If you need some example pcap traces generated by any of these tools, just send an email to fasferraz@gmail.com


10/17/17

Untrusted Non-3GPP IP Access - SWu IKEv2 UE Emulator

This is an application that I’ve done in 2015 to emulate the UE in SWu interface for non-3GPP accesses.

SWu is the interface between UE and the ePDG as defined by the 3GPP, and is an IKEv2 based protocol with some minor modifications that can be found in 3GPP 33.402. The IKEv2 control plane is used to perform authentication, session creation and also to negotiate the IPSec sessions parameters to be used at the user plane level.

This application is focused on the IKEv2 control plane, just like the MME/SGW Emulator. The IPSec packets carrying user plane packets coming from the ePDG towards the UE are just ignored.

This application can use any network type (Wifi, Fixed, Mobile) to establish an IKEv2 Tunnel towards the ePDG and can be used in a more broader way than just the VoWifi scenario, since any APN can be requested. I personally think that corporate APNs can also be a big driver for these non-3GPP accesses, and not only VoWifi/VoLTE/IMS. The current obstacle for this to happen is the lack of non-3GPP IKEv2/IPSec dialers or applications for smartphones/laptops. Currently, If SWu is supported by a smartphone, it is built only for VoWifi/VoLTE/IMS, and the end-user is not aware or able to easily modify any setting.

This application takes the untrusted non-3GPP access to next level in a very deep way. We can check every single KEY used in the IKEv2 process, which allow us to decode any IKEv2 trace in wireshark. 
Since this application is built inside the MME/SGW emulator application that I’ve done previously, it can also emulate very easily handovers from non-3GPP to 3GPP and from 3GPP to non-3GPP.


The next picture shows a resume of the IKEv2 implementation, which parameters are sent in each message, and how the different keys are generated and used.

Only the first two messages are unencrypted. After the Diffie-Helman exchange, everything is encrypted and integrity protected with keys derived from this exchange.

We need to send the NAI and APN information to the ePDG, so that it can request authentication and subscription information from the AAA/HSS for the correct IMSI. This uses the IDi and IDr IKEv2 payload types that are sent in the third message.

Some IKEv2 configuration payload were also defined by IANA for 3GPP usage like the P-CSCF IPv4 or P-CSCF IPv6 used in VoWifi.

This applications supports the following RFCs and options:
  •       IKEv2 RFC 5996
  •      EAP-AKA Authentication RFC 4187
  •      IKEv2 Encryption: AES-CBC-128
  •      IKEv2 Pseudo Random Function: PRF-HMAC-SHA1
  •      IKEv2 Integrity: HMAC-SHA1-96
  •      Diffie-Helman Group 1, 2, 5 and 14 (group 2 by default)
  •      No Certificates
  •      NAT-T
  •      IKEv2 over UDP port 500 or 4500


So, how can this application handle the IKEv2 authentication phase defined in 3GPP 33.402?

It needs to run the AKA algorithm in the USIM when receiving a RAND/AUTN from the ePDG in the EAP payload to get the CK and IK from the USIM, since they are needed to calculate the Master Sesssion Key. To accomplish this we need a USB modem that supports the AT Commands +CRSM and +CSIM. 

[In my LTE security post I already explained how to run the AKA procedure in the USIM using these commands].

In the application we just need to set the COM port. The application can also retrieve the IMSI from the SIM Card using the AT+CIMI command, and build the NAI automatically.

In the test phase, while building this application, and before I have implemented the USIM card interaction through the modem, I needed to have some dummy SIM card information to be retrieved from the ePDG from the AAA/HSS. Since this was not possible with the real AAA/HLR I was using, I had to build a very simple SWm and S6b Diameter Server in my OCS/PCRF/EIR Diameter Server application, that would have a dummy data base with the APNs I was going to use and some authentication information that could match the one being sent from this application. This allowed me to complete the IKEv2 flows with the ePDG more easily.
The last phase of development was just the modem integration to get the IMSI and to run the AKA procedure in the USIM.

So let’s see the application in use.

We will perform the following actions:
  • Activate a session in ePDG
  • Simulate an handover to LTE
  • Simulate an handover back to the ePDG
  • Disconnect the session to the ePDG


The next picture shows the complete flow:





So when we activate the session in the ePDG we have this result:


When we go to the SGW emulator tab and perform handover we get this output:



When we go back to the UE emulator and perform Start IKE Handover we get this output:



The traces for this session can be downloaded.

  • This one done in the ePDG and PGW, where IKEv2 packets are already decoded
  • This one done in the UE (that was also the SGW emulator and the SWm/S6b Diameter Server). IKEv2 packets are not decoded. We need to use the Wireshark ISAKMP IKEv2 Decryption Table in Edit->Preferences->Protocols->ISAKMP and fill it with the corresponding keys shown in the application screenshots below, to properly decode the IKEv2 packets.


Note: Please configure TCP port 3869 (Gx), 3870 (SWm) and 3871 (S6b) as Diameter protocol.

Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)