Scribd Logo
Upload

Welcome to Scribd!

  • Putting LTE Security Functions To The Test:: A Framework To Evaluate Implementation Correctness

    Uploaded by

    Ashish Gupta
    33 views42 pages

    Original Title

    LTE

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    33 views42 pages

    Putting LTE Security Functions To The Test:: A Framework To Evaluate Implementation Correctness

    Uploaded by

    Ashish Gupta

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 42

    Putting LTE Security Functions to the Test:

    A Framework to Evaluate Implementation Correctness


    David Rupprecht Kai Jansen Christina Pöpper
    Ruhr-University Bochum Ruhr-University Bochum NYU Abu Dhabi
    More than 8 billion mobile subscribers
    estimated for 2019 [1]

    Image source: http://www.mypostcard.com/blog/wp-content/uploads/2015/06/mypostcard_app_iphone_reise_travel.jpg


    Image source: http://www.blogcdn.com/slideshows/images/slides/279/787/9/S2797879/slug/l/vacation-1.jpg 3
    Eavesdropping of
    unencrypted data
    4
    LTE provides
    mutual authentication
    and encryption
    5
    Implementation flaw:
    Undermine LTE security 6
    Putting LTE Security Functions to the Test

    Implementation Eavesdropping Testing security


    flaws in LTE on private functions of
    devices information devices

    7
    LTE Architecture
    Communication Establishment and Security Algorithms
    LTE Architecture
    User Equipment

    UE

    9
    LTE Architecture
    Evolved Node B

    UE
    eNodeB

    10
    LTE Architecture
    Mobility Management Entity

    UE
    eNodeB

    MME

    11
    LTE Architecture
    Home Subscriber Server

    HSS

    UE
    eNodeB

    MME

    12
    LTE Architecture
    E-UTRAN EPC

    Internet
    HSS

    UE
    eNodeB

    MME

    Access Stratum (AS)


    Non-Access Stratum (NAS)
    13
    Security Procedures

    UE eNodeB MME HSS


    1a. Authentication and Key Agreement 1b. Authentication
    Information Request
    2. NAS Security Mode Command (EEAX, EIAX)

    3. AS Security Mode
    Command (EEAX, EIAX)

    14
    Security Algorithms

    UE eNodeB MME HSS


    1a. Authentication and Key Agreement 1b. Authentication
    Information Request
    2. NAS Security Mode Command (EEAX, EIAX)

    3. AS Security Mode
    Command (EEAX, EIAX)

    Security algorithms are


    selected by the provider

    15
    Security Algorithms

    UE eNodeB MME HSS


    1a. Authentication and Key Agreement 1b. Authentication
    Information Request
    2. NAS Security Mode Command (EEAX, EIAX)

    3. AS Security Mode
    Encoding Integrity Ciphering Algorithm
    Command (EEAX, EIAX)
    X000X000 EIA0 EEA0 NULL
    X001X001 128-EIA1 128-EEA1 SNOW3G
    Security algorithms are X010X010 128-EIA2 128-EEA2 AES
    selected by the provider
    X011X011 128-EIA3 128-EEA3 ZUC
    16
    Security Algorithms

    UE Null Algorithms:
    eNodeB
    1a. Authentication and Key Agreement
    MME
    1b. Authentication
    HSS

    No Security
    2. NAS Security Mode Command (EEAX, EIAX)
    Information Request

    3. AS Security Mode
    Encoding Integrity Ciphering Algorithm
    Command (EEAX, EIAX)
    X000X000 EIA0 EEA0 NULL
    X001X001 128-EIA1 128-EEA1 SNOW3G
    Security algorithms are X010X010 128-EIA2 128-EEA2 AES
    selected by the provider
    X011X011 128-EIA3 128-EEA3 ZUC
    17
    NULL Algorithms

    Null Integrity:
    Emergency calls even
    when no key is available
    Encoding Integrity Ciphering Algorithm
    X000X000 EIA0 EEA0 NULL

    Image source: https://www.percona.com/sites/default/files/icons/emergency.png 18


    NULL Algorithms

    Null Encryption:
    1. Ciphering indicator
    2. SIM card flag
    3. User interface
    Encoding Integrity Ciphering Algorithm
    X000X000 EIA0 EEA0 NULL

    19
    Framework
    Design and Tests
    Baseband
    Security functions are
    implemented on the Baseband

    • Processor for communication:


    Qualcomm, HiSilicon, Mediatek, Samsung
    • (Proprietary) Baseband is
    always exposed

    21
    Approach

    Reverse Engineering

    CMP r0, r1
    ADDGE r2, r2, r3
    ADDLT r2, r2, r4

    22
    Approach

    Test Cases Test Cases


    Fuzzing of input Validation of output

    Reverse Engineering

    CMP r0, r1
    ADDGE r2, r2, r3
    ADDLT r2, r2, r4

    23
    Approach

    Test Cases Test Cases


    Fuzzing of input Validation of output

    Reverse Engineering
    Design Criteria
    • Low-cost CMP r0, r1
    • Automated testing ADDGE r2, r2, r3
    ADDLT r2, r2, r4
    • Portability
    24
    Approach
    Fuzzing (our choice)
    Test Cases Test Cases
    Fuzzing of input Validation of output

    Reverse Engineering
    Design Criteria
    • Low-cost CMP r0, r1
    • Automated testing ADDGE r2, r2, r3
    ADDLT r2, r2, r4
    • Portability
    25
    Tests
    • Undefined Values
    • Sequence of Messages
    • Ciphering Indicator with Null Encryption

    Encoding Integrity Ciphering Algorithm eNodeB MME


    UE
    3. AS Security Mode
    X000X000 EIA0 EEA0 NULL
    Command (EEAX, EIAX)
    X011X011 128-EIA3 128-EEA3 ZUC
    1. Authentication and Key Agreement
    X100X100 EIA4 EEA4 Not specified
    2. NAS Security Mode Command (EEAX, EIAX)
    … … … …

    26
    Framework Architecture

    27
    Framework Architecture

    28
    Framework Architecture

    29
    Framework Architecture

    30
    Framework Architecture

    Low-Cost Hardware
    • Ettus B2X0
    • BladeRF
    • LimeSDR
    Evaluation
    Analysis Results
    Results
    None of the devices show the
    Ciphering Indicator

    33
    Results
    Null Integrity Algorithm:
    Normal data connections

    34
    Results

    Commercial
    UE Attacker Network
    1. Authentication and Key Agreement 1. Authentication and Key Agreement

    2. NAS Security Mode Command (EEA0, EIA0)

    3. AS Security Mode Command (EEA0, EIA0)

    35
    Conclusion
    Conclusion
    Implementation Flaws can
    Undermine the LTE Security

    • No Ciphering Indicator
    • Authentication procedure

    Attacker

    37
    Conclusion
    Implementation Flaws can LTE Security Testing
    Undermine the LTE Security Framework

    • No Ciphering Indicator • Low-cost


    • Authentication procedure • Software Defined Radio
    • Automated testing
    • Logical implementation flaws

    Attacker

    38
    Conclusion
    Implementation Flaws can LTE Security Testing Standard Test of Security
    Undermine the LTE Security Framework Functions

    • No Ciphering Indicator • Low-cost • Standard Radio Testing


    • Authentication procedure • Software Defined Radio • Standard Security Testing
    • Automated testing
    • Logical implementation flaws Test Cases Test Cases

    Attacker

    39
    Thank You! Questions?
    Implementation Flaws can LTE Security Testing Standard Test of Security
    Undermine the LTE Security Framework Functions

    • No Ciphering Indicator • Low-cost • Standard Radio Testing


    • Authentication procedure • Software Defined Radio • Standard Security Testing
    • Automated testing
    • Logical implementation flaws Test Cases Test Cases

    Attacker

    40
    UE HSS
    eNodeB MME
    K K
    Attach Request
    (IMSI)

    1. Authentication and Key Agreement 1. Authentication Information Request


    (IMSI)
    2. Authentication Information Answer
    3. Authentication Request
    (RAND, XRES, AUTN, KAMSE)
    (RAND, AUTN)
    a) Check AUTN
    b) Compute RES
    c) Compute K AMSE
    4.Authentication Response
    (RES)
    Check RES == XRES

    2. NAS Security Mode Command


    1. NAS Security Mode Command
    (EIA, EEA, MAC(EIA,EEA))

    2. NAS Security Mode Complete


    MAC()

    3. RRC Security Mode Command


    1. Initial Context Setup
    2. RRC Security Mode Command (KeNodeB)
    (EIA, EEA, MAC(EIA,EEA))
    3. RRC Security Mode Complete
    MAC()

    Attach Accept
    Attach Complete
    Backup

    You might also like