論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
博碩士論文 etd-1029121-172324 詳細資訊
Title page for etd-1029121-172324
論文名稱 Title |
行動通訊無線存取網路中針對Dolev-Yao攻擊者模型之防禦系統 A Study of Defense System Against Attackers of Dolev-Yao Model in Radio Access Network for Mobile Communications |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
84 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2021-11-12 |
繳交日期 Date of Submission |
2021-11-29 |
關鍵字 Keywords |
行動網路、中間人攻擊、雙層加密、封包分組、無線存取網路 Mobile network, Man-in-the-Middle attack, double-layer encryption, packet grouping, Radio Access Network |
||
統計 Statistics |
本論文已被瀏覽 137 次,被下載 1 次 The thesis/dissertation has been browsed 137 times, has been downloaded 1 times. |
中文摘要 |
4G行動網路已逐漸普及於世界各國,並隨著智慧型裝置的發展一同改變了人們的生活。相較於前一世代,除了效能層面的提升,4G也提供了更加安全的網路環境以保障使用者的隱私,例如:雙向認證、金鑰階層、封包加密及完整性保護。縱使這些安全機制給予了使用者一定程度的保障,針對行動網路的攻擊還是層出不窮。需要注意的是,4G只針對控制層面的訊息實施完整性保護,而非使用者層面。根據這項基礎,近年來出現了攻擊者偽裝成網路服務供應商,傳送惡意訊息的中間人攻擊。由於使用者資料並無被完整性保護,因此就算資料被竄改,使用者也會毫不知情地接收修改過的資料。為了解決這項問題,我們提出一套部署於無線存取網路中基於AES-CBC的雙層加密防護機制以抵禦這類型的中間人攻擊。另外,為了降低實施額外加密對資料傳輸所造成的負面影響,我們根據4G的QCI機制及調查常被作為攻擊目標的協定種類,實施封包分組技術,使我們的系統在可接受的效能影響下保護使用者資料不被竄改,達到防禦中間人攻擊的目的。其中,我們也展示實作的細節以及理論與實驗數據的比對來檢驗我們的防禦系統的效果與效能。另一方面,為了使防禦這類型攻擊的難度降低,我們利用正規化的模型描述中間人攻擊的情境,以及我們的防禦系統的安全性。本研究也蒐集近年來行動網路中的攻擊與防禦研究,並依照不同指標加以分類,可提供相關領域的研究團隊參照。 |
Abstract |
LTE has been deployed in many countries in the world, changing people's lives along with the development of smart devices. Besides the improvement on performance, LTE provides the network environment at a higher security level to protect the privacy of subscribers, such as mutual authentication, key hierarchy, packet ciphering, and integrity protection, compared to the former generations. Although these mechanism seems to ensure users a secure network environment, attacks against mobile networks can be still possible since LTE only applies integrity protection on the control data instead of user data according to 3GPP specifications. On the basis of this, a Man-in-the-Middle (MitM) attacker is able to impersonate the network operator to send malicious messages to the victim. Since the user data is not integrity protected, the victim will receive modified packets without awareness of the modification. To address the issue, we propose a defense system deployed in Radio Access Network (RAN) with a double-layer encryption based on AES-CBC to defend against the MitM attacks. In addition, to alleviate the negative impact on data transmission induced by additional protection, we propose the packet grouping technique to enhance the performance of encryption according to the QCI mechanism in LTE and the investigation on the protocols that are attacked commonly. To validate the performance and the defensive effect, we develop the analytic model to evaluate the performance of the proposed shell encryption based on packet grouping and compare the theoretical results with the experimental results based on our implementation of the prototype system of the proposed security scheme. On the other hand, to level down the difficulty of defensing MitM attacks, we propose formal models to capture the abilities of the attackers in MitM attacks and demonstrate the security of our defense system. |
目次 Table of Contents |
論文審定書 i Acknowledgments ii 摘要 iv ABSTRACT v List of Figures ix List of Tables xi Chapter 1 Introduction 1 1.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 1.2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 1.3 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 1.4 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Chapter 2 Related Works 5 2.1 Cyberattacks against Mobile Networks . . . . . . . . . . . . . . . . . . . . .5 2.2 Defensing Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Chapter 3 System and Security Models 11 3.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 3.1.1 LTE Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 3.1.2 LTE Protocol Stack . . . . . . . . . . . . . . . . . . . . . . . . . . .12 3.1.3 EEA Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 3.1.4 AES Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 3.1.4.1 Procedure . . . . . . . . . . . . . . . . . . . . . . . . . .16 3.1.4.2 Modes of Operation . . . . . . . . . . . . . . . . . . . . .18 3.1.4.3 The security of AES . . . . . . . . . . . . . . . . . . . . .19 3.2 System Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 3.2.1 System Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 3.3 Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 3.4 Security Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 3.5 Security Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 Chapter 4 Proposed Method 28 4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 4.2 Packet Grouping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 4.2.1 The Influencing Factors for Grouping . . . . . . . . . . . . . . . . .29 4.2.1.1 Common Vulnerable Protocols . . . . . . . . . . . . . . .29 4.2.1.2 QCI Mechanism . . . . . . . . . . . . . . . . . . . . . . .30 4.2.2 Grouping Strategies . . . . . . . . . . . . . . . . . . . . . . . . . .31 4.2.3 Efficiency Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . .36 4.2.3.1 Calculating Total Time Cost . . . . . . . . . . . . . . . . .36 4.2.3.2 Modeling Packet Delay . . . . . . . . . . . . . . . . . . .39 4.3 Shell Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 4.3.1 Encryption Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 4.3.2 Encryption Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 Chapter 5 Experiments and Performance Evaluation 43 5.1 Experiment Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 5.2 Preliminary Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 5.2.1 Separate Encryption vs. Group Encryption . . . . . . . . . . . . . .44 5.3 The Defense System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46 5.3.1 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . .46 5.3.2 Implementation Details . . . . . . . . . . . . . . . . . . . . . . . . .47 5.3.2.1 Code Explanation . . . . . . . . . . . . . . . . . . . . . .47 5.3.2.2 Difficulties . . . . . . . . . . . . . . . . . . . . . . . . . .53 5.4 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 5.4.1 Encryption Time per Message . . . . . . . . . . . . . . . . . . . . .53 5.4.2 Data Transmission Volume . . . . . . . . . . . . . . . . . . . . . . .54 5.4.3 Time Consumption of Different Security Operations . . . . . . . . .54 Chapter 6 Security Analysis 58 6.1 Security Analysis of the Defense System . . . . . . . . . . . . . . . . . . . .58 Chapter 7 Discussion 60 7.1 Particular Design for LTE . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 7.2 Defending Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 7.3 Comparison with Related Defensing Works . . . . . . . . . . . . . . . . . .62 7.4 The Imperfection of the Implementation . . . . . . . . . . . . . . . . . . . .62 Chapter 8 Conclusion 64 8.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64 8.2 Future Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64 |
參考文獻 References |
[1] 3GPP, “3GPP System Architecture Evolution (SAE); Security Architecture,” 3rdGeneration Partnership Project (3GPP), Technical Specification (TS) 33.401, 7 2020,version 16.3.0. [Online]. Available: http://www.3gpp.org/DynaReport/33401.htm [2] D. Rupprecht, K. Kohls, T. Holz, and C. P ̈opper, “Breaking LTE on Layer Two,” in2019IEEE Symposium on Security and Privacy (SP). IEEE, 2019, pp. 1121–1136. [3] ——, “IMP4GT: IMpersonation Attacks in 4G NeTworks,” inSymposium on Networkand Distributed System Security (NDSS). ISOC, 2020. [4] D. Dolev and A. Yao, “On the Security of Public Key Protocols,”IEEE Transactions oninformation theory, vol. 29, no. 2, pp. 198–208, 1983. [5] I. Gomez-Miguelez, A. Garcia-Saavedra, P. D. Sutton, P. Serrano, C. Cano, and D. J.Leith, “srsLTE: An Open-Source Platform for LTE Evolution and Experimentation,” inProceedings of the Tenth ACM International Workshop on Wireless Network Testbeds,Experimental Evaluation, and Characterization, 2016, pp. 25–32. [6] “srsRAN.” [Online]. Available: https://github.com/srsran/srsRAN [7] D. Rupprecht, K. Kohls, T. Holz, and C. P ̈opper, “Call Me Maybe: Eavesdropping En-crypted LTE Calls With ReVoLTE,” in29th USENIX Security Symposium (USENIX Se-curity 20), 2020, pp. 73–88. [8] N. Lakshmanan, N. Budhdev, M. S. Kang, M. C. Chan, and J. Han, “A Stealthy Loca-tion Identification Attack Exploiting Carrier Aggregation in Cellular Networks,” in30thUSENIX Security Symposium (USENIX Security 21), 2021. [9] S. R. Hussain, M. Echeverria, O. Chowdhury, N. Li, and E. Bertino, “Privacy Attacksto the 4G and 5G Cellular Paging Protocols Using Side Channel Information,”Networkand Distributed Systems Security (NDSS) Symposium, 2019. [10] B. Hong, S. Bae, and Y. Kim, “GUTI Reallocation Demystified: Cellular LocationTracking with Changing Temporary Identifier,” inNDSS, 2018. [11] A. Shaik, R. Borgaonkar, S. Park, and J.-P. Seifert, “New Vulnerabilities in 4G and 5GCellular Access Network Protocols: Exposing Device Capabilities,” inProceedings ofthe 12th Conference on Security and Privacy in Wireless and Mobile Networks, 2019,pp. 221–231. [12] K. Kohls, D. Rupprecht, T. Holz, and C. P ̈opper, “Lost Traffic Encryption: Fingerprint-ing LTE/4G Traffic on Layer Two,” inProceedings of the 12th Conference on Securityand Privacy in Wireless and Mobile Networks, 2019, pp. 249–260. [13] K. Fang and G. Yan, “Paging Storm Attacks against 4G/LTE Networks from RegionalAndroid Botnets: Rationale, Practicality, and Implications,” inProceedings of the 13thACM Conference on Security and Privacy in Wireless and Mobile Networks, 2020, pp.295–305. [14] M. Chlosta, D. Rupprecht, T. Holz, and C. P ̈opper, “LTE Security Disabled: Miscon-figuration in Commercial Networks,” inProceedings of the 12th conference on securityand privacy in wireless and mobile networks, 2019, pp. 261–266. [15] C. Yu, S. Chen, and Z. Cai, “LTE Phone Number Catcher: A Practical Attack againstMobile Privacy,”Security and Communication Networks, vol. 2019, 2019. [16] S. Hussain, O. Chowdhury, S. Mehnaz, and E. Bertino, “LTEInspector: A SystematicApproach for Adversarial Testing of 4G LTE,” inNetwork and Distributed Systems Se-curity (NDSS) Symposium 2018, 2018. [17] S. F. Mjølsnes and R. F. Olimid, “Easy 4G/LTE IMSI Catchers for Non-Programmers,”inInternational Conference on Mathematical Methods, Models, and Architectures forComputer Network Security. Springer, 2017, pp. 235–246. [18] D. Rupprecht, K. Jansen, and C. P ̈opper, “Putting LTE Security Functions to the Test:A Framework to Evaluate Implementation Correctness,” in10th USENIX Workshop onOffensive Technologies (WOOT 16), 2016. [19] A. Shaik, R. Borgaonkar, N. Asokan, V. Niemi, and J.-P. Seifert, “Practical Attacksagainst Privacy and Availability in 4G/LTE Mobile Communication Systems,”arXivpreprint arXiv:1510.07563, 2015. [20] H. Yang, S. Bae, M. Son, H. Kim, S. M. Kim, and Y. Kim, “Hiding in Plain Signal:Physical Signal Overshadowing Attack on LTE,” in28th USENIX Security Symposium(USENIX Security 19), 2019, pp. 55–72. [21] A. Dabrowski, N. Pianta, T. Klepp, M. Mulazzani, and E. Weippl, “IMSI-Catch Me IfYou Can: IMSI-Catcher-Catchers,” inProceedings of the 30th annual computer securityapplications Conference, 2014, pp. 246–255. [22] F. Van Den Broek, R. Verdult, and J. de Ruiter, “Defeating IMSI Catchers,” inProceed-ings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security,2015, pp. 340–351. [23] A. Dabrowski, G. Petzl, and E. R. Weippl, “The Messenger Shoots Back: NetworkOperator Based IMSI Catcher Detection,” inInternational Symposium on Research inAttacks, Intrusions, and Defenses. Springer, 2016, pp. 279–302. [24] M. S. A. Khan and C. J. Mitchell, “Trashing IMSI Catchers in Mobile Networks,” inProceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mo-bile Networks, 2017, pp. 207–218. [25] P. Ney, I. Smith, G. Cadamuro, and T. Kohno, “SeaGlass: Enabling City-Wide IMSI-Catcher Detection,”Proceedings on Privacy Enhancing Technologies, vol. 2017, no. 3, pp. 39–56, 2017. [26] Z. Li, W. Wang, C. Wilson, J. Chen, C. Qian, T. Jung, L. Zhang, K. Liu, X. Li, andY. Liu, “FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild.” inNDSS,2017. [27] P. K. Nakarmi, M. A. Ersoy, E. U. Soykan, and K. Norrman, “Murat: Multi-RAT FalseBase Station Detector,”arXiv preprint arXiv:2102.08780, 2021. [28] L. Karac ̧ay, Z. Bilgin, A. B. G ̈und ̈uz, P. C ̧ omak, E. Tomur, E. U. Soykan, U. G ̈ulen,and F. Karakoc ̧, “A Network-Based Positioning Method to Locate False Base Stations,”IEEE Access, vol. 9, pp. 111 368–111 382, 2021. [29] S. Barros, J. Bazzo, R. Takaki, D. Carrillo, and J. Seki, “LTE Jamming Mitigation Basedon Frequency Hopping Strategies,” in2016 8th IEEE Latin-American Conference onCommunications (LATINCOM). IEEE, 2016, pp. 1–6. [30] P.-C. Lin, R.-H. Hwang,et al., “MECPASS: Distributed Denial of Service Defense Ar-chitecture for Mobile Networks,”IEEE Network, vol. 32, no. 1, pp. 118–124, 2018. [31] V. T. Hoang Ahn and M. Ma, “A Secure Authentication Protocol with PerformanceEnhancements for 4G LTE/LTE-A Wireless Networks,” in2021 3rd International Elec-tronics Communication Conference (IECC), 2021, pp. 28–36. [32] R. Arul, G. Raja, A. K. Bashir, J. Chaudry, and A. Ali, “A Console GRID LeveragedAuthentication and Key Agreement Mechanism for LTE/SAE,”IEEE Transactions onIndustrial Informatics, vol. 14, no. 6, pp. 2677–2689, 2018. [33] C. Lai, H. Li, R. Lu, and X. S. Shen, “SE-AKA: A Secure and Efficient Group Authen-tication and Key Agreement Protocol for LTE Networks,”Computer Networks, vol. 57,no. 17, pp. 3492–3510, 2013. [34] F. Ahmad, M. Peradilla, A. Saini, and Y. Jung, “Improving Security Level of LTE AccessProcedure by Using Short-Life Shared Key,”IEICE Transactions on Communications, 2016. [35] N. Saxena, S. Grijalva, and N. S. Chaudhari, “Authentication Protocol for an IoT-Enabled LTE Network,”ACM Transactions on Internet Technology (TOIT), vol. 16,no. 4, pp. 1–20, 2016. [36] K. A. Alezabi, F. Hashim, S. J. Hashim, and B. M. Ali, “An Efficient Authentication andKey Agreement Protocol for 4G (LTE) Networks,” in2014 IEEE Region 10 Symposium.IEEE, 2014, pp. 502–507. [37] A. Fanian, M. Berenjkoub, and T. A. Gulliver, “A TESLA-Based Mutual AuthenticationProtocol for GSM Networks,”The ISC International Journal of Information Security,vol. 1, no. 1, pp. 3–15, 2009.[38] N. Saxena and N. S. Chaudhari, “SAKA: A Secure Authentication and Key AgreementProtocol for GSM Networks,”CSI transactions on ICT, vol. 1, no. 4, pp. 331–341, 2013. [39] C.-C. Lee, I.-E. Liao, and M.-S. Hwang, “An Efficient Authentication Protocol for Mo-bile Communications,”Telecommunication Systems, vol. 46, no. 1, pp. 31–41, 2011. [40] A. Fanian, M. Berenjkoub, and T. A. Gulliver, “A New Mutual Authentication Protocolfor GSM Networks,” in2009 Canadian Conference on Electrical and Computer Engi-neering. IEEE, 2009, pp. 798–803. [41] K. P. Kumar, G. Shailaja, A. Kavitha, and A. Saxena, “Mutual Authentication and KeyAgreement for GSM,” in2006 International Conference on Mobile Business.IEEE,2006, pp. 25–25. [42] M.-S. Hwang, Y.-L. Tang, and C.-C. Lee, “An Efficient Authentication Protocol forGSM Networks,” inIEEE/AFCEA EUROCOMM 2000. Information Systems for En-hanced Public Safety and Security (Cat. No. 00EX405). IEEE, 2000, pp. 326–329. [43] N. Saxena and N. S. Chaudhari, “Secure-AKA: An Efficient AKA Protocol for UMTSNetworks,”Wireless personal communications, vol. 78, no. 2, pp. 1345–1373, 2014. [44] ——, “NS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks,”inInternational conference on advances in computer science and electronics engineer-ing (CSEE’14), Kuala Lampur, Malaysia, 2014, pp. 220–224. [45] T. Hwang and P. Gope, “Provably Secure Mutual Authentication and Key ExchangeScheme for Expeditious Mobile Communication Through Synchronously One-Time Se-crets,”Wireless personal communications, vol. 77, no. 1, pp. 197–224, 2014. [46] Y.-L. Huang, C.-Y. Shen, and S. W. Shieh, “S-AKA: A Provable and Secure Authenti-cation Key Agreement Protocol for UMTS Networks,”IEEE transactions on vehiculartechnology, vol. 60, no. 9, pp. 4509–4519, 2011. [47] H.-H. Ou, M.-S. Hwang, and J.-K. Jan, “A Cocktail Protocol with the Authenticationand Key Agreement on the UMTS,”Journal of Systems and Software, vol. 83, no. 2, pp.316–325, 2010. [48] A. Singla, S. R. Hussain, O. Chowdhury, E. Bertino, and N. Li, “Protecting the 4G and5G Cellular Paging Protocols against Security and Privacy Attacks,”Proceedings onPrivacy Enhancing Technologies, vol. 2020, no. 1, 2020. [49] S. R. Hussain, M. Echeverria, A. Singla, O. Chowdhury, and E. Bertino, “Insecure Con-nection Bootstrapping in Cellular Networks: The Root of All Evil,” inProceedings ofthe 12th Conference on Security and Privacy in Wireless and Mobile Networks, 2019,pp. 1–11. [50] R. Housley, “Cryptographic Message Syntax (CMS),” RFC 5652 (Draft Standard),Internet Engineering Task Force, September 2009. [Online]. Available:http://www.ietf.org/rfc/rfc5652.txt [51] A. Bogdanov, D. Khovratovich, and C. Rechberger, “Biclique Cryptanalysis of the FullAES,” inInternational conference on the theory and application of cryptology and in-formation security. Springer, 2011, pp. 344–371. [52] A. Logic,Critical Watch Report: SMB Threatscape 2019, 2019. [Online]. Available: https://www.alertlogic.com/assets/critcal-watch-report/CWR19ExecReport.pdf [53] Edgescan,2021 VULNERABILITY STATISTICS REPORT,2021.[On-line].Available:https://info.edgescan.com/hubfs/Edgescan2021StatsReport.pdf?hsCtaTracking=9601b027-23d3-443f-b438-fcb671cfda06%7Cb222011c-0b6d-440b-aed8-64d37dec66e2 [54] K. Beaver,Hacking For Dummies, 6th ed. 111 River Street, Hoboken, NJ 07030-5774:John Wiley & Sons, Inc., 2018, ch. 9, pp. 130–131. [55] 3GPP, “Policy and Charging Control Architecture,” 3rd Generation Partnership Project(3GPP), Technical Specification (TS) 23.203, 6 2021, version 17.1.0. [Online].Available: http://www.3gpp.org/DynaReport/23203.htm [56] ——, “Evolved Universal Terrestrial Radio Access (E-UTRA); Packet DataConvergence Protocol (PDCP) Specification,” 3rd Generation Partnership Project(3GPP), Technical Specification (TS) 36.323, 9 2021, version 16.4.0. [Online].Available: http://www.3gpp.org/DynaReport/36323.htm71 |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2453 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2453 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS