Traffic Analysis of the LTE Mobile Standard

Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth.

The active attacks are more interesting.

EDITED TO ADD (7/3): More information.

I have been thinking about this, and now believe the attacks are more serious than I previously wrote.

Posted on July 2, 2018 at 9:35 AM • 15 Comments

Comments

HermanJuly 2, 2018 10:26 AM

Through traffic analysis they can tell which website was accessed. Therefore they could then launch a known plain text attack against the encryption system.

PeaceHeadJuly 2, 2018 3:32 PM

Send people snailmail postal items of how to fix the breaches, perhaps. That's lower bandwidth if done right. Meet some people in person, too.

But yeah, these types of things do bolster the inner Luddite of many of us.
Computers are the achilles tendons of us all.

I am currently wondering if web browser certificates do any good at all?
I'd really like to try a web browser that didn't spill a bunch of certificates constantly like the rest of them. It seems like the more CA's involved, the more possibility of rogue or bogus CA's (certificate authorities).

Ironically, even over the phone people can be vulnerable to man-in-the-middle-attacks.
If Ted Danson can do a perfect impressionist imitation of Woody Harrelson, what's to prevent a similarly-talented impersonator working for "EVE"?

Technically, even scientific techniques make impersonation even easier.
And that's not even including paid "sound-alikes".

So @all...

Tell your banks to stop offering voice recognition as a "feature". It's a vulnerability.

If you think about it though, the whole internet is a man-in-the-middle-attack coming by, for, to, of, and from DARPA.

echoJuly 2, 2018 4:46 PM

After reading the linked research I know this is a daft question but is there a test to detect the presence of IMSI Catchers/Stingrays and do nation states (covertly or otherwise) routinely test for their presence?

While orthogonal to the topic voice impersonation is a concern. Has any research been done on the whole stack of technical issues required to successfully impersonate a voice which withstands fraud detection analysis? What also of investigation and prosecution issues if a voice has been impersonated? Another issue of course is the use of impersonation in counter-intelligence. On reflection isn't all this just old wine in a new bottle? I would have thought existing approaches would already have a clue about this even if the means of delivery has changed?

Tim SpellmanJuly 2, 2018 5:07 PM

@echo There are apps that purport to detect IMSI catchers, but I don't know of any reliable ones. The more reliable technique appears to be to survey the area of interest and catalog the known cell towers. Then, when a new one shows up, or acts very differently than the others, it can be considered suspicious. Here is a project the University of Washington did to measure IMSI-catcher use across a city.

65535July 2, 2018 10:16 PM

Deliberately omitted?

"The LTE documentations have shown that an integrity protection that would prevent attacks has been deliberately omitted," says Thorsten Holz. The reason: In order to implement the security measure, an additional four byte would have to be attached to each payload. "Data transmission would have become expensive for the network operators, and so integrity protection was deemed expendable," continues Holz.'-m.phys.org

https://m.phys.org/news/2018-06-gaps-lte-mobile-telephony-standard.html

Would adding an additional four byte to each payload really overload the 4G/LTE system. Can anyone verify this? Or, is the "omitted four byte" check caused by 3 letter agencies tampering with LTE specifications?

The DNS spoofing attack sounds fairly nasty. Is it doable? How easily?

As to the following would correctly setup https prevent DNS spoofing?

‘"Websites and apps that deploy the HTTPS security protocol in the correct configuration provide adequate protection against rerouting," says Rupprecht. They alert the user whenever he is about to be rerouted to a fake page.’- m.phys.org/news

Are most apps configured correctly? Which ones are not? Or, which major ones are not.

@ echo

“…is there a test to detect the presence of IMSI Catchers/Stingrays and do nation states (covertly or otherwise) routinely test for their presence? While orthogonal to the topic voice impersonation is a concern. Has any research been done on the whole stack of technical issues required to successfully impersonate a voice which withstands fraud detection analysis?”- echo

Those are very good questions. Can IMSI catchers strip SSL/TLS or otherwise break it? Adobe is working on a voice editor. That should add confusion to the mix.

@ Tim Spellman

“…reliable technique appears to be to survey the area of interest and catalog the known cell towers. Then, when a new one shows up, or acts very differently than the others, it can be considered suspicious.” –Tim Spellman

Good link to the study of IMSI being used in Washington state.

https://seaglass.cs.washington.edu/

I see in the nearby area of Tacoma Washington the ACLU sued over the use of Stringrays and won. I don’t suppose the seaglass experiment had anything to do with it?

'“Back in 2016, the American Civil Liberties Union of Washington state sued the TPD on behalf of four community leaders, arguing that the department has not adequately responded to their public records requests concerning the use of stingrays, which included asking for a blank form authorizing its use. "The [Public Records Act] establishes a positive duty to disclose public records unless they fall within specific exemptions," Judge G. Helen Whitener wrote in her Monday opinion…At times, police have falsely claimed that information gathered from a stingray has instead come from a confidential informant.'

https://arstechnica.com/tech-policy/2018/07/judge-slams-tacoma-for-not-releasing-stingray-records/

[And]

“Superior Court Judge G. Helen Whitener ruled earlier this year that the city improperly withheld 11 documents from the American Civil Liberties Union. On Monday, Whitener issued a ruling tallying the cost: - $182,340 for violations of the Public Records Act. - $115,530 for attorney fees and other costs. Whitener said in her ruling that the city deliberately withheld several documents that should have been provided, including spreadsheet with entries that included cell site simulator uses, records provided to 37 prior requestors and emails between the city and the FBI.”-thenewstribune

https://www.thenewstribune.com/news/local/watchdog/article214028374.html

[and]

“Four men—including a pair of pastors—sue Tacoma police over stingray documents - The American Civil Liberties Union of Washington state has sued the Tacoma Police Department (TPD) on behalf of four community leaders, claiming that TPD has not adequately responded to their public records requests concerning the use of cell-site simulators, or stingrays.”-arstechnica

https://arstechnica.com/tech-policy/2016/02/residents-sue-tacoma-cops-over-failure-to-release-cell-phone-snooping-records/

This is good news.

WeatherJuly 3, 2018 3:12 AM

@peachead,read Herman's post there will be about ten bytes of a dns packet to bruteforce to work out the key for the encryption, so the uppers stack layer does not remove it, and its not 10^256,once the encryption key is known you just have to replie before a authority
sorry for the tone😥

Sancho_PJuly 3, 2018 5:25 AM

A standard stands, but the attackers move: That‘s the problem.

I think (!) when the standard was born the extra bytes were important, probably not so much nowadays.
5G? Um, was compatibility an issue at anytime? :-(
(Btw, would it always make sense to transmit public music or video with integrity protection?)

Their proposed, simple mitigation is to use enforced HTTPS, but HSTS has (besides being upside down) it‘s own problem, next to severe privacy implications:
https://en.m.wikipedia.org/wiki/HTTP_Strict_Transport_Security#Limitations

And it all sits upon bad CAs, faked certificates, timing issues and vulnerable apps.
However, their pdf is very interesting, thanks!

Bobo SmithJuly 3, 2018 9:02 AM

Anyone doubt that this attack is already being used against high value targets? Many leaders have a public schedule that announces where and when they are going to be. You only need to have your equipment within a mile for this to work. Easy, peasy, right?

GregWJuly 4, 2018 5:44 AM

What bums me out is that this will be with us forever in the form of protocol downgrade attacks even after the rollout of 5g, even if 5g makes the fix mandatory. My phone still downgrades from 4lte to 3g and 2g at times.

Do protocol designers ever consider that longer-than-youd-think lifespan issue/cost when trading off security?

Its not as simple as just fixing it in the next version after Moore's law gives you more horsepower... which it doesn't anymore anyways.

meJuly 4, 2018 7:02 AM

i'm so "happy" about this; i saw so many "experts" telling people "use mobile phone internet, no wifi, wifi can be intercepted, 3G/4G can't".

when these people will learn that network must be considered insecure *always*?
https exists exactly because of network insecurity.
is not only wifi or 4g problem, is a network problem.
they fix 4g? same will happen by abusing bgp or by abusing wifi, or just after the rotuer where your wifi password simply doesn't exist anymore.

https is the solution, which is end-to-end encryption by the way....
where the ends are: your pc, the web server.
if the webserver is not just a website but is something more complex like webmail, irc chat on the web. of course is not anymore end to end but only because you changed the definiton of what an "end" is.

https is not always end to end, there are details that can't be omitted: for example if the webserver connects to a database without any encryption or if you use cloudflare as middle point with improper configuration...

PeaceHeadJuly 4, 2018 3:47 PM

@Weather,
Yeah, I understood the main article's contents on it's own merit.
But maybe I misunderstood "hard to close without wasting bandwidth".

I thought the author was alluding to needing to communicate to a lot of people via telecommunications/internet/devices/networks etc which are already vulnerable via said vector (telephone networks included). I probably misread that even though it is an issue (telling people about vulnerabilities via the same channel that's been compromised).

Seriously, there are some good points in this blog and it's comments.

Sancho_PJuly 5, 2018 4:11 AM

@me, re https

I‘d be very cautious with „https is the solution“,
but I‘d concur with „https is the minimum“.

Https „security“ is only true for the transmission from your outgoing socket / antenna to the next networking socket / antenna.
Whatever happens before (in your device) or on the other side must be considered insecure.

Https will keep out the average eavesdropper, but can‘t prevent a dedicated attack on privacy. It must not be a malicous attempt, think of a corporate environment using a security proxy.
For a squid starter see: https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense (pun intended :-)

With our infamous CA Cert system everything is possible ...
So if there is anything in between it can be compromised.

Clive RobinsonJuly 6, 2018 4:41 AM

@ GregW,

Do protocol designers ever consider that longer-than-youd-think lifespan issue/cost when trading off security?

In general no, because in most cases in the past the networks have rarely been considered "public access", thus privacy / security has not been even thought of as an issue. Which is why in most cases it has not been on the product specification thus the design spec from day zero.

The real reason for this is gross short sightedness by Government Agencies, where it has almost always been the assumption by the "authorities" like the FCC that they could "legislate thus regulate equipment". So keeping "air interface equipment" of receivers / transmitters and even coaxial connectors out of the hands of the public by the stroke of a pen... The joke of that has always been test equipment available to not just designers but test engineers, which followed the usuall electronics market trend of "droppibg in price with demand" and technology improvments. Such equipment almost always became "second hand" thus available to "joe public" some of whom had hobbies that required test equipment by the same stroke of the authorities pen...

For various other reasons the government authorities and agencies have almost always been a long way behind the curve of technology. Which is why "in the war" between the FBI and Serious Organised Crime, it was the criminals "bugging the FBI" not the other way around[1].

But the move of production from national to international markets chucked the first of manny spanners into that thinking back in the 1950s. As different nations have different views about which frequencies etc could be used[2] manufacturers designed to cover all bands then put simple band "lock outs" for each band a nation had issues with on the user interface, not the air interface.

This used to be by "hook across" wires or cutting diodes, both of which could easily be reversed as I did with Ham Radio equipment back in the early 1980s. The advent of microprocessors actually made things a little harder but again links on the PCB could generally be found by "poke-n-prod" testing or getting hold of copies of the factory service manuals. So with the advent of "flash memory" some manufacturers would put a "country code" into the same chip as channel storage memories were stored as this gave them a cost saving. Again this solution was easily bypassed by the same process. But the advent of the Internet made these "hacks" available not just to the likes of those that knew how to "hack" in the original meaning but even those who had no more skills than to be able to move a jumper or push buttons in a certain sequence to pull up "hidden menus".

To show further how dumb the policy of the FCC could get look up the history of WiFi and thr "Reverse SMA" coax connector, supposadly to stop the use by consumers of high gain antennas...

Design engineers in Fast Moving Consumer Electronics (FMCE) look at every workable cost reduction. From individual compenents such as resistors, upwards through the entire production process. Thus their aims are almost always in opposition to the likes of the FCC mandates. The original WiFi WEP was the result of incompatability between the regulators and manufacturors expressed through a standards body that in turn had it's own agenda both public and private via the interests of the employers of the standards group individual members (the likes of which we have seen with NIST/NSA and the dual eliptic curve digital random bit generator).

But the FCC has a real problem that it's well out of date methods can not solve and that is "Software Defined Radio"(SDR). For less than 10USD you can buy a USB dongle that covers nearly all the radio spectrum currrntly in use for personal radio communication. SDR cares not a jot about any air or user interface limitations, the dongle is basically a single chip that acts as the air interface front end, with all the demodulation of signals and user interface being software running on a standard PC. There is little the FCC or equivalent government agency can try to do to stop the forward progression and price dropping of SDR. The one attempt that became noticable was with WiFi Access Points and routers, their ham fisted attempts met with considerable "push back" and thus "re-interpretation of words game"...

Thus the only methods of ensuring privacy and security are with strong encryption etc. Which runs counter to other significant "vested interests" in government agencies...

Which is why Crypto Wars Mark two point zero is way way more important than many think.

[1] It is this way behind the technological times that was the original "Going Dark" because those in the know in the Agencies have always known that those above them "Did not see the light". So every time you hear the "Going Dark" expression realise it's a compleate nonsense for political cover up of various people being the equivalent of what "Welfare Mothers" are accused of being. That is taking tax dollars and giving little or nothing in return.

[2] There has very rarely been a good reason why different nations have different standards in the consumer side of telecommunications equipment. The main reason usually was "Home Market Protectionism". Which history has clearly showed is a compleat "busted flush" of an idea that actually has the opposite of the desired effect. Einstein's definition of "insanity" applys very much to the idea, something modern politicians of limited historical knowledge realy should take the time to get to understand.

GuestJuly 10, 2018 3:38 PM

@ Herman,

Through traffic analysis they can tell which website was accessed. Therefore they could then launch a known plain text attack against the encryption system.

It's worse than that. They can buy their own phone and generate arbitrary DNS queries rather than have to eavesdrop on 3rd parties and hope to guess which domains are being requested.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.