Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: Hacking at random

Results of a Security Assessment of Common Implementation Strategies of the TCP and IP Protocols

Information and slides for the presentation are available on the HAR2009 Wiki.

PDF’s are available that provide details on the Security Assessment of the Internet Protocol and Transmission Control Protocol that were carried out on behalf of the UK CPNI (United Kingdom’s Centre for the Protection of National Infrastructure).

Fernando Gont unfortunately didn’t turnup to do the talk. At the moment we’re unsure why, and wouldn’t like to speculate (things just happen sometimes). Hopefully he’ll get rescheduled for sometime later tonight/tomorrow.

Advertisements

Airprobe: Monitoring GSM traffic with USRP

Information (and hopefully the slides soon) from the presentation can be found on the HAR2009 Wiki and the CCC Projects page. The project homepage is http://airprobe.org/ but appears to be down currently.

Airprobe is a project for creating an OpenSource GSM protocol decoder.

  • Using gnuradio Software Defined Radio (SDR)
  • GSM layer 1 demodulation / decode
  • GSM TDMA demultiplex
  • Recombining bursts into mac blocks
  • Handling of mac blacks to protocol analyzer

Why ? because wardrivers must be getting bored with just Wireless LANs. There are other networks out there that are vulnerable (DECT, GSM, etc…). Raising public awareness is very important. It’s ok to look at the specs and say “There might be  a problem here”, but testing and proof are needed to effect change.

The chips and parts required to build your own GSM sniffer are not available to the general public (at least at the low quantities required for normal usage). This is where the SDR comes in.

Airprobe decoders supported

  • gsmsp
  • gssm
    • Considered alpha
  • gsm-tvoid
  • gsm-receiver
    • Latest GSM decoder
    • Much better decoding
  • gsmdecode
    • GSM Layer 2+ decoder from hex bytes to human readable
  • gsmstack
    • GSM MAC Layer from demodulated bits to MAC blocks
    • Incomplete (will be integrated with gsm-receiver)

The Project are currently looking for developers with DSP experience –> get in touch through airprobe.org if you can help

Demo: Using the USRP and SDR to eavesdrop on GSM traffic. The demo used pre-recorded data from the USRP to input into gsm-receiver and view the MAC blocks.

MAC blocks are displayed in 23 Byte blocks and use [2b] as a filler if there isn’t enough data to fill a Block.

By taking these MAC blocks and piping them into gsm-decode it’s possible to decode and view the system information paging traffic (clear-text). This capture was taken on a non-frequency hoping network. Frequency hoping however isn’t a security solution as the frequency hoping pattern is sent in clear-text and is publicly known. Frequency hoping is used to avoid interference. the current setup, doesn’t support frequency hoping, but there are a number of solutions being considered.

As the capture from gsm-receiver outputs to PCAP format, it’s possible to open within Wireshark to get a full graphical representation. The patches for wireshark are available in SVN currently.

All the building blocks are in place to enable decoding of GSM encryption. The final step is a working proof of concept to break the encryption. There are a few weaknesses, however no full PoC currently. The tools are here, but they need to be made more user friendly.

Currently no support for GPRS/EDGE, however this should be possible with some work. However GPRS uses different encryption than GSM, so research will need to be made in this area.

OpenBSC: Running your own GSM network

Information and the slides for the presentation are available on the HAR2009 Wiki and the OpenBSC website. The slides from the 25C3 talk on OpenBSC can bee downloaded here.

The OpenBSC project is currently running a GSM network at HAR2009 that allows people to call between handsets.

BSC = Base Station Controller

The BSC does most of the actual decision making and controls most of the aspects of the BTSs (handles intra-BSC handover)

GSM operates on a LICENSED spectrum. The OpenBSC project is designed to allow security research without effecting the commercial operators.

GSM protocol specifications are very comprehensively documented (1,108 PDFs, 414 MBytes). Most however other literature is very high-level (location of towers, etc…)

GSM is a bit-synchronous network (drawing mainly from ISDN, SDN). Layer 2 modelled after (Q.291 / LAPD), and call signalling Q.931 (both are used in ISDN within Europe).

Like traditional telco protocols, the intelligence is in the network, not the end nodes.

GSM packets contain only the payload without destination or source information. All delivery routing is based on timing context. This makes it different to other transport mechanisms.

There are details of the GSM protocol and the infrastructure used can be found in the presentation PDF (it’s not really possible to summaries this information into a usable braindump I’m afraid).

Security model – Only the handsets can be evil, the network is ALWAYS trusted.

Since 25C3

Fixed plenty of resource leaks (RAM)

OpenBSC is now a ” gsm network in a box” – no need for MSC/HLR/VLR/…

Future of OpenBSC

  • Separation of BSC and MSC
  • Support actual A interface of SCCP
  • Currently no GPRS/EDGE
  • Routing calls between E1 and IP/RTP based BTS
  • Interface for external apps like SCAPY for packet injection

HAR2009 GSM network

  • License permitted for 4 ARFCN’s
  • Transmit power 100mW on each ARFCN
  • Antenna height restrictions to 3m
  • In the event of interference with other operators, we get shut down
  • 2x BS-11 units, each two TRX
    • Share a single E1 link
  • Linux system running openBSC
    • Uses mISDN driver for HFC-E1 card
    • Network iD: NCC 204(NL), MNC 42
    • Typical CPU usage is <5% (2 year old machine)
    • Black PC, with cables coming out of it !!!
  • No encryption or frequency hoping enabled on the network

To prevent accidentally joining other users (non-camp users), an SMS is sent with authorization URL to enable the phone on the network.

Next talk –> Airprobe, for eavesdropping on GSM communications

Camp network statistics (HAR2009)

  • 1100 phones tried to use the network
  • 450 phones completed registration
  • 1000 SMS sent
  • Not sure on the attempted voice calls at this time

Relationship graphs (who called/messaged who) and the number of calls/messages will be posted to the HAR2009 Wiki once the conference ends.

Cracking Internet: The urgency of DNSSEC

Information and a copy of the slides are available on the HAR2009 Wiki. You can also download the whitepaper on DNSSEC from http://dnssec.nu

Nice run through of the Kaminsky attack (as it’s being referred to now apparently) from last year.

There was a contest run at HAR2009 to see if anybody was able to bypass the new restrictions and poison the DNS cache on the server. Unfortunately nobody managed to succeed in the time given.

What is DNSSEC ?

Uses public key cryptography

DNSSEC doesn’t fix all our problems. DNSSEC doesn’t .:

  • protect confidentiality
  • protect against threats like DDoS
  • Guarentee of DNS records (human errors)

Currently DNSSEC is being implemented using a 2-tiered key model. Although this isn’t specifically in the spec.

Key Signing Key (large key size, long validity,…) is used to sign the Zone key (smaller key size, shorter validity,…)

Additional RRs (resource records)

  • For Public keys
    • DNSKEY
    • DS
  • For signatures
    • RRSIG
  • For authenticated denial of existance
    • NSEC
    • NSEC3

This increases the size of the zone, and will therefore increase the required bandwidth.

Current state of deployment

  • .gov
  • .org
  • .museum
  • .bg
  • .br
  • .cz
  • .pr
  • .se

.com and .net are planned to be signed by 2011 (this is more the 65% of all domains)

Root is likely to be signed before the end of 2009.

As the root isn’t yet signed, there are currently a number of islands of trust. Once the root is signed, then things will become more workable.

IANA has made an “Interim Trust Anchor Repository” (ITAR) available to http://itar.iana.org to help with the issue of islands of trust. Once the root is signed, then hopefully this will not be needed any longer. Even working with the ITAR list can be troublesome, as it is required to be downloaded (and validated against a hash value) and imported. It is also important to update the information as the keys expire and need to be refreshed.

DNSSEC is hard to do, but even critics agree that it is the only available solution at the moment.

There is a lack off available tools to assist in deployment of signed zones. DNS has always been very forgiving. However DNSSEC makes a small mistake something that could take your zone offline.

Tools

OpenDNSSEC –> http://www.opendnssec.org
Secure64 DNS Signer
Xelerance DNSX Signer
ZKT (Zone Key Tool)
PowerDNS + DNSSEC = PowerDNSSEC

Alternatives

  • Continue patching against attacks (keep with traditional DNS)
    • An arms race (which is already being lost=
  • SSL/TLS
    • Too heavyweight
    • Broken (see Dan Kaminsky)
  • TSIG/SIG(0)
    • Shared secrets ???
    • Doesn’t scale
  • DNScurve
    • Based on elliptic curve
    • Not available
  • DNS 0x20
    • Based on using capitalisation to introduce more entropy
    • Comparable to existing DNS infrastructure
    • Can it defend the root zones (too small to be effective, Com, cOm, coM, …)

Microsoft have commited to releasing DNSSEC tools in their next release of Windows 2008. What these tools are however, has not been made clear.