Publications

 

 

Mobile subscriber WiFi privacy

Piers O’Hanlon, Ravishankar Borgaonkar, Department of Computer Science University of Oxford, United Kingdom; Lucca Hirschi, LSV, ENS Paris-Saclay Universite ́ Paris-Saclay, France. [PDF Preprint]

Abstract: This paper investigates and analyses the insufficient protections afforded to mobile identities when using today’s operator backed WiFi services. Specifically we detail a range of attacks, on a set of widely deployed authentication protocols, that enable a malicious user to obtain and track a user’s International Mobile Subscriber Identity (IMSI) over WiFi. These attacks are possible due to a lack of sufficient privacy protection measures, which are exacerbated by preconfigured device profiles. We provide a formal analysis of the protocols involved, examine their associated configuration profiles, and document our experiences with reporting the issues to the relevant stakeholders. We detail a range of potential countermeasures to tackle these issues to ensure that privacy is better protected in the future.

Security and Resilience in 5G: Current Challenges and Future Directions

Ghada Arfaoui, José Manuel Sanchez Vilchez, Jean-Philippe Wary Orange Labs,Chatillon, France [PDF Preprint]

Abstract: 5G tends to be a multi-layered, multi-actor, and multi-access mobile network in order to fulfill the stringent availability, security, privacy and resilience requirements that are usually contradictory. In this paper, we propose a 5G vision based on softwarization. We provide a non-exhaustive list of current security, trust and resilience issues that are critical to be explored in 5G. Finally, we give some directions to overcome these issues.

On the Fingerprinting of Software-defined Networks

Heng Cui, Ghassan O. Karame, Felix Klaedtke, and Roberto Bifulco. "On the Fingerprinting of Software-defined Networks". IEEE Transactions of Information Forensics and Security 11(10):2160-2173, 2016. [DOI | Open Access]

Abstract: Software-defined networking (SDN) eases network management by centralizing the control plane and separating it from the data plane. The separation of planes in SDN, however, introduces new vulnerabilities in SDN networks, since the difference in processing packets at each plane allows an adversary to fingerprint the network's packet-forwarding logic. In this paper, we study the feasibility of fingerprinting the controller-switch interactions by a remote adversary, whose aim is to acquire knowledge about specific flow rules that are installed at the switches. This knowledge empowers the adversary with a better understanding of the network's packet-forwarding logic and exposes the network to a number of threats. In this paper, we collect measurements from hosts located across the globe using a realistic SDN network comprising of OpenFlow hardware and software switches. We show that, by leveraging information from the RTT and packet-pair dispersion of the exchanged packets, fingerprinting attacks on SDN networks succeed with overwhelming probability. We additionally show that these attacks are not restricted to active adversaries, but can also be mounted by passive adversaries that only monitor traffic exchanged with the SDN network. Finally, we discuss the implications of these attacks on the security of SDN networks, and we present and evaluate an efficient countermeasure to strengthen SDN networks against fingerprinting. Our results demonstrate the effectiveness of our countermeasure in deterring fingerprinting attacks on SDN networks.

Towards Micro-Segmentation in 5G Network Security

Olli Mämmelä, Jouni Hiltunen, Jani Suomalainen, Kimmo Ahola, Petteri Mannersalo, Janne Vehkaperä, “Towards Micro-Segmentation in 5G Network Security”. In Proc. of the EuCNC 2016 Network Management, QoS and Security workshop.

Abstract: 5G mobile networks are currently designed with a vision of reshaping the mobile network architecture. 5G will be a completely new ecosystem with heterogeneous high-speed access technologies and built-in support for various applications and services. The amount of mobile traffic and number of users increases gradually each year as the demand for interactive multimedia, social networking, online gaming, Industrial Internet of Things (IIoT), and vehicle-to-vehicle communication grows. To enable operators to better support different applications, mobile networks will be software-defined and virtual in the future.
Security of 5G is going to be crucial in those critical ap- plications that must rely on the mobile network to provide strong authentication, confidentiality, availability and privacy guarantees. In the case of an attack the consequences could be dramatic. For example, an IIoT based factory may occur severe damages if faulty information by an IoT sensor is provided.
The roles of isolation, virtualization and network management are going to be important. Applications or services requiring high level of security can be protected by isolating them from the rest of the network. Micro-segmentation is a concept, originating from data centres, for isolating different applications and parts of networks from each other. This paper contributes by describing how the concept of micro-segments can be adapted and utilized in 5G mobile networks. We present the key aspects of micro- segmentation and provide a description of our initial proof-of- concept demonstration and ideas how micro-segmentation could be integrated into 5G network architecture. We also describe challenges for future research.

Threats to 5G Group-Based Authentication

Rosario Giustolisi and Christian Gehrmann. "Threats to 5G Group-Based Authentication". In Proc. of the 13th International Conference on Security and Cryptography (SECRYPT 2016). 26-28 July 2016, Madrid, Spain. [PDF Preprint]

Abstract: The fifth generation wireless system (5G) is expected to handle an unpredictable number of het- erogeneous connected devices and to guarantee at least the same level of security provided by the contemporary wireless standards, including the Authentication and Key Agreement (AKA) protocol. The current AKA protocol has not been designed to efficiently support a very large number of devices. Hence, a new group-based AKA protocol is expected to be one of the security enhancement introduced in 5G. In this paper, we advance the group-based AKA threat model, reflecting previously neglected security risks. The threat model presented in the paper paves the way for the design of more secure protocols.

 

Cases for Including a Reference Monitor to SDN. (Demo)

Dimitrios Gkounis, Felix Klaedtke, Roberto Bifulco, and Ghassan O. Karame. "Cases for Including a Reference Monitor to SDN." (Demo.) In the Proceedings of the 2016 ACM SIGCOMM Conference, pages 599-600. ACM Press, 2016 [Open AccessDOI | Poster]

The demo presents a proof-of-concept implementation of the reference monitor for the state-of-the-art SDN controller ONOS, and shows its effectiveness in protecting the network from misconfigurations caused by the interplay of applications and administrators, when using the ONOS’ intent framework.

TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Nicolae Paladi and Christian Gehrmann. "TruSDN: Bootstrapping Trust in Cloud Network Infrastructure." In proc. of the 12th EAI International Conference on Security and Privacy in Communication Networks (SECURECOMM 2016), OCTOBER 10–12, 2016, Guangzhou, China [PDF Preprint]

Abstract: Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defence against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

White rabbit in mobile: effect of unsecured clock source in smartphones

Park, Shinjo and Shaik, Altaf and Borgaonkar, Ravishankar and Seifert, Jean-Pierre. "White Rabbit in Mobile: Effect of Unsecured Clock Source in Smartphones." In proc. of the ACM CCS 2016 Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM). 24 October 2016. Vienna, Austria. [DOI | Open Access]

Abstract: With its high penetration rate and relatively good clock accuracy, smartphones are replacing watches in several market segments. Modern smartphones have more than one clock source to complement each other: NITZ (Network Identity and Time Zone), NTP (Network Time Protocol), and GNSS (Global Navigation Satellite System) including GPS. NITZ information is delivered by the cellular core network, indicating the network name and clock information. NTP provides a facility to synchronize the clock with a time server. Among these clock sources, only NITZ and NTP are updated without user interaction, as location services require manual activation. In this paper, we analyze security aspects of these clock sources and their impact on security features of modern smartphones. In particular, we investigate NITZ and NTP procedures over cellular networks (2G, 3G and 4G) and Wi-Fi communication respectively. Furthermore, we analyze several European, Asian, and American cellular networks from NITZ perspective. We identify three classes of vulnerabilities: specification issues in a cellular protocol, configurational issues in cellular network deployments, and implementation issues in different mobile OS's. We demonstrate how an attacker with low cost setup can spoof NITZ and NTP messages to cause Denial of Service attacks. Finally, we propose methods for securely synchronizing the clock on smartphones.

Analysis of Trusted Execution Environment usage in Samsung KNOX

Ahmad Atamli-Reineh, Ravishankar Borgaonkar, Ranjbar A. Balisane, Giuseppe Petracca, Andrew Martin. "Analysis of Trusted Execution Environment usage in Samsung KNOX." Accepted to the 1st Workshop on System Software for Trusted Execution (SysTEX 2016). 12 December 2016. Trento, Italy. [PDF Preprint]

Abstract: With its high penetration rate and relatively good clock accuracy, smartphones are replacing watches in several market segments. Modern smartphones have more than one clock source to complement each other: NITZ (Network Identity and Time Zone), NTP (Network Time Protocol), and GNSS (Global Navigation Satellite System) including GPS. NITZ information is delivered by the cellular core network, indicating the network name and clock information. NTP provides a facility to synchronize the clock with a time server. Among these clock sources, only NITZ and NTP are updated without user interaction, as location services require manual activation. In this paper, we analyze security aspects of these clock sources and their impact on security features of modern smartphones. In particular, we investigate NITZ and NTP procedures over cellular networks (2G, 3G and 4G) and Wi-Fi communication respectively. Furthermore, we analyze several European, Asian, and American cellular networks from NITZ perspective. We identify three classes of vulnerabilities: specification issues in a cellular protocol, configurational issues in cellular network deployments, and implementation issues in different mobile OS's. We demonstrate how an attacker with low cost setup can spoof NITZ and NTP messages to cause Denial of Service attacks. Finally, we propose methods for securely synchronizing the clock on smartphones.

A Secure Group-Based AKA Protocol for Machine-Type Communications

Rosario Giustolisi, Christian Gehrmann, Markus Ahlström, and Simon Holmberg. "A Secure Group-Based AKA Protocol for Machine-Type Communications." Accepted at the 19th Annual International Conference on Information Security and Cryptology. November 30 - December 2, 2016, Seoul, Korea. [PDF Preprint]

Abstract: The fifth generation wireless system (5G) is expected to handle with an unpredictable number of heterogeneous connected devices while guaranteeing a high level of security. This paper advances a group-based Authentication and Key Agreement (AKA) protocol that contributes to reduce latency and bandwidth consumption, and scales up to a very large number of devices. A central feature of the proposed protocol is that it provides a way to dynamically customize the trade-off between security and efficiency. The protocol is lightweight as it resorts on symmetric key encryption only, hence it supports low-end devices and can be already adopted in current standards with little effort. Using ProVerif, we prove that the protocol meets mutual authentication, key confidentiality, and device privacy also in presence of corrupted devices, a threat model not being addressed in the state-of-the-art group-based AKA proposals. We evaluate the protocol performances in terms of latency and bandwidth consumption, and obtain promising results.