Never Gonna Give You Up: Exploring Deprecated NULL Ciphers in Commercial VoWiFi Deployments

Gabriel Karl Gegenhuber; Philipp É. Frenzel; Edgar Weippl

Never Gonna Give You Up: Exploring Deprecated NULL Ciphers in Commercial VoWiFi Deployments

Gabriel Karl Gegenhuber, Philipp É. Frenzel, Edgar Weippl

Forschungsgruppe Security and Privacy

Veröffentlichungen: Beitrag in Buch › Beitrag in Konferenzband › Peer Reviewed

Abstract

In today’s cellular network evolutions, such as 4G and 5G, the IMS
(IP Multimedia Subsystem) serves as a crucial component in manag-
ing voice calls and handling short messages. Besides accessing the
IMS over the traditional radio layer, many operators use Voice over
Wi-Fi (VoWiFi) allowing customers to dial into their core network
over the public Internet using an (insecure) Wi-Fi connection.
To protect against malicious actors on the WiFi or Internet do-
main, the traffic is sent over a series of IPsec tunnels, ensuring con-
fidentiality and integrity. Similar to other encrypted protocols (e.g.
TLS), the client and server use a handshake protocol (i.e., IKEv2) to
communicate their supported security configurations and to agree
upon the used parameters (e.g., keys or an encryption algorithm)
for the ongoing session. This however opens the door for security
vulnerabilities introduced by misconfiguration.
We want to analyze security configurations within commercial
VoWiFi deployments, both on the client and server side, spotting
deprecated configurations that undermine communication security.

Originalsprache	Englisch
Titel	17th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2024)
Publikationsstatus	Veröffentlicht - 1 Mai 2024

ÖFOS 2012

102016 IT-Sicherheit

Zugriff auf Dokument

http://eprints.cs.univie.ac.at/8100/

Zitationsweisen

@inproceedings{1d7b580dae614c639fa2b61fb478553a,

title = "Never Gonna Give You Up: Exploring Deprecated NULL Ciphers in Commercial VoWiFi Deployments",

abstract = "In today{\textquoteright}s cellular network evolutions, such as 4G and 5G, the IMS(IP Multimedia Subsystem) serves as a crucial component in manag-ing voice calls and handling short messages. Besides accessing theIMS over the traditional radio layer, many operators use Voice overWi-Fi (VoWiFi) allowing customers to dial into their core networkover the public Internet using an (insecure) Wi-Fi connection.To protect against malicious actors on the WiFi or Internet do-main, the traffic is sent over a series of IPsec tunnels, ensuring con-fidentiality and integrity. Similar to other encrypted protocols (e.g.TLS), the client and server use a handshake protocol (i.e., IKEv2) tocommunicate their supported security configurations and to agreeupon the used parameters (e.g., keys or an encryption algorithm)for the ongoing session. This however opens the door for securityvulnerabilities introduced by misconfiguration.We want to analyze security configurations within commercialVoWiFi deployments, both on the client and server side, spottingdeprecated configurations that undermine communication security.",

author = "Gegenhuber, {Gabriel Karl} and Frenzel, {Philipp {\'E}.} and Edgar Weippl",

year = "2024",

month = may,

day = "1",

language = "English",

booktitle = "17th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2024)",

}

TY - GEN

T1 - Never Gonna Give You Up: Exploring Deprecated NULL Ciphers in Commercial VoWiFi Deployments

AU - Gegenhuber, Gabriel Karl

AU - Frenzel, Philipp É.

AU - Weippl, Edgar

PY - 2024/5/1

Y1 - 2024/5/1

N2 - In today’s cellular network evolutions, such as 4G and 5G, the IMS(IP Multimedia Subsystem) serves as a crucial component in manag-ing voice calls and handling short messages. Besides accessing theIMS over the traditional radio layer, many operators use Voice overWi-Fi (VoWiFi) allowing customers to dial into their core networkover the public Internet using an (insecure) Wi-Fi connection.To protect against malicious actors on the WiFi or Internet do-main, the traffic is sent over a series of IPsec tunnels, ensuring con-fidentiality and integrity. Similar to other encrypted protocols (e.g.TLS), the client and server use a handshake protocol (i.e., IKEv2) tocommunicate their supported security configurations and to agreeupon the used parameters (e.g., keys or an encryption algorithm)for the ongoing session. This however opens the door for securityvulnerabilities introduced by misconfiguration.We want to analyze security configurations within commercialVoWiFi deployments, both on the client and server side, spottingdeprecated configurations that undermine communication security.

AB - In today’s cellular network evolutions, such as 4G and 5G, the IMS(IP Multimedia Subsystem) serves as a crucial component in manag-ing voice calls and handling short messages. Besides accessing theIMS over the traditional radio layer, many operators use Voice overWi-Fi (VoWiFi) allowing customers to dial into their core networkover the public Internet using an (insecure) Wi-Fi connection.To protect against malicious actors on the WiFi or Internet do-main, the traffic is sent over a series of IPsec tunnels, ensuring con-fidentiality and integrity. Similar to other encrypted protocols (e.g.TLS), the client and server use a handshake protocol (i.e., IKEv2) tocommunicate their supported security configurations and to agreeupon the used parameters (e.g., keys or an encryption algorithm)for the ongoing session. This however opens the door for securityvulnerabilities introduced by misconfiguration.We want to analyze security configurations within commercialVoWiFi deployments, both on the client and server side, spottingdeprecated configurations that undermine communication security.

M3 - Contribution to proceedings

BT - 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2024)

ER -