[CSS-research] 5G security paper

Freddy Martinez freddy at lucyparsonslabs.com
Tue Sep 18 13:09:04 PDT 2018 

While I generally think that this approach looks interesting I worry about
the unintended consequences.

In the Ericson approach, I think the encrypted IMSI is built very analogous
to a Diffie Helman handshake. Which may be fine for an approach on small
scale. However, given that governments routinely hack phone providers (
https://www.wired.com/2015/02/gemalto-confirms-hacked-insists-nsa-didnt-get-crypto-keys/)
I am not sure that putting a private key on a phone is a good idea. That
being said, physical access versus Over the Air access is still a higher
barrier to entry but I don't know that its a _great_ design.

Just some thoughts.

- Freddy

On Fri, Sep 14, 2018 at 10:45 AM, Joseph Lorenzo Hall <joe at cdt.org> wrote:

> Yasss, that is good stuff. It might be useful to think of other geographic
> locations where people suddenly hit cell phone towers and have an IMSI
> rather than a TIMSI [1] sent to the tower. I'm thinking places like the US
> southern border where you can imagine immigrants' phones suddenly seeing
> towers in common paths they might take. Yikes.
>
> [1]: http://www.gsm-security.net/faq/timsi-temporary-imsi-gsm.shtml
>
>
> On Fri, Sep 14, 2018 at 12:56 PM yomna n <yomnanasser at gmail.com> wrote:
>
>> I'm not finished reading this paper, but there's a subtle observation in
>> it about passive IMSI-catching attacks I found interesting/haven't seen
>> mentioned elsewhere: "However, the passive approach is slow since an
>> attacker has to wait for a mobile device to transmit its IMSI
>> spontaneously, which is an uncommon event in most locations *(exceptions
>> are, e.g., airports)*" ... because as soon as people's planes land they
>> turn on their phones. Since so many foreign mobile phone users pass through
>> them, airports must have an interesting variety of cell network traffic!
>> (Also, makes me vaguely curious what the presence of IMSI-catchers around
>> the Vegas airport is like the week of Blackhat/Defcon/etc.)
>>
>> I really hope the authors submit to RWC (maybe I should email them and
>> suggest this). There was only one talk related to IMSI-catching last year,
>> and it was on how you can setup an IMSI-catcher without needing to write
>> any actual code.
>>
>> On Fri, Sep 14, 2018 at 9:51 AM Joseph Lorenzo Hall <joe at cdt.org> wrote:
>>
>>> I'd be interested in that too... I'm curious if the IMSI-catcher
>>> resistance will actually survive practicality and deployment.
>>>
>>> On Thu, Sep 13, 2018 at 9:53 PM yomna n <yomnanasser at gmail.com> wrote:
>>>
>>>> Does anyone know if there's a publicly accessible talk that accompanies
>>>> this paper anywhere? I've done quite a bit of googling and haven't been
>>>> able to find anything.
>>>>
>>>> On Thu, Sep 13, 2018 at 8:04 PM Cooper Quintin <cooperq at eff.org> wrote:
>>>>
>>>>> Hah nevemind, Seamus sent it months ago, which is probably why I had
>>>>> the
>>>>> tab open. Carry on! :)
>>>>>
>>>>> Cooper Quintin
>>>>> Senior Staff Technologist | EFF
>>>>> PGP: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
>>>>> Twitter: @cooperq
>>>>>
>>>>> On 09/13/2018 05:03 PM, Cooper Quintin wrote:
>>>>> > I can't remember if it already got sent to the list or not, but this
>>>>> 5G
>>>>> > security proposal from erricson was pretty interesting.
>>>>> > https://www.ericsson.com/research-blog/protecting-5g-imsi-catchers/
>>>>> >
>>>>> > I was going to write to the guys who wrote it and see if any of their
>>>>> > proposals made it into the final spec.
>>>>> >
>>>>> _______________________________________________
>>>>> CSS-research mailing list
>>>>> CSS-research at lists.eff.org
>>>>> https://lists.eff.org/mailman/listinfo/css-research
>>>>>
>>>> _______________________________________________
>>>> CSS-research mailing list
>>>> CSS-research at lists.eff.org
>>>> https://lists.eff.org/mailman/listinfo/css-research
>>>>
>>>
>>>
>>> --
>>> Joseph Lorenzo Hall
>>> Chief Technologist, Center for Democracy & Technology [
>>> https://www.cdt.org]
>>> 1401 K ST NW STE 200, Washington DC 20005-3497
>>> e: joe at cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
>>> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>>
>>>
>
> --
> Joseph Lorenzo Hall
> Chief Technologist, Center for Democracy & Technology [https://www.cdt.org
> ]
> 1401 K ST NW STE 200, Washington DC 20005-3497
> e: joe at cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>
>
> _______________________________________________
> CSS-research mailing list
> CSS-research at lists.eff.org
> https://lists.eff.org/mailman/listinfo/css-research
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/css-research/attachments/20180918/c3c68206/attachment.html>

More information about the CSS-research mailing list