<div dir="ltr"><div>I guess another thing came to mind... This design reduces the attack surface away from people with rogue BTS but the design also assumes that someone like the FBI won't try to use CALEA or similar legislation to force providers to give them the keys. So, I suspect in the future we will find ourselves in another Apple vs FBI type of cryptowar. And if the FBI gets access...then it will trickle down to local PDs...<br></div><div><br></div><div>I guess I am also skeptical that telecos have _any_ spine to push back against this type of "exceptional" access given their close relationship with the federal government over the years...</div><div><br></div><div>- F <br></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Sep 18, 2018 at 1:09 PM Freddy Martinez <<a href="mailto:freddy@lucyparsonslabs.com">freddy@lucyparsonslabs.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div>While I generally think that this approach looks interesting I worry about the unintended consequences. <br></div><div><br></div><div>In the Ericson approach, I think the encrypted IMSI is built very analogous to a Diffie Helman handshake. Which may be fine for an approach on small scale. However, given that governments routinely hack phone providers (<a href="https://www.wired.com/2015/02/gemalto-confirms-hacked-insists-nsa-didnt-get-crypto-keys/" target="_blank">https://www.wired.com/2015/02/gemalto-confirms-hacked-insists-nsa-didnt-get-crypto-keys/</a>) I am not sure that putting a private key on a phone is a good idea. That being said, physical access versus Over the Air access is still a higher barrier to entry but I don't know that its a _great_ design.</div><div><br></div><div>Just some thoughts.</div><div><br></div><div>- Freddy <br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 14, 2018 at 10:45 AM, Joseph Lorenzo Hall <span dir="ltr"><<a href="mailto:joe@cdt.org" target="_blank">joe@cdt.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div>Yasss, that is good stuff. It might be useful to think of other geographic locations where people suddenly hit cell phone towers and have an IMSI rather than a TIMSI [1] sent to the tower. I'm thinking places like the US southern border where you can imagine immigrants' phones suddenly seeing towers in common paths they might take. Yikes.<br></div><div><br></div><div>[1]: <a href="http://www.gsm-security.net/faq/timsi-temporary-imsi-gsm.shtml" target="_blank">http://www.gsm-security.net/faq/timsi-temporary-imsi-gsm.shtml</a><br></div><br></div></div><div class="m_-6758541661754003163HOEnZb"><div class="m_-6758541661754003163h5"><br><div class="gmail_quote"><div dir="ltr">On Fri, Sep 14, 2018 at 12:56 PM yomna n <<a href="mailto:yomnanasser@gmail.com" target="_blank">yomnanasser@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr">I'm not finished reading this paper, but there's a subtle
observation in it about passive IMSI-catching attacks I found
interesting/haven't seen mentioned elsewhere: "However, the passive
approach is slow since an attacker has to wait for a mobile device to
transmit its IMSI spontaneously, which is an uncommon event in most
locations <b>(exceptions are, e.g., airports)</b>" ... because as soon
as people's planes land they turn on their phones. Since so many foreign
mobile phone users pass through them, airports must have an interesting
variety of cell network traffic! (Also, makes me vaguely curious what
the presence of IMSI-catchers around the Vegas airport is like the week
of Blackhat/Defcon/etc.)<br></div><div dir="ltr"><br></div><div>I really hope
the authors submit to RWC (maybe I should email them and suggest this).
There was only one talk related to IMSI-catching last year, and it was
on how you can setup an IMSI-catcher without needing to write any actual
code.</div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Sep 14, 2018 at 9:51 AM Joseph Lorenzo Hall <<a href="mailto:joe@cdt.org" target="_blank">joe@cdt.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I'd be interested in that too... I'm curious if the IMSI-catcher resistance will actually survive practicality and deployment.<br></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 13, 2018 at 9:53 PM yomna n <<a href="mailto:yomnanasser@gmail.com" target="_blank">yomnanasser@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Does anyone know if there's a publicly accessible talk that accompanies this paper anywhere? I've done quite a bit of googling and haven't been able to find anything.</div><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 13, 2018 at 8:04 PM Cooper Quintin <<a href="mailto:cooperq@eff.org" target="_blank">cooperq@eff.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hah nevemind, Seamus sent it months ago, which is probably why I had the<br>
tab open. Carry on! :)<br>
<br>
Cooper Quintin<br>
Senior Staff Technologist | EFF<br>
PGP: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA<br>
Twitter: @cooperq<br>
<br>
On 09/13/2018 05:03 PM, Cooper Quintin wrote:<br>
> I can't remember if it already got sent to the list or not, but this 5G<br>
> security proposal from erricson was pretty interesting.<br>
> <a href="https://www.ericsson.com/research-blog/protecting-5g-imsi-catchers/" rel="noreferrer" target="_blank">https://www.ericsson.com/research-blog/protecting-5g-imsi-catchers/</a><br>
> <br>
> I was going to write to the guys who wrote it and see if any of their<br>
> proposals made it into the final spec.<br>
> <br>
_______________________________________________<br>
CSS-research mailing list<br>
<a href="mailto:CSS-research@lists.eff.org" target="_blank">CSS-research@lists.eff.org</a><br>
<a href="https://lists.eff.org/mailman/listinfo/css-research" rel="noreferrer" target="_blank">https://lists.eff.org/mailman/listinfo/css-research</a><br>
</blockquote></div>
_______________________________________________<br>
CSS-research mailing list<br>
<a href="mailto:CSS-research@lists.eff.org" target="_blank">CSS-research@lists.eff.org</a><br>
<a href="https://lists.eff.org/mailman/listinfo/css-research" rel="noreferrer" target="_blank">https://lists.eff.org/mailman/listinfo/css-research</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="m_-6758541661754003163m_1571922136820330643m_-5181872739692624530m_8239769222194940gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Joseph Lorenzo Hall<br>Chief Technologist, Center for Democracy & Technology [<a href="https://www.cdt.org" target="_blank">https://www.cdt.org</a>]<br>1401 K ST NW STE 200, Washington DC 20005-3497<br>e: <a href="mailto:joe@cdt.org" target="_blank">joe@cdt.org</a>, p: 202.407.8825, pgp: <a href="https://josephhall.org/gpg-key" target="_blank">https://josephhall.org/gpg-key</a><br>Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871<br><br></div></div></div>
</blockquote></div>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="m_-6758541661754003163m_1571922136820330643gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Joseph Lorenzo Hall<br>Chief Technologist, Center for Democracy & Technology [<a href="https://www.cdt.org" target="_blank">https://www.cdt.org</a>]<br>1401 K ST NW STE 200, Washington DC 20005-3497<br>e: <a href="mailto:joe@cdt.org" target="_blank">joe@cdt.org</a>, p: 202.407.8825, pgp: <a href="https://josephhall.org/gpg-key" target="_blank">https://josephhall.org/gpg-key</a><br>Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871<br><br></div></div></div>
</div></div><br>_______________________________________________<br>
CSS-research mailing list<br>
<a href="mailto:CSS-research@lists.eff.org" target="_blank">CSS-research@lists.eff.org</a><br>
<a href="https://lists.eff.org/mailman/listinfo/css-research" rel="noreferrer" target="_blank">https://lists.eff.org/mailman/listinfo/css-research</a><br>
<br></blockquote></div><br></div>
</blockquote></div>