±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 35259
New Yesterday: 9 Visitors: 132

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

5G SIM Swap Fraud AUSF

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

TinyBrain
Senior Member
 

5G SIM Swap Fraud AUSF

Post Posted: Feb 06, 19 01:28

Not a new topic and historically based if the HSS/SPR was hijacked we got order to verify in preparation of more and more mobiles having cryptocurrencies on-board (semi cold wallet, not secure). As I understand in 5G the AUSF is the entity attacked. Am I right?  
 
  

trewmte
Senior Member
 

Re: 5G SIM Swap Fraud AUSF

Post Posted: Feb 06, 19 03:18

TinyBrain. The theoretical question you raise based upon the HSS/SPR being hacked? hijacked? insider attack? With the attack point as 'AUSF'; you will need to qualify all relevant establishment paths. Simply identifying one establishment element isn't enough.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

TinyBrain
Senior Member
 

Re: 5G SIM Swap Fraud AUSF

Post Posted: Feb 06, 19 04:45

Ok, I thank you for your advice.

In the past T-Mobile was hacked and a prominent cryptocurrency CEO got his virtual cash lost. As nowadays cryptocurrency transactions are done on mobiles like e.g. the HTC Exodus 1 the problem of SIM swap fraud rises. I do not say that 5G AUSF get hacked like T-Mobile's subscriber base historically.

I got order to research the security of the 5G entity comparable to the historically T-Mobile hacked entities. Sorry for not being able to explain in better terms. Its an approach of pre-crime understanding know-how build-up for my management. My cold wallets never would be on a mobile device.

The options of

a) hacked
b) hijacked
c) insider

I prioritize b) and may with a lower probability a). c) I skip as the MNO's problem which is non-technical, its human.

My question focus was on a).

If you want to learn more search on Krebs.  
 
  

trewmte
Senior Member
 

Re: 5G SIM Swap Fraud AUSF

Post Posted: Feb 06, 19 05:31

As you are at the mobile device for crypto wallet and not a wallet stored in the HSS/SPR and/or AUSF then I suggest you might want to consider working backwards from device going upwards to the network. Why? It is no use having a network facility which mobile devices can use or are unable to process the communications. You may wish to consider starting here:

Service n°123 5G Security Parameters
EF 5GAUTHKEYS
3GPP TS 31.102

Secure temporary keys for 5G but also non 3GPP security context such as WiFi are stored in EF 5GAUTHKEYS:
A key called KAUSF derived from CK/IK, left at the AUSF and that home operator can use on its own policy.
An anchor key called the KSEAF provided by the AUSF to the SEAF, which can be used for more than one security context.
A derived key per security context called KAMF.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

TinyBrain
Senior Member
 

Re: 5G SIM Swap Fraud AUSF

Post Posted: Feb 06, 19 06:16

Toda raba!

Based on TS 31.102 v15.3.0 (2018/12) section 4.2.114 is a good point to start. The counterpart TS 23.501 section 6.2.8 AUSF should get the derivated keys. Lets assume scenario b) as above the runtimes and delays create unsecurity on the RAN RTTs. I question how the AUSF can detect any MITM attempt based on the timing aspect in a first stept to set an IOA or IOC to the ABBA?  
 
  

trewmte
Senior Member
 

Re: 5G SIM Swap Fraud AUSF

Post Posted: Feb 07, 19 02:46

- TinyBrain
I question how the AUSF can detect any MITM attempt based on the timing aspect in a first stept to set an IOA or IOC to the ABBA?


You will need to consider also proprietary systems that can be measured against the Standards as to their outputs but hide the processes used to achieve those results e.g. networks.nokia.com/sol...ligence...

Also see here - networks.nokia.com/pro...-registers
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

TinyBrain
Senior Member
 

Re: 5G SIM Swap Fraud AUSF

Post Posted: Feb 07, 19 03:38

True. But my boss would tell me 'we hired you to solve the problem'. So its on me to understand and define the risk appetite and risk tolerance.  
 

Page 1 of 2
Page 1, 2  Next