how secure are your volte and vowifi calls
play

How secure are your VoLTE and VoWiFi calls? Priya Chalakkal 1 - PowerPoint PPT Presentation

Mar 03, 2023 •443 likes •1.08k views

How secure are your VoLTE and VoWiFi calls? Priya Chalakkal 1 About me : Priya Chalakkal o ERNW GmbH, , Heidelberg rg o Loves telco, pcaps, binaries, logs, protocols and all security stuff in general. o Completed Masters in Security and

  1. How secure are your VoLTE and VoWiFi calls? Priya Chalakkal 1

  2. About me : Priya Chalakkal o ERNW GmbH, , Heidelberg rg o Loves telco, pcaps, binaries, logs, protocols and all security stuff in general. o Completed Masters in Security and Privacy from TU, Berlin and UNITN, Trento. o https://priyachalakkal.wordpress.com/ o https://insinuator.net/ 2

  3. Agenda o Introduction o Fundamentals o PART1: Attacks on OpenIMS (without IPSec) o PART2: Attacks on real telecom providers (with IPSec) o Demo o Mitigation 3 3

  4. Introduction - Telephony Circuit cuit Switc tche hed Pa Pack cket et Switc itched hed PSTN : Public Switched Telephone Data sent as Packets o o Networks Protocol stack: TCP/IP o Dedicated circuit – “ Channel ” Eg:- Internet o o Roots tracked back to 1876 For voice - VoIP o o o Graham Bell got the first patent 4

  5. Introduction - VoIP 5

  6. Introduction – VoLTE/VoWiFi VoLTE SK Telecom and LG U+Objective South Korea – o 2012 Vodafone Germany – VoLTE – March 2015 o VoWiFi: Telekom Germany – VoWiFi – May 2016 o WiFi Calling o 6

  7. FUNDAMENTALS 7

  8. History of Mobile Communication o GSM (2G) Relies on Circuit Switching o Supports only Voice and SMS o o GPRS Circuit – voice and SMS o Packet – Data o o UMTS (3G) Similar to GPRS o Other network elements evolved o 8

  9. Voice and 4G o LTE (4G): Supports only packet switching o Voi oice ce - VoL oLTE o Circuit uit Switc tche hed Fall l Back (CSFB) B) For voice, fall back to circuit switched o networks. o Other approaches Simultaneous voice and LTE o etc.. 9

  10. BACKGROUND 10 Source: https://en.wikipedia.org/wiki/System_Architecture_Evolution

  11. VoLTE Stack 11

  12. IMS – IP Multimedia Subsystem o Backend: IMS Core IP Multimedia Subsystem o Call session control functions (CSCF) o o P-CSCF o S-CSCF o I-CSCF 12

  13. IMS 13

  14. IMS Signaling SIP - Session n Initia tiation tion Protocol Similar to HTTP (text based) o TCP or UDP o Contains SDP o o Session Description Protocol o Describing multimedia session o Eg:- audio/video type 14

  15. SIP call session 15

  16. 16

  17. PART1: Attacking OpenIMS 17

  18. Requirements OpenIMS o SIP Proxy o Viproy toolkit for Attack1 o IMS clients – twinkle (in ubuntu), boghe (in o windows) 18

  19. 19

  20. Attack modeling o VoLTE and VoWiFi makes use of SIP o This is experimental tests on OpenIMS with desktop clients o Mainly SIP header injection o Without IPSec in any communication o Both attacker and victim is a registered user. 20

  21. Attack1: MSRP o MSRP – protocol for transmission of series of fuzzing related instant messages in context of communication session o Evil sends fuzzed input in one of the MSRP header field to Alice a= a=file le-sele lector:nam name :”AAAAAAAAAAA…” o o This is an automated test vector in Viproy toolkit. 21

  22. Result 1 o Crashes the IMS client of Receiver (Boghe IMS client is used in this case) o Neither IMS nor client performed input validation. 22

  23. Result1: MSRP fuzzing 23 Source: Fatih Ozvaci- Voip wars: The phreakers awaken

  24. Attack2: Location manipulation o P-Access-Network-Info - defines the user location in the access network o Contains information such as: Mobile Network Code (MNC) o Mobile Country Code (MCC) o Local Area Code (LAC) o Cell Identifier o o The attacker sends an INVITE request to Alice with a crafted location. 24

  25. Result2 o Modified P-Access-Network-Info is accepted by IMS and sent to Alice o No cross validation with HSS for user location. o Can evade lawful wful inte tercep rcepti tion techniq nique ues. o NOT about privacy 25

  26. Attack3: Roaming Information o P-Visited-Network-ID header field that decides the access network that serves the user. o Attacker sends a REGISTER request to IMS with an pre-added P-Visited-Network-ID header. 26

  27. Result3 o P-CSCF just appends the network identity to the existing header field o Attacker can use this to make his roaming calls as local calls Output from S-CSCF packet dump: P-Visited-Network-ID: open-ims_fake.test, open-ims.test 27

  28. Attack4: Extra header field o SIP protocol is an extensible protocol Allows to add customized header fields o o Evil sends an INVITE request to Alice containing a custom header field X-Header 28

  29. Result4 29 Source https://insinuator.net/2017/02/exploitation-of-ims-in-absence-of-confidentiality-and-integrity-protection/

  30. More attack possibilities o Spoofing o Injection – XML, SQL, o Denial of Service o Fuzzing o … o … 30

  31. Attacking OpenIMS summary o 4 attacks on OpenIMS MSRP fuzzing o User location manipulation o Roaming information manipulation o Extra header field injection o o These are Ma Man in the e End attacks o Witho hout IPSec 31

  32. How to prevent tampering SIP Attacks? o Bring integrity protection? o Can IPSec solve this? o Many real telecom provides actually have IPSec in place. o Can we still mess with SIP headers in real providers? 32

  33. PART2: ATTACKING TELECOM PROVIDERS 33

  34. Requirements VoLTE/VoWiFi enabled SIM cards o SIMTrace hardware o VoLTE/VoWiFi enabled phones o Wireshark - Gcrypt o http://shop.sysmocom.de/products/simtrace 34

  35. Attack modeling o Sniffing VoLTE – rmnet0, rmnet1 o Sniffing VoWiFi – epdg1, wlan0 o Sniffing ISIM interface using SIMTrace o IPSec ESP encapsulation for both VoLTE and VoWiFi o Integrity protection enabled for VoLTE/VoWiFi o Encryption for VoWiFi (only in wlan0) o 35

  36. ESP Packets 36

  37. Test 1: Sniffing VoLTE/VoWiFi Interfaces o VoLTE – rmnet1/rmnet0 o VoWiFi – Epdg1 – hidden virtual interface with non non-encrypte ypted traffic o Wlan0 – encrypted traffic o Sniffing VoLTE interface : $ adb shell $ tcpdump -i rmnet1 -n -s 0 -w - | nc -l 127.0.0.1 -p 11233 $ adb forward tcp:11233 tcp:11233 && nc 127.0.0.1 11233 | wireshark -k -S -i - 37

  38. VoLTE sniffing VoWiFi sniffing 38

  39. Observations o No encryption in VoLTE Only integrity with ESP o o Encryption in VoWiFi o Hidden interface with non-encr ncryp ypted ted traffic detected in VoWiFi 39

  40. Results1: Information disclosures 40

  41. IMEI in SIP REGISTER (before authentication) o Contact: <sip:262011202xxxxxx@[x.x.x.x]:6000>;q=0.50;+g.3gpp.icsi-ref= "urn%3Aurn-7%3A3gpp-service.ims.xxx"; +g.3gpp.smsip;+sip.instance="<urn:gsma:imei:35490xxx-xxxxxx-0>" 41

  42. o UTRAN Cell ID outgoing packets like SIP REGISTER, outgoing SIP INVITE, SIP o SUBSCRIBE messages contains the location information ##FOR VOLTE INVITE sip:alice@open-ims.test SIP/2.0 ... User-Agent: Samsung IMS/5 P-Access-Network-Info: 3GPP-UTRAN-TDD; utran-cell-id-3gpp=00000001 Content-Length: 117 ##FOR VOWIFI P-Access-Network-Info:IEEE-802.11;i-wlan-node-id=003a9axxxxxx 42

  43. o IMEI of caller SIP INVITE incoming request consists of a parameter that contains o the IMEI number of the caller. Accept-Contact:*;+sip.instance="<urn:gsma:imei:354xxxxx7- xxxxxx-0>";+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp- service.ims.xxxx";explicit;require 43

  44. o IMSI of caller r leake ked In SIP INVITE incoming request o INVITE sip:262011202xxxx@[x.x.x.x]:6000 SIP/2.0 44

  45. Private IP of IMS o Found within SIP INVITE in incoming calls To: <sip:+49151xxxxxxxx@62.xxx.xxx.xxx> From: <sip:+49176xxxxxxxx@10.xxx.xxx.xxx>; tag=h7g4Esbg_mavodi-a-10b-3c-2-ffffffff- _000050ED9CA4-1224-xxxx-xxxx 45

  46. Test 2: ISIM sniffing for extracting CK/IK 46

  47. ISIM sniffing with SIMTrace 47

  48. Security protocol: EAP-AKA 48

  49. GSM SIM traffic 49

  50. What can we find here? o AKA parameters – RAND - random challenge o AUTN – server authentication o o IPSec keys IK – integrity key o CK – cyphering key o 50

  51. How to extract it? o Wireshark dissector 51

  52. Result2: Extracting IK/CK 52

  53. Are the keys used in ESP? 53

  54. Failed authentication 54

  55. Set up SA with obtained IK 55

  56. Success: Key validation 56

  57. Summary: Testing UE o Test1: Sniffing VoLTE/VoWiFi interfaces Use case identification o Results: Information disclosures like IMEI, , o IMSI, SI, privat ate IPs. o Test2: ISIM sniffing with SIMTrace Result: IK/CK o Wireshark dissector for extraction o Validation using Wireshark Gcrypt with o authentication check in ESP 57

  58. Simple demo of replay attack of SIP INVITE in a hidden non-IPSec channel 58

  59. Final Summary o Current implementations of VoLTE/VoWiFi make use of IPSec o 4 experimental attacks on OpenIMS without ipsec o Sniffing on VoLTE/VoWiFi interfaces with ipsec Information disclosures identified o o ISIM Sniffing with SIMTrace o Wireshark dissector Extracted CK/IK o Verified obtained IK with wireshark Gcrypt o 59

  60. Mitigation o Never rely on user end security ty o Traffic monitoring In PDN gateways that performs deep packet o inspection Whitelist rules in place that determines the o expected value in each SIP header field. o Encryption To protect against info disclosures o 60

Recommend

Agenda VoLTE Overview Why VoLTE Why VoLTE Initial Questions Discussion Page 2

Agenda VoLTE Overview Why VoLTE Why VoLTE Initial Questions Discussion Page 2

Wireless dj vu Jason S. Chao, Ernst &amp; Young LLP Panel: Implications for Valuation: Part 1 TFI Asset Valuation Conference and Seminar 2013 January 24, 2013 Agenda VoLTE Overview Why VoLTE Why VoLTE Initial Questions

177 views • 3 slides
Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations Hongil Kim* ,

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations Hongil Kim* ,

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations Hongil Kim* , Dongkwan Kim* , Minhee Kwon, Hyeongseok Han, Yeongjin Jang, Taesoo Kim, Dongsu Han, Yongdae Kim 1 VoLTE = Voice over LTE 4G LTE: All-IP based

1.16k views • 113 slides
Insecurity of Voice Solution VoLTE in LTE Mobile Networks Chi-Yu Li 1 , Guan-Hua Tu 1 , Chunyi

Insecurity of Voice Solution VoLTE in LTE Mobile Networks Chi-Yu Li 1 , Guan-Hua Tu 1 , Chunyi

Insecurity of Voice Solution VoLTE in LTE Mobile Networks Chi-Yu Li 1 , Guan-Hua Tu 1 , Chunyi Peng 2 , Zengwen Yuan 1 , Yuanjie Li 1 , Songwu Lu 1 , Xinbing Wang 3 1: University of California, Los Angeles; 2: The Ohio State University; 3:

534 views • 32 slides
VoLTE*: A Lightweight Voice Solution to 4G LTE Networks Guan-Hua Tu 1 , Chi-Yu Li 1 , Chunyi Peng

VoLTE*: A Lightweight Voice Solution to 4G LTE Networks Guan-Hua Tu 1 , Chi-Yu Li 1 , Chunyi Peng

VoLTE*: A Lightweight Voice Solution to 4G LTE Networks Guan-Hua Tu 1 , Chi-Yu Li 1 , Chunyi Peng 2 , Zengwen Yuan 1 , Yuanjie Li 1 , Xiaohu Zhao 2 , Songwu Lu 1 1 University of California, Los Angeles 2 The Ohio State University HotMobile16

661 views • 32 slides
Findings and Recommendations September 2011 Calls into VDN: 82,850 Calls Answered

Findings and Recommendations September 2011 Calls into VDN: 82,850 Calls Answered

Findings and Recommendations September 2011 Calls into VDN: 82,850 Calls Answered (ACCESS &amp; 211): 32,717 Calls Abandoned: 13,978 (42%) Average Wait Time: 39 m minut nutes Customer Service Feedback: Question 8.

308 views • 20 slides
What We Learned From the Mid-Year Check-In Calls: Successes &amp; Challenges Mid-Year Calls

What We Learned From the Mid-Year Check-In Calls: Successes &amp; Challenges Mid-Year Calls

What We Learned From the Mid-Year Check-In Calls: Successes &amp; Challenges Mid-Year Calls Asked state contact and contractor (if applicable) to be on calls Asked states to fill out work plan in advance Calls took around 1 hr.

396 views • 15 slides
CSE 351: The Hardware/Software Interface Section 4 Procedure calls Procedure calls In x86

CSE 351: The Hardware/Software Interface Section 4 Procedure calls Procedure calls In x86

CSE 351: The Hardware/Software Interface Section 4 Procedure calls Procedure calls In x86 assembly, values are passed to function calls on the stack Perks: Concise, easy to remember Drawbacks: Always requires memory accesses In

496 views • 14 slides
Recursion 1 Recursion n A process by which a function calls itself repeatedly Either

Recursion 1 Recursion n A process by which a function calls itself repeatedly Either

Recursion 1 Recursion n A process by which a function calls itself repeatedly Either directly. n X calls X Or cyclically in a chain. n X calls Y, and Y calls X n Used for repetitive computations in which each action is stated in terms of a

519 views • 51 slides
Recursion A process by which a function calls itself repeatedly. Either directly. X

Recursion A process by which a function calls itself repeatedly. Either directly. X

1/28/2016 Recursion A process by which a function calls itself repeatedly. Either directly. X calls X. Or cyclically in a chain. X calls Y, and Y calls X. Used for repetitive computations in which each action is stated in

290 views • 10 slides
Insecurity of Voice Solution VoLTE in LTE Mobile Networks Chi-Yu Li, Guan-Hua Tu, Chunyi Peng,

Insecurity of Voice Solution VoLTE in LTE Mobile Networks Chi-Yu Li, Guan-Hua Tu, Chunyi Peng,

Insecurity of Voice Solution VoLTE in LTE Mobile Networks Chi-Yu Li, Guan-Hua Tu, Chunyi Peng, Zengwan Yuan, Yuanjie Li, Songwu Lu, Xinbing Wang (CCS15) Voice Evolution in 4G LTE - 2G/3G Solution: Circuit Switched - 4G LTE Solution:

528 views • 24 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research &amp; Boston University y Michael Schapira

701 views • 54 slides
Outline: A. Wisdoms calls 1. Wisdom calls To salvation (1:20 - 4:27) To wealth (8)

Outline: A. Wisdoms calls 1. Wisdom calls To salvation (1:20 - 4:27) To wealth (8)

Outline: A. Wisdoms calls 1. Wisdom calls To salvation (1:20 - 4:27) To wealth (8) To Life (9) 2. Folly calls To condemnation (5) To poverty (6) To death (7) B. Wisdoms contrasts

657 views • 26 slides
Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques Patarin CANS 2013 20 November 2013 Outline Introduction 1 State of the Art Our Contribution Definition of the schemes Attacks on Type-1

893 views • 45 slides
Lecture 04: Understanding System Calls System calls are functions that user programs use to

Lecture 04: Understanding System Calls System calls are functions that user programs use to

Lecture 04: Understanding System Calls System calls are functions that user programs use to interact with the OS and request some core service be executed on their behalf. Examples of system calls we've already seen this quarter: open ,

108 views • 8 slides
ZK with Rubiks Cubes and Non-Abelian Groups Emmanuel Volte - Valrie Nachef - Jacques Patarin

ZK with Rubiks Cubes and Non-Abelian Groups Emmanuel Volte - Valrie Nachef - Jacques Patarin

ZK with Rubiks Cubes and Non-Abelian Groups Emmanuel Volte - Valrie Nachef - Jacques Patarin 20 novembre 2013 ZK with Rubiks Cubes and Non-Abelian Groups Overview Authentication ZK with Interactive Proofs Problems based on Rubiks

378 views • 36 slides
Function Calls Function Calls Python supports expressions with math-like functions A

Function Calls Function Calls Python supports expressions with math-like functions A

Module 3 Function Calls Function Calls Python supports expressions with math-like functions A function in an expression is a function call Function calls have the form name (x,y,) function argument name Arguments are

333 views • 20 slides
Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration,

Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration,

Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration, unfolding, beta-reduction, ...) direct costs of call, return, argument &amp; result passing, stack frame maintainance Replace call with body of

279 views • 5 slides
Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration,

Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration,

Optimizing Procedure Calls Inlining Procedure calls can be costly (A.k.a. procedure integration, unfolding, beta-reduction, ...) direct costs of call, return, argument &amp; result passing, stack frame maintainance Replace call with body of

497 views • 4 slides
Lecture 4: Procedure Calls Todays topics: Procedure calls Large constants The

Lecture 4: Procedure Calls Todays topics: Procedure calls Large constants The

Lecture 4: Procedure Calls Todays topics: Procedure calls Large constants The compilation process Reminder: Assignment 1 is due on Thursday 1 Recap The jal instruction is used to jump to the procedure and save the

442 views • 23 slides
Secure Information Flow Analysis for a Distributed OO Language Martin Pettai University of Tartu

Secure Information Flow Analysis for a Distributed OO Language Martin Pettai University of Tartu

Secure Information Flow Analysis for a Distributed OO Language Martin Pettai University of Tartu / Cybernetica AS October 8, 2011 Introduction We analyze a language with objects, asynchronous method calls and futures We use an

399 views • 20 slides
Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure OT is impossible (even against PPT adversaries) in the plain model (i.e., without the help of another functionality) But possible from simple

527 views • 16 slides
System calls from C programs System calls from C programs Essentially operating system

System calls from C programs System calls from C programs Essentially operating system

System calls from C programs System calls from C programs Essentially operating system functions So not portable across systems But usually more efficient than C functions Input-output uses a file descriptor integer 0 - stdin ,

231 views • 12 slides
ECSEL CALLS 2017 YVES GIGASE RESULTS OF CALLS Calls Beneficiaries H2020 costs EU Funding

ECSEL CALLS 2017 YVES GIGASE RESULTS OF CALLS Calls Beneficiaries H2020 costs EU Funding

ECSEL CALLS 2017 YVES GIGASE RESULTS OF CALLS Calls Beneficiaries H2020 costs EU Funding National Funding ESIF 2017-1-IA 183 469,322,749 110,067,691 105,233,389 3,687,541 2017-2-RIA 268 215,680,946 57,395,061 2,815,585

380 views • 15 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff &amp; Kenneth R. Van Wyk

753 views • 17 slides

More recommend