Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling

Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Wi-Fi Calling, which is used to make and receive calls over the Wi-Fi network, has been widely adopted and deployed to extend the coverage and increase the capacity in weak signal areas by moving traffic from LTE to Wi-Fi networks. However, the security of Wi-Fi Calling mechanism has not been fully analyzed, and Wi-Fi Calling may inherently have greater security risks than conventional LTE calling. To provide secure connections with confidentiality and integrity, Wi-Fi Calling leverages the IETF protocols IKEv2 and IPSec. In this paper, we analyze the security of Wi-Fi Calling specifications and discover several vulnerabilities that allow an adversary to track the location of users and perform DoS attacks. By setting up a rogue access point in live testbed environment, we observe that user devices can leak the International Mobile Subscriber Identity (IMSI), despite it being encrypted. The leaked information can be further exploited for tracking user locations. We also discuss how these protocols are vulnerable to several denial of service attacks. To protect user privacy and services against these attacks, we propose practical countermeasures. We also present trade-off considerations that pose challenges for us to apply countermeasures to mitigate the existing vulnerabilities. Additionally, we propose to introduce corresponding amendments for future specifications of protocols to address these trade-offs.

Original languageEnglish (US)
Title of host publicationProceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018
PublisherAssociation for Computing Machinery
Pages278-288
Number of pages11
ISBN (Electronic)1595930361, 9781450364430
DOIs
StatePublished - Jan 22 2018
Event34th Annual Computer Security Applications Conference, ACSAC 2018 - San Juan, United States
Duration: Dec 3 2018Dec 7 2018

Publication series

NameACM International Conference Proceeding Series
Volume2018-January

Conference

Conference34th Annual Computer Security Applications Conference, ACSAC 2018
Country/TerritoryUnited States
CitySan Juan
Period12/3/1812/7/18

Keywords

  • DoS
  • Impersonation Attack
  • IMSI
  • IPSec
  • Privacy
  • Wi-Fi Calling

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Fingerprint

Dive into the research topics of 'Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling'. Together they form a unique fingerprint.

Cite this