Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Analysis of Mobile and Wireless Protocols.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Vulnerability Analysis of Mobile and Wireless Protocols."— Presentation transcript:

1 Vulnerability Analysis of Mobile and Wireless Protocols

2 Outline Vulnerability Analysis Method Message Spoofing Mobile IPv4 WiMAX EAP –EAP-FAST Future work

3 Vulnerability Analysis Method Study the protocol specifications Find Unprotected messages Concentrate on the unprotected messages to find security vulnerabilities If practical, simulation of the vulnerabilities Proposal of solution(s)

4 Message spoofing Can be achieved using debug ports left open by hardware vendors Standard – IEEE 1149.1 – Joint Test Action Group (JTAG) Intel and Fujitsu WiMAX implementations leave their debug ports open Motorola JTAG ports are closed in production boxes

5 MIPv4 – Phases 1.Agent Discovery 2.Registration 3.Data Exchange

6 MIPv4 - Messages MessageChannelProtected Agent Advertisement FA  MN No Agent Solicitation MN  FA No Registration Request MN  FA No Registration Response FA  MN Yes

7 Vulnerability Analysis No new vulnerabilities found

8 WiMAX Studied the IEEE 802.16 (2004) spec Focused on Network Entry and Initialization before SS authorization step

9 Network Entry and Initialization

10 Work Done

11 Network Entry and Initialization Future work

12 WiMAX – Unprotected messages MessageChannelDescription DL-MAPBS  SS Downlink Access Definition UL-MAPBS  SS Uplink Access Definition UCDBS  SS Uplink Channel Descriptor RNG-REQSS  BS Ranging Request RNG-RSPBS  SS Ranging Response SBC-REQSS  BS SS Basic Capability Request SBC-RSPBS  SS SS Basic Capability Response

13 Vulnerabilities found 0-Authorization vulnerability –Using SBC-REQ and SBC-RSP messages Ranging synchronization vulnerability –Using RNG-REQ and RNG-RSP messages UCD vulnerability

14 0-Authorization vulnerability Authorization Policy Support is one of the many capabilities Authorization and key exchange steps will be skipped if the Auth Policy Support bits are set to 0 Vulnerability also exists if ‘bitwise and’ of auth bits of SBC-REQ and SBC-RSP is 0

15 0-Authorization vulnerability TypeLengthValue 161 byteBit #0: IEEE 802.16 privacy supported Bits #1-7: Reserved; shall be set to zero Authorization Policy Support bits SyntaxSizeNotes SBC-REQ/RSP message format() { Message Type8 bits TLV encoded information variableTLV specific } SBC-REQ / SBC-RSP message format

16 0-Authorization vulnerability Motorola implementations allow 0- authorization only for debugging purposes and E911 with limited access Spoofed SBC-REQ with 0-authorization –Network will most likely reject it Spoofed SBC-RSP with 0-authorization –MS will not permit it for not being able to trust the service provider

17 Ranging Sync vulnerability Ranging adjusts SS's timing offset such that it appears to be co-located with BS RNG-REQ message is sent by the SS with power level and timing offset corrections If the status in spoofed RSG-RSP is continue, –SS keeps on trying until successful Aborts and re-ranges after a fixed number of tries

18 Ranging Sync vulnerability If the status in spoofed RNG-RSP is either Abort or Re-range –Starts the network entry process again from the beginning Correct timing is essential for this attack to work –Spoofed messages should be sent before the legitimate RNG-RSP reaches SS

19 Ranging Sync vulnerability

20

21 UCD vulnerability After channel synchronization, SS waits for UCD msg from BS to retrieve a set of transmission parameters for uplink chanel A spoofed UCD message with unsuitable channel parameters will make the SS start over from the first step of downlink channel scanning

22 WiMAX Analysis Found 3 potential vulnerabilities But, they are hard to instigate as they require: –Considerable hardware to spoof the messages –Correct timing

23 EAP Used in the PPP, 802.11, 802.16, VPN, PANA, and in some functions in 3G networks Support currently about 40 different EAP methods Commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, PEAP, LEAP and EAP-TTLS

24 EAP and associated layers PPP 802.3 Ethernet 802.5 Token Ring 802.11 WLAN 802.11 Serial Link EAP-FASTPEAPEAP-SIMEAP-AKAEAP-TLS EAP Over LAN (EAPOL) Extensible Authentication Protocol (EAP) EAP Layer Data Link Layer Authentication method layer

25 EAP Message Exchange Framework (EAP-Response Identity) EAP-Response Identity EAP-Success AP Peer (EAP-Request Identity) Method specific EAP Request Method specific EAP Response Repeat until success or fail Server

26 EAP-FAST (Flexible Authentication via Secure Tunneling) Most Comprehensive and secure WLAN method Use of a protected access credential (PAC) Three phase –Phase 0 : PAC provisioning –Phase 1 : Establish TLS tunnel. –Phase 2 : Authentication

27 Inner method Server Peer EAP-FAST Start [A-ID] EAP-FAST [TLS Client Hello[Client_Random,PAC-Opaque]] Authentication with a inner Authentication method Optional PAC Refresh EAP Success AP EAP-FAST server PAC Provisioning EAP Request/Identity EAP Response/Identity (anonymous@realm) EAP-FAST [TLS Server Hello[Server_Random]] TLS change Cipher Spec TLS Finished TLS change Cipher Spec TLS Finished Phase 2 Phase 1 Phase 0 Establish Secure Channel Establish connection (for example, TCP) TLS Tunnel established TLS Tunnel torn down EAP-FAST choreography overview

28 Messages within EAP-FAST MessageChannelProtected? Provisining ( this phrase itself is an EAP-TLS Exchange) EAP- Request /Identity AP- to-MSNO EAP-Response/ Identity MS- to-APNO Identity ResponseAP- to-RadiusYES, secure channel EAP-FAST startRadius - to- APYES, secure channel EAP-FAST startAP- to-MSNO TLS tunnel establishment Authentication with a inner Authentication method, protected by TLS tunnel EAP-SuccessAP- to-MSNO

29 Explaination for unprotected message Initial Request-response Messages Sent in cleartext Just contain realm information Used to route the authentication requests to the right eap server

30 Explaination for unprotected message(2) Clear text success /failure packet The success/failure decisions within the tunnel indicate the final decision of the EAP-FAST authentication conversation. To abide by [RFC3748], the server must send a clear text EAP Success or EAP Failure packet to terminate the EAP conversation.

31 Explaination for unprotected message(3) What will happen if a clear text indication is spoofed? It dosen ’ t matter because the clear text indication is only used to terminate the authentication conversation, not for other use. What will happen if the final cleartext success/failure packet in an EAP-FAST is lost? It is up to the basic EAP policy. In the event that neither a success nor a failure packet is received, the peer SHOULD termiate the conversation to avoid lengthy timeout in case of the lost packet was an EAP failure.[RFC3748, 4.2]

32 EAP-FAST Analysis No vulnerability was found wihin EAP- FAST!

33 Future work Study internal attacks –Till now the focus was on external attacks Resource Depletion attacks

Download ppt "Vulnerability Analysis of Mobile and Wireless Protocols."

Similar presentations

Authentication.

Authentication.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
1 Mobile IP Myungchul Kim Tel: 042-866-6127.

1 Mobile IP Myungchul Kim Tel:
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.

1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Similar presentations

Ads by Google