structural deficits in telco security
play

Structural deficits in Telco security Harald Welte - PowerPoint PPT Presentation

Jan 23, 2023 •475 likes •846 views

Symptoms Causes / Reasons Proposed Solution Structural deficits in Telco security Harald Welte <laforge@gnumonks.org> gnumonks.org hmw-consulting.de sysmocom GmbH March 20, 2012 / TelcoSecDay / Heidelberg Harald Welte

  1. Symptoms Causes / Reasons Proposed Solution Structural deficits in Telco security Harald Welte <laforge@gnumonks.org> gnumonks.org hmw-consulting.de sysmocom GmbH March 20, 2012 / TelcoSecDay / Heidelberg Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  2. Symptoms Causes / Reasons Proposed Solution Outline Symptoms 1 Causes / Reasons 2 Proposed Solution 3 Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  3. Symptoms Causes / Reasons Proposed Solution About the speaker Using + toying with Linux since 1994 Kernel / bootloader / driver / firmware development since 1999 IT security expert, focus on network protocol security Former core developer of Linux packet filter netfilter/iptables Board-level Electrical Engineering Always looking for interesting protocols (RFID, DECT, GSM) OpenEXZ, OpenPCD, Openmoko, OpenBSC, OsmocomBB, OsmoSGSN consulting/freelancing + sysmocom GmbH for custom-tailored GSM solutoins Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  4. Symptoms Causes / Reasons Proposed Solution Disclaimer This presentation is not intended to insult any participant No companies or individuals will be named However, the collective failure of the mobile industry cannot be ignored, sorry. Many of the issues we have today could have been avoided extremely easily, there really is no excuse... Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  5. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Telco vs. Internet-driven IT security mobile industry today has security practieses and procedures of the 20th century no proper incident response on RAN/CN no procedures for quick roll-out of new sw releases no requirements for software-upgradeability no interaction with hacker community no packet filtering / DPI / IDS on signalling traffic active hostility towards operators who want to do pentesting attempts to use legal means to stop researchers from publishing their findings this sounds like medieval times. We are in 2012 ?!? Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  6. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Real-world quotes The following slides indicate some quotes that I have heard over the last couple of years from my contacts inside the mobile industry. They are not made up! Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  7. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: Disclosure of Ki/K/OPC "we are sending our IMSI+Key lists as CSV files to the SIM card supplier in China" Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  8. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: RRLP "RRLP? What is that? We never heard about it!" Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  9. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: SIM OTA keys "we have no clue what remote accessible (OTA) features our sim cards have or what kind of keys were used during provisioning" Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  10. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: Malformed "we have never tried to intentionally send any malformed message to any of our equipment" Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  11. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: Roaming "We are seeing TCAP/MAP related attacks/fraud from Operator XYZ in Pakistan. However, it is more important that European travellers can roam into their network than it is for Pakistanis to roam into our network. Can you see while the roaming agreement was only suspended for two days?" Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  12. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: SIGTRAN IPsec "we are unable to mandate from our roaming partners that SIGTRAN links shall always go through IPsec - we don’t even know how to facilitate safe distribution of certificates between operators" Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  13. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: NodeB / IPsec "We mandated IPsec to be used for all of the (e)NodeB back-haul in our tender, the supplier still shipped equipment that didn’t comply to it. Do you think the CEO is going to cancel the contract with them for that?" Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  14. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: Government / independent study "Govt: We put out a tender for a study on overal operator network security in our country. Everyone who put in a bid is economically affiliated or dependent on one of the operators or equipment suppliers, so we knew the results were not worth much." Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  15. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: Technical Staff "15 years ago we still had staff that understood all those details. But today, you know, those experts are expensive - we laid them off." Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  16. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution Quote: Baseband chip vendor "We have no clue what version of our protocol stack with what modifications are shipped in which particular phones, or if/when the phone makers distribute updates to the actual phone population" Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  17. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution The A5/2 desaster Brief history August 2003: Barkan/Biham/Keller paper on instant ciphertext-only cryptanalysis of A5/2 April 2006: GSMA initiative to withdraw A5/2. Resistance mainly from north america . October 2006: SA WG3 formally requests removal of A5/2 from spec July 2007: Almost all operators have moved to A5/1 As long as phones support A5/2, semi-active down-grade attacks against A5/1 can be implemented! Three years incident response to update the spec! I’m not even talking about the time to update all equipment or until old equipment will be fully phased out. Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  18. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution The A5/1 desaster history repeats itself The industry did not learn from the A5/2 incident. History repeated itself: Kc generation was not changed between A5/1,2,3 as long as phones support A5/1, A5/3 can be broken with semi-active down-grade attacks just like A5/2 -> A5/1 before There is still no way to disable algorithms of devices in the field, not even by flags on the SIM card How can an entire industy be so resilient against learning? Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  19. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution The A5/3 desaster Nobody cares to implement it May 2002: A5/3 spec first released. Target: supported in handsets and networks in 2004. May 2007: SA WG3: lack of BSS vendors supporting A5/3 (5 years later!!!) January 2009: First discussions with phone makers on A5/3 interop tests November 2009: 10 handsets from 7 manufacturers being tested on a live A5/3 network After the track record of A5/2 and A5/3, they seem to be on a fast track to improve. Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  20. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution The overall algorithm desaster Advances in security require algorithms to be replaced and key lengths to grow Nobody in the GSM world seems to have realized such a basic cryptographic truth Infrastruture vendors reluctant to make algorithms software-upgradeable. They’d rather sell ten-thousands of new BTSs Operators never made it a requirement to do in-field algorithm upgrades. Why would they? Internet analogy: Who would ever want to use more than 40-bit RC4 encryption in his SSL implementation and upgrade that? Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

  21. Symptoms Real-world quotes Causes / Reasons Algorithm nightmares Proposed Solution 2009: GSMA starts to think November 2009, 3GPP TSG SA3 WG, GSMA Liaison Report: The meeting considered the need to ensure that future infrastructure algorithm updates will be exclusively software based About one decade too late for anyone with even remote knowledge of real-world cryptographic deployment Six years after the A5/2 cryptanalysis paper Seven years after A5/3 has been specified Harald Welte <laforge@gnumonks.org> Structural deficits in Telco security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking Telco equipment: The HLR/HSS Laurent Ghigonis P1 Security 2014, Hackito Ergo Sum - Security Conference What are we talking about ? A mobile

724 views • 59 slides
Are External Deficits Are External Deficits A Concern ? A Concern ? Professor Tony Makin

Are External Deficits Are External Deficits A Concern ? A Concern ? Professor Tony Makin

Are External Deficits Are External Deficits A Concern ? A Concern ? Professor Tony Makin Griffith Business School Gold Coast Australia 2 May 2006 Main Themes International Developments Major Concerns About External Deficits

398 views • 25 slides
Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison Telco/Internet Comparison Internet Telephone System no central authority central authority end systems in control network in control

1.07k views • 59 slides
Towards an Economic Valuation of Telco-based Valuation of Telco based Identity

Towards an Economic Valuation of Telco-based Valuation of Telco based Identity

Towards an Economic Valuation of Telco-based Valuation of Telco based Identity Management Enablers Enablers PrimeLife/IFIP Summer School 2010 Helsingborg, 2010-08-04 Kai Rannenberg, S ascha Koschinat, Andreas Albers, Gkhan

1.07k views • 60 slides
VAS Management Platform. Solution from TELCO to TELCO Powered by 1Click The fastest payment

VAS Management Platform. Solution from TELCO to TELCO Powered by 1Click The fastest payment

VAS Management Platform. Solution from TELCO to TELCO Powered by 1Click The fastest payment tool mVAS services can 4 Times 1Click payment conversion rate is higher generate than the standard flow credit card payment up to 5% of total

1.07k views • 18 slides
Agenda Telco and 5G Network Functions Virtualization OPNFV and Software Defined

Agenda Telco and 5G Network Functions Virtualization OPNFV and Software Defined

Agenda Telco and 5G Network Functions Virtualization OPNFV and Software Defined Everything with SUSE Realizing NFVI requirements Performance Demo Telco and 5G LTE Network Architecture Telco functions The infrastructure

748 views • 39 slides
When, Why, and How Do Deficits Matter? Daniel Shaviro, NYU Law School St. Francis College,

When, Why, and How Do Deficits Matter? Daniel Shaviro, NYU Law School St. Francis College,

When, Why, and How Do Deficits Matter? Daniel Shaviro, NYU Law School St. Francis College, September 9, 2016 1 Bad thinking about deficits, part 1 Micawber ( David Copperfield ): Annual income 20, annual expenditure 19, 19 &amp; 6, result

650 views • 19 slides
OPEN PLATFORM BaSED 5g On the road to THE Software telco Alex Jinsung Choi, Deutsche Telekom

OPEN PLATFORM BaSED 5g On the road to THE Software telco Alex Jinsung Choi, Deutsche Telekom

OPEN PLATFORM BaSED 5g On the road to THE Software telco Alex Jinsung Choi, Deutsche Telekom ONF Spotlight, Sept 2020 internal We observe accelerating market dynamics Altogether having the potential to disrupt the telco sector

277 views • 11 slides
PREPARE FOR EDGE SERVICES BY VIRTUALIZING YOUR CENTRAL OFFICE Ian Hood Hanen Garcia Chief

PREPARE FOR EDGE SERVICES BY VIRTUALIZING YOUR CENTRAL OFFICE Ian Hood Hanen Garcia Chief

PREPARE FOR EDGE SERVICES BY VIRTUALIZING YOUR CENTRAL OFFICE Ian Hood Hanen Garcia Chief Technologist Telco Solutions Manager Global Service Providers Red Hat Red Hat TELCO TRANSFORMATION IN THE ERA OF DIGITAL DISRUPTION Telco

312 views • 29 slides
How to build a telco in the cloud Why are we here? Currently, telcos... are seen merely as a

How to build a telco in the cloud Why are we here? Currently, telcos... are seen merely as a

How to build a telco in the cloud Why are we here? Currently, telcos... are seen merely as a wire-provider . o offer a few products, tightly coupled to their infrastructure. o aren't seen as tech-leaders in the cloud/software world.

316 views • 17 slides
The Challenge: Telco-grade Dependability with Extreme Agility Telecommunications Business

The Challenge: Telco-grade Dependability with Extreme Agility Telecommunications Business

ModelTalk : A Framework for Developing Domain Specific Executable Models Atzmon Hen-tov and Lior Schachter Pontis Ltd., Israel Joint Work With: David H. Lorenz The Open University of Israel The Challenge: Telco-grade Dependability with

431 views • 21 slides
Rui A. Costa Quality / Recognition Team 90% with a Master's degree ORGANOGRAM Organogram

Rui A. Costa Quality / Recognition Team 90% with a Master's degree ORGANOGRAM Organogram

Rui A. Costa Quality / Recognition Team 90% with a Master's degree ORGANOGRAM Organogram SECTORS &amp; R&amp;I TOPICS Sectors TELCO SOLUTIONS umeter.ubiwhere.com www.ubiwhere.com TELCO R&amp;I TELCO R&amp;I QoS/QoE EU PROJECTS |

496 views • 45 slides
Security and confidential computing axel simon office of the CTO enarx.io The Problem The

Security and confidential computing axel simon office of the CTO enarx.io The Problem The

Security and confidential computing axel simon office of the CTO enarx.io The Problem The Need for Confidentiality and Integrity Banking &amp; Finance Government &amp; Public Sector Telco IoT HIPAA GDPR

543 views • 53 slides
Deficits Have Fallen Sharply Since Recession cbpp.org cbpp.org 1 Center on Budget and Policy

Deficits Have Fallen Sharply Since Recession cbpp.org cbpp.org 1 Center on Budget and Policy

Center on Budget and Policy Priorities Deficits Have Fallen Sharply Since Recession cbpp.org cbpp.org 1 Center on Budget and Policy Priorities Deficit Reduction Achieved Through Legislation Major legislation has reduced projected deficits

360 views • 10 slides
Structural isomer Background. Structural isomerism Structural isomerism at nanoscale.

Structural isomer Background. Structural isomerism Structural isomerism at nanoscale.

Structural isomer Background. Structural isomerism Structural isomerism at nanoscale. Resolving structure reveals structure property correlation and guidance for synthesizing functional material. Au 24 (SCH2Ph-tBu) 20 and Au 24

369 views • 11 slides
Advanced use of databases in the hybrid structural research: PDB Department of Structural and

Advanced use of databases in the hybrid structural research: PDB Department of Structural and

Kristina Djinovi -Carugo Advanced use of databases in the hybrid structural research: PDB Department of Structural and Computational Biology Max Perutz Labs University of Vienna Austria EMBO Global WS: Structural and biophysical methods

860 views • 66 slides
Telecom Security - lessons learned (or not)? Personal review on the last 7 years Harald Welte

Telecom Security - lessons learned (or not)? Personal review on the last 7 years Harald Welte

Telecom Security - lessons learned (or not)? Personal review on the last 7 years Harald Welte hardwear.io 2015 Keynote Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 1 / 37 About Linux

544 views • 37 slides
Project-team OPALE INRIA Sophia-Antipolis Mditerrane and Rhne-Alpes Scientific Themes

Project-team OPALE INRIA Sophia-Antipolis Mditerrane and Rhne-Alpes Scientific Themes

Project-team OPALE Optimization and control, numerical algorithms and integration of complex multidisciplinary systems governed by PDEs Jean-Antoine DESIDERI Project-team OPALE INRIA Sophia-Antipolis Mditerrane and Rhne-Alpes

996 views • 33 slides
Summarization: Overview Ling573 Systems &amp; Applications April 2, 2015 Roadmap

Summarization: Overview Ling573 Systems &amp; Applications April 2, 2015 Roadmap

Summarization: Overview Ling573 Systems &amp; Applications April 2, 2015 Roadmap Deliverable #1 Dimensions of the problem A brief history: Shared tasks &amp; Summarization Architecture of a Summarization system

1.26k views • 91 slides
The Evolution of Nuclear Security: From Sites to Summitry 23rd WiN Global Annual Conference:

The Evolution of Nuclear Security: From Sites to Summitry 23rd WiN Global Annual Conference:

The Evolution of Nuclear Security: From Sites to Summitry 23rd WiN Global Annual Conference: Women in Nuclear Meet Atoms for Peace Ms. Corey Hinderstein Senior Coordinator for the Nuclear Security Summit and Nonproliferation Policy Affairs

605 views • 12 slides
Jefferson County Sheriffs Office A few slides. Thanks to Sheriff Jeff Shrader Mark

Jefferson County Sheriffs Office A few slides. Thanks to Sheriff Jeff Shrader Mark

Jefferson County Sheriffs Office A few slides. Thanks to Sheriff Jeff Shrader Mark Techmeyer Jenny Fulton, PIO Jefferson County S.O. Staff Our spiritual homes are special places that nourish our souls. Indeed, we take a

1.11k views • 61 slides
ACT-IAC Evolving the Workforce COI July 9, 2020 ACT-IAC Evolving the Workforce COI Leadership

ACT-IAC Evolving the Workforce COI July 9, 2020 ACT-IAC Evolving the Workforce COI Leadership

ACT-IAC Evolving the Workforce COI July 9, 2020 ACT-IAC Evolving the Workforce COI Leadership Team Andrew McCoy, Industry Chair Terri Shaffer, Government Chair Christina Vay, Government Vice-Chair Ronna Garrett, Industry Vice-Chair Robert

389 views • 16 slides
KREONET SOFTWARIZATION - KREONET SD-WAN Deployment based on ONOS- Dongkyun Kim, KISTI

KREONET SOFTWARIZATION - KREONET SD-WAN Deployment based on ONOS- Dongkyun Kim, KISTI

KREONET SOFTWARIZATION - KREONET SD-WAN Deployment based on ONOS- Dongkyun Kim, KISTI mirr@kisti.re.kr Open Networking Summit 2016 Introduction &amp; Background KREONET -S* as the Next KREONET Deployment Status of KREONET -S*

490 views • 25 slides
Fermilab LBNF CF Far Detector BSI Facilities Engineering Services Section 8/26/2015

Fermilab LBNF CF Far Detector BSI Facilities Engineering Services Section 8/26/2015

WIRING DEVICES POWER SINGLE LINE DIAGRAM FIRE ALARM SYMBOLS ABBREVIATIONS ABBREVIATIONS SYMBOL DESCRIPTION SYMBOL DESCRIPTION SYMBOL DESCRIPTION SYMBOL DESCRIPTION SYMBOL DESCRIPTION SYMBOL DESCRIPTION R A, AMP AMPERE OC ON

313 views • 10 slides

More recommend