etsi security week 2020 goes virtual! · 5g_utran_sec nr_iab 5g_esba 5wwc ev2xarc parlos upip_sec...
TRANSCRIPT
Presented by:
© ETSI
ETSI Security Week 2020 goes virtual!
Noamen Ben Henda, 3GPP SA3 Chair, EricssonTakahito Yoshizawa, KU LeuvenJames Skuse, GSMA
Deploying 5G Securely5G Security Evolution
ETSISecurity
Week 2020
Monday 8 June3pm
5G Deployment
Tuesday 9 June
3pm CET
SSP: The New Smart Secure Platform - A High Level Introduction
4.45pm
SSP: The New Smart Secure Platform - The Technical Realisation
Wednesday 10 June10.30am
Insight into the First Steps of the Cybersecurity Act Reality
3pm
5G Security for Verticals
Thursday 11 June10.00am
Consumer IoT Security Standards
11.30am
Consumer IoT Security –Certification Schemes
3pm
ETSI Standardization in Advanced Cryptography
Monday 15 June
3pm
SKINNY LATTE: Scalable Hierarchical Identity Based Encryption over Lattices
Tuesday 16 June3pm
5G Security Evolution
Wednesday 17 June10.30am
5G Network Certification
Thursday 18 June10.00am
Security Challenges and Regulatory Aspects
3pm
Fully Homomorphic Encryption
Friday 19 June
10.30am
Industry Applications and Use Cases for Advance Cryptography
Deploying 5G Securely
Cybersecurity Act –one year on
Smart Secure Platform
Even more advanced Cryptography
scheduled in CEST
© ETSI ETSI Security Week 2020 goes virtual
5G Security EvolutionModerated by Noamen Ben Henda, 3GPP SA3 Chair, Ericsson
3GPP 5G Security UpdatesNoamen Ben Henda, 3GPP SA3 Chair, Ericsson
Authentication Mechanisms in 5G SystemTakahito Yoshizawa, KU Leuven
Improving 5G Security through Coordinated Vulnerability Disclosure –GSMA CVD ProgrammeJames Skuse, GSMA
| 2020-06-16 | Page 4
5G security updates
5G security work in 3GPP Release 16
Noamen Ben Henda | Ericsson
| 2020-06-16 | Page 5
Outline
Highlights from SA3 Release 16 work
• Overview
• Statistics
Insights on some of the Release 16 items
• Enhancement of Network Slicing
• 5GS Enhanced support of Vertical and LAN Services
• Evolution of Cellular IoT security for the 5G System
• Ultra Reliable Low Latency Communication for 5G
• Support for Advanced V2X Services
• Authentication and key management for applications based on 3GPP credential in 5G
• 5G Security Assurance
• profile update
| 2020-06-16 | Page 6
Highlights from SA3 Release 16 work
| 2020-06-16 | Page 7
Overview
Non SA3 specific SA3 specific
Factory use case
Connectivity
CIoT Evolution of cellular IoT for the 5G systemURLLC Ultra reliable low latency communicationeNS Enhancement to the network slicingVerticals Support of verticals and LAN serviceseLCS Location services for the 5G system
V2X Support for advanced V2X servicesSRVCC Single radio voice continuity from 5G to UTRAN5WWC Wireless and wireline convergence for the 5GeSBA Enhancement to the service based architectureIAB Integrated access backhaul
Assurance
5G SCAS Security assurance specification for 5GSCAS VNP Security assurance for virtualized productsSIV Security impact of virtualization
Crypto
256 bit Support of 256-bit algorithms for 5GCryptPr Crypto profile updates
New features
UPGF User plane inter-PLMN security 5FBS Enhancement against false base stationsAUTH Authentication enhancementsLTKUP Long term key update procedures UPIP User plane integrity protectionAKMA Authentication and key management for apps
Public safety
MCXSec Mission critical R16 security
| 2020-06-16 | Page 8
Statistics
21 Study items (SIs)
5 6 2 1 7
FS_CIoT_sec_5G
FS_ eNS_SEC
FS_Vertical_LAN_SEC
FS_5G_ URLLC_SEC
FS_eLCS_Sec
FS_5G_UTRAN_SEC
FS_NR_IAB_SecFS_SBA_Sec
FS_5WWC_SEC
FS_eV2X_Sec
FS_PARLOS_Sec
FS_VNP_SECAM_SCAS
FS_SIV
FS_256-Algorithms
FS_5GS_KDF
FS_UP_IP_Sec
FS_5GFBS
FS_AUTH_ENH
FS_5GC_SEC_ARPF
FS_AKMA
FS_LTKUP_Detail
6 Work items (WIs)
1 3 1 1
MCXSec
eCAPIF
SEAL
UPGF
SCAS_5G CryptPr
13 Work items (WIs)
5 6 2
5G_CIoT
eNS_SEC
Vertical_LAN_SEC
5G_ URLLC_SEC
5G_eLCS
5G_UTRAN_SEC
NR_IAB
5G_eSBA
5WWC
eV2XARC
PARLOS
UPIP_SEC
AKMA
Underline = 5G related
Total 40 items of which 37 (92%) are 5G related
Outcome 12 New Technical specifications (TS)21 New Technical reports (TR)17 WIs (100%) almost completed21 SIs of which 5 (24%) continuing in Release 17 and 3 (14%) concluded without specification impact
| 2020-06-16 | Page 9
Insights on some of the Release 16 items
| 2020-06-16 | Page 10
Enhancement of Network Slicing
New authentication procedure for network slicing
●Generic enough (EAP-based) to allow a wide range of authentication methods and credentials
●Performed during the registration procedure to enable an early authorization of connectivity towards the slice by a possibly external slice owner entity
| 2020-06-16 | Page 11
5GS Enhanced support of Vertical and LAN Services
New features in primary authentication framework
●Enhancements to the key hierarchy to enable any key generating EAP authentication method
●Enhancements to the NAS protocol to support any EAP method besides EAP-TLS and EAP-AKA’, example EAP-TTLS
| 2020-06-16 | Page 12
Evolution of Cellular IoT security for the 5G System
User Plane optimization security
● Based on the security mechanism for NB-IoT (LTE)
● User ”small” data is protected by the same means as normal user traffic
Control Plane optimization security
● Based on the security mechanism for DoNAS (LTE)
● User ”small” data is protected by the same means as normal control plane traffic
| 2020-06-16 | Page 13
Ultra Reliable Low Latency Communication for 5G
New security considerations when transmitting redundant data over two different paths
●Different keys for protecting redundant data
●Special handling the security policy for redundant sessions
| 2020-06-16 | Page 14
Support for Advanced V2X Services
New security mechanisms to protect different modes of communication over the sidelink
●Privacy protection and security for unicast messages over the sidelink
●Privacy protection and security for multicast messages over the sidelink
| 2020-06-16 | Page 15
Authentication and key management for applications based on 3GPP credential in 5G
New feature to enable bootstrapping security between UE and Application Functions
●New security function (AAnF) to enable the service towards application providers
●New and simpler procedures to establish the security association between the UE and the AF
| 2020-06-16 | Page 16
5G Security Assurance
New security assurance specifications
● Considerable work to cover all the NFs in the 5G System
Ongoing work to address virtualization
● New security assurance scheme for virtualized NFs
● Security Impacts of Virtualization
| 2020-06-16 | Page 17
Crypto profile update
Regular crypto maintenance work
● Introduction of TLS 1.3 (UE side)
●Deprecation of SHA-1 and MD5
●Deprecation of TLS 1.1
Thank you!
| 2020-06-16 | Page 19
ANNEX Abbreviations
AMF Access and Mobility Management Function
UDM Unified Data Management
UPF User Plane Function
SMF Session Management Function
AF Application Function
NF Network Function
AUSF AUthentication Server Function
AAnF AKMA Anchor Function
AKMA Authnetication and Key Management for Applications
UP User Plane
CP Control Plane
IAB Integrated Access Backhaul
NAS Non-Access Startum
AS Access Startum
V2X Vehicle to everything
App Application
SNPN Standalone Non-Public Network
AN Access Network
CN Core Network
DN Data Network
AAA Authentication, Authorization and Accounting
EAP Extensible Authentication Protocol
URLLC Ultra Reliable Low Latency Communication
DC Dual Connectivity
MN Master Node
SN Secondary Node
SEPP Security Edge Protection Proxy
SCP Service Communication Proxy
NRF Network Repository Function
UE User Equipment
MT Mobile Terminal
SBA Service-Based Architecture
LAN Local Area Network
WLAN Wireless LAN
EPS Evolved Packet System
SUPI SUbscription Permanent Identifier
SUCI SUbscription Cancealed Identifier
NEF Network Exposure Function
PLMN Public Land Mobile Network
HPLMN Home PLMN
VPLMN Visited PLMN
TLS Transport Layer Security
IPsec Internet Protocol security
CU Central Unit
DU Distributed Unit
NDS Network Domain Security
DTLS Datagram TLS
SEG SEcurity Gateway
IPX IP eXchange (Interconnect)
JSON JavaScript Object Notation
JOSE JavaScript Object Signing and Encryption
JWS JSON Web Signature
JWE JSON Web Encryption
PRINS PRotocol for N32 INterconnect Security
HTTP HyperText Transfer Protocol
16/06/2020
Taka Yoshizawa, KU Leuven([email protected])
Collaboration with:
• Xiaoting Huang, China Mobile Research Institute ([email protected])
• Andreas Kunz, Lenovo Germany ([email protected])
• Sheeba Backia Mary Baskaran, Lenovo Germany ([email protected])
Authentication Mechanisms in
the 5G System
Takahito Yoshizawa, KU Leuven ELEC / COSIC20
• Introduction / background
• Primary authentication
• Secondary authentication
• Slice authentication
• AKMA
Takahito Yoshizawa, KU Leuven ELEC / COSIC21
ToC
• 5G system introduces new concepts:
• SUPI/SUCI
• Network Slice
• Service-Based Architecture (SBA)
• Consolidated authentication
procedure
• 3GPP access / non-3GPP access
Takahito Yoshizawa, KU Leuven ELEC / COSIC22
5G system architecture
• Primary Authentication (mandatory)
• Access control to operator network (authenticate the UE and subscription, using 3GPP credentials in USIM)
• Mutual authentication (UE <-> home PLMN)
• UE’s permanent identifier is concealed (using asymmetric encryption)
• Establish security context for CP/UP
• Secondary Authentication (optional)
• Enables UE to access UP data with external DN
• Uses external credentials (e.g. login/password)
• Slice authentication
• Access control per network slice (logical network resource)
• AKMA (Authentication and Key Management for Applications based on 3GPP credentials in 5G)
• Enhanced bootstrapping for devices with limited resources (e.g. mIoT)
Takahito Yoshizawa, KU Leuven ELEC / COSIC23
Authentication methods in 5G
Primary authentication (AKA)
• 2 main steps:
1. Initiation of authentication
and selection of auth
method
2. Execution of the selected
method (AKA)
• 5G-AKA or
• EAP-AKA’
24
TS 33.501 Figure 6.1.2-1: Initiation of authentication procedure and selection of authentication method
Takahito Yoshizawa, KU Leuven ELEC / COSIC
Home Control
Primary authentication (AKA) – EAP-AKA’
25TS 33.501 Figure 6.1.3.1-1: Authentication procedure for EAP-AKA'
AV = (RAND, AUTN, XRES, CK’, IK’)
Derive KSEAF (from KAUSF)
RES
RES==XRES??
KAUSF=first 256bits(EMSKCK’,IK’)
KSEAF (anchor key)KAUSF
RES
KAMF KSEAF
Takahito Yoshizawa, KU Leuven ELEC / COSIC
Primary authentication (AKA) – 5G AKA
26TS 33.501 Figure 6.1.3.2-1: Authentication procedure for 5G AKA
AV = (RAND, AUTN, XRES*)
Derive KSEAF (from KAUSF)
AV = (RAND, AUTN, HXRES*, KSEAF)
RES*
HRES* RES*
HRES*==HXRES*??
RES==XRES??
KAMF KSEAF
Home Control
Takahito Yoshizawa, KU Leuven ELEC / COSIC
AKA – Key hierarchy
TS 33.501, Figure 6.2.1-1: Key hierarchy generation in 5GS
Usage AS NAS
CP UP CP
Encryption KRRCenc KUPenc KNASenc
Integrity protection KRRCint KUPint KNASint
Keys for 3GPP access
Keys for non-
3GPP access
Internet
5G CN
gNB
UE
AS
NA
SWLAN
AP
non-3GPP access 3GPP access
Takahito Yoshizawa, KU Leuven ELEC / COSIC27
• Prerequisite: successful primary authentication
• Between UE and external DN
• Based on the user subscription info of the DN
• A mechanism for the MNO to delegate authentication to a 3rd party
• Use of other existing credentials between the 3rd
party and the UE, not 3GPP credentials
• Triggered when the UE established PDU session with the DN
• Use of EAP allows different types of credential types and authentication methods (e.g. login ID/password)
• EAP framework
• SMF: EAP authenticator
• DN-AAA: EAP server
Takahito Yoshizawa, KU Leuven ELEC / COSIC28
Secondary authentication
• Network slice – logical network resource – one main features in 5G
• Slice(service)-specific authentication using slice-specific credential
• Network Slice-Specific Authentication and Authorization Function (NSSAAF)
• Prerequisite: successful primary authentication
• During primary authentication, the network indicates the accepted NSSAIs
• UE requests per-slice authentication (step B) for the ones that were not accepted at primary authentication (based on subscription info, etc.)
• EAP framework
• AMF: EAP authenticator
• AAA-S: EAP server
Takahito Yoshizawa, KU Leuven ELEC / COSIC29
Slice authentication
Takahito Yoshizawa, KU Leuven ELEC / COSIC30
Slice authentication
1. Slice-specific authentication is triggered by
AMF based on the subscription info or by
AAA
2,3. AMF request user ID (EAP ID) for the S-
NSSAI from the UE
4,5. AMF sends EAP ID to Network Slice
Specific Authentication and Authorization
Function (NSSAAF), which forwards it to
AAA-S
• AAA-P may be present if AAA-S is under a
3rd-party
6-11. EAP message exchange between the
AAA-S and the UE
12-14. EAP authentication complete. The
result (success/failure) is delivered to
NSSAAF, which forwards it to the UE via
AMF
EAP message exchange
UE AMFNSSA
AFAAA-P AAA-S
1. Trigger to perform Slice-Specific
Authentication and Authorization
2. NAS MM Transport (EAP ID Request, S-NSSAI)
3. NAS MM Transport (EAP ID Response, S-NSSAI)
4. Nssaaf_NSSAA_Auth_Req (EAP ID Response, GPSI, S-NSSAI)
5. AAA Protocol msg (EAP ID Response, GPSI, S-NSSAI)
6. AAA Protocol msg (EAP msg, GPSI, S-NSSAI)
7. Nssaaf_NSSAA_Auth_Resp (EAP msg, GPSI, S-NSSAI)
8. NAS MM Transport (EAP msg, S-NSSAI)
9. NAS MM Transport (EAP msg, S-NSSAI)
10. Nssaaf_NSSAA_Auth_Req (EAP msg, GPSI, S-NSSAI)
11. AAA Protocol msg (EAP msg, GPSI, S-NSSAI)
12. AAA Protocol msg (EAP success/failure, GPSI, S-NSSAI)
13. Nssaaf_NSSAA_Auth_Resp (EAP success/failure, GPSI, S-NSSAI)
14. NAS MM Transport (EAP success/failure)
15. UE configuration update procedure
Takahito Yoshizawa, KU Leuven ELEC / COSIC31
Slice authentication
• Re-authentication / re-
authorization, revocation of
slice access
• If/when necessary, AAA
can trigger re-
authentication
/authorization or
revocation of the network
slice previously granted to
the UE
AAA Server initiated Network Slice-Specific Re-authentication and
Re-authorization procedure
AAA Server-initiated Network Slice-Specific Authorization Revocation procedure
• Support authentication of mIoT devices
• Limited resource / functionality (e.g. limited processing, storage, no GUI, no login/password)
• Authentication and generation of application keys based on 3GPP credentials
• Leverages 5G AKA mechanism (primary authentication)
• “implicit authentication” based off of KAUSF
• (Implies limited lifetime of KAKMA and KAF associated with re-authentication)
• AAnF (AKMA anchor function) manages session key
• AKMA Key ID (A-KID) identifies KAKMA
• Addresses gaps in the existing mechanisms (GBA, BEST) in 5G context
• Support of SBA
• Variation of IoT application layer protocols
Takahito Yoshizawa, KU Leuven ELEC / COSIC32
AKMA (Authentication and Key Management for Applications based on 3GPP credentials in 5G)
Takahito Yoshizawa, KU Leuven ELEC / COSIC33
AUSFUE AMF
Primary authentication
Generate A-
KID
Generate
KAKMA from
KAUSF
Generate A-
KID
UDM
Naanf_AKMA_KeyRegistration Request
(SUPI, A-KID, KAKMA)
Generate
KAKMA from
KAUSF
AAnF
Naanf_AKMA_KeyRegistration Response
Nudm_UEAuthentication_
Get Request (SUPI/SUCI)
Nudm_UEAuthentication_Get
Response (AV, [AKMA Ind])
AKMA (Authentication and Key Management for Applications based on 3GPP credentials in 5G)
• KAKMA generation from KAF
• AUSF store the KAUSF and
generate KAKMA and the A-KID
from KAUSF after the primary
authentication procedure
• Only if indicated by UDM during
the primary authentication
procedure
• AUSF sends the generated A-
KID, and KAKMA to the AAnF
together with the UE SUPI.
• AAnF stores the latest
information sent by the AUSFTS 33.535, Figure 6.1-1 Deriving AKMA root key after primary authentication
• KAF generation from KAKMA
• Triggered by the UE’s request to
start an application session
• A-KID identifies the KAKMA
• The use of AKMA is implicit to the
application in the UE and the AF
• AAnF derives KAF from KAKMA
Takahito Yoshizawa, KU Leuven ELEC / COSIC34
AKMA (Authentication and Key Management for Applications based on 3GPP credentials in 5G)
TS 33.535, Figure 6.2-1 KAF generation from KAKMA
Pre-requisite
AUSF AAnF AFUE
Primary authentication and establishment of KAKMA
1. Application Session Establishment Request (A-KID)
2. Naanf_AKMA_AFKey Request
(A-KID, AF ID)
4. Naanf_AKMA_AFKey
Response
(AF key, Exp time)
3. Derive AF key
from KAKMA
5. Application Session Establishment Response
• We discussed different types of authentication in the 5G system
• Primary Authentication
• Mandatory procedure for the UE to gain access to the operator network using 3GPP
credentials (i.e. USIM)
• Secondary Authentication
• Optional procedure for 3rd party DN to authenticate the UE at session establishment
• Slice Authentication
• Optional procedure per-slice authentication when required
• AKMA
• Mechanism for mIoT devices to obtain application keys based on 3GPP key hierarchy
Takahito Yoshizawa, KU Leuven ELEC / COSIC35
Summary
Takahito Yoshizawa, KU Leuven ELEC / COSIC36
Most relevant 3GPP specs
Spec Latest Ver. TItle
TS 33.501 V16.2.0 (2020-03) Security architecture and procedures for 5G system
TS 33.535 V0.4.0 (2020-04) Authentication and key management for applications based on 3GPP credentials in 5G
(AKMA)
TR 33.813 V0.8.0 (2019-11) Study on Security Aspects of Enhanced Network Slicing
TR 33.835 V16.0.0 (2019-12) Study on authentication and key management for applications based on 3GPP
credentials in 5G
All 3GPP specs can be downloaded from: https://www.3gpp.org/DynaReport/<spec#>.htm
(e.g. https://www.3gpp.org/DynaReport/33501.htm)
Takahito Yoshizawa, KU Leuven ELEC / COSIC37
Terminologies
Acronym Full name
NSSAAF Network Slice Specific Authentication and Authorization
Function
NSSAI Network Slice Selection Assistance Information
PLMN Public Land Mobile Network
RAN Radio Access Network
SBA Service Based Architecture
SEAF SEcurity Anchor Function
SIDF Subscription Identifier De-concealing Function
SMF Session Management Function
S-NSSAI Single NSSAI
SUCI SUbscription Concealed Identifier
SUPI SUbscription Permanent Identifier
UDM Unified Data Management
UDR Unified Data Repository
UE User Equipment
UPF User Plane Function
Acronym Full name
AAA Authentication, Authorization, and Accounting
AAA-P AAA Proxy
AAA-S AAA Server
AKA Authentication and Key Agreement
AKMA Authentication and Key Management for Applications
based on 3GPP credentials in 5G
AMF Access and Mobility Management Function
AP Access Point
ARPF Authentication credential Repository and Processing
Function
AS Access Stratum
AUSF Authentication Server Function
DN Data Network
EAP Extensible Authentication Protocol
GUTI Globally Unique Temporary UE Identity
N3IWF Non-3GPP access InterWorking Function
NAI Network Access Identifier
NAS Non-Access Stratum
Thank you ☺
Takahito Yoshizawa, KU Leuven ELEC / COSIC38
GSMA USE ONLY
ETSI Security Week: Improving 5G Security through Coordinated Vulnerability Disclosure – GSMA CVD Programme
[email protected] +44 (0)20 7356 0600 HQ - London, United Kingdom
James Skuse | Security Services Manager, GSMA
39
GSMA USE ONLY40
GSMA Coordinated Vulnerability Disclosure
Programme
The identified security
vulnerability must not only
apply to vendor specific
technologies or services.
Disclosures must
describe new work and
vulnerabilities that were
not previously in the
public domain
Must focus on open
standards based
technologies that are
used across, or have
significant impact on, the
mobile industry.
Examples: 4G, 5G SIM toolkit, SS7, eSIM, AKA protocols, SIM box
GSMA USE ONLY
▪ Enables early notification of vulnerabilities
▪ Provides time to respond and remediate vulnerabilities before
they become public
▪ Builds trust with security researchers and organisations
▪ Improves security awareness and readiness
41
Benefits for Industry and consumers
GSMA USE ONLY42
GSMA CVD Ecosystem
3GPP(e.g. SA3)
GSMA Working
Groups
GSMA Fraud and
Security Architecture
Group (FSAG)
GSMA 5G Security
Task Force (5GSTF)
GSMA T-ISAC
(Telecommunication
Information Sharing and
Analysis Centre)
Other
GSMA Co-ordinated Vulnerability Disclosure
Standards
Bodies
ETSI
Advisory &
Governance
Fraud & Security Group
(FASG)
Panel of Experts Telecoms Industry
groups
Security
Conferences
Academia
GSMA USE ONLY
▪ 14 pieces of research relating to 5G since 2017 (total 33)
▪ Majority of these (86%) from Academic Researchers
▪ Main issue: False Base Station, unprotected connection/paging
▪ Sometimes research identifies either:
i) a known limitation of the 3GPP standard (i.e. not designed to protect) or
ii) misconfiguration by vendor/operator
▪ Impacts include: UE DoS, UE impersonation, spoofing, coarse-grain UE
location, providing capabilities of a UE to the attacker, paging UE
43
GSMA CVD: 5G research overview
GSMA USE ONLY
A Formal Analysis of 5G Authentication
Lucca Hirschi, David Basin, Jannik Dreier, Saša Radomirović, Ralf Sasse, Vincent Stettler
▪ Described flaws in the 5G standard which could lead to network deployments
not fulfilling critical security goals of 5G AKA (Authentication and Key
Agreement)
▪ This claimed to allow an attacker to bill a different subscriber, impersonate a
serving network towards a subscriber, or how an active attacker can trace a
subscriber if the attacker stays in physical vicinity of the subscriber
▪ Suggested changes within the paper to authentication process cause possible
issues with backwards compatibility (including NSA 5G deployments)
▪ Limited media pickup
▪ Resolution: partly fixed already (TS 33.501), further standards work triggered to
update 3GPP 5G standards (S3-183653)
▪ GSMA Hall of Fame (HoF) – included for academic merit
44
CVD-2018-0012
GSMA USE ONLY
Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information
(“ToRPEDO”)
Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui Li and Elisa Bertino
▪ Describes a design weakness of the 4G cellular paging protocol which can be
exploited using a false base station
▪ Used to target a subscriber’s IMSI/SUPI by sending multiple messages in quick
succession and then monitoring the network to identify increased traffic against a
specific subscriber
▪ This approach would have to be performed in specific timeslots and be based on trial
and error which would be an exhaustive and time consuming process (hours)
▪ Significant media pickup – however limits of exploit not noted in coverage
▪ Resolution: 5G procedures were changed in 3GPP TS 38.304 v15.1.0 – investigations
within 3GPP about fixing for 4G
▪ GSMA HoF – based on academic research approach
45
CVD-2018-0014
GSMA USE ONLY
LTE Security Disabled - Misconfiguration in Commercial Networks
Merlin Chlosta, David Rupprecht, Thorsten Holz, Christina Pöpper
▪ Discussed how some 4G networks were configured
insecurely and failed to enforce standards-compliant
behaviour. 5G also affected
▪ Standards-compliant behaviour: mandatory
rejection of UEs without integrity protection on
NAS and RRC (except emergency calls in some
jurisdictions)
▪ Researchers demonstrate how an attacker can exploit
this misconfiguration and request insecure operation –
possible billing fraud (with false base station)
▪ No media pickup
▪ Resolution: 3GPP TS 24.301/24.501 updated for EPS
and 5GS to clarify the expected behaviour (reject UE)
▪ GSMA HoF – for standards and real-world impact
46
CVD-2018-0013
LTE Security Disabled—Misconfiguration in Commercial
Networks, Chlosta et al.
GSMA USE ONLY
New vulnerabilities in 4G and 5G cellular access network protocols: exposing device
capabilities
Altaf Shaik, Ravishankar Borgaonkar, Shinjo Park, Jean Pierre Seifert
▪ Discussed a standards flaw allowing unprotected
exchange of device capability information
between the device and the network - now
resolved
▪ This was claimed to allow an attacker to profile a
device/network to target further attacks
▪ Media pickup as part of Blackhat presentation
▪ Resolution: 3GPP TS 36.331 change – to set up
security before exchange of UE capability
information
▪ GSMA HoF – for detection of flaw in standards
47
CVD-2019-0018
New vulnerabilities in 4G and 5G cellular access network
protocols: exposing device capabilities, Shaik et al.
Sent in plaintext
GSMA USE ONLY
5GReasoner - Vulnerabilities in the NAS and RRC layers of 5G control plane protocol stack
Syed Rafiul Hussain, Mitziu Echeverria, Imtiaz Karim, Omar Chowdhury, and Elisa Bertino
▪ Several scenarios related to the 5G phase 1 standards
▪ Scenarios judged as nil or low impact in practice – some claims not within the stated
security goals for the 5G design – emergency calls, poor network configuration, increase
power usage, find temporary identifier (GUTI/I-RNTI). Appreciate the authors’ work to
identify where the standard is written ambiguously
▪ On 24-bit NAS COUNT in 5G, it seems clear the intention of the 3GPP specifications is
that the same value of NAS COUNT should never be used twice
▪ Some media pickup
▪ Resolution: standards work ongoing in 3GPP relating to NAS COUNT issue – make
unambiguous what should happen when receiving same NAS count repeatedly (3GPP
TS 24.501)
▪ GSMA HoF – included for identifying ambiguously written standard
48
CVD-2019-0029
GSMA USE ONLY
IMP4GT: IMPersonation Attacks in 4G NeTworks
David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper
▪ Exploits false base station, lack of user plane integrity
protection and packet reflection behaviour to create
cryptographic oracle - but only within limited area (MITM)
▪ Allow an attacker to encrypt packets - impersonation of
user-to-network or network-to-user for limited purposes
▪ Billing fraud
▪ Network-asserted identity impersonation
▪ Bypass network filtering
▪ CVD-2018-0008 – limited to DNS manipulation: send user
to false website
▪ Resolution: work ongoing within 3GPP on 5GSA (TS
38.300/24.501)
▪ GSMA HoF – real world impact
49
CVD-2019-0024 and CVD-2018-0008
IMP4GT: IMPersonation Attacks in 4G NeTworks
presentation, NDSS Symposium, Rupprecht et al.
GSMA USE ONLY
Questions?
More information:
▪ www.gsma.com/cvd
▪ If you are a GSMA member: IC2 group – search “CVD”
© ETSI ETSI Security Week 2020 goes virtual
Questions & Answers
© ETSI ETSI Security Week 2020 goes virtual
Upcoming webinars in the threadDeploying 5G Securely:
18 June, 10am: Security Challenges and Regulatory Aspects
© ETSI ETSI Security Week 2020 goes virtual
Thank you for joining this webinar !
Find the full‘ETSI Security Week 2020 goes virtual’
programme at
www.etsi.org/etsisecurityweek