Presented at
Black Hat USA 2020 Virtual,
Aug. 6, 2020, 11 a.m.
(40 minutes).
Long Term Evolution (LTE/4G) establishes mutual authentication with a provably secure AKA protocol on protocol layer three. But missing integrity protection of user traffic still allows an adversary to manipulate IP packets. In this talk, we present the IMP4GT attack (IMPersonation attacks in 4G neTworks), which allows an attacker to impersonate a user towards the network and vice versa. IMP4GT is a cross-layer attack against LTE/4G networks that exploit missing integrity protection on layer two and extend it with a reflection mechanism of the IP stack. We demonstrate the feasibility of two IMP4GT variants in a commercial network and thereby completely break the mutual authentication aim of LTE on the user plane in a real-world setting. Our work implies that providers can no longer rely on mutual authentication for billing, access control, and legal prosecution. Also, the current 5G specification does not mandate integrity protection, which makes it vulnerable to IMP4GT attacks.<br>
Presenters:
-
David Rupprecht
- PhD Student, Horst Görtz Institute for IT Security
David Rupprecht received his B.Eng. in Computer Science and Telecommunications from the University of Applied Sciences for Telecommunications Leipzig, Germany, in 2012. He continued his studies with a focus on IT Security, Networks, and Systems and received his master’s degree 2015 from the Ruhr-University Bochum, Germany. Since 2015, David Rupprecht is a doctoral student at the Information Security Group of the Horst Görtz Institute for IT Security, Bochum. His research interests include mobile network security with a focus on access networks. His work explores implementation as well as specifications flaws in current and future mobile networks. In his daily work, he makes use of software-defined radios for the implementation of attacks and countermeasures.
Links:
Similar Presentations: