronic-voting (and other things) Mix-Nets Mix-Nets

Mix-Nets Lecture 19 Some tools for electronic-voting (and other things) Mix-Nets Mix-Nets Originally proposed by Chaum (1981) for anonymous communication Mix-Nets Originally proposed by Chaum (1981) for anonymous communication Input: a

1.65k views • 120 slides
Cryptography Hard Problems encryption message encryption key algorithm Some problems are

Cryptography Hard Problems encryption message encryption key algorithm Some problems are

Cryptography Hard Problems encryption message encryption key algorithm Some problems are hard to solve. No polynomial time algorithm is known. Transmission E.g., NP-hard problems such as machine scheduling, Channel bin packing,

516 views • 8 slides
Kotler Keller Marketing Management 14e Conducting M arketing Research Discussion

Kotler Keller Marketing Management 14e Conducting M arketing Research Discussion

Phillip Kevin Lane Kotler Keller Marketing Management 14e Conducting M arketing Research Discussion Questions 1. What constitutes good marketing research? 2. What are the best metrics for measuring marketing productivity? 3.

381 views • 21 slides
IMPLEMENTING DATA CUBE EFFICIENTLY Navjeet Singh (presenting) Decision Support System & OLAP

IMPLEMENTING DATA CUBE EFFICIENTLY Navjeet Singh (presenting) Decision Support System & OLAP

IMPLEMENTING DATA CUBE EFFICIENTLY Navjeet Singh (presenting) Decision Support System & OLAP cube A Decision Support System ( DSS ) is a computer-based information system that supports business or organizational decision making

133 views • 11 slides
Todays Agenda Wrap up of Number Theory (Sec. 3.7) Fermats Little Theorem Public

Todays Agenda Wrap up of Number Theory (Sec. 3.7) Fermats Little Theorem Public

Todays Agenda Wrap up of Number Theory (Sec. 3.7) Fermats Little Theorem Public Key Cryptography (RSA) Strings and Languages (Chap. 12) Based on Rosen and slides by K. Busch 1 Fermats little theorem: For any prime and

357 views • 14 slides
Lattice-based cryptography (I) Thijs Laarhoven ts

Lattice-based cryptography (I) Thijs Laarhoven ts

Lattice-based cryptography (I) Thijs Laarhoven ts ttts PQCrypto Summer School 2017 (June 20, 2017) Part 1: Lattices, cryptography, and lattice basis

872 views • 53 slides
Cryptography: RSA Encryption and Decryption Greg Plaxton Theory in Programming Practice, Spring

Cryptography: RSA Encryption and Decryption Greg Plaxton Theory in Programming Practice, Spring

Cryptography: RSA Encryption and Decryption Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Joining the RSA Cryptosystem: Quick Review First, Bob randomly chooses two

293 views • 14 slides
Content-Base Confidentiality lessons learned in the past year Yingdi Yu UCLA 9/29/15

Content-Base Confidentiality lessons learned in the past year Yingdi Yu UCLA 9/29/15

Content-Base Confidentiality lessons learned in the past year Yingdi Yu UCLA 9/29/15 ndncomm2015 1 What is content-based confidentiality? Confidentiality stays with content independent from where the content is

456 views • 11 slides
How Dangerous are Decryp- tion Failures in Lattice-based Encryption? Jan-Pieter DAnvers 20

How Dangerous are Decryp- tion Failures in Lattice-based Encryption? Jan-Pieter DAnvers 20

How Dangerous are Decryp- tion Failures in Lattice-based Encryption? Jan-Pieter DAnvers 20 november 2019 1 Outline 1 Introduction 2 How to find 1st failure 3 How to find next failure 4 Recovering the secret 5 Conclusion 1 1 LWE hard

1.07k views • 81 slides
Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1

Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1

Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1 Content-based confidentiality Confidentiality stays with content independent from where the content is independent from how it is

647 views • 10 slides
Bootstrapping (with Small Error Growth) Chris Peikert University of Michigan HEAT Summer School

Bootstrapping (with Small Error Growth) Chris Peikert University of Michigan HEAT Summer School

Bootstrapping (with Small Error Growth) Chris Peikert University of Michigan HEAT Summer School 12 Oct 2015 1 / 14 Fully Homomorphic Encryption [RAD78,Gentry09] FHE lets you do this: Eval ( f ) f ( ) A cryptographic holy

1.01k views • 66 slides
Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69

Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69

1 Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69 submissions in first round, from hundreds of people. (+13 submissions that NIST declared incomplete or improper.) 22 signature-system submissions. 5

1.97k views • 196 slides
Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents

Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents

Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents Introduction Functional Encryption Security definitions Notations The Power of Inner Products Descriptive statistics Machine Learning Practical

930 views • 65 slides
Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September 20, 2011 Code-based cryptography 1. Background 2. The McEliece cryptosystem 3. Information-set-decoding attacks 4. Designs: Wild McEliece 5.

721 views • 55 slides
How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer

910 views • 29 slides
Liquidsoap Audio & Video Streaming Language 1 / 73 What is Liquidsoap? 2 / 73 What is

Liquidsoap Audio & Video Streaming Language 1 / 73 What is Liquidsoap? 2 / 73 What is

Liquidsoap Audio & Video Streaming Language 1 / 73 What is Liquidsoap? 2 / 73 What is Liquidsoap? A language to create audio and video streams 3 / 73 What is Liquidsoap? A language to create audio and video streams myplaylist =

1.08k views • 73 slides
CBRE GROUP, INC. First Quarter 2017: Earnings Conference Call APRIL 27, 2017 FORWARD-LOOKING

CBRE GROUP, INC. First Quarter 2017: Earnings Conference Call APRIL 27, 2017 FORWARD-LOOKING

CBRE GROUP, INC. First Quarter 2017: Earnings Conference Call APRIL 27, 2017 FORWARD-LOOKING STATEMENTS This presentation contains statements that are forward looking within the meaning of the Private Securities Litigation Reform Act of 1995.

782 views • 29 slides
DNS Privacy in Practice and Preparation B Y Casey Deccio and Jacob Davis S andia Nat ional

DNS Privacy in Practice and Preparation B Y Casey Deccio and Jacob Davis S andia Nat ional

DNS Privacy in Practice and Preparation B Y Casey Deccio and Jacob Davis S andia Nat ional Laborat ories is a mult imission laborat ory managed and operat ed by Nat ional Technology & Engineering S olut ions of S andia, LLC, a wholly

405 views • 19 slides
DNS over TCP and TLS draft-hzhwm-dprive-start-tls-for-dns-00 John Heidemann and Sara Dickinson

DNS over TCP and TLS draft-hzhwm-dprive-start-tls-for-dns-00 John Heidemann and Sara Dickinson

DNS over TCP and TLS draft-hzhwm-dprive-start-tls-for-dns-00 John Heidemann and Sara Dickinson Joint work with Liang Zhu, Zi Hu, Duane Wessels, Allison Mankin, Willem Toorop USC/ISI, Verisign Labs, and Sinodun in collaboration with NLnet Labs,

781 views • 50 slides
System-on-Chip Design Microprocessor Interfaces Hao Zheng Comp Sci & Eng U of South Florida

System-on-Chip Design Microprocessor Interfaces Hao Zheng Comp Sci & Eng U of South Florida

System-on-Chip Design Microprocessor Interfaces Hao Zheng Comp Sci & Eng U of South Florida 1 Basic Elements of HW/SW Interfaces 1. On-chip communica>on fabrics, ex. buses 2 Memory Mapped Interfaces To resolve simultaneous writes

722 views • 25 slides
Lecture 13: Introduction to Networking Networking is simply communicating between two computers

Lecture 13: Introduction to Networking Networking is simply communicating between two computers

Lecture 13: Introduction to Networking Networking is simply communicating between two computers connected on a network. You can actually set up a network connection on a single computer, as well. A network requires one computer to act as the

388 views • 9 slides
Maritime Administration Port Infrastructure Development Grant Opportunity March 9, 2020

Maritime Administration Port Infrastructure Development Grant Opportunity March 9, 2020

Maritime Administration Port Infrastructure Development Grant Opportunity March 9, 2020 Maritime Administration 1200 New Jersey Ave., SE | Washington, DC | 20590 w w w . d o t . g o v Port Infrastructure Development Grant Overview

929 views • 24 slides
Cryogenic Instrumentation & Slow Controls (CISC) Overview & Status Sowjanya Gollapinni

Cryogenic Instrumentation & Slow Controls (CISC) Overview & Status Sowjanya Gollapinni

Cryogenic Instrumentation & Slow Controls (CISC) Overview & Status Sowjanya Gollapinni (UTK) CISC Scope Review Meeting CERN, June 19, 2019 CISC Primary goals DUNE CPV and other physics goals require at least a decade of running the

799 views • 47 slides
Lake County Port Investment Task Force February 10, 2020 AGENDA Welcome & Introductions

Lake County Port Investment Task Force February 10, 2020 AGENDA Welcome & Introductions

Lake County Port Investment Task Force February 10, 2020 AGENDA Welcome & Introductions Task Force & Project Overview Project Update Local Revenue Feasibility Study Questions Recommendations & Next Steps TASK FORCE Purpose:

680 views • 31 slides

More recommend