How to not break LTE crypto

The LTE standard defines a strong security model and architecture for protecting 4G mobile communications. However, it is yet very unclear how the various modems available on the market are implementing and enforcing the LTE security procedures. In this paper, we first introduce the basics of LTE security. Then, we show multiple LTE security bypasses that we found in the different 4G modem implementations we tested. We also describe two issues we found in WCDMA stacks from our previous research. Finally, we dive into a few 4G modem implementations to see how they are interworking with the Android OS, and how one can try to get information out of them. To conclude, we propose improvements, on the terminal side but also on the network side, in order to increase the effective security level of 4G communications. Due to a request from Mediatek, a part of the original article has been redacted in section 3. Acknowledgement. We would like to thank José Lopes Esteves, Thomas Cordier, Jérôme Plût, Loïc Habermacher, more widely the whole wireless security lab of ANSSI, the Network and Security Assessment team from Orange, the people at Sysmocom and Amarisoft for providing great products and finally the security teams at Qualcomm and Samsung. 1 LTE security introduction Please note: For the reader not familiar with cellular-specific terms and acronyms, definitions are provided for each of the abbreviations in section 5. This article is not intended to provide either a detailed description of the architecture of cellular networks, or details on the security procedures and algorithms. The article published in french at SSTIC 2014 [9] already provides a general description of 2G, 3G and LTE mobile networks. It is also easy to find good resources in english on the Internet, for example from the most generic to more detailed ones, on Wikipedia [12], radioelectronics [13], or sharetechnote [24]; the most accurate descriptions being found in the 3GPP standards [2] themselves. 4 How to not break LTE crypto 1.1 Introducing the LTE network The LTE architecture and its security model were initially defined in 3GPP Release 8, in 2008. The security aspects of LTE are detailed in the specification TS 33.401 [6]. Since Release 8, new features have been developped, some of which have major impacts on the LTE security model. However, in the context of this study, we mainly focus on the basics of LTE security as defined in its initial release. In this article, we will always refer to the LTE network as the global 4G mobile network technology. In the standards’ terminology however, LTE sometimes refers to the radio access network (the base stations), whereas EPC refers to the core network (abbreviated CN) part only, and EPS to the whole mobile network (LTE and EPC). 1.2 Basic principles of an LTE network The radio access network is composed of all the LTE base stations, called eNodeB, that provide the radio coverage across the whole country. For the metropolitean France area, the ANFR agency reported in a survey in november 2015 [18] a total of 22.110 4G radio sites, for all the four french MNOs. Each radio site hosts one or multiple eNodeBs; each eNodeB runs one to several cells. Every MNO splits all the covered areas into tracking areas, each of which groups several eNodeBs under a given tracking area code (abbreviated TAC). The general architecture and principles describing the LTE radio access network are given in the 3GPP specifications TS 36.300 [7] and TS 36.401 [8]. The core network is composed of fewer equipments, which are responsible for managing the mobility and sessions of all LTE terminals across all the eNodeBs, and for routing their data trafic towards IP networks (Internet, VoIP platforms, ...). Those equipments are: ◦ MME, responsible for handling all the signaling towards eNodeB and LTE terminals, including mobility and session management; ◦ SGW-PGW, responsible for routing user data (actually IP packets) to and from 4G terminals; ◦ HSS, responsible for storing and delivering subscribers information and authentication data. Each MNO has datacenters where MME, SGW-PGW and HSS are installed. The specification TS 23.401 [4] describes the main architecture for the LTE core network. B. Michau, C. Devine 5 All the eNodeBs are connected to the core network through an interface named S1; eNodeBs can also be connected together through an interface named X2, in order to smooth mobility from one cell to another. The colourful figure 1 illustrates the basic architecture of an LTE network. Fig. 1. Basic architecture of an LTE network When a terminal, actually called UE (User Equipment) in 3GPP terminology, connects to the Internet through an LTE network, the following sequence of actions takes place: ◦ The terminal establishes an initial bi-directional radio channel with an eNodeB for transporting signaling only; within this signaling radio bearer (abbreviated SRB), the RRC protocol is used between the terminal and the eNodeB in order to further configure the radio channels; ◦ The terminal then connects to an MME in the core network through the S1 interface of the eNodeB; the NAS protocol is used between the terminal and the MME in order to manage mobility (including authentication and master key establishment) and data session establishment; ◦ After the terminal fulfilled all the security procedures requested by the MME and provided all the required data session parameters, the 6 How to not break LTE crypto MME requests the eNodeB to modify the previously established radio channel in order to convey user data; ◦ The eNodeB uses RRC signaling with the terminal to establish a data radio bearer (abbreviated DRB); ◦ The terminal can send and receive user data within this DRB; this user data is forwarded by the eNodeB to the a SGW-PGW in the core network and to the Internet. Figure 2 shows the signaling stacks over the radio interface between a terminal and an eNodeB, and over the S1 interface between an eNodeB and an MME; it also indicates the references to the standards that describe the inner workings of each part of the stacks. Fig. 2. Signaling stacks within an LTE network 1.3 Basic principles of LTE security The LTE standard reuses many security concepts developed for UMTS networks: ◦ The USIM is reused to manage mutual authentication between the home network of the subscriber and the subscriber itself; the authentication key is still 128 bit long and the Milenage algorithm makes use of it; ◦ User data and radio signaling are security protected (ciphered for user data, ciphered and integrity protected for signaling) at the PDCP layer, between the terminal and the eNodeB; B. Michau, C. Devine 7 ◦ Ciphering is optional, whereas integrity protection for signaling is mandated, excepted for unauthenticated emergency sessions; ◦ The SNOW 3G cryptographic algorithm is reused for encryption and integrity protection; ◦ The principle of selecting a given cryptographic algorithm, through the security mode control procedure (abbreviated SMC), is kept; ◦ Temporary identities are delivered and renewed within a secured signaling channel, so that terminals do not send their permanent identity (IMSI) in clear every time. However, additional developments have been added: ◦ The authentication algorithm has been extended to ensure a strict cryptographic separation between LTE and older networks; ◦ Cryptographic material established during the authentication stage is further derived, taking as input parameters the mobile country code and mobile network code (MCC and MNC) of the core network to which the terminal is attaching (which is different than the subscriber’s home network in case of roaming); ◦ A 2nd level of security has been added at the NAS layer (with ciphering and integrity protection), in order to secure the end-to-end link between the terminal and the MME; ◦ AES has been added as a cryptographic algorithm for encryption and integrity protection, followed by ZUC (a chinese cryptographic algorithm) in the 11th release of the standard; ◦ The security protection of specific privacy-related signaling (such as IMEI, data-session parameters, geo-positionning) is explicitely mandated for the RRC and NAS protocols. 1.4 Authentication and key establishment The 3G authentication protocol (i.e. 3G-AKA) is reused as it has proven its efficiency since its initial development in 1998. However, the keys produced during its execution {CK, IK} are not directly used for protecting signaling or user data in LTE. They are derived further into a new master key, called Kasme, using the MCC and MNC of the core network to which the terminal is attaching as input parameters. Therefore, an LTE authentication vector provided by an HSS to an MME is the set {RAND, AUTN, XRES, Kasme}. This has two advantages: ◦ Kasme is outputted by an HMAC-SHA256 function, and is hence 256 bit long, enabling the potential use of 256 bit ciphering and integrity protection keys in a future release of the LTE specification. 8 How to not break LTE crypto ◦ Kasme is derived using MCC and MNC, which leads to the distribution of authentication vectors specifically built for each given roaming partner. This makes it possible for every MNO to enforce the security of authentication vectors delivery through their roaming interfaces. For instance, if this enforcement is correctly implemented by french MNOs, an MNO from abroad will not be able to obtain authentication vectors for a french LTE network (with MCC 208), and so will not be able to fake a french LTE base station. A marker has been added in the authentication parameter AMF (meaning Authentication Management Field) because of this evolution of the key derivation scheme. AMF is part of AUTN and delivered to the USIM inside the terminal when the MME sends an authentication request to it. A specified bit set to 1 in this AMF field enables the terminal to distinguish an authentication vector produced by its HLR for a connection to a 2G or 3