Re: [cryptography] Mobile Traffic Interception (SSL/TLS and VPN)

Hi M.

not sure what you meant by mobile Anything wireless is in scope - Cellular radios, WiFi, Bluetooth, etc. I'm really interested in mobile devices which spend most of their time outside a logical security boundary of an organization.

wifi/wimax environment is almost identical to wired networks on this issue I agree that wireless suffers the same problems as wired. But I think the surface area increased disproportionately. With landlines between floors (or perhaps a leased line to/from a datacenter), I usually have some sort of physical security.

In wireless, I don't have many of the assurances (how effective they are in a wired environment is a different story). A bad guy could set up a Wifi access point or base station, and my phone or tablet will happily camp to it. Plus, phones and tablets often come pre-loaded with certificates from OEMs and carriers (if they are burned into ROM, I probably can't manage them). And there is the customary law enforcement taps (x2 since both the wireless carriers and telcos likely provide them). Finally, there's WAP which places the MitM by design.

if somebody thinks SSL offers security ... Verbum sapienti.

not sure what you meant by mobile . wifi/wimax kind of mobile clients or 2g/3g/4g types ? i am not aware of papers but based on personal experiments wifi/wimax environment is almost identical to wired networks on this issue but Xg's and satellite networks have many different factors including the strong country/region based regulations , vendor/operator related demands on customizing application processor OS ( assuming it is the one that handles SSL ) and the update scenario and strategy based on operator or client choices , jailbreak related issues , etc could have impacts on SSL security . i've got many cellphones in lab that have vast difference in trusted authorities , how to handle CRL update , offers of OTA ,etc . essentially , examining Xg's

In short, I know the problems exist in the mobile arena, and I'm looking for the published results. Jeff On Sun, Sep 9, 2012 at 3:38 PM, Mh wrote: traffics , whether it is Voice , Signaling or Data ( includes IP stuff like SSL ) is by no mean a friendly job . this is why projects like openbts are important . two typical remote attacks are 1.silent change in os by modifying updates which could be done by hacking into the operator which is , trust me , an easy job 2.using a GSM-style active interception and impersonating the network as a whole , then proceed with evil activities using tricks , fishing , bugs , enforced redirects to metasploit-like infected pages . over all , if somebody thinks SSL offers security , and she wants to asses if to use the first environment or the second , i'd suggest the 1st .

Regards M.

On [Z)X4YX(Y, X4YX1[YX1 [1[9, [1[3[9[1 at [2[3:[3[1, Jeffrey Walton

wrote:

...

Hi All,

Is anyone aware of papers or studies on HTTPS traffic interception in mobile networks?

I know Colling Mulliner did a study of HTTP headers and information leakage in the past. I know we have Trustwave (and I'm not aware of published results of Mozilla's subsequent actions) and the more general problem of Public CA hierarchies. I am aware of products like BlueCoat and Dr. Matt Greene's Interception Proxies page. I believe the EFF is aggregating data on SSL/TLS at the moment, but the data will not be released for some time.

With HTML5 and WebSockets, I believe we can build a smarter client that can detect interception based on pinning (either public key or certificate). Is anyone aware of any tools for doing so (perhaps where aggregated data is offered)?

_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE