Kuchokera kwa womasulira ndi TL;DR
-
TL; DR:
Zikuwoneka kuti VoLTE idakhala yotetezedwa kwambiri kuposa makasitomala oyamba a Wi-Fi omwe ali ndi WEP. Kulakwitsa kwachilengedwe komwe kumakupatsani mwayi woti XOR kuchuluka kwa magalimoto pang'ono ndikubwezeretsa kiyi. Kuwukira kumatheka ngati muli pafupi ndi woyimbirayo ndipo amayitana pafupipafupi.
-
Zikomo chifukwa cha malangizo ndi TL; DR
-
Ofufuza apanga pulogalamu kuti adziwe ngati wothandizira wanu ali pachiwopsezo, werengani zambiri . Gawani zotsatira mu ndemanga, VoLTE ndiyoyimitsidwa m'dera langa pa Megafon.
Za wolemba
Matthew Green.
Ndine katswiri wojambula zithunzi komanso pulofesa ku yunivesite ya Johns Hopkins. Ndapanga ndi kusanthula machitidwe a cryptographic omwe amagwiritsidwa ntchito pamanetiweki opanda zingwe, njira zolipirira, ndi nsanja zachitetezo cha digito. Pakufufuza kwanga, ndimayang'ana njira zosiyanasiyana zogwiritsira ntchito cryptography kuti ndisinthe chinsinsi cha ogwiritsa ntchito.
Papita nthawi kuchokera pamene ndinalemba positi mtundu , ndipo zinandikwiyitsa. Osati chifukwa panalibe zowukira, koma makamaka chifukwa panalibe kuwukira kwa chinthu chomwe chimagwiritsidwa ntchito kwambiri kuti chindichotsere m'malo a wolemba.
Koma lero ndabwera yotchedwa ReVoLTE pama protocol omwe ndimakonda kwambiri kubera, omwe ndi ma protocol a LTE network (voice over). Ndili wokondwa ndi ma protocol awa - komanso kuwukira kwatsopanoku - chifukwa ndizosowa kwambiri kuwona ma protocol enieni a netiweki ndikubedwa. Makamaka chifukwa chakuti miyezoyi inapangidwa m'zipinda zodzaza utsi ndipo zinalembedwa m'mabuku a masamba a 12000 omwe si wofufuza aliyense angakwanitse. Kuphatikiza apo, kugwiritsa ntchito izi kukakamiza ofufuza kuti agwiritse ntchito ma wayilesi ovuta.
Chifukwa chake, zovuta zazikulu zachinsinsi zitha kufalikira padziko lonse lapansi, mwina kungogwiritsidwa ntchito ndi maboma, wofufuza aliyense asanazindikire. Koma nthawi ndi nthawi pali zosiyana, ndipo kuukira kwamasiku ano ndi chimodzi mwa izo.
olemba Othandizira: David Rupprecht, Katharina Kohls, Thorsten Holz ndi Christina PΓΆpper ochokera ku Ruhr-University Bochum ndi New York University Abu Dhabi. Uku ndikuwukira kwakukulu kuyikanso kiyi mu protocol ya mawu yomwe mwina mukugwiritsa ntchito kale (poganiza kuti ndinu ochokera m'badwo wakale womwe umayimbabe foni pogwiritsa ntchito foni yam'manja).
Poyamba, ulendo wachidule wa mbiri yakale.
Kodi LTE ndi VoLTE ndi chiyani?
Maziko amiyezo yathu yamakono yamafoni am'manja adayikidwa ku Europe kumbuyo kwa 80s ndi muyezo (Global System for Mobile Communications). GSM inali mulingo woyamba waukulu wamatelefoni amtundu wa digito, womwe udayambitsa zinthu zingapo zosinthira, monga kugwiritsa ntchito. kuteteza mafoni. GSM yoyambirira idapangidwa makamaka kuti azilumikizana ndi mawu, ngakhale ndalama zitha kukhala .
Pamene kutumiza kwa deta kunakhala kofunika kwambiri pa mauthenga a ma cellular, mfundo za Long Term Evolution (LTE) zinapangidwa kuti zithetsere kulumikizana kwamtunduwu. LTE idakhazikitsidwa pagulu lazinthu zakale monga GSM, ΠΈ ndipo idapangidwa kuti iwonjezere liwiro la kusinthana kwa data. Pali zambiri zogulitsa ndi koma TL; DR ndikuti LTE ndi njira yotumizira ma data yomwe imagwira ntchito ngati mlatho pakati pa ma protocol akale apaketi ndi matekinoloje am'tsogolo a data. .
Inde, mbiri imatiuza kuti pakakhala bandwidth yokwanira (IP) yomwe ilipo, malingaliro monga "mawu" ndi "deta" adzayamba kusokoneza. Zomwezo zikugwiranso ntchito ku ma protocol amakono am'manja. Kuti kusinthaku kukhale kosavuta, miyezo ya LTE imatanthauzira (VoLTE), womwe ndi mulingo wa IP wonyamula mafoni amawu molunjika pa ndege yamtundu wa LTE, kudutsa gawo loyimba la netiweki yam'manja kwathunthu. Monga ndi muyezo ,Kuyimba kwa VoLTE kumatha kuthetsedwa ndi woyendetsa ma cellular ndikulumikizidwa ndi netiweki yamafoni wamba. Kapena (monga momwe zikuchulukirachulukira) iwo molunjika kuchokera ku kasitomala wina kupita ku wina, komanso ngakhale pakati pa othandizira osiyanasiyana.
Monga VoIP wamba, VoLTE idakhazikitsidwa panjira ziwiri zodziwika bwino za IP: Session Initiation Protocol ( - SIP) pakukhazikitsa mafoni, ndi protocol yoyendera nthawi yeniyeni (, yomwe iyenera kutchedwa RTTP koma imatchedwa RTP) pokonza deta ya mawu. VoLTE imawonjezeranso kukhathamiritsa kwa bandwidth, monga kuponderezana kwamutu.
Chabwino, izi zikukhudzana bwanji ndi kubisa?
LTE, monga , ali ndi muyezo wa ma protocol a cryptographic polemba mapaketi akamatumizidwa mlengalenga. Amapangidwa makamaka kuti ateteze deta yanu pamene imayenda pakati pa foni (yotchedwa zida zogwiritsira ntchito, kapena UE) ndi nsanja ya selo (kapena kulikonse kumene wopereka wanu akuganiza kuti athetse kugwirizanako). Izi zili choncho chifukwa opereka ma cellular amawona zida zowonera kunja ngati adani. Chabwino, ndithudi.
(Komabe, chifukwa chakuti maulumikizidwe a VoLTE amatha kuchitika mwachindunji pakati pa makasitomala pa maukonde osiyanasiyana othandizira amatanthauza kuti VoLTE protocol palokha ili ndi ma protocol ena owonjezera komanso osankha omwe amatha kuchitika pazigawo zapamwamba zamaneti. akhoza kuwononga chirichonse (tidzakambirana za iwo mwachidule).
M'mbuyomu, kubisa mu GSM kwakhala : zoipa , ma protocol omwe foni yokha idatsimikiziridwa kukhala nsanja (kutanthauza kuti wowukira atha kukhala ngati nsanja, kupanga ) ndi zina zotero. LTE idakonza zolakwika zambiri zodziwikiratu ndikusunga zambiri zomwezo.
Tiyeni tiyambe ndi kubisa komweko. Pongoganiza kuti kulengedwa kwachinsinsi kwachitika kale - ndipo tidzakambirana mu miniti imodzi - ndiye paketi iliyonse ya deta imasungidwa pogwiritsa ntchito kutsekemera kwamtsinje pogwiritsa ntchito chinthu chotchedwa "EEA" (chomwe chimagwiritsidwa ntchito pogwiritsa ntchito zinthu monga AES ). Kwenikweni, njira ya encryption apa ndi monga pansipa:
Algorithm yayikulu yolembera mapaketi a VoLTE (gwero: ). EEA ndi cipher, "COUNT" ndi kauntala ya 32-bit, "BEARER" ndi chizindikiritso chapadera chomwe chimalekanitsa malumikizano a VoLTE ndi kuchuluka kwa anthu pa intaneti. "DIRECTION" ikuwonetsa komwe magalimoto akulowera - kuchokera ku UE kupita ku nsanja kapena mosemphanitsa.
Popeza encryption algorithm yokha (EEA) imatha kukhazikitsidwa pogwiritsa ntchito cipher wamphamvu ngati AES, sizokayikitsa kuti pangakhale kuwukira kwachindunji pa cipher palokha motere. . Komabe, zikuwonekeratu kuti ngakhale ndi cipher amphamvu, dongosolo lobisali ndi njira yabwino yodziwombera pamapazi.
Makamaka: mulingo wa LTE umagwiritsa ntchito cipher (yosavomerezeka) yokhala ndi njira yomwe ingakhale pachiwopsezo kwambiri ngati kauntala - ndi zolowetsa zina monga "onyamula" ndi "njira" - zigwiritsidwanso ntchito. M'mawu amakono, mawu a lingaliro ili ndi "kuukira kosagwiritsidwanso ntchito," koma zoopsa zomwe zingachitike pano sizinthu zamakono. Iwo ndi otchuka komanso akale, kuyambira masiku a zitsulo za glam komanso disco.
Zowukira pakugwiritsanso ntchito mosakhalitsa mu CTR mode zidalipo ngakhale Poizoni idadziwika
Kunena chilungamo, miyezo ya LTE imati, "Chonde musagwiritsenso ntchito mita iyi." Koma miyezo ya LTE ndi pafupifupi masamba 7000 kutalika, ndipo mulimonse, zili ngati kupempha ana kuti asasewere ndi mfuti. Mosapeweka adzatero, ndipo zinthu zoopsa zidzachitika. Mfuti yowombera pankhaniyi ndikuwukira kogwiritsanso ntchito keystream, momwe mauthenga awiri achinsinsi a XOR ma byte ofanana. Zimadziwika kuti izi .
Kodi ReVoLTE ndi chiyani?
Kuwukira kwa ReVoLTE kukuwonetsa kuti, m'malo mwake, kalembedwe kameneka kamakhala pachiwopsezo chogwiritsidwa ntchito molakwika ndi zida zenizeni zapadziko lapansi. Makamaka, olembawo amasanthula mafoni enieni a VoLTE opangidwa pogwiritsa ntchito zida zamalonda ndikuwonetsa kuti atha kugwiritsa ntchito zomwe zimatchedwa "key reinstallation attack." (Nkhani zambiri zopezera vutoli zimapita (Raza & Lu), omwe anali oyamba kufotokoza zachiwopsezo chomwe chingachitike. Koma kafukufuku wa ReVoLTE amasintha kukhala kuwukira kothandiza).
Ndiroleni ndikuwonetseni mwachidule tanthauzo la kuukira, ngakhale muyenera kuyang'ana ndi .
Wina angaganize kuti LTE ikakhazikitsa paketi ya data, ntchito ya mawu pa LTE imangokhala nkhani yongoyendetsa mapaketi amawu pamalumikizidwewo pamodzi ndi magalimoto anu onse. Mwa kuyankhula kwina, VoLTE idzakhala lingaliro lomwe liripo kokha [Zitsanzo za OSI - pafupifupi.]. Izi sizowona kwathunthu.
M'malo mwake, ulalo wa LTE umayambitsa lingaliro la "wonyamula". Onyamula ndi zizindikiritso zapadera zomwe zimasiyanitsa mitundu yosiyanasiyana yamapaketi. Kuchuluka kwa intaneti pafupipafupi (Twitter ndi Snapchat) kumadutsa wonyamula m'modzi. Kuwonetsa kwa SIP kwa VoIP kumadutsa kwina, ndipo mapaketi amawu amakonzedwa kudzera pachitatu. Sindikudziwa bwino za wailesi ya LTE ndi njira zoyendetsera maukonde, koma ndikukhulupirira kuti zachitika motere chifukwa maukonde a LTE akufuna kulimbikitsa njira za QoS (mtundu wa ntchito) kuti mitsinje yamapaketi osiyanasiyana ikonzedwe pamilingo yoyambira: i.e. wanu wachiwiri mlingo Kulumikizana kwa TCP ku Facebook kungakhale kofunikira kwambiri kuposa kuyimba kwanu kwamawu munthawi yeniyeni.
Izi nthawi zambiri sizovuta, koma zotsatira zake ndi izi. Makiyi a LTE encryption amapangidwa padera nthawi iliyonse "chonyamula" chatsopano chayikidwa. Kwenikweni, izi ziyenera kuchitikanso nthawi iliyonse mukayimba foni yatsopano. Izi zipangitsa kuti kiyi yobisa igwiritsidwe ntchito pa kuyimba kulikonse, ndikuchotsa kuthekera kogwiritsanso ntchito kiyi yomweyo kubisa mapaketi awiri osiyana amawu. Zowonadi, muyezo wa LTE umati "muyenera kugwiritsa ntchito kiyi yosiyana nthawi iliyonse mukayika chonyamula chatsopano kuti muyimbe foni yatsopano." Koma izi sizikutanthauza kuti izi zimachitikadi.
M'malo mwake, pakukhazikitsa zenizeni, mafoni awiri osiyana omwe amapezeka moyandikira kwakanthawi adzagwiritsa ntchito kiyi yomweyo - ngakhale kuti onyamula dzina lomwelo amapangidwa pakati pawo. Kusintha kokhako komwe kumachitika pakati pa mafoni awa ndikuti cholembera cha encryption chimasinthidwa kukhala zero. M'mabuku nthawi zina amatchedwa . Wina angatsutse kuti ichi kwenikweni ndi cholakwika chokhazikitsa, ngakhale mu nkhani iyi zoopsa zikuwoneka kuti zimachokera ku muyezo womwewo.
Mchitidwewu, kuwukiraku kumapangitsa kuti agwiritsenso ntchito kwambiri, pomwe wowukirayo atha kupeza mapaketi obisika $inline$C_1 = M_1 oplus KS$inline$ ndi $inline$C_2 = M_2 oplus KS$inline$, kulola kuwerengera $inline$ C_1 kuphatikiza C_2 = M_1 kuphatikiza M_2$inline$. Ngakhalenso bwino, ngati wowukirayo akudziwa imodzi mwa $M_1$inline$ kapena $inline$M_2$inline$, ndiye kuti akhoza kubwezeretsanso inayo. Zimenezi zimamulimbikitsa kwambiri pezani chimodzi mwa zigawo ziwiri zosabisika.
Izi zimatifikitsa pazochitika zonse zowukira komanso zothandiza kwambiri. Ganizirani za wowukira yemwe amatha kuletsa kuchuluka kwa anthu pawailesi pakati pa foni yomwe mukufuna kutsata ndi nsanja ya foni yam'manja, ndipo mwanjira ina amakhala ndi mwayi wojambulitsa mafoni awiri osiyana, ndipo yachiwiri ikuchitika itangotha ββyoyamba. Tsopano tangoganizani kuti mwina atha kuyerekezera zomwe zili mu imodzi mwama foniwa. Ndi zoterozo chisangalalo wowukira wathu amatha kuyimba foni yoyamba pogwiritsa ntchito XOR yosavuta pakati pa mapaketi awiriwa.
Inde, mwayi ulibe chochita nawo. Popeza mafoni amapangidwa kuti azilandira mafoni, wowukira yemwe angamve kuyimba koyamba azitha kuyimbanso kachiwiri panthawi yomwe yoyambayo yatha. Kuyimba kwachiwiri kumeneku, ngati kiyi yobisa yomweyi ikagwiritsidwanso ntchito ndikukhazikitsanso kauntala mpaka ziro, ilola kuti deta yomwe sinabisidwe ipezekenso. Kuphatikiza apo, popeza wowukirayo amawongolera zomwe zili mu kuyimbira kwachiwiri, amatha kubwezeretsa zomwe zakuyimba koyamba - chifukwa cha ambiri omwe akhazikitsidwa. zinthu zazing'ono, kusewera kumbali yake.
Nachi chithunzi cha dongosolo lachiwembu lomwe latengedwa :
Attack mwachidule kuchokera . Chiwembu ichi chimaganiza kuti mafoni awiri osiyana amapangidwa pogwiritsa ntchito kiyi yomweyo. Wowukirayo amawongolera sniffer (pamwamba kumanzere), komanso foni yachiwiri, yomwe amatha kuyimbanso foni ya wozunzidwayo.
Ndiye kodi kuukirako kumagwiradi ntchito?
Kumbali imodzi, ili ndiye funso lalikulu pankhaniyi yokhudza ReVoLTE. Malingaliro onse omwe ali pamwambawa ndi abwino kwambiri, koma amasiya mafunso ambiri. Monga:
- Kodi ndizotheka (kwa ofufuza amaphunziro) kuti aletse kulumikizana kwa VoLTE?
- Kodi makina enieni a LTE amayambiranso?
- Kodi mutha kuyimbanso foni yachiwiri mwachangu komanso modalirika kuti foni ndi nsanja zigwiritsenso ntchito kiyi?
- Ngakhale makina atabwezanso, kodi mutha kudziwa zomwe simunalembepo pa foni yachiwiri - chifukwa zinthu ngati ma codec ndi transcoding zitha kusintha (pang'ono-pang'ono) zomwe zili mu foni yachiwiriyo, ngakhale mutakhala ndi mwayi wopeza "bits". "kuchokera pa foni yanu?
Ntchito ya ReVoLTE imayankha ena mwa mafunsowa motsimikiza. Olemba ntchito malonda mapulogalamu-reconfigurable wailesi mtsinje sniffer amatchedwa kuti muyimbe foni ya VoLTE kuchokera kumbali ya downlink. (Ndikuganiza kuti kungodziwa pulogalamuyo ndikupeza malingaliro olakwika a momwe imagwirira ntchito zidatenga miyezi ingapo kuchoka kwa ophunzira osauka omaliza maphunziro awo - zomwe zimafanana ndi kafukufuku wamaphunziro awa).
Ofufuzawo adapeza kuti kuti makiyi agwiritsidwenso ntchito, kuyimbanso kwachiwiri kumayenera kuchitika mwachangu itatha yoyamba, koma osati mwachangu kwambiri - pafupifupi masekondi khumi kwa omwe adawayesa. Mwamwayi, zilibe kanthu ngati wogwiritsa ntchitoyo ayankha foni mkati mwa nthawi ino - "ring" mwachitsanzo. Kulumikizana kwa SIP pakokha kumakakamiza wogwiritsa ntchito kugwiritsanso ntchito kiyi yomweyo.
Chifukwa chake, zovuta zambiri zomwe zimakhala zovuta kwambiri zimayenderana ndi vuto (4) - kulandira zing'onozing'ono zazomwe zili mufoni yomwe idayambitsidwa ndi wowukira. Izi ndichifukwa choti zambiri zitha kuchitika pazomwe muli nazo pamene zikuyenda kuchokera pafoni ya wowukirayo kupita pafoni ya wozunzidwayo pamaneti am'manja. Mwachitsanzo, zidule zonyansa monga kuyikanso mtsinje wamtundu wa encoded, womwe umasiya phokoso lofanana, koma umasintha mawonekedwe ake a binary. Maukonde a LTE amagwiritsanso ntchito kuponderezana kwa mutu wa RTP, komwe kumatha kusintha kwambiri paketi ya RTP.
Pomaliza, mapaketi omwe amatumizidwa ndi wowukirayo ayenera kukhala ofanana ndi mapaketi omwe amatumizidwa pa foni yoyamba. Izi zitha kukhala zovuta chifukwa kusintha kachetechete pakuyimba foni kumabweretsa mauthenga afupikitsa (phokoso lachitonthozo) lomwe silingagwirizane ndi kuyimba koyambirira.
Ndikoyenera kuwerenga mwatsatanetsatane. Imayankha zambiri zomwe zili pamwambapa - makamaka, olemba adapeza kuti ma codec ena sanasinthidwenso, ndipo pafupifupi 89% ya kuyimilira koyimbira koyimbirako kumatha kupezedwanso. Izi ndi zoona kwa osachepera awiri ogwira ntchito ku Ulaya omwe adayesedwa.
Izi ndi zopambana modabwitsa, ndipo kunena zoona zakwera kwambiri kuposa momwe ndimayembekezera nditayamba kugwira ntchitoyi.
Ndiye tingatani kuti tikonze?
Yankho laposachedwa pafunsoli ndi losavuta: popeza tanthauzo la chiwopsezo ndikugwiritsanso ntchito chinsinsi (kubwezeretsanso) kuwukira, ingokonza vutolo. Onetsetsani kuti kiyi yatsopano yapezeka pa foni iliyonse, ndipo musalole kuti paketi ya paketi ikhazikitsenso kauntala kukhala ziro pogwiritsa ntchito kiyi yomweyo. Vuto lathetsedwa!
Kapena ayi. Izi zidzafuna kukweza zida zambiri, ndipo, kunena zoona, kukonza koteroko pakokha sikodalirika kwambiri. Zingakhale zabwino ngati miyezo ingapeze njira yotetezeka kwambiri yogwiritsira ntchito njira zawo zolembera zomwe sizikhala pachiopsezo cha zovuta zogwiritsanso ntchito.
Njira imodzi yotheka ndiyo kugwiritsa ntchito . Izi zitha kukhala zokwera mtengo kwambiri pazida zamakono, koma ndizomwe opanga madera akuyenera kuganizira mtsogolo, makamaka popeza miyezo ya 5G yatsala pang'ono kulanda dziko lapansi.
Phunziro latsopanoli limadzutsanso funso lalikulu la chifukwa chake , ambiri omwe amagwiritsa ntchito mapangidwe ndi ndondomeko zofanana. Mukakumana ndi vuto lokhazikitsanso kiyi yomweyo pamaprotocol omwe amagwiritsidwa ntchito kwambiri ngati WPA2, kodi simukuganiza kuti ingakhale nthawi yoti mupangitse zomwe mukufuna komanso njira zoyesera kukhala zamphamvu? Lekani kutengera anthu amene akutsatira miyezo ngati anzanu oganiza bwino omwe amamvetsera machenjezo anu. Awonetseni ngati adani (osakonzekera) omwe adzipangitsa kuti zinthu zikhale zolakwika.
Kapena, m'malo mwake, titha kuchita zomwe makampani monga Facebook ndi Apple akuchulukirachulukira kuchita: kubisa kuyimba kwa mawu kuchitike pamlingo wapamwamba kwambiri wa netiweki ya OSI, osadalira opanga zida zam'manja. Titha ngakhale kukankhira kutsekereza kwakumapeto kwa kuyimba kwamawu, monga momwe WhatsApp ikuchitira ndi Signal ndi FaceTime, poganiza kuti boma la US likungoyimitsa. . Kenako (kupatula metadata) ambiri mwamavutowa amangotha. Yankho ili ndilofunika makamaka m'dziko limene .
Kapena titha kungochita zomwe ana athu achita kale: kusiya kuyankha mawu okhumudwitsawo.
Source: www.habr.com