Never Gonna Give You Up: Exploring Deprecated NULL Ciphers in Commercial VoWiFi Deployments

• URL: http://arxiv.org/abs/2406.12348v2
• Date: Mon, 24 Jun 2024 14:24:15 GMT
• Title: Never Gonna Give You Up: Exploring Deprecated NULL Ciphers in Commercial VoWiFi Deployments
• Authors: Gabriel Karl Gegenhuber, Philipp Frenzel, Edgar Weippl,
• Abstract summary: Many operators use Voice over Wi-Fi (VoWiFi) allowing customers to dial into their core network over the public Internet. To protect against malicious actors on the WiFi or Internet domain, the traffic is sent over a series of IPsec tunnels. We want to analyze security configurations within commercial VoWiFi deployments, both on the client and server side.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: In today's cellular network evolutions, such as 4G and 5G, the IMS (IP Multimedia Subsystem) serves as a crucial component in managing voice calls and handling short messages. Besides accessing the IMS over the traditional radio layer, many operators use Voice over Wi-Fi (VoWiFi) allowing customers to dial into their core network over the public Internet using an (insecure) Wi-Fi connection. To protect against malicious actors on the WiFi or Internet domain, the traffic is sent over a series of IPsec tunnels, ensuring confidentiality and integrity. Similar to other encrypted protocols (e.g. TLS), the client and server use a handshake protocol (i.e., IKEv2) to communicate their supported security configurations and to agree upon the used parameters (e.g., keys or an encryption algorithm) for the ongoing session. This however opens the door for security vulnerabilities introduced by misconfiguration. We want to analyze security configurations within commercial VoWiFi deployments, both on the client and server side, spotting deprecated configurations that undermine communication security.

Related papers

• An End-to-End GSM/SMS Encrypted Approach for Smartphone Employing Advanced Encryption Standard(AES) [0.0]
  We proposed methodology that enables users to encrypt text messages for secure transmission over cellular networks. This approach utilizes the AES algorithm following the proposed protocols for encryption and decryption. It ensures secure text encryption and enables users to enter messages that are encrypted using a key at the sender's end and decrypted at the recipient's end.
  arXiv  Detail & Related papers  (2025-03-24T16:33:45Z)
• Generative AI-driven Cross-layer Covert Communication: Fundamentals, Framework and Case Study [62.5909195375364]
  Cross-layer covert communication mechanism emerges as an effective strategy to mitigate regulatory challenges. We propose an end-to-end cross-layer covert communication scheme driven by Generative Artificial Intelligence (GenAI) Case study is conducted using diffusion reinforcement learning to sovle cloud edge internet of things cross-layer secure communication.
  arXiv  Detail & Related papers  (2025-01-19T15:05:03Z)
• Cryptanalysis of authentication and key establishment protocol in Mobile Edge Computing Environment [0.06577148087211808]
  cryptanalysis shows the scheme fails to provide robustness against key computation attack, mobile user impersonation attack and traceability attack. Vulnerabilities in their scheme lead to the exposure of mobile users' long term secret to mobile edge server.
  arXiv  Detail & Related papers  (2024-12-25T08:33:43Z)
• Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
  We introduce a novel Mixture-of-Experts (MoE)-based SemCom system. This system comprises a gating network and multiple experts, each specializing in different security challenges. The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements. A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
  arXiv  Detail & Related papers  (2024-09-24T03:17:51Z)
• Diffie-Hellman Picture Show: Key Exchange Stories from Commercial VoWiFi Deployments [2.1257201926337665]
  We analyze the phase 1 settings and implementations as they are found in phones and in commercially deployed networks worldwide. On the UE side, we identified a recent 5G baseband chipset that allows for fallback to weak, unannounced modes. On the MNO side, we identified 13 operators on three continents that all use the same globally static set of ten private keys.
  arXiv  Detail & Related papers  (2024-07-28T18:44:41Z)
• Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
  Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks. In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
  arXiv  Detail & Related papers  (2024-03-29T12:01:31Z)
• Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
  We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
  arXiv  Detail & Related papers  (2024-03-04T09:27:11Z)
• Trustworthy confidential virtual machines for the masses [1.6503985024334136]
  We present Revelio, an approach that allows confidential virtual machine (VM)-based workloads to be designed and deployed in a way that disallows tampering even by the service providers. We focus on web-facing workloads, protect them leveraging SEV-SNP, and enable end-users to remotely attest them seamlessly each time a new web session is established.
  arXiv  Detail & Related papers  (2024-02-23T11:54:07Z)
• Towards Zero-Trust 6GC: A Software Defined Perimeter Approach with Dynamic Moving Target Defense Mechanism [1.33134751838052]
  This paper introduces the concept of Software Defined Perimeter (SDP) as an innovative solution. We capitalize on the SDP controller-based authentication and authorization mechanisms to secure the EPC network's control and data plane functions. We augment the SDP zero-trust capabilities via the incorporation of a dynamic component, the Moving Target Defense (MTD)
  arXiv  Detail & Related papers  (2023-12-27T02:54:55Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• SemProtector: A Unified Framework for Semantic Protection in Deep Learning-based Semantic Communication Systems [51.97204522852634]
  We present a unified framework that aims to secure an online semantic communications system with three semantic protection modules. Specifically, these protection modules are able to encrypt semantics to be transmitted by an encryption method, mitigate privacy risks from wireless channels by a perturbation mechanism, and calibrate distorted semantics at the destination. Our framework enables an existing online SC system to dynamically assemble the above three pluggable modules to meet customized semantic protection requirements.
  arXiv  Detail & Related papers  (2023-09-04T06:34:43Z)
• InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution [7.8017281332931665]
  InviCloak is a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure.
  arXiv  Detail & Related papers  (2022-09-04T06:38:27Z)
• Distributed Symmetric Key Establishment: A scalable, quantum-proof key distribution system [0.8192907805418583]
  We propose and implement a protocol for a scalable, cost-effective, information-theoretically secure key distribution and management system. The system, called Distributed Symmetric Key Establishment (DSKE), relies on pre-shared random numbers between DSKE clients and a group of Security Hubs.
  arXiv  Detail & Related papers  (2022-05-02T01:46:11Z)
• Smart Home, security concerns of IoT [91.3755431537592]
  The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
  arXiv  Detail & Related papers  (2020-07-06T10:36:11Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.