Security Mechanisms

# Security Mechanisms ###### tags: `Wireless Communications` [TOC] ## IEEE 802.11 ### Introduction The chapter focuses on Wi-Fi Protected Access (WPA) and WPA2, but also briefly covers the older Wired Equivalent Privacy (WEP) feature. WEP is the initial security mechanism specified in the original 802.11 standard and was superseded by the 802.11i standard update. The 802.11 standard initially had security flaws that were resolved with the introduction of the 802.11i standard update. These new security enhancements address the enterprise requirements for confidential communications through the use of authentication and encryption. ### WEP(Wired Equivalent Privacy) WEP, or wired equivalent privacy, is a security algorithm presented by the Institute of Electrical and Electronics Engineers (IEEE) as part of the IEEE 802.11 internet standard that was ratified in 1997. #### Benefits of WEP Wired equivalent privacy is meant to protect Wi-Fi transmissions by encrypting the data so outsiders who are not inside the encrypted network will not be able to read the messages or data contained within. WEP is better than no security at all, and it is still used on older devices that do not support WPA or WPA2. WEP encrypts data to and from the access point with a static key. Anyone who is connected to the secured network has access to this key and therefore the decrypted transmission. #### Critiques of WEP Wired equivalent privacy is a retired Wi-Fi security algorithm that has been deemed unsafe and easy for threat actors to crack. For this reason, it is almost never recommended to use WEP to secure Wi-Fi networks or transmissions. Because WEP is an out-of-date Wi-Fi encryption method, it has the following drawbacks: * Threat actors are able to easily guess the static key and therefore gain access to the confidential messages. A threat actor can listen in to transmissions and collect data packets. With these details, they are able to decrypt the encryption key. * A static key is used, which means that every connected device on the network has access to all of the confidential message contents. Once connected to the WEP-secured Wi-Fi network, the user is granted authorization through the static and single key. * WEP only supports 64-bit or 128-bit encryption key sizes, which can be more easily decrypted than the larger 256-bit encryption key. * WEP is limited to the use of hexadecimal characters, which only allow for numbers 0–9 and the letters A–F. The key length is therefore not very secure. Standard computers have the ability to hack these keys. A WEP-protected network can be cracked in under a minute, especially if the network sees a lot of traffic. Threat actors are then able to intercept a large number of data packets. WEP has been demonstrated to be extremely insecure and should not be used to protect Wi-Fi networks. ### Wireless Network Security Concepts IEEE 802.11 provides security through encryption and authentication. Authentication can be done through an “open system” or “shared key” in either ad hoc mode or infrastructure mode. A network station or an access point (AP) can grant permission to any station requesting connection in the open authentication system, or only those included in a predefined list. Only those stations having an appropriate encryption key will be authenticated in a shared-key system. Encryption represents an effective means of preventing jeopardizing of transmitted data in wireless transmissions. 802.11 specifies an optional encryption capability called WEP; this establishes a similar level of security to that of wired networks using encryption of the data being transported by the radio signals. #### Physical Security Hostile activities are equally applicable to all networks and can be broadly broken down into: * Intelligence gathering—Normally aids in gaining unauthorized access to enterprise resources but can be for other reasons, such as to determine the location of key individuals or activity. The choice of EAP type used in authentication and the configuration of the supplicant can determine whether username information is exposed during authentication. * Unauthorized access—The authentication and encryption in 802.11 security can protect sessions, but policies and processes do need to be in place to protect equipment and passwords. This is generally addressed in two ways: * End node security to protect mobile devices not directly related to the wireless LAN. This type of security needs to be assessed with a understanding of the end node's mobility. * WPA or WPA2 for wireless LAN clients that provides authentication of users and confidentiality of user communication over the wireless LAN. #### Encryption WEP uses a secret key shared between a wireless station and an access point. All data sent and received between station and access point can be encrypted by using the “shared key.” 802.11 does not specify how the shared key should be established but allows for a table associating a unique key with each station. However, the same key is usually shared in practice amongst all stations and access points within a given WLAN system. ![](https://i.imgur.com/qp9RDUG.png) WEP is encrypted via the following steps: 1. Calculate CRC-32 for 802.11 frame payload and concatenate the result (ICV); 2. Concatenate the 40-bit shared secret key to the 24-bit IV to form a 64-bit seed; 3. Input the seed obtained in step 2 into the RC4 pseudorandom number generator (PRNG) to generate a sequence of pseudo-random characters (called key stream) with a number of octets equal to the number of octets in step 1; 4. XOR the resulting characters from steps 1 and 3 to obtain the cipher-text; and 5. Send the IV (unencrypted) and the encrypted message within the IEEE 802.11 frame “frame body” field. ### Temporal key integrity protocol (TKIP) The abbreviation TKIP stands for Temporal Key Integrity Protocol. It is a security protocol for WLAN networks developed by the Wi-Fi Alliance and included in IEEE standard 802.11i. The requirement in developing TKIP was to create an alternative as quickly as possible for WEP, which was considered insecure, without requiring new hardware on WLAN clients and WLAN access points. ### WEP vs WPA WEP variants and improved versions of WPA include the following protocols: * WEP2. After security issues emerged, changes to the IEEE specifications increased the WEP key length to 128 bits and required the use of Kerberos authentication. However, these changes proved insufficient to make WEP more secure and were dropped from the standard. * WEPplus or WEP+. Agere Systems, an integrated circuit component company, developed this proprietary variant. WEP+ eliminated weak keys from the key space. However, fundamental issues remained, and only Agere Systems Wi-Fi products used WEP+. * WPA. The first version of WPA increased key length to 128 bits, and replaced the CRC-32 integrity check with the Temporal Key Integrity Protocol. However, WPA still uses the RC4 encryption algorithm, and retained other weaknesses from WEP. * WPA2. This WPA update added stronger encryption and integrity protection. It uses the Counter Mode Cipher Block Chaining Message Authentication Code Protocol, which incorporates the Advanced Encryption Standard algorithm for encryption and integrity verification of wireless transmissions. WPA2 comes in the following two modes: * WPA2-Enterprise requires a Remote Authentication Dial-In User Service authentication server to authenticate users. * WPA2-Pre-Shared Key is intended for personal use and relies on pre-shared keys given to authorized users. * WPA3 is the most recent (and improved) version of WPA2, which has been in use since 2004. In 2018, the Wi-Fi Alliance began certifying WPA3-approved equipment. * Although WPA3 is more secure than WPA2, the Wi-Fi Alliance will continue to maintain and enhance WPA2 for the foreseeable future. When compared to WPA2, WPA3 includes the following noteworthy features: * Stronger brute force attack protection: WPA3 defends against offline password guesses by allowing only one guess per user and forcing them to engage directly with the Wi-Fi equipment, requiring them to be physically present each time they wish to guess the password. In public open networks, WPA2 lacks built-in encryption and privacy, making brute force attacks a significant danger; * Simultaneous Authentication of Equals protocol (SAE): This protocol is used to provide a secure handshake between a network device and a wireless access point, in which both devices interact to verify authentication and connection. Even if a user's password is weak, WPA3 uses Wi-Fi DPP to give a more secure handshake; * Individualized data encryption: When connecting to a public network, WPA3 uses a mechanism other than a shared password to sign up a new device. WPA3 employs the Wi-Fi Device Provisioning Protocol (DPP), which allows users to let devices onto the network via NFC tags or QR codes. WPA3 security also employs GCMP-256 encryption instead of 128-bit encryption. ## 4G LTE ### What's LTE * LTE(Long Term Evolution)：Evolutionary step from GSM to UMTS * 4th generation cellular technology standard from the 3rd Generation Partnership Project (3GPP) * Deployed worldwide and installations are rapidly increasing * LTE is completely packet-switched * Technology to provide increased data rates ### The Basic * A device (UE) connects to a network of base stations (E-UTRAN) * The E-UTRAN connects to a core network (Core) * The Core connects to the internet (IP network). ![](https://i.imgur.com/mQ86pKh.png) ### Mobile Device * User equipment (UE): Cellular device containing the following * Mobile equipment (ME): The physical cellular device * UICC: Known as SIM card * Responsible for running the SIM and USIM Applications * Can store personal info (e.g., contacts) & even play video games! * IMEI: Equipment Identifier * IMSI: Subscriber Identifier ### Evolved Packet Core (EPC) ![](https://i.imgur.com/mye6o5d.png) * Mobility Management Entity (MME) * Primary signaling node - does not interact with user traffic * Functions include managing & storing UE contexts, creating temporary IDs, sending pages, controlling authentication functions, & selecting the S-GW and P-GWs * Serving Gateway (S-GW) * Router of information between the P-GW and the E-UTRAN * Carries user plane data, anchors UEs for intra-eNodeB handoffs * Packet Data Gateway (P-GW) * Allocates IP addresses and routes packets * Interconnects with non 3GPP networks * Home Subscriber Server (HSS) * Houses subscriber identifiers and critical security information ### LTE Protocols ![](https://i.imgur.com/91iPl8Z.png) TCP/IP sits on top of the cellular protocol stack: * Radio Resource Control (RRC):Transfers NAS messages, AS information may be included, signaling, and ECM * Packet Data Convergence Protocol (PDCP):header compression, radio encryption * Radio Link Control (RLC):Readies packets to be transferred over the air interface * Medium Access Control (MAC):Multiplexing, QoS ### Subscriber Identity (IMSI) International Mobile Subscriber Identity (IMSI) : MCC + MNC + MSIN LTE uses a unique ID for every subscriber, 15 digit number stored on the UICC #### UICC Token Hardware storage location for sensitive information * Stores pre-shared key K * Stores IMSI Performs cryptographic operations for authentication ### Device & Network Authentication Authentication and Key Agreement (AKA) is the protocol used for devices to authenticate with the carrier to gain network access The cryptographic keys needed to encrypt calls are generated upon completion of the AKA protocol ![](https://i.imgur.com/y9J1HIT.png) #### Cryptographic Key Usage * K: 128-bit master key. Put into USIM and HSS by carrier * CK & IK: 128-bit Cipher key and Integrity key * KASME : 256-bit local master, derived from CK & IK * KeNB: 256-bit key used to derive additional keys * NASenc & NASint: 256/128-bit key protecting NAS * RRCenc & RRCint: 256/128-bit key protecting RRC * UPenc: 256/128-bit key protecting UP traffic ### Backhaul Protection ![](https://i.imgur.com/D1VMB2I.png) * Confidentiality protection of traffic running over S1 Interface (Backhaul) * Hardware security appliances are used to implement this standard * Security Gateways (SEG) ## 5G Core Network Service Based Architecture (SBA) To understand 5G security specifications, one has to first the 3GPP defined 5G SA/core network architecture. 5G has brought about a paradigm shift in the architecture of mobile networks, from the classical model with point-to-point interfaces between network function to service-based interfaces (SBIs). The 5G core network (defined by 3GPP) is a Service-Based Architecture (SBA), whereby the control plane functionality and common data repositories of a 5G network are delivered by way of a set of interconnected Network Functions (NFs), each with authorization to access each other’s services. ![](https://i.imgur.com/V7BHXAY.png) ### 3GPP Public Key based Encryption Schemes: 3GPP has introduced more robust encryption algorithms. It has defined the Subscription Permanent Identifier (SUPI) and the Subscription Concealed Identifier (SUCI). * A SUPI is a 5G globally unique Subscription Permanent Identifier (SUPI) allocated to each subscriber and defined in 3GPP specification TS 23.501. * SUCI is a privacy preserving identifier containing the concealed SUPI. ![](https://i.imgur.com/eQhqUlE.png) The User Equipment (UE) generates a SUCI using a Elliptic Curve Integrated Encryption Scheme (ECIES)-based protection scheme with the public key of the Home Network that was securely provisioned to the Universal Subscriber Identity Module (USIM) during the USIM registration. Through the implementation of SUCI, the chance of meta-data exploits that rely on the user’s identity are significantly reduced. ### Overview of Risks and Potential Threats to 5G Networks: 1. Interoperability with 2G-4G Networks For inter-operability with previous versions of software or backward compatibility, 5G must still extend interoperability options with mobile gadgets adhering to the previous generation of cellular standards. This inter-operability necessity ensures that vulnerabilities detected in the outmoded Diameter Signaling and the SS7 Interworking functions followed by 2G-4G networks can still be a cause of concern for the next-generation 5G network 2. Issues related to data protection and privacy There is a likely possibility of a cyber security attack such as Man-in-the-Middle (MITM) attack in a 5G network where a perpetrator can access personal data through the deployment of the International Mobile Subscriber Identity (IMSI)-catchers or cellular rogue base stations masquerading as genuine mobile network operator equipment. 3. Possibility of rerouting of sensitive data The 5G core network SBA itself could make the 5G network vulnerable to Internet Protocol (IP) attacks such as Distributed Denial of Service (DDoS). Similarly, network hijacking, which involves redirecting confidential data through an intruder’s network, could be another form of attack. 4. Collision of Politics and Technology Government entities can impact 5G security when it comes to the production of hardware for cellular networks. For instance, various countries have new regulations that ban the use of 5G infrastructure equipment that are procured from Chinese companies (Huawei and ZTE) citing concerns over possible surveillance by the Chinese government. 5. Network Slicing and Cyberattacks Network slicing is a 5G SA core network function (defined by 3GPP) that can logically separate network resources. The facility empowers a cellular network operator to create multiple independent and logical (virtual) networks on a single shared access. However, despite the benefits, concerns are being raised about security risks in the form of how a perpetrator could compromise a network slice to monopolize resources for compute-intensive activities. ### Why do you need to update the AKA process? It is mainly to strengthen the weakness of the 4G authentication security mechanism and improve the security of the 5G network. * bugged * Network spoofing: GSM fake base stations occupy the associated frequency points in the public network and use high power and high field strength to trick mobile phones into the fake base station. * Lack of confidentiality: get the IMEI and IMSI. The IMEI, which can be used to keep track of specific phones, can be used to falsely report a phone as stolen and trigger carriers to disable the device and prevent it from using mobile internet. As for IMSI, it is mainly related to the SIM card, which records identity information, eavesdrops on calls, accesses text messages and intercepts location data. #### System Architecture Diagram ![](https://i.imgur.com/ANN5QtT.png) * **Access and Mobility Management Function (AMF, Access and Mobility Management Function)** : It receives all connection and session related information from UE, but is only responsible for handling connection and mobility management tasks. * **Security Anchor Function (SEAF, Security Anchor Function)** : Create a unified anchor key KSEAF for primary authentication (common to all accesses). The anchor key is provided by AUSF of Home Network to SEAF of Serving Network. * **Unified data management (UDM, Unified data management)** : Similar to HSS/HLR entities, it carries functions related to data management, such as authentication credential repository and processing function (ARPF, Authentication Credential Repository and Processing Function), which is based on user identity and The configured policy selects the authentication method and computes authentication data and keys for AUSF if needed. * **Authentication Server Function (AUSF, Authentication Server Function)** : It is located in the home network and performs authentication through the UE. When using 5G-AKA or EAP-AKA, it decides UE authentication, but it relies on the backend to calculate authentication data and keys. * **Subscription Identifier De-concealing Function (SIDF, Subscription Identifier De-concealing Function)** : This function decrypts SUCI to obtain its long-term identity, ie SUPI, such as IMSI. In 5G, user long-term identities are always transmitted over the radio interface (RAN?) in encrypted form. More specifically, SUPI is secured using public key-based encryption. Therefore, only the SIDF has access to the private key associated with the public key distributed to the UE to encrypt its SUPI. #### Start authentication and authentication method selection ##### Initial Boot Authentication ![](https://i.imgur.com/YQIy39Q.png) **STEP 1** UE registers for the first time, if SEAF has not allocated 5G-GUTI to the UE, UE encrypts the permanent identifier (Subscription Permanent Identifier, SUPI) into a hidden identifier (Subscription Concealed Identifier) SUCI according to the HN Public Key, and then sends it to SEAF. **STEP 2** When SEAF wants to start authentication, SEAF sends Nausf_UEAuthentication_Authenticate "Authentication Request (Authentication Request)" to AUSF, the message content includes SUCI or SUPI and service network name SN-name, and SN-name contains service code (4G-EPC or 5GC)+ serving network identifier SNid. :::spoiler Message direction: AMF/SEAF -> AUSF HTTP method: POST Message name: Nausf_UEAuthentication_Authenticate * The resource URI for this request is: {apiRoot}/nausf-auth/v1/ue-authentications * The type of parameter carried is: AuthenticationInfo ![](https://i.imgur.com/zu3SmGz.png) As long as the AMF has obtained the SUPI of the UE, all the SUPI is included in the Nausf_UEAuthentication_AuthenticateRequest message. Unless the AMF does not know the SUPI of the UE, the SUCI will be included in the message. After receiving the request message, AUSF will check whether the Serving Network Name in the message is authorized. If the check fails, return: 403Forbidden, carrying the reason value: SERVING_NETWORK_NOT_AUTHORIZED. ![](https://i.imgur.com/iKYZCz7.png) ::: **STEP 3** When AUSF receives the authentication request, it will start identity authentication. It will check whether the requesting SEAF in SN can use the SN-name in the Nausf_UEAuthentication_Authenticate request message by comparing the service network name and the expected service network name. The AUSF shall temporarily store the received SN-name. If the SN is not authorized to use the SN-name, the AUSF will reply "SN has not been authorized" in the Nausf_UEAuthentication_Authenticate Response message. **STEP 4** If the authorization is successful, AUSF sends the authentication request message to UDM. If SUCI is received, before UDM processes the request, SIDF should decode SUCI to obtain SUPI, and UDM/ARPF will use SUPI to select the authentication method. Authentication methods include EAP-AKA' and 5G-AKA. :::spoiler Message direction: AUSF -> UDM HTTP method: POST Message name: Nudm_UEAuthentication_GetRequest * The resource URI for this request is: {apiRoot}/nudm-ueau/v1/{supiOrSuci}/security-information/generate-auth-data * The content of the request message AuthenticationInfoRequest: ResynchronizationInfo This message is used by the AUSF to request the UDM to select an authentication method for the UE and calculate a new authentication vector (if the authentication requires an authentication vector). The content of the request message AuthenticationInfoRequest is shown in the figure below: ![](https://i.imgur.com/vhjJcbn.png) This field contains two items: rand and auts. During the authentication weight synchronization process, the AUTS is calculated by the UE. :::