Not a new topic and historically based if the HSS/SPR was hijacked we got order to verify in preparation of more and more mobiles having cryptocurrencies on-board (semi cold wallet, not secure). As I understand in 5G the AUSF is the entity attacked. Am I right?
TinyBrain. The theoretical question you raise based upon the HSS/SPR being hacked? hijacked? insider attack? With the attack point as 'AUSF'; you will need to qualify all relevant establishment paths. Simply identifying one establishment element isn't enough.
Ok, I thank you for your advice.
In the past T-Mobile was hacked and a prominent cryptocurrency CEO got his virtual cash lost. As nowadays cryptocurrency transactions are done on mobiles like e.g. the HTC Exodus 1 the problem of SIM swap fraud rises. I do not say that 5G AUSF get hacked like T-Mobile's subscriber base historically.
I got order to research the security of the 5G entity comparable to the historically T-Mobile hacked entities. Sorry for not being able to explain in better terms. Its an approach of pre-crime understanding know-how build-up for my management. My cold wallets never would be on a mobile device.
The options of
a) hacked
b) hijacked
c) insider
I prioritize b) and may with a lower probability a). c) I skip as the MNO's problem which is non-technical, its human.
My question focus was on a).
If you want to learn more search on Krebs.
As you are at the mobile device for crypto wallet and not a wallet stored in the HSS/SPR and/or AUSF then I suggest you might want to consider working backwards from device going upwards to the network. Why? It is no use having a network facility which mobile devices can use or are unable to process the communications. You may wish to consider starting here
Service n°123 5G Security Parameters
EF 5GAUTHKEYS
3GPP TS 31.102
Secure temporary keys for 5G but also non 3GPP security context such as WiFi are stored in EF 5GAUTHKEYS
A key called KAUSF derived from CK/IK, left at the AUSF and that home operator can use on its own policy.
An anchor key called the KSEAF provided by the AUSF to the SEAF, which can be used for more than one security context.
A derived key per security context called KAMF.
Toda raba!
Based on TS 31.102 v15.3.0 (2018/12) section 4.2.114 is a good point to start. The counterpart TS 23.501 section 6.2.8 AUSF should get the derivated keys. Lets assume scenario b) as above the runtimes and delays create unsecurity on the RAN RTTs. I question how the AUSF can detect any MITM attempt based on the timing aspect in a first stept to set an IOA or IOC to the ABBA?
I question how the AUSF can detect any MITM attempt based on the timing aspect in a first stept to set an IOA or IOC to the ABBA?
You will need to consider also proprietary systems that can be measured against the Standards as to their outputs but hide the processes used to achieve those results e.g. https://
Also see here - https://
True. But my boss would tell me 'we hired you to solve the problem'. So its on me to understand and define the risk appetite and risk tolerance.
True. But my boss would tell me 'we hired you to solve the problem'. So its on me to understand and define the risk appetite and risk tolerance.
Not sure what you mean.
My comments (Nokia) above are as a signpost of things that you can follow up for your research. There are a number of actors and players in this field and if you cross-reference what each states then you get to see the loop-holes for your approach to understand "risk appetite and risk tolerance".
Your point and input is very good and helpful. I thank you for this!
We defined two phases. First to understand the 3GPP-based process and risk. Risk appetite and Risk Tolerance are parameters out of risk management e.g. for banks. Second we will define where the 3 suppliers Nokia, Ericsson and Huawei offer specified entities like Nokia Registers.
The end result should be a prepaired doc to as fast as possible investigate 5G SIM Swap Fraud by another team. We in crypto have to prepare - they will act. Its not easy to investigate in advance as in Switzerland 5G is in test phase. But no excuse we do the best for the theoretical part of the future crime we expect.