Ulrike Meyer

A man-in-the-middle attack on UMTS

In this paper we present a man-in-the-middle attack on the Universal Mobile Telecommunication Standard (UMTS), one of the newly emerging 3G mobile technologies. The attack allows an intruder to impersonate a valid GSM base station to a UMTS subscriber regardless of the fact that UMTS authentication and key agreement are used. As a result, an intruder can eavesdrop on all mobile-station-initiated traffic.Since the UMTS standard requires mutual authentication between the mobile station and the network, so far UMTS networks were considered to be secure against man-in-the-middle attacks. The network authentication defined in the UMTS standard depends on both the validity of the authentication token and the integrity protection of the subsequent security mode command.We show that both of these mechanisms are necessary in order to prevent a man-in-the middle attack. As a consequence we show that an attacker can mount an impersonation attack since GSM base stations do not support integrity protection. Possible victims to our attack are all mobile stations that support the UTRAN and the GSM air interface simultaneously. In particular, this is the case for most of the equipment used during the transition phase from 2G (GSM) to 3G (UMTS) technology.

On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks

GSM suffers from various security weaknesses: Just recently, Barkan, Biham and Keller presented a ciphertext-only attack on the GSM encryption algorithm A5/2 which recovers the encryption key from a few dozen milliseconds of encrypted traffic within less than a second. Furthermore, it is well-known that it is possible to mount a man-in-the-middle attack in GSM during authentication which allows an attacker to make a victim mobile station authenticate itself to a fake base station which in turn forwards the authentication traffic to the real network, thus impersonating the victim mobile station to a real network and vice versa. We discuss the impact of GSM encryption attacks, that recover the encryption key, and the man-in-the-middle attack on the security of networks, which employ UMTS and GSM base stations simultaneously. We suggest to protect UMTS connections from GSM attacks by integrating an additional authentication and key agreement on intersystem handovers between GSM and UMTS.

Messing with Android's Permission Model

Permission models have become very common on smartphone operating systems to control the rights granted to installed third party applications (apps). Prior to installing an app, the user is typically presented with a dialog box showing the permissions requested by the app. The user has to decide either to accept all of the requested permissions, or choose not to proceed with the installation. Most regular users are not able to fully grasp which set of permissions granted to the application is potentially harmful. In addition to the knowledge gap between user and application programmer, the missing granularity and alterability of most permission model implementations help an attacker to circumvent the permission model. In this paper we focus on the permission model of Googles Android platform. We detail the permission model, and present a selection of attacks that can be composed to fully compromise a users device using inconspicuously looking applications requesting non-suspicious permissions.

Distributed Privacy-Preserving Policy Reconciliation

Organizations use security policies to regulate how they share and exchange information, e.g., under what conditions data can be exchanged, what protocols are to be used, who is granted access, etc. Agreement on specific policies is achieved though policy reconciliation, where multiple parties, with possibly different policies, exchange their security policies, resolve differences, and reach a consensus. Current solutions for policy reconciliation do not take into account the privacy concerns of reconciliating parties. This paper addresses the problem of preserving privacy during security policy reconciliation. We introduce new protocols that meet the privacy requirements of the organizations and allow parties to find a common policy rule which maximizes their individual preferences.

GPU-Acceleration of block ciphers in the OpenSSL cryptographic library

The processing power of graphic processing units (GPUs) has been applied for cryptographic algorithms for some time. For AES and DES especially, there is large body of existing academic work and some available code which makes use of the CUDA framework. We contribute to the field of symmetric-key GPU cryptography by implementing and benchmarking multiple block ciphers on CUDA and OpenCL in the form of an OpenSSL cryptographic engine. We show common techniques to implement and accelerate these block ciphers (AES, DES, Blowfish, Camellia, CAST5, IDEA). Another equally important part of our work presents a guideline on how to perform reproducible benchmarks of these ciphers and similar GPU algorithms.

Security and privacy for mobile electronic health monitoring and recording systems

In this paper we detail the security and privacy architecture and implementation of the HealthNet mobile electronic health monitoring and data collection system. HealthNet consists of a body sensor network embedded in clothing that communicates wirelessly to the wearers mobile phone. The mobile phone is used to manage, store and transfer the data in a secure way. Data may be transferred to other parties, such as medical experts, emergency care and private parties trusted by the wearer himself, e.g. his family. The patient controls who may access his data. Only emergency physicians nearby the patient may access vital data without the patients individual consent. We describe the unique security and privacy features of our architecture which may also be used to improve other telemonitoring solutions.

Wireless Mesh Network security: State of affairs

Wireless Mesh Networks (WMNs) surely are one of the most prominent trends for Next Generation Networks. Their future success, however, depends on their security features. In this paper we step back to classify and characterize Wireless Mesh Networks as a whole. This high-level vantage point helps us to define general security requirements and identify unique challenges in meeting these requirements with respect to the characteristics of WMNs. We then use this framework of requirements and characteristics to evaluate state of the art proposals ranging from standardization effort of the IEEE to results from academia.

An approach to enhance inter-provider roaming through secret sharing and its application to WLANs

In this paper, we show how secret sharing can be used to address a number of shortcomings in state-of-the-art public-key-based inter-provider roaming. In particular, the new concept does not require costly operations for certificate validation by the mobile device. It furthermore eliminates the need for a secure channel between providers upon roaming. We demonstrate the new approach by introducing a new protocol, EAP-TLS-KS, for roaming between 802.11i-protected WLANs. In addition, we show that the properties of EAP-TLS-KS allow for an efficient integration of a micropayment scheme.

GENERATING OSCILLATORY BURSTS FROM A NETWORK OF REGULAR SPIKING NEURONS WITHOUT INHIBITION

Avian nucleus isthmi pars parvocellularis (Ipc) neurons are reciprocally connected with the layer 10 (L10) neurons in the optic tectum and respond with oscillatory bursts to visual stimulation. Our in vitro experiments show that both neuron types respond with regular spiking to somatic current injection and that the feedforward and feedback synaptic connections are excitatory, but of different strength and time course. To elucidate mechanisms of oscillatory bursting in this network of regularly spiking neurons, we investigated an experimentally constrained model of coupled leaky integrate-and-fire neurons with spike-rate adaptation. The model reproduces the observed Ipc oscillatory bursting in response to simulated visual stimulation. A scan through the model parameter volume reveals that Ipc oscillatory burst generation can be caused by strong and brief feedforward synaptic conductance changes. The mechanism is sensitive to the parameter values of spike-rate adaptation. In conclusion, we show that a network of regular-spiking neurons with feedforward excitation and spike-rate adaptation can generate oscillatory bursting in response to a constant input.

Implementing an Attack on Bluetooth 2.1+ Secure Simple Pairing in Passkey Entry Mode

Due to the serious security issues found in early Bluetooth revisions, Bluetooth revision 2.1 (and later) uses a new pairing process called Secure Simple Pairing (SSP). SSP allows two devices to establish a link key based on a Diffie-Hellman key agreement and supports four methods to authenticate the key agreement. One of these methods is called Passkey Entry method, which uses a PIN entered on one or both devices. The Passkey Entry method has been shown to leak this PIN to any attacker eavesdropping on the first part of the pairing process. If in addition, the attacker can prevent the pairing process to successfully complete and the user uses the same PIN twice (or a fixed PIN is used), the attacker can mount a man-in-the-middle attack on a new run of the pairing process. In this paper, we explore the practicality of this attack and show that it is should be taken very seriously. Lacking devices with a reasonably programmable Bluetooth stack to implement the attack upon, we created Bluetrial: our own implementation of the relevant Bluetooth parts using the GNU Radio platform on USRP and USRP2 devices.