TY - GEN
T1 - Call me maybe
T2 - 29th USENIX Security Symposium
AU - Rupprecht, David
AU - Kohls, Katharina
AU - Holz, Thorsten
AU - Pöpper, Christina
N1 - Funding Information:
This work was supported by the German Federal Ministry of Education and Research (BMBF Grant 16KIS0664 SysKit) and the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy – EXC-2092 CASA – 390781972. Most of all, we give thanks to Muhammad Taqi Raza and Songwu Lu for their foundational work on the topic of keystream reuse. Further, we thank our shepherd Yongdae Kim for the valuable comments and guidance towards the camera-ready version, and Nils Fürste, Bedran Karakoc, and Seokbin Yun for performing several tests. We thank Domonkos Tomcsányi for the helpful discussion on testing large deployments. Software Radio System’s Airscope is a central component for this research project, and we would like to thank the SRS team for providing us insights into their software tools.
Funding Information:
This work was supported by the German Federal Ministry of Education and Research (BMBF Grant 16KIS0664 SysKit) and the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy - EXC-2092 CASA - 390781972. Most of all, we give thanks to Muhammad Taqi Raza and Songwu Lu for their foundational work on the topic of keystream reuse. Further, we thank our shepherd Yongdae Kim for the valuable comments and guidance towards the camera-ready version, and Nils Fürste, Bedran Karakoc, and Seokbin Yun for performing several tests. We thank Domonkos Tomcsányi for the helpful discussion on testing large deployments. Software Radio System's Airscope is a central component for this research project, and we would like to thank the SRS team for providing us insights into their software tools.
Publisher Copyright:
© 2020 by The USENIX Association. All Rights Reserved.
PY - 2020
Y1 - 2020
N2 - Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard and deployed by most telecommunication providers in practice. Due to this widespread use, successful attacks against VoLTE can affect a large number of users worldwide. In this work, we introduce REVOLTE, an attack that exploits an LTE implementation flaw to recover the contents of an encrypted VoLTE call, hence enabling an adversary to eavesdrop on phone calls. REVOLTE makes use of a predictable keystream reuse on the radio layer that allows an adversary to decrypt a recorded call with minimal resources. Through a series of preliminary as well as real-world experiments, we successfully demonstrate the feasibility of REVOLTE and analyze various factors that critically influence our attack in commercial networks. For mitigating the REVOLTE attack, we propose and discuss short- and long-term countermeasures deployable by providers and equipment vendors.
AB - Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard and deployed by most telecommunication providers in practice. Due to this widespread use, successful attacks against VoLTE can affect a large number of users worldwide. In this work, we introduce REVOLTE, an attack that exploits an LTE implementation flaw to recover the contents of an encrypted VoLTE call, hence enabling an adversary to eavesdrop on phone calls. REVOLTE makes use of a predictable keystream reuse on the radio layer that allows an adversary to decrypt a recorded call with minimal resources. Through a series of preliminary as well as real-world experiments, we successfully demonstrate the feasibility of REVOLTE and analyze various factors that critically influence our attack in commercial networks. For mitigating the REVOLTE attack, we propose and discuss short- and long-term countermeasures deployable by providers and equipment vendors.
UR - http://www.scopus.com/inward/record.url?scp=85091904397&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85091904397&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85091904397
T3 - Proceedings of the 29th USENIX Security Symposium
SP - 73
EP - 88
BT - Proceedings of the 29th USENIX Security Symposium
PB - USENIX Association
Y2 - 12 August 2020 through 14 August 2020
ER -