1 / 14

Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil

Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil. Syed Rafiul Hussain * , Mitziu Echeverria † , Ankush Singla * , Omar Chowdhury † , Elisa Bertino * Purdue University, University of Iowa. Initial Connection Setup with a Base Station in 4G and 5G Networks.

jacobsm
Download Presentation

Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil Syed Rafiul Hussain*, Mitziu Echeverria†, Ankush Singla*, Omar Chowdhury†, Elisa Bertino*Purdue University, University of Iowa

  2. Initial Connection Setup with a Base Station in 4G and 5G Networks Time & Frame Synchronization System Info. Block Master info. Block Frame Synch.

  3. Fake Base Station in 4G and 5G Networks IMSI Response Authentication Reject Registration Reject IMSI Request How can we prevent cellular devices from connecting to Fake Base Stations? IMSI: International Mobile Subscriber Identity

  4. Potential Defense Techniques Against Fake Base Station Attack Specific Defense Prevent Spoofing of Individual Messages Generic Defense Prevent Spoofing of Broadcast Messages IMSI Request IMSI Request Registration Reject Registration Reject Authentication Reject Authentication Reject

  5. Preventing Broadcast Spoofing Symmetric Key Based Broadcast Authentication TESLA-based Broadcast Authentication msg 2, MAC2, Key 1 Secure Channel msg 3, MAC3, Key 2 Secure channel establishment Delayed key disclosure

  6. PKI-based Mechanism MME Core Network Base Station UE 1. Certificate chain length 2. Certificate Revocation 3. Signature Generation Overhead 4. MitM Relay Self-signed CN-signed MME-signed MIB, SIB1, 6

  7. Optimized PKI Scheme (1/3) A Lightweight Design of Certificate for Cellular Network Propose a specialized certificate format Base Station’s Public Key Cell ID location expiration time signature of MME

  8. Protocol-Level Optimizations Which SIBs require authentication? Which messages require authentication? Frame Synch. Sys. Info. Block Type 1 Master info. Block Sys. Info. Block Type 2 System Info. Block Minimize certificate chain’s transmission SIGN_SIB1 SIB 1, CERT CHAIN SIB2, SIGN_SIB2 Aggregating Authentication

  9. Cryptographic Scheme-level Optimization Reduce the size of the signatures Aggregate SIGN SIGN_BS, SIGN_MME, SIGN_CN SIB1, Compute the expensive crypto operations at offline

  10. Countermeasure for Relay Attacks Distance Bounding Protocol Allow a bootstrapping message to be valid for a short time SIB1, Aggregate SIGN,Timestamp, ∆t, location

  11. Evaluation Results End-to-end delay induced by different digital signature schemes against baseline

  12. Conclusion Prevents devices to connect to malicious base stations. Moderate Overhead (Max: 220 bytes, 28 ms). Backward compatibility.

  13. Thank You

  14. Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil Syed Rafiul Hussain Purdue University hussain1@purdue.edu

More Related