 It's my great pleasure to announce this next talk, which is going to be called sick over an alpha Where Jo-yoon Park and Min-choo Sun are going to be talking about signal overshadowing attacks in LTE The two of them are researchers at the KIST in Korea the Korean Advanced Institute of Science and Technology and I'm really interested in hearing about the exploits these two found. Please give them a huge warm welcome with an applause. Thank you Thank you. Good afternoon. Welcome to our talk. The name is sick over plus alpha What we are talking about is very interesting realistic and a new attack in LTE My name is Min-choo. I'm a graduate student at system secret lab in KIST My research interest is in cellular networks and comparison analysis Hi, my name is Chor Jun, and I'm also PhD student in security a system security lab in KIST My research interest is also cellular network system and mobile security analysis In this presentation, we prepared a lot of interesting attack demo videos and Min-choo will talk about the first half of the presentation about some introductions on LTE network and Concepts on sick over attack and broadcasting message injection using sick over Then I will talk about the rest part of the presentation about little more advanced attack Okay, let's start First of all, what I'm going to talk about is the cellular network all of us use cell phone for voice call playing games or watching a video in anywhere at any time and the mobile phone has been developed from first generation to first generation as shown in The figure on the right and five fifth generation service is now started today We are going to talk about new and powerful attack techniques that can be used for attacks in LTE Also, we will explain some examples of attacks and show demonstration of them To understand the main content We need a background for LTE. The LTE system is largely composed of a UI such as a smart phone used by a user for LTE service and a base station in charge of transmitting and receiving radio signals and a core network for the mobile management authentication and data servers of the user For control messages such as radio connection The UI and base station use RRC protocols Similarly, the UI and the core network send and receive control messages with last protocols The main part of our talk are the UI and the base station if so How does the UI establish a radio connection with the base station and use the LTE service? First, the UI has to decide which base station to connect to To do this, UI scans the LTE frequency band and select the most stable base station by considering the frequency priority and signal strength of the base station After selecting one base station, the UI starts a touch-up procedure with the base station First the UI receives a PSS and SSS signal sent by the base station. In turn MIV and SIV are decoded All three messages are broadcast messages sent by the base station They are used to match time synchronization to know bandwidth or transmission scheme and to know information about the base station After broadcast message The UI establishes a radio connection with the base station This process is done using the RRC protocol messages After which the UI proceeds with circuit setup for last protocol Throughout this process, the UI and the core network share the key and algorithm for encryption and iterative check The secret setup process is also performed between the UI and the base station After this series of procedures, the UI can attach successfully and use the LTE service And then what attack is possible against the UI connected to the network and using the service The most widely used method so far is to use a fake base station An attacker could use a fake base station that behaves like a resident base station causing the victim UI to disconnect from the resident base station and connect to the fake base station This is possible because the UI preferentially tries to connect to a strong base station Several attacks using FPS have been introduced including main the middle attack, denial of services, user identity and fake emergency alert and so on As such, the fake base station attack using the characteristics of the radio communication is actively used for research or actual attack And then here is the question Is FPS attack the only attack method using the characteristics of LTE radio connection? Or should victim UI always be connected to the FPS for wireless attacks? The answer is no There is more intuitive and powerful attack method than FPS It is a signal overshadowing attack While the previous FPS attack used the characteristic of selecting a stronger signal base station the signal over attacks uses the characteristic of wireless communication to decode the stronger signal when different signals are transmitted as the same frequency This is elusted by the figure below The normal base station continuously transmits LTE signals in time and frequency The UI then receives and decodes this signal If the attacker can match the time and frequency exactly with the normal signal and transmit a stronger signal than normal signal the UI will decode the stronger signal This is the signal overshadowing attack that overwrites the LTE signal If the signal over attack is possible, then one message can be used to overwrite The messages we can overwrite are those with no security protection First, there is a broadcast message The broadcast message is the base station sent signal for all users with no consideration for encryption and integrity checks in the LTE specification Second, there is a message that can be used for an attack because it is unprotected among messages transmitted only to a specific user not a broadcast message One reason that is not protected is a bug in the UI implementation The other is that there are several messages in the specification that allow plain messages before performing security setup The details of the signal over attack will be discussed one by one First, I will explain what to serve in order to perform the signal over attack and how the signal over attack is different from the existing FPS attack and what kinds of attacks are possible using broadcast messages and signal over Lastly, Chul-Joon will explain attacks using unicast messages and then discuss something like countermeasure and future works So first, there are some challenges and questions for signal over attack First, we should consider which part of the signal we overwrite If too many signals are overwritten, the UI will not receive normal signals causing only those effects such as jamming On the contrary, if too few signals are covered the difficulty of the attack increases and the UI may not be able to decode properly The second challenge is how to synchronize time and frequency This is the most important challenge in signal over attack where the attack signal must be accurately overwrite on the signal of the normal radio station Finally, how much error is OK? Even if the signal is transmitted like a normal radio station there may be a slight error in time or frequency Therefore, it is necessary to know how much a crash is required for the UI to properly decode the signal I will explain the details of these three challenges and questions To answer about the first question, let's look at the LTE frame structure first A LTE frame consists of multiple subframes and a subframe has multiple symbols and a message is included in a subframe meaning that there are various options to be overshadowed Symbol level overshadowing requires precise synchronization so success rate is hard to guarantee On the other hand, frame level overshadowing requires to rewrite multiple subframes or multiple messages It can also affect other normal messages so it is quite natural to overshadow in the subframe level Next, let's look at time synchronization first among synchronization issues Attackers' subframes and legitimate subframes must arrive at the UI simultaneously In order to overwrite a particular subframe accurately for simplicity, let's assume there is no propagation delay for now The attacker utilizes synchronization signals called PSS and SSS to get accurate time synchronization as they are sent periodically from the ResitMate Base Station More concretely, first, the attacker is to PSS, SSS to get frame timing of ResitMate Base Station meaning that the attacker can identify the frame timing T0, T1 and T2 Second, once the attacker learns the timing, she can predict the timing of the target subframe since each subframe has fixed size which is one millisecond For example, if the attacker overshadows second subframe of frame 566 then she can transmit the malicious subframe at T2 plus one millisecond Now, the attacker signal arrives at the UI simultaneously since we assume that there is no propagation delay However, in real life, there is propagation delay depending on the location meaning that T0 will be delayed due to the propagation delay of PSS and SSS Also, if the attacker is located far from the UI, more delay would be added The delay could be compensated if the attacker precisely locates the UI and the Base Station but it is not realistic in the wild The delay is up to some maximum value because they are located within range of the Base Station So, in practice, there is a delay that cannot be compensated So, subframes cannot be aligned exactly So then, we can count on the LTE LTE is designed to be reliable especially in outdoor environment In outdoor, UI can move with using point Also, there is a reflex effect because of buildings So, we expected that the UI would compensate such small errors if the subframe is somewhat synchronized but not exactly So, the question is how much can the UI tolerate this delay error? Since it is chipset dependent, we measure the max delay tolerance of two cut smartphones And result is around 12 and 11 microseconds each And both results exist max delay of the urban Base Station which is around 8 microseconds So, this means that the attacker can succeed regardless of the location of the Base Station and the victim's UI In summary, the attacker can be anywhere within the range of the Base Station to succeed the attack The last one to solve is frequency synchronization LTE standard specifies the minimum frequency accuracy that LTE Base Station must have as 50 ppb So, for precise synchronization, the attacker needs to use a sufficiently accurate frequency After that, residual frequency error can be compensated by CFO correction algorithm Since the Siegover was run on a typical SDI kit with an accurate oscillator We adopt GPS DO to improve its frequency accuracy GPS DO guarantees 25 ppb accuracy without GPS antenna and 1 ppb with GPS antenna Lastly, we can compensate residual frequency error by PSS SSS based CFO correction Here's the summary of the main questions and answers We overshadowed subframe units using PSS SSS for time synchronization and using GPS DO and CFO correction for frequency synchronization Finally, cut's UI is generous enough to cover the entire range of the overall Base Station In short, an attacker located on the range of the Base Station can overshadow broadcast messages to any victim within the Base Station coverage Next, before examining the difference between Siegover and FPS I will explain the process of Siegover attack First, the attacker collects necessary values by listening to the broadcast message of the normal Base Station This process is necessary because information about Base Station is required to disguise the attacker's signal instead of normal Base Station Next, the attacker creates a subframe that contains the message to use for the attack And now the attack begins First, the attacker receives the PSS and SSS signals of the normal Base Station and synchronizes time with the Base Station Then sends the malicious subframe that she made at the precise timing Finally, the UI receiving the signal receives a malicious message by decoding the attacker's subframe stronger than the signal of the normal Base Station Here's our test environment to verify the Siegover We implemented the Siegover by using open source LTS tag and we used USRF series for radio transmission We also searched iPhone XS or Galaxy S9 to verify this attack In the remainder of this talk, I will talk about performance of Siegover and attacks that can be launched using Siegover Okay, so far, I have shown that Siegover can be used in practice But both FPS and Siegover can inject malicious broadcast messages to the UIs So, what is the difference between Siegover and FPS or what is the advantage of Siegover? The basic advantage of Siegover compared with Base Station comes from the fact that the Siegover does not need connection establishment to inject the message This has multiple implications Another advantage is power efficiency Siegover does not require a strong power because the attack signal only needs to be higher enough to cover the original signal called capture effect It shows 98% success rate on 3DB higher power than the Resultimate Base Station However, the FPS requires much stronger power than the Siegover This is because the FPS needs to break the current connection between the victim UI and the Resultimate Base Station Next, I will talk about what we can do with Siegover and broadcast messages I have explained that there is no connection between the victim UI and the Siegover attacker It means that the UI keeps communicating with the Resultimate Base Station or network during the attack For example, the Siegover can inject a malicious message while the UI is on phone However, the UI cannot communicate with the network after attaching to the FPS So, the UI might fall in the denial of services Let me show you some possible attacks using Siegover but not feasible using FPS First one is signaling storm attack In general, signaling storm occurs through a bonnet But the Siegover can launch the attack without using the bonnet The Siegover exploits a broadcast message called SIV1, especially the tracking area code By changing the tracking area code to new one, the attacker can trigger tracking area update procedure of the victim UI which is sent to the core network All UI in the attack range may continuously receive fake SIV1 which cause tracking area update storm to the core network FPS can do the same But as you expected, the Resultimate network would be safe from this attack because the FPS is not connected to the Resultimate core network This is the demonstration of signaling storm The program in this screen shows signaling messages of the UI First, the attacker injects a malicious phasing message This malicious phasing message is required for the UI to receive a new SIV1 Then, the attacker overshadows a malicious SIV1 message Then the UI generates signaling to the network We evaluated the amplification factor of signaling storm attack In normal situation, a UI send about 45 service request messages corresponding to over 600 signaling messages per hour Signaling storm using Siegover can generate around 21,000 tracking area update request corresponding to around 400,000 signaling messages per hour In summary, signaling storm can generate 640 times more signaling messages per UI The second is a selective dose attack using SIV2 In SIV2, there is a field to prevent access of the UI for effective data service in a disaster situation If we manipulate this field, we can prevent UIs from sending service requests to the base station Of course, we can also adjust the barring time Furthermore, in the recent specification, barring service is not only divided into signaling and data but also divided into details such as voice call, video call, and SMS Therefore, selective dose is possible For example, all other services are possible but only voice service is not available The selective dose attack was verified by Galaxy S9 and succeed This attack is also only possible with Siegover Even if the UI connects to the FPS and receives the wrong SIV2 the FPS cannot make this attack because the normal SIV2 is received again when the UI is connected to the normal base station again This is the demonstration It would be nice to show a video of selective dose but not ready So this video is the attack using access barring The UIs can use normal data services and also voice calls After the Siegover attack by the UI Victim UIs receives malicious paging and SIV2 messages and then the UI normal service is now available Even after the attacker program is terminated, the normal service is now available too The following is an attack using in-zip paging In the figure on the left, a UI that is normally attached is released in the idle state by releasing radio connection when not using RT data At this time, if there is a service request for the UI from the network the base station sends a broadcast message paging to inform the UI The identifier used at this time is the temporary ID of the UI called GUTI However, if paging is sent using the unique ID of the UI called MZ the UI will disconnect and reattach according to the behavior defined in the standard This allows a dose attack on the UI that is using the RT service This is the IMG paging demo This is our test-based setup There is the attacker's PC and USB Victim UI receives the voice call The attacker injects a paging message with the victim's IMG Due to the IMG paging, the voice call is disconnected The final attack I will introduce is a fake emergency alert attack This alert attack uses SIV-12, which is used for alert systems In normal networks, the process of using CMAS is as follows Three messages, SIV-1, SIV-12 and Paging, are involved in the CMAS process Based on this process, the attacker overshadows the SIV-1, SIV-12 and paging messages For alert attack, victim phones connected to the Resitimates base station and attacker synchronizes time and frequency with the Resitimates base station This is a fake emergency alert message To sum up briefly, we have designed and implemented a signal oversetting alert attack using the fundamental weakness of wireless communication The signal over attack is more powerful than the FPS attack in terms of power efficiency and the connection between the UE and the normal base station and can perform more various attacks As an example, I showed demonstrations of four attacks then what can you do with a unique cast injection attack The answer of this question will be explained in detail by Churchill Hi again, and thank you, Mitchell So, as Mitchell said, what else can we do with the unique cast signal over injection attack So, when we go back to the fake base station attack, there have been various attacks using fake base station As an example of an existing FPS attack, mainly the middle attack can be used for injecting, sealing, or if-strapping victim's information If the fake base station is not an LTE base station, but a 3G or 2G base station, the attacker can cause a greater damage to the victim's privacy But actually, these attacks are quite limited to use These attacks all assume that the victim is already connected to the fake base station But in a static situation, in order for UE to pass over to the fake base station, the fake base station signal must be about 40 dB, or 10,000 times larger than the commercial one This is because the fake base station needs to break the current connection between victim UE and legitimate base station Operating fake base station with a strong signal requires a lot of resources and increases the chance to be detected However, Siegover can solve these limitations By injecting unique cast message, attacker can force victim to attach to the fake base station So, what is the unique cast message? The RLC connection release message is a message delivered by the base station to the UE It is used to command the release of an RLC connection So, when the UE receives this message, it will disconnect from the existing connection Plus, unique cast messages can have additional fields One of the additional fields, the redirected carrying for field, is used to indicate the next frequency where the UE shall connect to UE uses this information to select an acceptable base station to camp on Also, the redirected frequency can be not only for LTE base stations, but also for 3G or 2G base station, which is more vulnerable And the another additional field is idle mode mobility control info field This field is used to provide dedicated cell selection priorities When the UE searches for the base station, it does not check all the frequencies Instead, it checks only selected frequencies based on frequency previously connected or frequency received from the network So, we noticed that when the UE is redirected to a non-searching frequency UE did not redirect it to that frequency However, when a non-searching frequency was included in the idle mode mobility control info field UE was redirected well even though it was a new frequency The figure actually shows that the UE is redirected to another base station after receiving an RLC connection release message with a redirected carrying for field and idle mode mobility control info field You can see that the radio frequency channel number representing the communication frequency of the base station has changed from 100 to 2600 So, if attacker can inject this message to the victim UE attacker can force victim UE to move to the fake base station In order to inject this RLC connection release message injected messages should be decoded on the UE To do this, more efforts are required than when injecting a broadcast message Firstly, when injecting broadcast message attacker only had to consider base station's configuration to inject the message But, to inject the unicast message attacker also have to consider only additional information like UE's ID, RNTI, which is a temporarily identifier, sequence number, message format, and so on Moreover, the message must be set correctly in the right place UE does not decode all the messages over the air but only decodes what it needs to decode The location of the broadcast message is common space and every UE have to decode the message on the common space But, the location of the unicast message is a UE-specific space and it is determined according to the RNTI So, the message should be decoded at the UE-specific space With these extra efforts, unicast messages can also be injected via Siegelover Now, I will introduce attack scenarios using RLC connection release message injection In this attack, the attacker is assumed to know the MZ or RNTI of the victim We also assume that an attacker is located where he can hear signals from legitimate base station such as Victim UE Attack scenarios can be divided into two First situation is when there is a vulnerability on the device In this case, attacker needs to know MZ or RNTI If the Victim UE has the vulnerability that accepts security unprotected message even after the security activation, attacker can easily inject the unicast message We could found this vulnerability while developing methods to test device's vulnerability Second situation is when there is no vulnerability on the device In this case, attacker needs to know the MZ Then, attacker needs to inject message before the security activation For this attack, there need additional technical implementations Actually, this implementation is in progress Now, the first scenario is when there is a vulnerability in the UE This UE has a vulnerability that receives unprotected messages even in the presence of a security context The Victim UE is now connected to the legitimate network and has finished the security process So, the Victim UE has a security context and it is using normal cellular service Then, the attacker injects an unprotected RC connection release message on the UE Due to the vulnerability, the UE accepts security unprotected RC connection release message Then, the UE disconnects the existing connection and is redirected to the attacker's fake base station and request for the connection The second scenario is when there is no vulnerability on the UE The Victim UE is now connected to the legitimate network and has finished the security process So, the Victim UE has a security context and it only accepts security protected messages Thus, attacker cannot inject messages for now So, attacker must delete the UE's security context in order for the victim to receive on attacker's unprotected messages To do this, the attacker injects an MGPaging message According to the 3GPP specification, when UE receives the MGPaging message it should immediately terminate all service sessions, delete parameters including security key So, by injecting MGPaging message, attacker can delete the security context of the victim After UE terminates the existing connection, it starts over the attached procedure with the base station Before the victim UE finishes the security procedure, the attacker injects an RC connection release message When there is no security context, UE is allowed to receive the security unprotected RC connection release message Therefore, the UE processes the attacker's message and sends a connection request to the attacker's fake base station So far, we have introduced attacks that brings target victims to the fake base stations But existing fake base station attack can bring all the unspecified UE's to it From an FPS attacker's point of view, it may be easier and better to attach all the UE around Then we need to know if the SIGOVER attack can't do the same thing In this attack, the attacker constantly monitors downlink messages from the commercial base station to acquire R&TI from RC connection setup message Once the attacker gets the R&TI, attacker injects the RC connection release message Attacker can repeat the entire process until he brings all the UE's around To verify this attack, we used Galaxy S4 The Galaxy S4 is the one of the vernowable device that receives an unprotected message even in the presence of a security context This vernowability was discovered while studying methods to test device's vernowability In this case, we could inject an RC connection release message to the UE without deleting the security context To inject the RC connection release message, we used free open source LTE software, SRSLTE, and USRP X310 When the UE is normally connected to the cellular network, we injected crafted message to redirect the victim UE to the attacker's base station's frequency 363 The injected message contains the redirected carrier info field and idle mode mobility control info field The redirected carrier info field is set to the LT frequency type and contains 363, the frequency of fake base station The idle mode mobility control info field contains a list of normal base station's frequency and an attacker's frequency At this time, the priority of attacker's frequency is set to the highest to ensure that the victim definitely passes over the fake base station Here is the demonstration of the attack So at the first time, the victim's phone is connected to the legitimate base station 100 And the attacker is operating the fake base station 363 Then the attacker injects the message As you can see at the monitor, the signal was injected And the injected message has the contents as follows And this is the same with what I said before And then, as you can see at the fake base station's monitor, the victim's phone is connected to the fake base station And if you see the package during the attack, that one is the injected message After that, victim's phone makes a new connection with the fake base station So it moves from 100 to the 363 So after this attack, we could do anything like main the middle attack and so on So in the previous demo, the victim's UI was connected to a commercial base station And then moved to a fake base station that had never been connected Let's sum up the fake base station attack using Sieg Over First, this attack requires much less power and is easier than the traditional fake base station attacks As a result, the chance to be detected decreases and the effective attack range increases Second, the attacker can choose victim to move to the fake base station Since the attacker injects a unicast message, only the targeted UI is affected Therefore, the chance to be detected also reduced and it allows the attacker to definitely force the target to attach to a fake base station Finally, the attacker's fake base station can be not only LTE base station, but also a 3G or 2G base station As the 3G or 2G base stations are more vulnerable, attackers can perform more severe attacks And now I'm going to talk about some countermeasures, discussions, conclusions, and future works For future works, to make this attack possible for all the UEs Actually, additional implementations are needed First, it should be implemented to find out the R&TI of the victim using MZ An attacker can do this by monitoring the RSE connection setup message after sending the MZ paging Actually, it is already possible, but it must be optimized with injecting techniques in real time Second, it should be implemented to inject message before the security process ends To do this, there is a little time to inject messages as you can see at the figure Hardware optimizations are necessary Although there are some things that need to be implemented, we expect that this attack will be possible on every UE if the hardware is fully optimized And for the countermeasures for this attack, the secure solution against SIG over attack on the message is to use digital signature Currently, only a single injected message can cause a long-term denial of service Once the message is protected with a digital signature, it can prevent the attacks introduced so far Plus, the attack cost would be increased This is because the attacker has to inject wrong message continuously to cause denial of service in the presence of the digital signature Moreover, it becomes possible to detect the presence of the attack Actually, this is possible because from the 5G, operator's public key will be stored in the using In fact, 3GPP is recently studying the FPS problem and lack of integrity protection of broadcasting information And since Hojun first published SIG over attack on broadcast message in last August, we have received many requests to release the attack code as an open source However, we have some reasons that we can't First reason is that according to the GSMA on organization for cellular carriers said the GSMA have no objection to any security research being open sourced Where there is a clear security benefit and there is no risk posed to innocent users Releasing this code clearly has some security benefits However, unfortunately, the proposed attack can affect a large number of innocent users around So it might be hard to release the attack code And another reason is the quality of the code Thank you Currently, the code we made is not well organized to make it open sourced In conclusion, we presented SIG over attack physically overwriting specific cell frames SIG over is a new exploit on unpatched and insecure channel on LTE network Comparing to attacks using fake face stations, SIG over is way cheaper and stealthier Also, we found new attacks on physical channel By injecting broadcast messages, we could cause denial of service, access sparring, signaling storm and fake emergency alerts And by injecting unicast message, we could force targeted victim to move to the fake base station Finally, I expect the SIG over attack will be used in the wild Therefore, not only cellular networks but all the systems based on the cellular networks such as vehicle to everything can be affected In the future, mobile communication technologies such as 5G and 6G are developed So more secure systems should be made by considering the security of the physical layer which was not considered before Therefore, I strongly suggest 3GPP to use digital signatures for physical channel despite its difficulty Thank you And for the last, we have responsibly disclosed these attacks to DGSMA and Qualcomm Thank you for listening And if you have any questions, please let us know And if you have any long questions, please email us through the emails on this slide And the photo is our lab's photo and my supervisor is Yongdae Kim Maybe some of you would have heard about him because he's doing a lot of research about secretive cell Anyway, thank you Alright, thanks you too so far. We have around 10 minutes for questions So if you have questions for the speakers, please go to one of the room mics And we'll let you ask your question Do we already have people lined up? Let's start with a question from the signal angel There's one question, are these methods similar or the same used by law enforcement? And the user mentioned Stingray for an example Pardon, please Where are you? Can you raise your hands? It's a question from the internet, so are these methods similar or the same used by the law enforcement? Law enforcement Police Yeah, maybe it might be possible, but actually it is, as I know, using the frequency that legitimate basic stations is already like illegal to use So I think that cannot be the solution Alright, I actually don't see anybody at all. There's one at mic 3, please Yes, so you show a subframe, what do you replace it? Why can't you hash the value for integrity? So the replacements will be kind of hard to do Maybe that also can be a problem and solution, but using hash, right? I see probably So just to check the full frame, if you replace a subframe, the hash should be involved Yeah, but that can be a solution, but I think we have to think about how to connect a secure connection at the first time if we don't have anything between like UE and the network Maybe sending some hash also would be a challenge, maybe Is that can be a solution to your question? Yeah, so I'm not sure if I understood So in your attack you have let's say 10 frames, can you replace subframe too, right? Yep Yeah, so if all the 10 frames will be hashed, your replacement will be detected Is it possible on LTE level to change the standard to have some hashing or integrity? Yeah, maybe that would be possible, but I think we need another way to transfer the hash value to check the connection But I think that can also be another solution Right, let's go to mic 1 then I would like to know what your personal opinion and feeling is if this will be mitigated by the vendors and the standard bodies I mean, will they fix it? In the future, right? Of course in the future, they cannot fix it in the past, right? Yeah, so maybe as I said before like GSMA is already like considering this attacks and they have some regular meetings Maybe the last meeting was in Nevada in November and maybe in the future they will, but not for now So maybe we have to ask if there is any person from 3GPP Okay, alright, thanks Does the signal angel have any other questions? No Then I think this concludes the questions answer section Thanks again Thank you