Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling

Jaejong Baek; Sukwha Kyung; Haehyun Cho; Ziming Zhao; Yan Shoshitaishvili; Adam Doupé; Gail Joon Ahn

doi:10.1145/3274694.3274753

Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling

Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Scopus citations

Abstract

Wi-Fi Calling, which is used to make and receive calls over the Wi-Fi network, has been widely adopted and deployed to extend the coverage and increase the capacity in weak signal areas by moving traffic from LTE to Wi-Fi networks. However, the security of Wi-Fi Calling mechanism has not been fully analyzed, and Wi-Fi Calling may inherently have greater security risks than conventional LTE calling. To provide secure connections with confidentiality and integrity, Wi-Fi Calling leverages the IETF protocols IKEv2 and IPSec. In this paper, we analyze the security of Wi-Fi Calling specifications and discover several vulnerabilities that allow an adversary to track the location of users and perform DoS attacks. By setting up a rogue access point in live testbed environment, we observe that user devices can leak the International Mobile Subscriber Identity (IMSI), despite it being encrypted. The leaked information can be further exploited for tracking user locations. We also discuss how these protocols are vulnerable to several denial of service attacks. To protect user privacy and services against these attacks, we propose practical countermeasures. We also present trade-off considerations that pose challenges for us to apply countermeasures to mitigate the existing vulnerabilities. Additionally, we propose to introduce corresponding amendments for future specifications of protocols to address these trade-offs.

Original language	English (US)
Title of host publication	Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018
Publisher	Association for Computing Machinery
Pages	278-288
Number of pages	11
ISBN (Electronic)	1595930361, 9781450364430
DOIs	https://doi.org/10.1145/3274694.3274753
State	Published - Jan 22 2018
Event	34th Annual Computer Security Applications Conference, ACSAC 2018 - San Juan, United States Duration: Dec 3 2018 → Dec 7 2018

Publication series

Name	ACM International Conference Proceeding Series
Volume	2018-January

Conference

Conference	34th Annual Computer Security Applications Conference, ACSAC 2018
Country/Territory	United States
City	San Juan
Period	12/3/18 → 12/7/18

Keywords

DoS
IMSI
IPSec
Impersonation Attack
Privacy
Wi-Fi Calling

ASJC Scopus subject areas

Software
Human-Computer Interaction
Computer Vision and Pattern Recognition
Computer Networks and Communications

Access to Document

10.1145/3274694.3274753

Cite this

Baek, J., Kyung, S., Cho, H., Zhao, Z., Shoshitaishvili, Y., Doupé, A., & Ahn, G. J. (2018). Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling. In Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018 (pp. 278-288). (ACM International Conference Proceeding Series; Vol. 2018-January). Association for Computing Machinery. https://doi.org/10.1145/3274694.3274753

Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling. / Baek, Jaejong; Kyung, Sukwha; Cho, Haehyun et al.
Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018. Association for Computing Machinery, 2018. p. 278-288 (ACM International Conference Proceeding Series; Vol. 2018-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Baek, J, Kyung, S, Cho, H, Zhao, Z, Shoshitaishvili, Y , Doupé, A & Ahn, GJ 2018, Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling. in Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018. ACM International Conference Proceeding Series, vol. 2018-January, Association for Computing Machinery, pp. 278-288, 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, United States, 12/3/18. https://doi.org/10.1145/3274694.3274753

Baek J, Kyung S, Cho H, Zhao Z, Shoshitaishvili Y , Doupé A et al. Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling. In Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018. Association for Computing Machinery. 2018. p. 278-288. (ACM International Conference Proceeding Series). doi: 10.1145/3274694.3274753

Baek, Jaejong ; Kyung, Sukwha ; Cho, Haehyun et al. / Wi Not Calling : Practical Privacy and Availability Atacks in Wi-Fi Calling. Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018. Association for Computing Machinery, 2018. pp. 278-288 (ACM International Conference Proceeding Series).

@inproceedings{b96f46ce8cda4beaa755fc0219751b09,

title = "Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling",

abstract = "Wi-Fi Calling, which is used to make and receive calls over the Wi-Fi network, has been widely adopted and deployed to extend the coverage and increase the capacity in weak signal areas by moving traffic from LTE to Wi-Fi networks. However, the security of Wi-Fi Calling mechanism has not been fully analyzed, and Wi-Fi Calling may inherently have greater security risks than conventional LTE calling. To provide secure connections with confidentiality and integrity, Wi-Fi Calling leverages the IETF protocols IKEv2 and IPSec. In this paper, we analyze the security of Wi-Fi Calling specifications and discover several vulnerabilities that allow an adversary to track the location of users and perform DoS attacks. By setting up a rogue access point in live testbed environment, we observe that user devices can leak the International Mobile Subscriber Identity (IMSI), despite it being encrypted. The leaked information can be further exploited for tracking user locations. We also discuss how these protocols are vulnerable to several denial of service attacks. To protect user privacy and services against these attacks, we propose practical countermeasures. We also present trade-off considerations that pose challenges for us to apply countermeasures to mitigate the existing vulnerabilities. Additionally, we propose to introduce corresponding amendments for future specifications of protocols to address these trade-offs.",

keywords = "DoS, IMSI, IPSec, Impersonation Attack, Privacy, Wi-Fi Calling",

author = "Jaejong Baek and Sukwha Kyung and Haehyun Cho and Ziming Zhao and Yan Shoshitaishvili and Adam Doup{\'e} and Ahn, {Gail Joon}",

note = "Funding Information: This material is based upon work supported in part by Sam-sung Research, Samsung Electronics, the Center for Cybersecurity and Digital Forensics at Arizona State University, the National Science Foundation (NSF 1651661), the Defense Advanced Research Projects Agency (DARPA HR001118C0060), and the Global Research Laboratory Program through the National Research Foundation of Korea funded by the Ministry of Science and ICT under Grant NRF-2014K1A1A2043029. Publisher Copyright: {\textcopyright} 2018 ACM.; 34th Annual Computer Security Applications Conference, ACSAC 2018 ; Conference date: 03-12-2018 Through 07-12-2018",

year = "2018",

month = jan,

day = "22",

doi = "10.1145/3274694.3274753",

language = "English (US)",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "278--288",

booktitle = "Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018",

}

TY - GEN

T1 - Wi Not Calling

T2 - 34th Annual Computer Security Applications Conference, ACSAC 2018

AU - Baek, Jaejong

AU - Kyung, Sukwha

AU - Cho, Haehyun

AU - Zhao, Ziming

AU - Shoshitaishvili, Yan

AU - Doupé, Adam

AU - Ahn, Gail Joon

N1 - Funding Information: This material is based upon work supported in part by Sam-sung Research, Samsung Electronics, the Center for Cybersecurity and Digital Forensics at Arizona State University, the National Science Foundation (NSF 1651661), the Defense Advanced Research Projects Agency (DARPA HR001118C0060), and the Global Research Laboratory Program through the National Research Foundation of Korea funded by the Ministry of Science and ICT under Grant NRF-2014K1A1A2043029. Publisher Copyright: © 2018 ACM.

PY - 2018/1/22

Y1 - 2018/1/22

N2 - Wi-Fi Calling, which is used to make and receive calls over the Wi-Fi network, has been widely adopted and deployed to extend the coverage and increase the capacity in weak signal areas by moving traffic from LTE to Wi-Fi networks. However, the security of Wi-Fi Calling mechanism has not been fully analyzed, and Wi-Fi Calling may inherently have greater security risks than conventional LTE calling. To provide secure connections with confidentiality and integrity, Wi-Fi Calling leverages the IETF protocols IKEv2 and IPSec. In this paper, we analyze the security of Wi-Fi Calling specifications and discover several vulnerabilities that allow an adversary to track the location of users and perform DoS attacks. By setting up a rogue access point in live testbed environment, we observe that user devices can leak the International Mobile Subscriber Identity (IMSI), despite it being encrypted. The leaked information can be further exploited for tracking user locations. We also discuss how these protocols are vulnerable to several denial of service attacks. To protect user privacy and services against these attacks, we propose practical countermeasures. We also present trade-off considerations that pose challenges for us to apply countermeasures to mitigate the existing vulnerabilities. Additionally, we propose to introduce corresponding amendments for future specifications of protocols to address these trade-offs.

AB - Wi-Fi Calling, which is used to make and receive calls over the Wi-Fi network, has been widely adopted and deployed to extend the coverage and increase the capacity in weak signal areas by moving traffic from LTE to Wi-Fi networks. However, the security of Wi-Fi Calling mechanism has not been fully analyzed, and Wi-Fi Calling may inherently have greater security risks than conventional LTE calling. To provide secure connections with confidentiality and integrity, Wi-Fi Calling leverages the IETF protocols IKEv2 and IPSec. In this paper, we analyze the security of Wi-Fi Calling specifications and discover several vulnerabilities that allow an adversary to track the location of users and perform DoS attacks. By setting up a rogue access point in live testbed environment, we observe that user devices can leak the International Mobile Subscriber Identity (IMSI), despite it being encrypted. The leaked information can be further exploited for tracking user locations. We also discuss how these protocols are vulnerable to several denial of service attacks. To protect user privacy and services against these attacks, we propose practical countermeasures. We also present trade-off considerations that pose challenges for us to apply countermeasures to mitigate the existing vulnerabilities. Additionally, we propose to introduce corresponding amendments for future specifications of protocols to address these trade-offs.

KW - DoS

KW - IMSI

KW - IPSec

KW - Impersonation Attack

KW - Privacy

KW - Wi-Fi Calling

UR - http://www.scopus.com/inward/record.url?scp=85086139336&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85086139336&partnerID=8YFLogxK

U2 - 10.1145/3274694.3274753

DO - 10.1145/3274694.3274753

M3 - Conference contribution

AN - SCOPUS:85086139336

T3 - ACM International Conference Proceeding Series

SP - 278

EP - 288

BT - Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018

PB - Association for Computing Machinery

Y2 - 3 December 2018 through 7 December 2018

ER -

Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this