1 / 85

Wireless Overview Protocols and Threat Models

Wireless Overview Protocols and Threat Models. Dan Veeneman dan@decodesystems.com www.decodesystems.com/blackhat/bh-1.ppt. Focus of this talk. Overview of available commercial technologies Skipping 802.11 U.S.-centric Terrestrial networks Additional information in second briefing.

paul2
Download Presentation

Wireless Overview Protocols and Threat Models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless OverviewProtocols and Threat Models Dan Veeneman dan@decodesystems.com www.decodesystems.com/blackhat/bh-1.ppt

  2. Focus of this talk • Overview of available commercial technologies • Skipping 802.11 • U.S.-centric • Terrestrial networks • Additional information in second briefing Wireless Overview Protocols and Threat Models

  3. Wireless OverviewProtocols and Threat Models • Radio Frequency Basics • Mobile telephony • Cellular Digital Packet Data (CDPD) • Nextel • Private data networks • Two-way paging • Bluetooth • 3G Wireless Overview Protocols and Threat Models

  4. Why Wireless • Immediate communication, mobile user • Two-way, interactive • Broadcast • Convenience • Bandwidth limitations • Roaming (no fixed location) Wireless Overview Protocols and Threat Models

  5. Market Requirements • Reliable • Low-cost • Easy to use • Secure • Pervasive • Interoperable Wireless Overview Protocols and Threat Models

  6. Wireless Security Requirements • Trust Model • access control • authenticate users to access particular resources • link privacy • encryption • link integrity • message authentication • prevent denial of service • (limit bandwidth hogs) Wireless Overview Protocols and Threat Models

  7. Radio Frequency • Federal Communications Commission • FM Radio: 88 to 108 MHz • Cellular telephones: 800 and 1900 MHz • Two-way pagers: 900 MHz • Industrial, Scientific and Medical (ISM): 2.402 to 2.480 GHz Wireless Overview Protocols and Threat Models

  8. Radio Wave • Frequency • Wavelength • Amplitude • Modulation • Amplitude • Frequency • Phase • FSK • PSK Wireless Overview Protocols and Threat Models

  9. Wireless Overview Protocols and Threat Models

  10. Generic Wireless Architecture • Mobile terminal • Airlink • Radio base station • Intraconnect links • Network control • Interconnect links • External Networks • Public Switched Telephone Network • Internet Wireless Overview Protocols and Threat Models

  11. Common Airlink Problems • Variable link quality • Multi-path (signal reflections) • Shadowing (terrain/structure blockage) • Interference • Other users • EMI • Attenuation • Distance • Antenna orientation/polarization Wireless Overview Protocols and Threat Models

  12. Multipath • Multiple paths to receiver • Each path has slightly different time delay Wireless Overview Protocols and Threat Models

  13. Interference Wireless Overview Protocols and Threat Models

  14. Error Detection/Correction • Parity Codes • Parity bits + Data bits = Expected code word • Cyclic Redundancy Check • Chunk of data + Polynomial residue • Block Codes • Chunk of data + Redundant Data • Convolutional Codes • Data stream fed through LFSR • Code rate, constraint length • Concatenated Codes Wireless Overview Protocols and Threat Models

  15. Terrestrial Networks • Voice primary • Cellular and PCS • Nextel • Data primary • private packet • paging Wireless Overview Protocols and Threat Models

  16. Cellular • Analog • Digital - TDMA • Digital - CDMA • Digital - GSM Wireless Overview Protocols and Threat Models

  17. System Comparison Wireless Overview Protocols and Threat Models

  18. Cellular Frequency Reuse • Seven frequency sets • Geographic distance between sets allows the same frequencies to be reused Wireless Overview Protocols and Threat Models

  19. Cellular-based • Mobile Telephone Switching Office (MTSO) • Controls multiple base stations • Interfaces to PSTN • Mobile is handed off from one base station to another Wireless Overview Protocols and Threat Models

  20. Advanced Mobile Phone System • “1G” • Analog voice • 50 MHz, 832 channels • Mobile transmit: 824 MHz to 849 MHz • Base transmit: 869 to 894 MHz • 21 control channels • Designed in 1970’s Wireless Overview Protocols and Threat Models

  21. Cellular Telephone startup • Mobile telephone scans for strongest control channel • Listens to overhead messages on forward link • Sends registration message • Electronic Serial Number (ESN) • Mobile Identification Number (MIN) • Waits for paging message Wireless Overview Protocols and Threat Models

  22. AMPS weaknesses • Interception is easy (but now illegal) • Spoofing (“cloned” phones) • Call hijacking • Tracking Wireless Overview Protocols and Threat Models

  23. Locating Mobiles • GPS • Time Difference of Arrival • Angle of Arrival • Multipath Fingerprinting Wireless Overview Protocols and Threat Models

  24. TDOA Wireless Overview Protocols and Threat Models

  25. AOA Wireless Overview Protocols and Threat Models

  26. Cellular Digital Packet Data • Packet data sent on idle voice channels • Voice takes priority • AT&T • “OmniSky” service • Verizon • IP-based interfaces • 150,000 customers • Many police car installs Wireless Overview Protocols and Threat Models

  27. CDPD Coverage Wireless Overview Protocols and Threat Models

  28. CDPD Elements • M-ES: Mobile End System • CDPD modem • MDBS: Mobile Data Base Station • RF interface • MD-IS: Mobile Data Intermediate System • Mobile Home Function (MHF) • Mobile Serving Function (MSF) • IS: Intermediate System • Router, IP/CNIP • F-ES: Fixed End Station Wireless Overview Protocols and Threat Models

  29. CDPD Roaming • Packets to M-ES go to MHF MD-IS first • Forwarded to MSF MD-IS • Packets from M-ES can route directly to F-ES Wireless Overview Protocols and Threat Models

  30. CDPD Airlink • GMSK modulation • 19.2 kbps raw data rate • FEC • Reed-Solomon 63, 47 block code • 47 info symbols (six-bit symbols, 282 bits), 16 parity symbols, 63 total symbols • Correct up to 8 six-bit symbols Wireless Overview Protocols and Threat Models

  31. CDPD MAC • Continuous forward link from MDBS • Mobiles listen to forward link busy/idle • Possible reverse channel collisions • Mobile checks forward link for decode success • Header, User Data, Trailer (Frame Check) • Flag, address, control fields in header • Selective ARQ Wireless Overview Protocols and Threat Models

  32. CDPD Link Establishment • M-ES known to serving MD-IS Terminal Equipment Identifier (TEI), 6 to 27 bits • M-ES sends TEI Request with 48-bit Equipment ID • MD-IS issues TEI Assign with assigned TEI • TEI lifetime of 4 hours, can be exhausted Wireless Overview Protocols and Threat Models

  33. CDPD Registration • End System Hello (ESH) message • Network Equipment Identifier (usually 32-bit IP address) • Registration Counter (to filter duplicates) • Credentials • Authentication Random Number (ARN, 64 bits) • Authentication Sequence Number (ASN, 16 bits) • Shared history (incremented by 1 after each TEI assignment) • ESH sent from M-ES to MDBS encrypted • ASN and ARN are both 0 at initial configuration • ARN occasionally changed • Network maintains two most-recent Credentials • (in case of loss of update synchronization) Wireless Overview Protocols and Threat Models

  34. CDPD Registration • MD-IS sends Redirect Request (RDR) to MHF • Requests MHF send all future packets to it • MHF checks M-ES Credentials • MHF returns Redirect Confirmation to MSF • MSF returns Hello Confirmation (ISC) to M-ES Wireless Overview Protocols and Threat Models

  35. CDPD Attacks • IP-accessible Intermediate Systems (routers) • Attacks from outside, other providers • BGP4, OSPF, buffer overflow, etc • Only the airlink is encrypted • Use unauthenticated RDR messages to grab traffic • Brute force Credentials via repeated RDR • Jam reverse link transmissions • Disrupt M-ES reception • Busy-out the reverse link (attempt saturation) • Place an analog call via CDPD cellsite • CDPD “ZAP” command to silence bad modems Wireless Overview Protocols and Threat Models

  36. Cellemetry • Use spare capacity in the cellular control channel • A few bytes • Telemetry • Vending machines • Maintenance data Wireless Overview Protocols and Threat Models

  37. Digital AMPS • Answer to capacity issues • AT&T Wireless • IS-136 • 800 MHz cellular and 1900 MHz PCS • Time Division Multiple Access • Six timeslots • One call gets two timeslots Wireless Overview Protocols and Threat Models

  38. Time Division Multiple Access • Mobiles take turns transmitting • Base transmits continuously Wireless Overview Protocols and Threat Models

  39. Code Division Multiple Access • Competitor to D-AMPS • IS-95 • Sprint PCS, Verizon • Pilot + 63 other “channels” • Walsh Codes • Requires that all users in a cell be time-synchronized to maintain orthogonality • Near/Far problem, power control Wireless Overview Protocols and Threat Models

  40. Frequency Hopping • Transmissions “hop” • Pseudo-random sequence • Transmitter and receiver must synchronize • 2.4 GHz ISM • at least 75 frequencies • duration < 400 ms Wireless Overview Protocols and Threat Models

  41. Direct Sequence • Each data bit replaced with sequence of “chips” • Bandwidth increases • Power density decreases • Signals appear as noise • LPI/LPD, anti-jam • GPS, IS-95 • Chip pattern comes from Pseudo-random Noise (PN) code • Transmitter and receiver must synchronize Wireless Overview Protocols and Threat Models

  42. Correlation Example DATA: 1 0 1 1 0 1 1 0 0 1 0 0 PN: 1010 0110 0100 1111 0001 0100 1001 0100 0101 0001 0100 1011 SPREAD: 1010 1001 0100 1111 1110 0100 1001 1011 1010 0001 1011 0100 (four chips per bit) First data bit 1 becomes 4 chips, 1010 Next data bit 0 comes 4 chips, 1001 (inverted 0110) Correlation with PN Code synchronized SPREAD: 1010 1001 0100 1111 1110 0100 1001 1011 1010 0001 1011 0100 PN: 1010 0110 0100 1111 0001 0100 1001 0100 0101 0001 0100 1011 XOR: 0000 1111 0000 0000 1111 0000 0000 1111 1111 0000 1111 1111 Correlation with PN Code not synchronized (one chip off) SPREAD: 1010 1001 0100 1111 1110 0100 1001 1011 1010 0001 1011 0100 PN: 0100 1100 1001 1110 0010 1001 0010 1000 1010 0010 1001 0110 XOR: 1110 0101 1101 0001 1100 1101 1011 0011 0000 0011 0010 0010 Wireless Overview Protocols and Threat Models

  43. Problems with CDMA • Cell sites “breathe” • Combined noise of all reverse links can exceed cell site limit • Airlink different but network suffers same weaknesses as D-AMPS • Must license from Qualcomm Wireless Overview Protocols and Threat Models

  44. Global System for Mobiles • European design from the 1980s • VoiceStream, Cingular, AT&T transitioning • Short Message Service • 200 kHz channels • Eight timeslots • 270 kbps aggregate data rate • Separates equipment identity from user identity • Subscriber Information Module Wireless Overview Protocols and Threat Models

  45. International Mobile station Equipment Identity • Type Approval Code (TAC) is issued by a central authority • Final Assembly Code (FAC) identifies the place of manufacture • Serial Number (SNR) assigned by the manufacturer • Spare (SP) is reserved, usually zero. Wireless Overview Protocols and Threat Models

  46. International Mobile Subscriber Identity • Mobile Country Code (MCC) identifies the country in which the customer is subscribed. • (United States is 310) • Mobile Network Code (MNC) identifies the GSM network to which the user is subscribed, also known as the home network. • (VoiceStream is 26) • Mobile Subscriber Identification Number (MSIN) identifies the user within the network. Wireless Overview Protocols and Threat Models

  47. GSM Speech • 20 millisecond sample of speech • Digitized from codec (13 kbps) • Channel coding (22.8 kbps) • Interleaving • Encrypting • Burst formatting (33.8 kbps) • Modulation (270 kbps) Wireless Overview Protocols and Threat Models

  48. GSM has weak crypto • Security by Obscurity • Algorithms never officially released • All of them leaked or reverse-engineered • A3/A8 in SIM • A5 in hardware • A5 (privacy algorithm) deliberately weakened • A8 feeds it weakened keys • Weaker algorithm (A5/2) for export Wireless Overview Protocols and Threat Models

  49. Short Message Service • 20 billion SMS messages per month from 553 million GSM subscribers • Carried in GSM logical data channel • Increasing applications • Youth market (Instant Messenger) • eBay outbidding • Remote monitoring • TDMA and CDMA have similar • “Tacked on” Wireless Overview Protocols and Threat Models

  50. Some SMS Issues • Early pre-pay phones had free SMS due to lack of billing system integration • SMS Identity spoofing • Faked “caller-ID” data • SMS viruses • Crash certain phones • Badly-formatted binary messages Wireless Overview Protocols and Threat Models

More Related