etsi security week 2020 goes virtual! · 5g_utran_sec nr_iab 5g_esba 5wwc ev2xarc parlos upip_sec...

Presented by:

© ETSI

ETSI Security Week 2020 goes virtual!

Noamen Ben Henda, 3GPP SA3 Chair, EricssonTakahito Yoshizawa, KU LeuvenJames Skuse, GSMA

Deploying 5G Securely5G Security Evolution

ETSISecurity

Week 2020

Monday 8 June3pm

5G Deployment

Tuesday 9 June

3pm CET

SSP: The New Smart Secure Platform - A High Level Introduction

4.45pm

SSP: The New Smart Secure Platform - The Technical Realisation

Wednesday 10 June10.30am

Insight into the First Steps of the Cybersecurity Act Reality

3pm

5G Security for Verticals

Thursday 11 June10.00am

Consumer IoT Security Standards

11.30am

Consumer IoT Security –Certification Schemes

3pm

ETSI Standardization in Advanced Cryptography

Monday 15 June

3pm

SKINNY LATTE: Scalable Hierarchical Identity Based Encryption over Lattices

Tuesday 16 June3pm

5G Security Evolution

Wednesday 17 June10.30am

5G Network Certification

Thursday 18 June10.00am

Security Challenges and Regulatory Aspects

3pm

Fully Homomorphic Encryption

Friday 19 June

10.30am

Industry Applications and Use Cases for Advance Cryptography

Deploying 5G Securely

Cybersecurity Act –one year on

Smart Secure Platform

Even more advanced Cryptography

scheduled in CEST

© ETSI ETSI Security Week 2020 goes virtual

5G Security EvolutionModerated by Noamen Ben Henda, 3GPP SA3 Chair, Ericsson

3GPP 5G Security UpdatesNoamen Ben Henda, 3GPP SA3 Chair, Ericsson

Authentication Mechanisms in 5G SystemTakahito Yoshizawa, KU Leuven

Improving 5G Security through Coordinated Vulnerability Disclosure –GSMA CVD ProgrammeJames Skuse, GSMA

| 2020-06-16 |

5G security updates

5G security work in 3GPP Release 16

Noamen Ben Henda | Ericsson

| 2020-06-16 |

Outline

Highlights from SA3 Release 16 work

• Overview

• Statistics

Insights on some of the Release 16 items

• Enhancement of Network Slicing

• 5GS Enhanced support of Vertical and LAN Services

• Evolution of Cellular IoT security for the 5G System

• Ultra Reliable Low Latency Communication for 5G

• Support for Advanced V2X Services

• Authentication and key management for applications based on 3GPP credential in 5G

• 5G Security Assurance

• profile update

| 2020-06-16 |

Highlights from SA3 Release 16 work

| 2020-06-16 |

Overview

Non SA3 specific SA3 specific

Factory use case

Connectivity

CIoT Evolution of cellular IoT for the 5G systemURLLC Ultra reliable low latency communicationeNS Enhancement to the network slicingVerticals Support of verticals and LAN serviceseLCS Location services for the 5G system

V2X Support for advanced V2X servicesSRVCC Single radio voice continuity from 5G to UTRAN5WWC Wireless and wireline convergence for the 5GeSBA Enhancement to the service based architectureIAB Integrated access backhaul

Assurance

5G SCAS Security assurance specification for 5GSCAS VNP Security assurance for virtualized productsSIV Security impact of virtualization

Crypto

256 bit Support of 256-bit algorithms for 5GCryptPr Crypto profile updates

New features

UPGF User plane inter-PLMN security 5FBS Enhancement against false base stationsAUTH Authentication enhancementsLTKUP Long term key update procedures UPIP User plane integrity protectionAKMA Authentication and key management for apps

Public safety

MCXSec Mission critical R16 security

| 2020-06-16 |

Statistics

21 Study items (SIs)

5 6 2 1 7

FS_CIoT_sec_5G

FS_ eNS_SEC

FS_Vertical_LAN_SEC

FS_5G_ URLLC_SEC

FS_eLCS_Sec

FS_5G_UTRAN_SEC

FS_NR_IAB_SecFS_SBA_Sec

FS_5WWC_SEC

FS_eV2X_Sec

FS_PARLOS_Sec

FS_VNP_SECAM_SCAS

FS_SIV

FS_256-Algorithms

FS_5GS_KDF

FS_UP_IP_Sec

FS_5GFBS

FS_AUTH_ENH

FS_5GC_SEC_ARPF

FS_AKMA

FS_LTKUP_Detail

6 Work items (WIs)

1 3 1 1

MCXSec

eCAPIF

SEAL

UPGF

SCAS_5G CryptPr

13 Work items (WIs)

5 6 2

5G_CIoT

eNS_SEC

Vertical_LAN_SEC

5G_ URLLC_SEC

5G_eLCS

5G_UTRAN_SEC

NR_IAB

5G_eSBA

5WWC

eV2XARC

PARLOS

UPIP_SEC

AKMA

Underline = 5G related

Total 40 items of which 37 (92%) are 5G related

Outcome 12 New Technical specifications (TS)21 New Technical reports (TR)17 WIs (100%) almost completed21 SIs of which 5 (24%) continuing in Release 17 and 3 (14%) concluded without specification impact

| 2020-06-16 |

Insights on some of the Release 16 items

| 2020-06-16 |

Enhancement of Network Slicing

New authentication procedure for network slicing

●Generic enough (EAP-based) to allow a wide range of authentication methods and credentials

●Performed during the registration procedure to enable an early authorization of connectivity towards the slice by a possibly external slice owner entity

| 2020-06-16 |

5GS Enhanced support of Vertical and LAN Services

New features in primary authentication framework

●Enhancements to the key hierarchy to enable any key generating EAP authentication method

●Enhancements to the NAS protocol to support any EAP method besides EAP-TLS and EAP-AKA’, example EAP-TTLS

| 2020-06-16 |

Evolution of Cellular IoT security for the 5G System

User Plane optimization security

● Based on the security mechanism for NB-IoT (LTE)

● User ”small” data is protected by the same means as normal user traffic

Control Plane optimization security

● Based on the security mechanism for DoNAS (LTE)

● User ”small” data is protected by the same means as normal control plane traffic

| 2020-06-16 |

Ultra Reliable Low Latency Communication for 5G

New security considerations when transmitting redundant data over two different paths

●Different keys for protecting redundant data

●Special handling the security policy for redundant sessions

| 2020-06-16 |

Support for Advanced V2X Services

New security mechanisms to protect different modes of communication over the sidelink

●Privacy protection and security for unicast messages over the sidelink

●Privacy protection and security for multicast messages over the sidelink

| 2020-06-16 |

Authentication and key management for applications based on 3GPP credential in 5G

New feature to enable bootstrapping security between UE and Application Functions

●New security function (AAnF) to enable the service towards application providers

●New and simpler procedures to establish the security association between the UE and the AF

| 2020-06-16 |

5G Security Assurance

New security assurance specifications

● Considerable work to cover all the NFs in the 5G System

Ongoing work to address virtualization

● New security assurance scheme for virtualized NFs

● Security Impacts of Virtualization

| 2020-06-16 |

Crypto profile update

Regular crypto maintenance work

● Introduction of TLS 1.3 (UE side)

●Deprecation of SHA-1 and MD5

●Deprecation of TLS 1.1

Thank you!

| 2020-06-16 |

ANNEX Abbreviations

AMF Access and Mobility Management Function

UDM Unified Data Management

UPF User Plane Function

SMF Session Management Function

AF Application Function

NF Network Function

AUSF AUthentication Server Function

AAnF AKMA Anchor Function

AKMA Authnetication and Key Management for Applications

UP User Plane

CP Control Plane

IAB Integrated Access Backhaul

NAS Non-Access Startum

AS Access Startum

V2X Vehicle to everything

App Application

SNPN Standalone Non-Public Network

AN Access Network

CN Core Network

DN Data Network

AAA Authentication, Authorization and Accounting

EAP Extensible Authentication Protocol

URLLC Ultra Reliable Low Latency Communication

DC Dual Connectivity

MN Master Node

SN Secondary Node

SEPP Security Edge Protection Proxy

SCP Service Communication Proxy

NRF Network Repository Function

UE User Equipment

MT Mobile Terminal

SBA Service-Based Architecture

LAN Local Area Network

WLAN Wireless LAN

EPS Evolved Packet System

SUPI SUbscription Permanent Identifier

SUCI SUbscription Cancealed Identifier

NEF Network Exposure Function

PLMN Public Land Mobile Network

HPLMN Home PLMN

VPLMN Visited PLMN

TLS Transport Layer Security

IPsec Internet Protocol security

CU Central Unit

DU Distributed Unit

NDS Network Domain Security

DTLS Datagram TLS

SEG SEcurity Gateway

IPX IP eXchange (Interconnect)

JSON JavaScript Object Notation

JOSE JavaScript Object Signing and Encryption

JWS JSON Web Signature

JWE JSON Web Encryption

PRINS PRotocol for N32 INterconnect Security

HTTP HyperText Transfer Protocol

16/06/2020

Taka Yoshizawa, KU Leuven([email protected])

Collaboration with:

• Xiaoting Huang, China Mobile Research Institute ([email protected])

• Andreas Kunz, Lenovo Germany ([email protected])

• Sheeba Backia Mary Baskaran, Lenovo Germany ([email protected])

Authentication Mechanisms in

the 5G System

Takahito Yoshizawa, KU Leuven ELEC / COSIC20

mailto:[email protected]




• Introduction / background

• Primary authentication

• Secondary authentication

• Slice authentication

• AKMA


ToC

• 5G system introduces new concepts:

• SUPI/SUCI

• Network Slice

• Service-Based Architecture (SBA)

• Consolidated authentication

procedure

• 3GPP access / non-3GPP access


5G system architecture

• Primary Authentication (mandatory)

• Access control to operator network (authenticate the UE and subscription, using 3GPP credentials in USIM)

• Mutual authentication (UE <-> home PLMN)

• UE’s permanent identifier is concealed (using asymmetric encryption)

• Establish security context for CP/UP

• Secondary Authentication (optional)

• Enables UE to access UP data with external DN

• Uses external credentials (e.g. login/password)

• Slice authentication

• Access control per network slice (logical network resource)

• AKMA (Authentication and Key Management for Applications based on 3GPP credentials in 5G)

• Enhanced bootstrapping for devices with limited resources (e.g. mIoT)


Authentication methods in 5G

Primary authentication (AKA)

• 2 main steps:

1. Initiation of authentication

and selection of auth

method

2. Execution of the selected

method (AKA)

• 5G-AKA or

• EAP-AKA’

24

TS 33.501 Figure 6.1.2-1: Initiation of authentication procedure and selection of authentication method

Takahito Yoshizawa, KU Leuven ELEC / COSIC

Home Control

Primary authentication (AKA) – EAP-AKA’

25TS 33.501 Figure 6.1.3.1-1: Authentication procedure for EAP-AKA'

AV = (RAND, AUTN, XRES, CK’, IK’)

Derive KSEAF (from KAUSF)

RES

RES==XRES??

KAUSF=first 256bits(EMSKCK’,IK’)

KSEAF (anchor key)KAUSF

RES

KAMF KSEAF


Primary authentication (AKA) – 5G AKA

26TS 33.501 Figure 6.1.3.2-1: Authentication procedure for 5G AKA

AV = (RAND, AUTN, XRES*)

Derive KSEAF (from KAUSF)

AV = (RAND, AUTN, HXRES*, KSEAF)

RES*

HRES* RES*

HRES*==HXRES*??

RES==XRES??

KAMF KSEAF

Home Control


AKA – Key hierarchy

TS 33.501, Figure 6.2.1-1: Key hierarchy generation in 5GS

Usage AS NAS

CP UP CP

Encryption KRRCenc KUPenc KNASenc

Integrity protection KRRCint KUPint KNASint

Keys for 3GPP access

Keys for non-

3GPP access

Internet

5G CN

gNB

UE

AS

NA

SWLAN

AP

non-3GPP access 3GPP access


• Prerequisite: successful primary authentication

• Between UE and external DN

• Based on the user subscription info of the DN

• A mechanism for the MNO to delegate authentication to a 3rd party

• Use of other existing credentials between the 3rd

party and the UE, not 3GPP credentials

• Triggered when the UE established PDU session with the DN

• Use of EAP allows different types of credential types and authentication methods (e.g. login ID/password)

• EAP framework

• SMF: EAP authenticator

• DN-AAA: EAP server


Secondary authentication

• Network slice – logical network resource – one main features in 5G

• Slice(service)-specific authentication using slice-specific credential

• Network Slice-Specific Authentication and Authorization Function (NSSAAF)

• Prerequisite: successful primary authentication

• During primary authentication, the network indicates the accepted NSSAIs

• UE requests per-slice authentication (step B) for the ones that were not accepted at primary authentication (based on subscription info, etc.)

• EAP framework

• AMF: EAP authenticator

• AAA-S: EAP server


Slice authentication



1. Slice-specific authentication is triggered by

AMF based on the subscription info or by

AAA

2,3. AMF request user ID (EAP ID) for the S-

NSSAI from the UE

4,5. AMF sends EAP ID to Network Slice

Specific Authentication and Authorization

Function (NSSAAF), which forwards it to

AAA-S

• AAA-P may be present if AAA-S is under a

3rd-party

6-11. EAP message exchange between the

AAA-S and the UE

12-14. EAP authentication complete. The

result (success/failure) is delivered to

NSSAAF, which forwards it to the UE via

AMF

EAP message exchange

UE AMFNSSA

AFAAA-P AAA-S

1. Trigger to perform Slice-Specific

Authentication and Authorization

2. NAS MM Transport (EAP ID Request, S-NSSAI)

3. NAS MM Transport (EAP ID Response, S-NSSAI)

4. Nssaaf_NSSAA_Auth_Req (EAP ID Response, GPSI, S-NSSAI)

5. AAA Protocol msg (EAP ID Response, GPSI, S-NSSAI)

6. AAA Protocol msg (EAP msg, GPSI, S-NSSAI)

7. Nssaaf_NSSAA_Auth_Resp (EAP msg, GPSI, S-NSSAI)

8. NAS MM Transport (EAP msg, S-NSSAI)

9. NAS MM Transport (EAP msg, S-NSSAI)

10. Nssaaf_NSSAA_Auth_Req (EAP msg, GPSI, S-NSSAI)

11. AAA Protocol msg (EAP msg, GPSI, S-NSSAI)

12. AAA Protocol msg (EAP success/failure, GPSI, S-NSSAI)

13. Nssaaf_NSSAA_Auth_Resp (EAP success/failure, GPSI, S-NSSAI)

14. NAS MM Transport (EAP success/failure)

15. UE configuration update procedure



• Re-authentication / re-

authorization, revocation of

slice access

• If/when necessary, AAA

can trigger re-

authentication

/authorization or

revocation of the network

slice previously granted to

the UE

AAA Server initiated Network Slice-Specific Re-authentication and

Re-authorization procedure

AAA Server-initiated Network Slice-Specific Authorization Revocation procedure

• Support authentication of mIoT devices

• Limited resource / functionality (e.g. limited processing, storage, no GUI, no login/password)

• Authentication and generation of application keys based on 3GPP credentials

• Leverages 5G AKA mechanism (primary authentication)

• “implicit authentication” based off of KAUSF

• (Implies limited lifetime of KAKMA and KAF associated with re-authentication)

• AAnF (AKMA anchor function) manages session key

• AKMA Key ID (A-KID) identifies KAKMA

• Addresses gaps in the existing mechanisms (GBA, BEST) in 5G context

• Support of SBA

• Variation of IoT application layer protocols


AKMA (Authentication and Key Management for Applications based on 3GPP credentials in 5G)


AUSFUE AMF

Primary authentication

Generate A-

KID

Generate

KAKMA from

KAUSF

Generate A-

KID

UDM

Naanf_AKMA_KeyRegistration Request

(SUPI, A-KID, KAKMA)

Generate

KAKMA from

KAUSF

AAnF

Naanf_AKMA_KeyRegistration Response

Nudm_UEAuthentication_

Get Request (SUPI/SUCI)

Nudm_UEAuthentication_Get

Response (AV, [AKMA Ind])


• KAKMA generation from KAF

• AUSF store the KAUSF and

generate KAKMA and the A-KID

from KAUSF after the primary

authentication procedure

• Only if indicated by UDM during

the primary authentication

procedure

• AUSF sends the generated A-

KID, and KAKMA to the AAnF

together with the UE SUPI.

• AAnF stores the latest

information sent by the AUSFTS 33.535, Figure 6.1-1 Deriving AKMA root key after primary authentication

• KAF generation from KAKMA

• Triggered by the UE’s request to

start an application session

• A-KID identifies the KAKMA

• The use of AKMA is implicit to the

application in the UE and the AF

• AAnF derives KAF from KAKMA



TS 33.535, Figure 6.2-1 KAF generation from KAKMA

Pre-requisite

AUSF AAnF AFUE

Primary authentication and establishment of KAKMA

1. Application Session Establishment Request (A-KID)

2. Naanf_AKMA_AFKey Request

(A-KID, AF ID)

4. Naanf_AKMA_AFKey

Response

(AF key, Exp time)

3. Derive AF key

from KAKMA

5. Application Session Establishment Response

• We discussed different types of authentication in the 5G system

• Primary Authentication

• Mandatory procedure for the UE to gain access to the operator network using 3GPP

credentials (i.e. USIM)

• Secondary Authentication

• Optional procedure for 3rd party DN to authenticate the UE at session establishment

• Slice Authentication

• Optional procedure per-slice authentication when required

• AKMA

• Mechanism for mIoT devices to obtain application keys based on 3GPP key hierarchy


Summary


Most relevant 3GPP specs

Spec Latest Ver. TItle

TS 33.501 V16.2.0 (2020-03) Security architecture and procedures for 5G system

TS 33.535 V0.4.0 (2020-04) Authentication and key management for applications based on 3GPP credentials in 5G

(AKMA)

TR 33.813 V0.8.0 (2019-11) Study on Security Aspects of Enhanced Network Slicing

TR 33.835 V16.0.0 (2019-12) Study on authentication and key management for applications based on 3GPP

credentials in 5G

All 3GPP specs can be downloaded from: https://www.3gpp.org/DynaReport/<spec#>.htm

(e.g. https://www.3gpp.org/DynaReport/33501.htm)

https://www.3gpp.org/DynaReport/%3cspec#>.htm

https://www.3gpp.org/DynaReport/33501.htm


Terminologies

Acronym Full name

NSSAAF Network Slice Specific Authentication and Authorization

Function

NSSAI Network Slice Selection Assistance Information

PLMN Public Land Mobile Network

RAN Radio Access Network

SBA Service Based Architecture

SEAF SEcurity Anchor Function

SIDF Subscription Identifier De-concealing Function

SMF Session Management Function

S-NSSAI Single NSSAI

SUCI SUbscription Concealed Identifier

SUPI SUbscription Permanent Identifier

UDM Unified Data Management

UDR Unified Data Repository

UE User Equipment

UPF User Plane Function

Acronym Full name

AAA Authentication, Authorization, and Accounting

AAA-P AAA Proxy

AAA-S AAA Server

AKA Authentication and Key Agreement

AKMA Authentication and Key Management for Applications

based on 3GPP credentials in 5G

AMF Access and Mobility Management Function

AP Access Point

ARPF Authentication credential Repository and Processing

Function

AS Access Stratum

AUSF Authentication Server Function

DN Data Network

EAP Extensible Authentication Protocol

GUTI Globally Unique Temporary UE Identity

N3IWF Non-3GPP access InterWorking Function

NAI Network Access Identifier

NAS Non-Access Stratum

Thank you ☺


GSMA USE ONLY

ETSI Security Week: Improving 5G Security through Coordinated Vulnerability Disclosure – GSMA CVD Programme

[email protected] +44 (0)20 7356 0600 HQ - London, United Kingdom

James Skuse | Security Services Manager, GSMA

39

GSMA USE ONLY40

GSMA Coordinated Vulnerability Disclosure

Programme

The identified security

vulnerability must not only

apply to vendor specific

technologies or services.

Disclosures must

describe new work and

vulnerabilities that were

not previously in the

public domain

Must focus on open

standards based

technologies that are

used across, or have

significant impact on, the

mobile industry.

Examples: 4G, 5G SIM toolkit, SS7, eSIM, AKA protocols, SIM box

GSMA USE ONLY

▪ Enables early notification of vulnerabilities

▪ Provides time to respond and remediate vulnerabilities before

they become public

▪ Builds trust with security researchers and organisations

▪ Improves security awareness and readiness

41

Benefits for Industry and consumers

GSMA USE ONLY42

GSMA CVD Ecosystem

3GPP(e.g. SA3)

GSMA Working

Groups

GSMA Fraud and

Security Architecture

Group (FSAG)

GSMA 5G Security

Task Force (5GSTF)

GSMA T-ISAC

(Telecommunication

Information Sharing and

Analysis Centre)

Other

GSMA Co-ordinated Vulnerability Disclosure

Standards

Bodies

ETSI

Advisory &

Governance

Fraud & Security Group

(FASG)

Panel of Experts Telecoms Industry

groups

Security

Conferences

Academia

GSMA USE ONLY

▪ 14 pieces of research relating to 5G since 2017 (total 33)

▪ Majority of these (86%) from Academic Researchers

▪ Main issue: False Base Station, unprotected connection/paging

▪ Sometimes research identifies either:

i) a known limitation of the 3GPP standard (i.e. not designed to protect) or

ii) misconfiguration by vendor/operator

▪ Impacts include: UE DoS, UE impersonation, spoofing, coarse-grain UE

location, providing capabilities of a UE to the attacker, paging UE

43

GSMA CVD: 5G research overview

GSMA USE ONLY

A Formal Analysis of 5G Authentication

Lucca Hirschi, David Basin, Jannik Dreier, Saša Radomirović, Ralf Sasse, Vincent Stettler

▪ Described flaws in the 5G standard which could lead to network deployments

not fulfilling critical security goals of 5G AKA (Authentication and Key

Agreement)

▪ This claimed to allow an attacker to bill a different subscriber, impersonate a

serving network towards a subscriber, or how an active attacker can trace a

subscriber if the attacker stays in physical vicinity of the subscriber

▪ Suggested changes within the paper to authentication process cause possible

issues with backwards compatibility (including NSA 5G deployments)

▪ Limited media pickup

▪ Resolution: partly fixed already (TS 33.501), further standards work triggered to

update 3GPP 5G standards (S3-183653)

▪ GSMA Hall of Fame (HoF) – included for academic merit

44

CVD-2018-0012

GSMA USE ONLY

Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information

(“ToRPEDO”)

Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui Li and Elisa Bertino

▪ Describes a design weakness of the 4G cellular paging protocol which can be

exploited using a false base station

▪ Used to target a subscriber’s IMSI/SUPI by sending multiple messages in quick

succession and then monitoring the network to identify increased traffic against a

specific subscriber

▪ This approach would have to be performed in specific timeslots and be based on trial

and error which would be an exhaustive and time consuming process (hours)

▪ Significant media pickup – however limits of exploit not noted in coverage

▪ Resolution: 5G procedures were changed in 3GPP TS 38.304 v15.1.0 – investigations

within 3GPP about fixing for 4G

▪ GSMA HoF – based on academic research approach

45

CVD-2018-0014

GSMA USE ONLY

LTE Security Disabled - Misconfiguration in Commercial Networks

Merlin Chlosta, David Rupprecht, Thorsten Holz, Christina Pöpper

▪ Discussed how some 4G networks were configured

insecurely and failed to enforce standards-compliant

behaviour. 5G also affected

▪ Standards-compliant behaviour: mandatory

rejection of UEs without integrity protection on

NAS and RRC (except emergency calls in some

jurisdictions)

▪ Researchers demonstrate how an attacker can exploit

this misconfiguration and request insecure operation –

possible billing fraud (with false base station)

▪ No media pickup

▪ Resolution: 3GPP TS 24.301/24.501 updated for EPS

and 5GS to clarify the expected behaviour (reject UE)

▪ GSMA HoF – for standards and real-world impact

46

CVD-2018-0013

LTE Security Disabled—Misconfiguration in Commercial

Networks, Chlosta et al.

GSMA USE ONLY

New vulnerabilities in 4G and 5G cellular access network protocols: exposing device

capabilities

Altaf Shaik, Ravishankar Borgaonkar, Shinjo Park, Jean Pierre Seifert

▪ Discussed a standards flaw allowing unprotected

exchange of device capability information

between the device and the network - now

resolved

▪ This was claimed to allow an attacker to profile a

device/network to target further attacks

▪ Media pickup as part of Blackhat presentation

▪ Resolution: 3GPP TS 36.331 change – to set up

security before exchange of UE capability

information

▪ GSMA HoF – for detection of flaw in standards

47

CVD-2019-0018

New vulnerabilities in 4G and 5G cellular access network

protocols: exposing device capabilities, Shaik et al.

Sent in plaintext

GSMA USE ONLY

5GReasoner - Vulnerabilities in the NAS and RRC layers of 5G control plane protocol stack

Syed Rafiul Hussain, Mitziu Echeverria, Imtiaz Karim, Omar Chowdhury, and Elisa Bertino

▪ Several scenarios related to the 5G phase 1 standards

▪ Scenarios judged as nil or low impact in practice – some claims not within the stated

security goals for the 5G design – emergency calls, poor network configuration, increase

power usage, find temporary identifier (GUTI/I-RNTI). Appreciate the authors’ work to

identify where the standard is written ambiguously

▪ On 24-bit NAS COUNT in 5G, it seems clear the intention of the 3GPP specifications is

that the same value of NAS COUNT should never be used twice

▪ Some media pickup

▪ Resolution: standards work ongoing in 3GPP relating to NAS COUNT issue – make

unambiguous what should happen when receiving same NAS count repeatedly (3GPP

TS 24.501)

▪ GSMA HoF – included for identifying ambiguously written standard

48

CVD-2019-0029

GSMA USE ONLY

IMP4GT: IMPersonation Attacks in 4G NeTworks

David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper

▪ Exploits false base station, lack of user plane integrity

protection and packet reflection behaviour to create

cryptographic oracle - but only within limited area (MITM)

▪ Allow an attacker to encrypt packets - impersonation of

user-to-network or network-to-user for limited purposes

▪ Billing fraud

▪ Network-asserted identity impersonation

▪ Bypass network filtering

▪ CVD-2018-0008 – limited to DNS manipulation: send user

to false website

▪ Resolution: work ongoing within 3GPP on 5GSA (TS

38.300/24.501)

▪ GSMA HoF – real world impact

49

CVD-2019-0024 and CVD-2018-0008

IMP4GT: IMPersonation Attacks in 4G NeTworks

presentation, NDSS Symposium, Rupprecht et al.

GSMA USE ONLY

Questions?

More information:

▪ www.gsma.com/cvd

▪ If you are a GSMA member: IC2 group – search “CVD”


Questions & Answers


Upcoming webinars in the threadDeploying 5G Securely:

18 June, 10am: Security Challenges and Regulatory Aspects


Thank you for joining this webinar !

Find the full‘ETSI Security Week 2020 goes virtual’

programme at

www.etsi.org/etsisecurityweek

etsi security week 2020 goes virtual! · 5g_utran_sec nr_iab 5g_esba 5wwc ev2xarc parlos upip_sec...

Documents