putting lte security functions to the test: a framework to evaluate
TRANSCRIPT
![Page 1: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/1.jpg)
Putting LTE Security Functions to the Test:
A Framework to Evaluate Implementation Correctness
Kai Jansen
Ruhr-University Bochum
David Rupprecht
Ruhr-University Bochum
Christina Pöpper
NYU Abu Dhabi
![Page 2: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/2.jpg)
More than 8 billion mobile subscribers
estimated for 2019 [1]
Image source: http://www.mypostcard.com/blog/wp-content/uploads/2015/06/mypostcard_app_iphone_reise_travel.jpg
![Page 3: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/3.jpg)
3Image source: http://www.blogcdn.com/slideshows/images/slides/279/787/9/S2797879/slug/l/vacation-1.jpg
![Page 4: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/4.jpg)
4
Eavesdropping of
unencrypted data
![Page 5: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/5.jpg)
5
LTE provides
mutual authentication
and encryption
![Page 6: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/6.jpg)
6
Implementation flaw:
Undermine LTE security
![Page 7: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/7.jpg)
7
Implementation flaws in LTE
devices
Eavesdroppingon private information
Testing securityfunctions of
devices
Putting LTE Security Functions to the Test
![Page 8: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/8.jpg)
LTE Architecture
Communication Establishment and Security Algorithms
![Page 9: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/9.jpg)
9
LTE Architecture
User Equipment
UE
![Page 10: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/10.jpg)
10
LTE Architecture
eNodeB
Evolved Node B
UE
![Page 11: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/11.jpg)
11
LTE Architecture
Mobility Management Entity
eNodeB
MME
UE
![Page 12: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/12.jpg)
12
LTE Architecture
eNodeB
Home Subscriber Server
HSS
MME
UE
![Page 13: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/13.jpg)
13
LTE Architecture
E-UTRAN EPC
MME
HSS
eNodeB
Internet
Access Stratum (AS)Non-Access Stratum (NAS)
UE
![Page 14: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/14.jpg)
14
Security Procedures
eNodeBUE HSSMME
1a. Authentication and Key Agreement
2. NAS Security Mode Command (EEAX, EIAX)
3. AS Security Mode
Command (EEAX, EIAX)
1b. Authentication
Information Request
![Page 15: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/15.jpg)
15
Security Algorithms
eNodeBUE HSSMME1a. Authentication and Key Agreement
2. NAS Security Mode Command (EEAX, EIAX)
3. AS Security Mode
Command (EEAX, EIAX)
1b. Authentication
Information Request
Security algorithms are
selected by the provider
![Page 16: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/16.jpg)
16
Security Algorithms
eNodeBUE HSSMME1a. Authentication and Key Agreement
2. NAS Security Mode Command (EEAX, EIAX)
3. AS Security Mode
Command (EEAX, EIAX)
1b. Authentication
Information Request
Encoding Integrity Ciphering Algorithm
X000X000 EIA0 EEA0 NULL
X001X001 128-EIA1 128-EEA1 SNOW3G
X010X010 128-EIA2 128-EEA2 AES
X011X011 128-EIA3 128-EEA3 ZUC
Security algorithms are
selected by the provider
![Page 17: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/17.jpg)
17
Security Algorithms
eNodeBUE HSSMME1a. Authentication and Key Agreement
2. NAS Security Mode Command (EEAX, EIAX)
3. AS Security Mode
Command (EEAX, EIAX)
1b. Authentication
Information Request
Encoding Integrity Ciphering Algorithm
X000X000 EIA0 EEA0 NULL
X001X001 128-EIA1 128-EEA1 SNOW3G
X010X010 128-EIA2 128-EEA2 AES
X011X011 128-EIA3 128-EEA3 ZUC
Null Algorithms:
No Security
Security algorithms are
selected by the provider
![Page 18: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/18.jpg)
18
NULL Algorithms
Encoding Integrity Ciphering Algorithm
X000X000 EIA0 EEA0 NULL
Null Integrity:
Emergency calls even
when no key is available
Image source: https://www.percona.com/sites/default/files/icons/emergency.png
![Page 19: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/19.jpg)
19
NULL Algorithms
Encoding Integrity Ciphering Algorithm
X000X000 EIA0 EEA0 NULL
Null Encryption:
1. Ciphering indicator
2. SIM card flag
3. User interface
![Page 20: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/20.jpg)
Framework
Design and Tests
![Page 21: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/21.jpg)
21
Baseband
• Processor for communication: Qualcomm, HiSilicon, Mediatek, Samsung
• (Proprietary) Baseband is always exposed
Security functions are
implemented on the Baseband
![Page 22: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/22.jpg)
22
Approach
Reverse Engineering
CMP r0, r1ADDGE r2, r2, r3ADDLT r2, r2, r4
![Page 23: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/23.jpg)
23
Approach
Test Cases Test Cases
Fuzzing of input Validation of output
Reverse Engineering
CMP r0, r1ADDGE r2, r2, r3ADDLT r2, r2, r4
![Page 24: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/24.jpg)
24
Approach
Test Cases Test Cases
Fuzzing of input Validation of output
Design Criteria
• Low-cost
• Automated testing
• Portability
Reverse Engineering
CMP r0, r1ADDGE r2, r2, r3ADDLT r2, r2, r4
![Page 25: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/25.jpg)
25
Approach
Test Cases Test Cases
Fuzzing of input Validation of output
Reverse Engineering
CMP r0, r1ADDGE r2, r2, r3ADDLT r2, r2, r4
Fuzzing (our choice)
Design Criteria
• Low-cost
• Automated testing
• Portability
![Page 26: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/26.jpg)
26
Tests
Encoding Integrity Ciphering Algorithm
X000X000 EIA0 EEA0 NULL
X011X011 128-EIA3 128-EEA3 ZUC
X100X100 EIA4 EEA4 Not specified
… … … …
• Undefined Values
• Sequence of Messages
• Ciphering Indicator with Null Encryption
eNodeBUE
MME
1. Authentication and Key Agreement
2. NAS Security Mode Command (EEAX, EIAX)
3. AS Security Mode
Command (EEAX, EIAX)
![Page 27: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/27.jpg)
27
Framework Architecture
![Page 28: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/28.jpg)
28
Framework Architecture
![Page 29: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/29.jpg)
29
Framework Architecture
![Page 30: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/30.jpg)
30
Framework Architecture
![Page 31: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/31.jpg)
Framework Architecture
Low-Cost Hardware
• Ettus B2X0
• BladeRF
• LimeSDR
![Page 32: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/32.jpg)
Evaluation
Analysis Results
![Page 33: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/33.jpg)
33
ResultsNone of the devices show the
Ciphering Indicator
![Page 34: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/34.jpg)
34
ResultsNull Integrity Algorithm:
Normal data connections
![Page 35: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/35.jpg)
35
Results
CommercialNetworkUE
1. Authentication and Key Agreement
2. NAS Security Mode Command (EEA0, EIA0)
3. AS Security Mode Command (EEA0, EIA0)
1. Authentication and Key Agreement
Attacker
![Page 36: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/36.jpg)
Conclusion
![Page 37: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/37.jpg)
37
Conclusion
Implementation Flaws can
Undermine the LTE Security
• No Ciphering Indicator
• Authentication procedure
Attacker
![Page 38: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/38.jpg)
38
Conclusion
LTE Security Testing
Framework
• Low-cost
• Software Defined Radio
• Automated testing
• Logical implementation flaws
Implementation Flaws can
Undermine the LTE Security
• No Ciphering Indicator
• Authentication procedure
Attacker
![Page 39: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/39.jpg)
39
Conclusion
Standard Test of Security
Functions
• Standard Radio Testing
• Standard Security Testing
LTE Security Testing
Framework
• Low-cost
• Software Defined Radio
• Automated testing
• Logical implementation flaws
Implementation Flaws can
Undermine the LTE Security
• No Ciphering Indicator
• Authentication procedure
Attacker
Test Cases Test Cases
![Page 40: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/40.jpg)
40
Thank You! Questions?
Standard Test of Security
Functions
• Standard Radio Testing
• Standard Security Testing
LTE Security Testing
Framework
• Low-cost
• Software Defined Radio
• Automated testing
• Logical implementation flaws
Implementation Flaws can
Undermine the LTE Security
• No Ciphering Indicator
• Authentication procedure
Attacker
Test Cases Test Cases
![Page 41: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/41.jpg)
UEK
MMEHSS
K
1. Authentication Information Request(IMSI)
2. Authentication Information Answer(RAND, XRES, AUTN, KAMSE)
a) Check AUTNb) Compute RESc) Compute K AMSE
Check RES == XRES
eNodeB
1. Authentication and Key Agreement
Attach Request(IMSI)
2. NAS Security Mode Command
3. RRC Security Mode Command
1. NAS Security Mode Command(EIA, EEA, MAC(EIA,EEA))
2. NAS Security Mode CompleteMAC()
3. Authentication Request(RAND, AUTN)
4.Authentication Response(RES)
1. Initial Context Setup(KeNodeB)2. RRC Security Mode Command
(EIA, EEA, MAC(EIA,EEA))
3. RRC Security Mode CompleteMAC()
Attach Accept
Attach Complete
![Page 42: Putting LTE Security Functions to the Test: A Framework to Evaluate](https://reader031.vdocuments.site/reader031/viewer/2022021923/5866ab6e1a28ab7d408b89d9/html5/thumbnails/42.jpg)
Backup