mobile subscriber wifi privacy
play

Mobile Subscriber WiFi Privacy Piers OHanlon Ravishankar Borgaonkar - PowerPoint PPT Presentation

Feb 27, 2024 •317 likes •599 views

Department of Computer Science Mobile Subscriber WiFi Privacy Piers OHanlon Ravishankar Borgaonkar Lucca Hirschi (LSV, University Paris-Saclay) MoST IEEE S & P Workshop 2017 Overview Mobile identifiers IMSI Catchers/Trackers

  1. Department of Computer Science Mobile Subscriber WiFi Privacy Piers O’Hanlon Ravishankar Borgaonkar Lucca Hirschi (LSV, University Paris-Saclay) MoST IEEE S & P Workshop 2017

  2. Overview • Mobile identifiers • IMSI Catchers/Trackers – Conventional – WiFi-based • WiFi authentication flaws • EAP-SIM/AKA Formal Analysis • Mitigations – User/MobileOS/Operator

  3. Mobile identifiers • Subscriber identifiers • Mobile subscriber identity • International Mobile Subscriber Identity (IMSI) • Temporary IMSI (TIMSI) • Mobile number • Mobile Station International Subscriber Directory Number (MSISDN) • Device identifiers • International Mobile Equipment Identity (IMEI) • WiFi MAC address • Bluetooth MAC address • NFC Address • Network/OS level identifiers • IP addresses, Hostnames, DHCP options, Multicast DNS names, etc • Application level identifiers • Usernames, identifiers, handles, etc

  4. What is an IMSI? • I nternational M obile S ubscriber I dentity • 15 digit number ( MC ountry C ode+ MN et C ode+ MSI d N um) • e.g. 234123456789012 • Identity for mutual authentication of a device to the network • Using SIM’s secret 128-bit authentication Key (K i ) and for 3/4G the S e q uence N umber (SQN) • Stored in two places: • In the ‘SIM Card’ (USIM/UICC) • IMSI is accessible in read only section of SIM • Secret key (K i ) and SQN are not directly readable • At the Operator • IMSI indexes K i and SQN from HSS/AuC Database • An identifier that can be used for tracking

  5. Conventional IMSI Catchers • Typical features • Tracking: IMSI/IMEI, Location • Interception: Call/SMS/Data • Operates on licensed Mobile Bands: 2G(GSM)/3G/4G • Acts as a fake base station to lure nearby mobile devices • ‘Passive’ - mainly for tracking (interception when no/weak ciphering) • Active – interception and tracking • Cost • Commercial solutions expensive • Now cheaper options using Laptop+SDR board • Been around since the early 1990s • Patented in Europe in 1993

  6. Conventional IMSI Catchers: 2-4G 3G/4G 2G • Exploits protocol flaws (no • Exploits architecture issues mutual authentication..) (Base station > UE..) • Tracking & Interception • Tracking & difficult to intercept traffic w.r.t 2G • Easily available to buy online • Commercial products usually • Use of fake base station downgrades • Use of legitimate base station also possible http://www.epicos.com/EPCompanyProfileWeb/Content/Ability/EM_GSM.JPG http://edge.alluremedia.com.au/m/g/2016/05/nokia_ultra_compact_network.jpg

  7. WiFi-Based IMSI Catcher • Features • Tracking: IMSI, Location • No interception • Operates in unlicensed ISM Bands: WiFi • Range - few hundred meters – can be extended… • Fake Access Points • Redirect/Spoofs mobile packet data gateway • Exploits protocol & configuration weaknesses • Based on two separate access techniques [3GPP TS33.234] • WiFi Network Authentication (‘WLAN direct IP access’) • WiFi-Calling Authentication (‘WLAN 3GPP IP access’) • Cost • Low: Virtually any WiFi capable computer

  8. Mobile network Architecture

  9. WiFi Network attachment ( WLAN direct IP access) • Unencrypted WiFi access points (APs) • Captive Portal approaches • Wireless Internet Service Provider roaming(WiSPr) etc • Encrypted WiFi APs • Pre-shared password/credentials • ‘Auto Connect’ Encrypted WiFi APs (802.1X) • WiFi key is negotiated without user intervention • Based on credentials in the USIM/UICC (‘SIM Card’) • Controlled by operator provided configuration • Manual • Automatic/pre-installed

  10. Manual Configuration • Some Android devices require initial manual configuration • After which it automatically connects • Instructions on operator websites • Follow simple steps to set up • Android provides various Carrier controlled mechanisms • Lollipop (v5.1 MR1): UICC Carrier Privileges • Marshmallow (v6.0): Carrier Configuration • “Privileged applications to provide carrier-specific configuration to the platform”

  11. Automatic configuration • Some Android and Windows phones automatically connect based on SIM • iOS configures phone based on inserted SIM • Activates an operator specific .mobileconfig file • Configures a range of operator specific options • Including a list of 802.1X supported WiFi SSIDs • Our analysis of iOS9 profiles showed • More than 60 profiles (44 countries) for 802.1X WiFi • Containing 66 unique SSIDS plus other config • => Phones continuously trying to silently automatically authenticate

  12. Automatic WiFi Authentication • Port Based Network Access Control [IEEE 802.1X] • Uses E xtensible A uthentication P rotocol (EAP) [RFC3748] o ver L AN (EAPOL) over WiFi • Based upon two EAP Methods • EAP-SIM [RFC 4186] • GSM based security - Currently most widely used • EAP-AKA [RFC 4187] • 3G based security - Being deployed • Support in all major Mobile OSes: Android, iOS, Windows Mobile, and Blackberry devices • Reported the issue to them all and to operators & GSMA • Deployed in many countries – adoption growing

  13. EAP-SIM/AKA Identities • Three basic identity types for authentication • Permanent-identity (IMSI) • Typically used initially after which temporary ids are used • Pseudonym identity • A pseudonym for the IMSI has limited lifetime • Fast reauthentication-identity • Lower overhead re-attachment after initial exchange • Behaviour affected by peer policy • “Liberal” peer - Current default • Responds to any requests for permanent identity • “Conservative” peer – Future deployment option • Only respond to requests for permanent identity when no Pseudonym identity available

  14. EAP-SIM/AKA transport • Basic EAP protocol is not encrypted • Currently EAP-SIM/AKA in EAPOL is unencrypted • Thus IMSI is visible (to a passive attacker) when permanent identity used for full authentication 😲 • Also open to active attacks by requesting full auth 😲 • Problem amplified due to pre-configured profiles • Mobile devices are constantly checking for pre- configured SSIDs and attempting authentication • WiFi Access keys not compromised • All content still protected

  15. WiFi-Calling Operation ( WLAN 3GPP IP access) • Phone connects to Edge Packet Data Gateway (EPDG) over WiFi • Voice calls over WiFi • Phone connects on low/no signal • Also connects in Airplane mode + WiFi … • Connection to EPDG uses IPsec • Authenticates using Internet Key Exchange Protocol (IKEv2) • Supported on iOS, Android, and Windows devices • WiFi-Calling available in a number of countries • The issue also been reported to OS makers and Operators

  16. IPsec brief overview • I nternet P rotocol Sec urity • Confidentiality, data integrity, access control, and data source authentication • Recovery from transmission errors: packet loss, packet replay, and packet forgery • Authentication • Authentication Header (AH) - RFC 4302 • Confidentiality • Encapsulating Security Payload (ESP) - RFC 4303 • Key management • Internet Key Exchange v2 (IKEv2) - RFC7296 • Two modes • Tunnel - used for connection to Gateway (EPDG) • Transport

  17. IKEv2 weakness • Initiates connection in two phases • IKE_SA_INIT • Negotiate cryptographic algorithms, exchange nonces, and do a Diffie-Hellman exchange • IKE_AUTH • Authenticate the previous messages, exchange identities (e.g. IMSI), and certificates, and establish the child Security Association(s) (SA) • IKE_AUTH uses EAP-AKA to exchange identities • DH-encrypted IMSI exchange not protected by a certificate • Open to MitM attacks on identity exchange (e.g. IMSI) 😲 • IPsec ESP keys are not compromised • Call content still safe

  18. EAP-SIM/AKA Formal Analysis • Analysed EAP-SIM/AKA in ProVerif security protocol analyser • Modelled using a symbolic model based upon applied π- calculus • EAP-AKA is stateful, uses XOR, and SQN so it was simplified • We used the models to formally verify untraceability of the IMSI for two users • Attack found when IMSI is unhidden – as expected • No attack found when IMSI hidden (encrypted/ pseudonym) without additional authentication material

  19. EAP-SIM traceability attack • When IMSI hidden and attacker knows n(=3) GSM authentication triplets for targeted IMSI • GSM Triplet: Signed Response [SRES] (32-bit), Random number [RAND] (128-bit), & Ciphering Key [Kc] (64-bit) • Using known GSM triplets, attacker sends challenge request to mobile device (Step 5 – Next Slide) • If mobile device accepts challenge ==> mobile is the targeted device

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WiFi Direct in Android Mobile and Ubiquitous Compu9ng

WiFi Direct in Android Mobile and Ubiquitous Compu9ng

WiFi Direct in Android Mobile and Ubiquitous Compu9ng MEIC/MERC 2015/16 Nuno Santos WiFi Direct: What Is It? Client 1 Wi-Fi Direct allows

1.2k views • 17 slides
CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International Data Tracking 2 http://privacyinternational.org/feature/2433/i-asked-online-tracking-company-all-my-data-and-heres-what-i-found Two Main Attack

986 views • 63 slides
Mobile Hotspots Bill Dickhardt ACAMUG 4/8/2011 What's a Mobile Hotspot? ! Device or software

Mobile Hotspots Bill Dickhardt ACAMUG 4/8/2011 What's a Mobile Hotspot? ! Device or software

Mobile Hotspots Bill Dickhardt ACAMUG 4/8/2011 What's a Mobile Hotspot? ! Device or software that converts a cellular (3G/ 4G) data connection into a WiFi signal that can be shared by multiple devices. ! Also known as " WiFi tethering

561 views • 26 slides
WiFi$Direct$in$Android$ $ Mobile$Compu5ng$ MEIC/MERC$2014/15$ $ Nuno$Santos$

WiFi$Direct$in$Android$ $ Mobile$Compu5ng$ MEIC/MERC$2014/15$ $ Nuno$Santos$

WiFi$Direct$in$Android$ $ Mobile$Compu5ng$ MEIC/MERC$2014/15$ $ Nuno$Santos$ WiFi$Direct:$What$Is$It?$ Client$1$ WiGFi$Direct$allows$devices$to$ connect$directly$to$each$ Acts$as$SoMware$ other$using$methods$similar$ Access$Point$

642 views • 17 slides
Subscriber line technology Subscriber line is the last mile to the customer Conventionally

Subscriber line technology Subscriber line is the last mile to the customer Conventionally

Lic.Tech. Marko Luoma (1/68) Lic.Tech. Marko Luoma (2/68) Subscriber line technology Subscriber line is the last mile to the customer Conventionally only PSTN subscriber lines Twisted pair copper S-38.192 Verkkopalvelujen tuotanto

418 views • 17 slides
Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda Protecting mobile devices and your privacy Protecting Mobile Devices and Your Privacy Before We Start The City of Phoenix does not

971 views • 52 slides
Da t a pl a n e f o r SUBSCRIBER GATEWAY OVERVIEW & CHALLENGES Natarajan Venkataraman,

Da t a pl a n e f o r SUBSCRIBER GATEWAY OVERVIEW & CHALLENGES Natarajan Venkataraman,

Da t a pl a n e f o r SUBSCRIBER GATEWAY OVERVIEW & CHALLENGES Natarajan Venkataraman, Principal Engineer, Ericsson India Su bsc r iber Ga t ew a y Entity at edge of access-aggregation network / mobile RAN network Provides

336 views • 15 slides
WIFI Code: WIFI Guest - welcome2 Welcome IMPORTANT - Housekeeping Notice: 1) Fire Alarms

WIFI Code: WIFI Guest - welcome2 Welcome IMPORTANT - Housekeeping Notice: 1) Fire Alarms

WIFI Code: WIFI Guest - welcome2 Welcome IMPORTANT - Housekeeping Notice: 1) Fire Alarms / Fire Exit 2) Toilets 3) Please turn Mobile Phones to SILENT Session slides will be circulated on email to ALL attendees. Annual

906 views • 74 slides
Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android

Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android

Introduction User Survey Application Analysis Potential Solution and Conclusion Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android Permission Jagdish Prasad Achara, Mathieu Cunche, Vincent Roca, and

714 views • 43 slides
APIs and Mobile and Online Privacy Scene-setting, Regulations and Controversies W3C Device API

APIs and Mobile and Online Privacy Scene-setting, Regulations and Controversies W3C Device API

APIs and Mobile and Online Privacy Scene-setting, Regulations and Controversies W3C Device API Privacy Kasey Chappelle, Global Privacy Counsel July 2010 Vodafone C2 Vast rates of societal change, increasing all the time TECHNOLOGIC SOCIAL

213 views • 6 slides
SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady

SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady

SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady Yerukhimovich, Richard Shay, Ari Trachtenberg, Rick Housley, and Robert K. Cunningham Privacy Enhancing Technologies Symposium 2016 Is Privacy Possible

542 views • 15 slides
Designing a Microcontroller Integrated with WiFi and a Mobile Application for a Pellet Smoker

Designing a Microcontroller Integrated with WiFi and a Mobile Application for a Pellet Smoker

Designing a Microcontroller Integrated with WiFi and a Mobile Application for a Pellet Smoker Course: ECE 4901, 2017-2018 Members: Adam Burns - EE Jason DeJesus - EE/CompE Trevor Svec - CompE Sponsoring Company: Seconn Fabrication,

444 views • 19 slides
Designing a Microcontroller Integrated with WiFi and a Mobile Application for a Pellet Smoker

Designing a Microcontroller Integrated with WiFi and a Mobile Application for a Pellet Smoker

Designing a Microcontroller Integrated with WiFi and a Mobile Application for a Pellet Smoker Course: ECE 4901, 2017-2018 Group 1811 Members: Adam Burns - EE Jason DeJesus - EE/CompE Trevor Svec - CompE Sponsoring Company: Seconn

277 views • 14 slides
Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

CSE 484 / CSE M 584: Computer Security and Privacy Web Privacy [finish] Mobile Platform Security [start] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner,

535 views • 29 slides
Pazl: A Mobile Crowdsensing based Indoor WiFi Monitoring System Valentin Radu, Lito Kriara,

Pazl: A Mobile Crowdsensing based Indoor WiFi Monitoring System Valentin Radu, Lito Kriara,

Pazl: A Mobile Crowdsensing based Indoor WiFi Monitoring System Valentin Radu, Lito Kriara, Mahesh K. Marina The University of Edinburgh Introduction 6 billion mobile subscriptions in the world [source: UN report, 2013] . 1.4 billion

797 views • 33 slides
WiFi security Harald Vranken 1 Agenda WiFi security WEP WPA(2) WPA3 2 WiFi

WiFi security Harald Vranken 1 Agenda WiFi security WEP WPA(2) WPA3 2 WiFi

Advanced Network Security WiFi security Harald Vranken 1 Agenda WiFi security WEP WPA(2) WPA3 2 WiFi IEEE 802.11 standard Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications original

721 views • 48 slides
More Android 1 How hard was week 9 code review assignment? A) Easy

More Android 1 How hard was week 9 code review assignment? A) Easy

More Android 1 How hard was week 9 code review assignment? A) Easy B) Moderate C) Challenging D) Unreasonable 2 How long did week 9 assignment take? A) Less than 2 hours

593 views • 11 slides
Mobile Applications and Cloud Computing Mobile Applications and Cloud Computing 2015 Leonardo

Mobile Applications and Cloud Computing Mobile Applications and Cloud Computing 2015 Leonardo

Security aspects in Mobile Applications and Cloud Computing Mobile Applications and Cloud Computing 2015 Leonardo Aniello, Ph.D. aniello@dis.uniroma1.it Outline Security aspects in mobile applications Current situation Security

460 views • 30 slides
CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer Science http://www.cs.uccs.edu/~yzhuang UC. Colorado Springs CS5530 Ref. CN5E, NT@UW, WUSTL Android Location Interface 1. Request permission in

207 views • 10 slides
BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member Agenda 02 03 01 Network Security Internet socket in Aspects Permission in Android OS Marshmallow INTERNET PERMISSION IN MARSHMALLOW

584 views • 33 slides
Martini Recipes for Registration draft-kaplan-martini-shaken-implicit-registrations-00

Martini Recipes for Registration draft-kaplan-martini-shaken-implicit-registrations-00

Martini Recipes for Registration draft-kaplan-martini-shaken-implicit-registrations-00 draft-kaplan-martini-stirred-domain-registration-00 Why REGISTER? 1. We need the other things REGISTER already has: Path, sip-outbound, Service-Route,

370 views • 9 slides
SSVI a la Bergomi Stefano De Marco 1 , Claude Martini 2 1 Ecole Polytechnique 2 Zeliade Systems

SSVI a la Bergomi Stefano De Marco 1 , Claude Martini 2 1 Ecole Polytechnique 2 Zeliade Systems

Outline Reminder on SSVI Chriss-Morokoff-Gatheral-Fukasawa formula SSVI a la Bergomi SSVI a la Bergomi Stefano De Marco 1 , Claude Martini 2 1 Ecole Polytechnique 2 Zeliade Systems Jim Gatheral 60th birthday conference 1 / 30 Outline

802 views • 68 slides
Experimental status of neutrino scattering S.Bolognesi (T2K, CEA Saclay) 2/17 A hot topic...

Experimental status of neutrino scattering S.Bolognesi (T2K, CEA Saclay) 2/17 A hot topic...

Experimental status of neutrino scattering S.Bolognesi (T2K, CEA Saclay) 2/17 A hot topic... T2K Collaboration, Phys.Rev. D91 (2015) 7, 072010 e appearance Oscillation measurements in disappearance far detector constrained

344 views • 31 slides
Type Inference, Principal Typings, and Let-Polymorphism for First-Class Mixin Modules Henning

Type Inference, Principal Typings, and Let-Polymorphism for First-Class Mixin Modules Henning

Type Inference, Principal Typings, and Let-Polymorphism for First-Class Mixin Modules Henning Makholm and Joe Wells Technical University of Denmark and Heriot-Watt University ICFP05 Tallinn, Estonia September 27, 2005 U seful Work

1.26k views • 90 slides

More recommend