CIS 6930 - Cellular and Mobile Network Security: Phreaking and Eavesdropping Professor Patrick Traynor 11/15/18 Florida Institute for Cybersecurity (FICS) Research
Closing Notes Remember, 50% of the course grade comes from this project. • So how do you do well? • Practice your presentation. ‣ Be ready for tough questions. ‣ Work very hard on the presentation within the final report. ‣ Tell me something I don’t already know. ‣ Impress me with your effort. ‣ Please take the course survey! • Florida Institute for Cybersecurity (FICS) Research 2
You’re Pretty Lucky… • Few universities have courses that describe the inner workings of our telephony infrastructure. • We’ve learned a lot this semester! • How did people learn about these systems before classes like this? Florida Institute for Cybersecurity (FICS) Research 3
Let’s Set the Stage… • For a long time, there was only one network: American Telephone and Telegraph. • Calls were expensive! • From the outside, nobody understood how the system worked. • Interested in learning more, some clever folks started to probe. • Let’s learn more! Florida Institute for Cybersecurity (FICS) Research 4
Phreaks Florida Institute for Cybersecurity (FICS) Research 5
Secrets of the Little Blue Box What is in-band signaling? • Why would a network be designed in this fashion? • Name a network core that supported in-band signaling. • Florida Institute for Cybersecurity (FICS) Research 6
The Exploit How did phone Phreaks take advantage of in-band signaling? • What does a Blue Box do? • How did Phreaks learn to exploit the network? • Florida Institute for Cybersecurity (FICS) Research 7
The Reality What happened to all the Phreaks? • What did the networks do to effectively end their activities? • Is this the last we’ll hear about in-band signaling? • Florida Institute for Cybersecurity (FICS) Research 8
Want to Learn More? • Phil Lapsley’s “Exploding the Phone” is a great and detailed history of phreaking. • You can watch a his talk at USENIX Security 2014 here: https://www.usenix.org/conference/ usenixsecurity14/technical-sessions/ presentation/phone-phreaks-what- we-can-learn-first Florida Institute for Cybersecurity (FICS) Research 9
Eavesdropping Florida Institute for Cybersecurity (FICS) Research 10
Review of PSTN DTMF Florida Institute for Cybersecurity (FICS) Research 11
Wiretapping DTMF Alice LEA Florida Institute for Cybersecurity (FICS) Research 12
Wiretapping Legal History • The advent of the telephone created important legal questions. • Is there a right to privacy ? What are the expectations? • Core thoughts on “the right to be let alone” were by Justice Louis Brandeis. • Olmstead v United States (1928) gave LEOs the right to wiretap. • Supreme Court reversed Olmstead in 1968 (Katz v United States). • Justice Brandeis’ ruling remains the foundational legal opinion on this topic. • While others sometimes argue for much lower barriers, overturning these protections would be extremely difficult. Florida Institute for Cybersecurity (FICS) Research 13
Wiretapping and US Law Pen Register / Dialed Number Recorder (DNR) • Captures dialed digits and signaling information • Full Audio Interception (Title III or FISA) • Captures signaling information plus call audio • Typically only authorized for particular a party • More laborious; higher standard of proof and judicial scrutiny • Florida Institute for Cybersecurity (FICS) Research 14
Communications Assistance for Law Enforcement Act (CALEA) Mandates a standard (J-STD-025A) between TSP and LEAs • Data separated into two channels: • Call Data Channel (CDC) • • Signaling data: call times, numbers dialed, line status, etc Call Content Channel (CCC) • • Live audio Channels can be sent over POTS line, ISDN, or IP • Florida Institute for Cybersecurity (FICS) Research 15
VoIP and CALEA • Traffic on IP networks can be intercepted without a warrant. • What is the implication for voice traffic carried on IP networks? • Traditional voice telephony is not end-to-end encrypted, but VoIP sometimes is… • Is there a requirement to implement CALEA compliance into VoIP apps? • Some apps are highly suspected to provide such compliance (e.g., Skype). • So, should VoIP providers play ball? Florida Institute for Cybersecurity (FICS) Research 16
Law Enforcement Perspective Florida Institute for Cybersecurity (FICS) Research 17
Civil Liberties Perspective Florida Institute for Cybersecurity (FICS) Research 18
Key Escrow • What if law enforcement could get access to encrypted calls when they really needed it? • What mechanism would allow them to “break” your crypto? • Key escrow schemes provide a “trusted entity” (e.g., a judge) with a cryptographic key that can be used only when necessary. • Work in the late 80s/early 90s resulted in the developed the first deployable key escrow system, the Clipper chip. • 3600E (right) was sold by AT&T, primarily to government from 1992-1993. Florida Institute for Cybersecurity (FICS) Research 19
Key Escrow: A Fair Compromise? • All encrypted communications would have a backdoor. • With that key kept only by a trusted party, abuse could be minimized. • Just like traditional legal wiretapping, a judge would have to allow eavesdropping to occur… • People and businesses could still rely on strong encryption to protect their communications. • What’s not to like? • The. Devil. Is. In. The. Details… Florida Institute for Cybersecurity (FICS) Research 20
Key Escrow: Clipper Details 1. DH Key Exchange 2. Generate LEAF from K 2. Generate LEAF from K 3. Load/Verify LEAF, IV 4. Transmit LEAF, IV 5. Load/Verify LEAF, IV 6. Encrypted Voice Communication Florida Institute for Cybersecurity (FICS) Research 21
Clipper LEAF Generation • Skipjack (classified at the time) served as the core of LEAF generation. • Unit Key split into two parts, kept by two different federal agencies. • Encrypted key paired with Unit ID and 16-bit Checksum. • This entire data structure is Skipjack encrypted, creating the LEAF. Florida Institute for Cybersecurity (FICS) Research 22
Clipper Problems • LEAF integrity only protected by 16-bit field. • We can easily brute force this value, ensuring that everything “checks out” while the LEO can’t decrypt the session key. • Maybe we could fix this by… • … increasing the CRC size? • … restrict devices only to trusted parties? Florida Institute for Cybersecurity (FICS) Research 23
Key Escrow: General Problems • Keys under doormats • Goes against best practices including forward secrecy. • Makes systems far more complex, and likely vulnerable. • Concentrated targets (key repositories) would attract powerful adversaries. • These problems are fundamental. • There are no easy technical solutions . Florida Institute for Cybersecurity (FICS) Research 24
Key Escrow: Recent Proposals • Ray Ozzie proposed the “Clear” key escrow system in 2018. • Each phone receives a public key, and a copy of the private key is kept by the phone maker. • Passcode encrypted with the public key, and LEO can recover it with a warrant. • Ozzie’s proposal has a number of technical and practical problems. • Ozzie tries to move the technical discussion forward in this proposal, arguing that a lack of any solution may itself be a problem. • “The reason so few of us are willing to bet on massive-scale key escrow systems is that we've thought about it and we don't think it will work.” -Matt Green Florida Institute for Cybersecurity (FICS) Research 25
Weaknesses in CALEA Infrastructure • Now that we have this infrastructure in place, how secure is it? • That’s a little hard to measure - access to CALEA infrastructure is extremely difficult to obtain. • Turns out, you need the right team and most of what we’ve talked about in this lecture to learn more. Florida Institute for Cybersecurity (FICS) Research 26
Loop Extender Florida Institute for Cybersecurity (FICS) Research 27
Wiretapping Reliability Assume end-to-end (bilateral techniques), e.g., encryption, are not used. • Can we trust wiretapping transcripts and audio? • Florida Institute for Cybersecurity (FICS) Research 28
Dialed Digit Spoofing Evasion: use tolerance accepted by switch, but ignored by wiretap • Confusion: use tolerance not accepted by switch, but processed by wiretap • Eavesdropper's Dilemma: wiretap will either be more or less sensitive than • switch If less sensitive, vulnerable to evasion • If more sensitive, vulnerable to confusion • Florida Institute for Cybersecurity (FICS) Research 29
Loop Extender Weaknesses Use in-band signaling • Do not authenticate control data (e.g., C-tones) • Are inherently unreliable • Florida Institute for Cybersecurity (FICS) Research 30
Serious Criminal Enterprise Florida Institute for Cybersecurity (FICS) Research 31
Implications In some systems, caller or called-party can disrupt interception • Recording suppression • In some cases, caller or called-party can mislead interceptors • DTMF confusion and evasion • Florida Institute for Cybersecurity (FICS) Research 32
Recommend
More recommend