Vulnerability Analysis of Mobile and Wireless Protocols - PowerPoint PPT Presentation

About This Presentation
Title:

Vulnerability Analysis of Mobile and Wireless Protocols

Description:

Vulnerability also exists if bitwise and' of auth bits of SBC-REQ and SBC-RSP is 0 ... Spoofed SBC-REQ with 0-authorization. Network will most likely reject it ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 34
Provided by: Jin1
Category:

less

Transcript and Presenter's Notes

Title: Vulnerability Analysis of Mobile and Wireless Protocols


1
  • Vulnerability Analysis of Mobile and Wireless
    Protocols

2
Outline
  • Vulnerability Analysis Method
  • Message Spoofing
  • Mobile IPv4
  • WiMAX
  • EAP
  • EAP-FAST
  • Future work

3
Vulnerability Analysis Method
  • Study the protocol specifications
  • Find Unprotected messages
  • Concentrate on the unprotected messages to find
    security vulnerabilities
  • If practical, simulation of the vulnerabilities
  • Proposal of solution(s)

4
Message spoofing
  • Can be achieved using debug ports left open by
    hardware vendors
  • Standard IEEE 1149.1 Joint Test Action Group
    (JTAG)
  • Intel and Fujitsu WiMAX implementations leave
    their debug ports open
  • Motorola JTAG ports are closed in production
    boxes

5
MIPv4 Phases
  1. Agent Discovery
  2. Registration
  3. Data Exchange

6
MIPv4 - Messages
Message Channel Protected
Agent Advertisement FA ?MN No
Agent Solicitation MN ? FA No
Registration Request MN ? FA No
Registration Response FA ? MN Yes
7
Vulnerability Analysis
  • No new vulnerabilities found

8
WiMAX
  • Studied the IEEE 802.16 (2004) spec
  • Focused on Network Entry and Initialization
    before SS authorization step

9
Network Entry and Initialization
10
Network Entry and Initialization
Work Done
11
Network Entry and Initialization
Future work
12
WiMAX Unprotected messages
Message Channel Description
DL-MAP BS ? SS Downlink Access Definition
UL-MAP BS ? SS Uplink Access Definition
UCD BS ? SS Uplink Channel Descriptor
RNG-REQ SS ? BS Ranging Request
RNG-RSP BS ? SS Ranging Response
SBC-REQ SS ? BS SS Basic Capability Request
SBC-RSP BS ? SS SS Basic Capability Response
13
Vulnerabilities found
  • 0-Authorization vulnerability
  • Using SBC-REQ and SBC-RSP messages
  • Ranging synchronization vulnerability
  • Using RNG-REQ and RNG-RSP messages
  • UCD vulnerability

14
0-Authorization vulnerability
  • Authorization Policy Support is one of the many
    capabilities
  • Authorization and key exchange steps will be
    skipped if the Auth Policy Support bits are set
    to 0
  • Vulnerability also exists if bitwise and of
    auth bits of SBC-REQ and SBC-RSP is 0

15
0-Authorization vulnerability
Syntax Size Notes
SBC-REQ/RSP message format()
Message Type 8 bits
TLV encoded information variable TLV specific

SBC-REQ / SBC-RSP message format
Type Length Value
16 1 byte Bit 0 IEEE 802.16 privacy supported Bits 1-7 Reserved shall be set to zero
Authorization Policy Support bits
16
0-Authorization vulnerability
  • Motorola implementations allow 0-authorization
    only for debugging purposes and E911 with limited
    access
  • Spoofed SBC-REQ with 0-authorization
  • Network will most likely reject it
  • Spoofed SBC-RSP with 0-authorization
  • MS will not permit it for not being able to trust
    the service provider

17
Ranging Sync vulnerability
  • Ranging adjusts SS's timing offset such that it
    appears to be co-located with BS
  • RNG-REQ message is sent by the SS with power
    level and timing offset corrections
  • If the status in spoofed RSG-RSP is continue,
  • SS keeps on trying until successful
  • Aborts and re-ranges after a fixed number of
    tries

18
Ranging Sync vulnerability
  • If the status in spoofed RNG-RSP is either Abort
    or Re-range
  • Starts the network entry process again from the
    beginning
  • Correct timing is essential for this attack to
    work
  • Spoofed messages should be sent before the
    legitimate RNG-RSP reaches SS

19
Ranging Sync vulnerability
20
Ranging Sync vulnerability
21
UCD vulnerability
  • After channel synchronization, SS waits for UCD
    msg from BS to retrieve a set of transmission
    parameters for uplink chanel
  • A spoofed UCD message with unsuitable channel
    parameters will make the SS start over from the
    first step of downlink channel scanning

22
WiMAX Analysis
  • Found 3 potential vulnerabilities
  • But, they are hard to instigate as they require
  • Considerable hardware to spoof the messages
  • Correct timing

23
EAP
  • Used in the PPP, 802.11, 802.16, VPN, PANA, and
    in some functions in 3G networks
  • Support currently about 40 different EAP methods
  • Commonly used modern methods capable of operating
    in wireless networks include EAP-TLS, EAP-SIM,
    EAP-AKA, PEAP, LEAP and EAP-TTLS

24
EAP and associated layers
25
EAP Message Exchange Framework
Peer
AP
26
EAP-FAST (Flexible Authentication via Secure
Tunneling)
  • Most Comprehensive and secure WLAN method
  • Use of a protected access credential (PAC)
  • Three phase
  • Phase 0 PAC provisioning
  • Phase 1 Establish TLS tunnel.
  • Phase 2 Authentication

27
Establish Secure Channel
Establish Secure Channel
Establish connection (for example, TCP)
Inner method Server
Peer
AP
EAP-FAST server
TLS Tunnel established
TLS Tunnel torn down
EAP-FAST choreography overview
28
Messages within EAP-FAST
Message Channel Protected?
Provisining ( this phrase itself is an EAP-TLS Exchange) Provisining ( this phrase itself is an EAP-TLS Exchange) Provisining ( this phrase itself is an EAP-TLS Exchange)
EAP- Request /Identity AP- to-MS NO
EAP-Response/ Identity MS- to-AP NO
Identity Response AP- to-Radius YES, secure channel
EAP-FAST start Radius - to- AP YES, secure channel
EAP-FAST start AP- to-MS NO
TLS tunnel establishment TLS tunnel establishment TLS tunnel establishment
Authentication with a inner Authentication method, protected by TLS tunnel Authentication with a inner Authentication method, protected by TLS tunnel Authentication with a inner Authentication method, protected by TLS tunnel
EAP-Success AP- to-MS NO
29
Explaination for unprotected message
  • Initial Request-response Messages
  • Sent in cleartext
  • Just contain realm information
  • Used to route the authentication requests to the
    right eap server

30
Explaination for unprotected message(2)
  • Clear text success /failure packet
  • The success/failure decisions within the tunnel
    indicate the final decision of the EAP-FAST
    authentication conversation.
  • To abide by RFC3748, the server must send a
    clear text EAP Success or EAP Failure packet to
    terminate the EAP conversation.

31
Explaination for unprotected message(3)
  • What will happen if a clear text indication is
    spoofed?
  • It dosent matter because the clear text
    indication is only used to terminate the
    authentication conversation, not for other use.
  • What will happen if the final cleartext
    success/failure packet in an EAP-FAST is lost?
  • It is up to the basic EAP policy. In the
    event that neither a success nor a failure packet
    is received, the peer SHOULD termiate the
    conversation to avoid lengthy timeout in case of
    the lost packet was an EAP failure.RFC3748, 4.2

32
EAP-FAST Analysis
  • No vulnerability was found wihin EAP-FAST!

33
Future work
  • Study internal attacks
  • Till now the focus was on external attacks
  • Resource Depletion attacks
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Vulnerability Analysis of Mobile and Wireless Protocols" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!