Diffie-Hellman Picture Show: Key Exchange Stories from Commercial VoWiFi Deployments

• URL: http://arxiv.org/abs/2407.19556v2
• Date: Tue, 6 Aug 2024 20:33:33 GMT
• Title: Diffie-Hellman Picture Show: Key Exchange Stories from Commercial VoWiFi Deployments
• Authors: Gabriel Karl Gegenhuber, Florian Holzbauer, Philipp Frenzel, Edgar Weippl, Adrian Dabrowski,
• Abstract summary: We analyze the phase 1 settings and implementations as they are found in phones and in commercially deployed networks worldwide. On the UE side, we identified a recent 5G baseband chipset that allows for fallback to weak, unannounced modes. On the MNO side, we identified 13 operators on three continents that all use the same globally static set of ten private keys.
• Score: 2.1257201926337665
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Voice over Wi-Fi (VoWiFi) uses a series of IPsec tunnels to deliver IP-based telephony from the subscriber's phone (User Equipment, UE) into the Mobile Network Operator's (MNO) core network via an Internet-facing endpoint, the Evolved Packet Data Gateway (ePDG). IPsec tunnels are set up in phases. The first phase negotiates the cryptographic algorithm and parameters and performs a key exchange via the Internet Key Exchange protocol, while the second phase (protected by the above-established encryption) performs the authentication. An insecure key exchange would jeopardize the later stages and the data's security and confidentiality. In this paper, we analyze the phase 1 settings and implementations as they are found in phones as well as in commercially deployed networks worldwide. On the UE side, we identified a recent 5G baseband chipset from a major manufacturer that allows for fallback to weak, unannounced modes and verified it experimentally. On the MNO side -- among others -- we identified 13 operators (totaling an estimated 140 million subscribers) on three continents that all use the same globally static set of ten private keys, serving them at random. Those not-so-private keys allow the decryption of the shared keys of every VoWiFi user of all those operators. All these operators deployed their core network from one common manufacturer.

Related papers

• False Sense of Security on Protected Wi-Fi Networks [9.895667144311412]
  This paper empirically evaluate password choices in the wild and evaluate weakness in current common practices. We collected a total of 3,352 password hashes from Wi-Fi access points and determine the passphrases that were protecting them. We characterized the predictability of passphrases that use the minimum required length of 8 numeric or alphanumeric characters, and/or symbols stipulated in wireless security standards.
  arXiv  Detail & Related papers  (2025-01-23T04:04:22Z)
• Privacy-Preserving Federated Learning via Homomorphic Adversarial Networks [23.901391258240597]
  Homomorphic Adversarial Networks (HANs) are robust against privacy attacks. HANs increase encryption aggregation speed by 6,075 times while incurring a 29.2 times increase in communication overhead. Compared to traditional MK-HE schemes, HANs increase encryption aggregation speed by 6,075 times while incurring a 29.2 times increase in communication overhead.
  arXiv  Detail & Related papers  (2024-12-02T15:59:35Z)
• Quantum digital signature based on single-qubit without a trusted third-party [45.41082277680607]
  We propose a brand new quantum digital signature protocol without a trusted third party only with qubit technology to further improve the security. We prove that the protocol has information-theoretical unforgeability. Moreover, it satisfies other important secure properties, including asymmetry, undeniability, and expandability.
  arXiv  Detail & Related papers  (2024-10-17T09:49:29Z)
• Never Gonna Give You Up: Exploring Deprecated NULL Ciphers in Commercial VoWiFi Deployments [0.0]
  Many operators use Voice over Wi-Fi (VoWiFi) allowing customers to dial into their core network over the public Internet. To protect against malicious actors on the WiFi or Internet domain, the traffic is sent over a series of IPsec tunnels. We want to analyze security configurations within commercial VoWiFi deployments, both on the client and server side.
  arXiv  Detail & Related papers  (2024-06-18T07:32:38Z)
• Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
  We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
  arXiv  Detail & Related papers  (2024-03-04T09:27:11Z)
• Communication Traffic Characteristics Reveal an IoT Devices Identity [0.0]
  This paper proposes a machine learning-based device fingerprinting (DFP) model for identifying network-connected IoT devices. Experimental results have shown that the proposed DFP method achieves over 98% in classifying individual IoT devices.
  arXiv  Detail & Related papers  (2024-02-25T18:58:09Z)
• DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
  Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving. Recent advancements in quantum computing jeopardize classical public key cryptography. We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
  arXiv  Detail & Related papers  (2023-12-20T09:40:45Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• MIMOCrypt: Multi-User Privacy-Preserving Wi-Fi Sensing via MIMO Encryption [9.602413325195528]
  Wi-Fi signals may help realize low-cost and non-invasive human sensing, yet they can also be exploited by eavesdroppers to capture private information. We propose a privacy-preserving Wi-Fi sensing framework to support realistic multi-user scenarios.
  arXiv  Detail & Related papers  (2023-09-01T04:45:57Z)
• An Efficient and Multi-private Key Secure Aggregation for Federated Learning [41.29971745967693]
  We propose an efficient and multi-private key secure aggregation scheme for federated learning. Specifically, we skillfully modify the variant ElGamal encryption technique to achieve homomorphic addition operation. For the high dimensional deep model parameter, we introduce a super-increasing sequence to compress multi-dimensional data into 1-D.
  arXiv  Detail & Related papers  (2023-06-15T09:05:36Z)
• Establishing shared secret keys on quantum line networks: protocol and security [0.0]
  We show the security of multi-user key establishment on a single line of quantum communication. We consider a quantum communication architecture where qubit generation and measurement happen at the two ends of the line.
  arXiv  Detail & Related papers  (2023-04-04T15:35:23Z)
• Distributed Symmetric Key Establishment: A scalable, quantum-proof key distribution system [0.8192907805418583]
  We propose and implement a protocol for a scalable, cost-effective, information-theoretically secure key distribution and management system. The system, called Distributed Symmetric Key Establishment (DSKE), relies on pre-shared random numbers between DSKE clients and a group of Security Hubs.
  arXiv  Detail & Related papers  (2022-05-02T01:46:11Z)
• Smart Home, security concerns of IoT [91.3755431537592]
  The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
  arXiv  Detail & Related papers  (2020-07-06T10:36:11Z)
• Experimental quantum conference key agreement [55.41644538483948]
  Quantum networks will provide multi-node entanglement over long distances to enable secure communication on a global scale. Here we demonstrate quantum conference key agreement, a quantum communication protocol that exploits multi-partite entanglement. We distribute four-photon Greenberger-Horne-Zeilinger (GHZ) states generated by high-brightness, telecom photon-pair sources across up to 50 km of fibre.
  arXiv  Detail & Related papers  (2020-02-04T19:00:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.