Cyber Sec Infinity

Metaverse – an exciting immersive world and cyber issues

Its astounding to be in the world beyond us, some sort of a parallel world where we don’t have the physical world restrictions and can really has enormous potential for a true immersive experience, innovation, recognition of talent in different corners of the world. I believe the pandemic in many sense has pushed to remote work and acted as a catalyst for a metaverse experience.

• 

You can see your family, friends, office, business colleagues in person with their avatars and with the advancement of different immersive technologies you shall see the person in his avatar exactly the way you see him/her in person…..like their facial, eye expressions and reactions etc… isn’t that cool and much better than seeing a person in a box in 2D.

So what is it in there for us, there are different perspectives of the metaverse :-

1. As a creator – working on the digital art pieces through NFT’s powered by blockchain
2. As a collaborator – to work on the technologies related to AR, VR, Immersive experience
3. As a security & privacy professional – to safeguard the data point captured, ensure privacy and safety for metaverse users
4. As a hardware provider – build more form factor than ever before at a much lesser price
5. As a user – to gain that immersive experience 

All of the above have immense potential to bring out the best to the world, its also not about sticking more to your oculus and the screen but its essentially about spending the same time as before more effectively.

As of now we have four to five major metaverses to experience as a user and to contribute to in different capacities.

1. The Meta
2. The Decentraland 
3. The Axie infinity metaverse 
4. The sandbox 
5. The Zionverse / Lakshmi NFT Zionverse which is very much Indian version of metaverse

You might have seen me using the NFT lingo a too much, we shall cover that in a separate article in detail but till then remember these are non-replaceable token using the block chain technology in order to avoid ensure the originality of the NFT which can be an digital art piece, accessory, clothes, any other form of digital asset which though a digital signature is linked to you.

The journey to reach out to every common person on this planet is an evolution for the metaverse concept, this will necessarily mean we as humans have the following in place to have the true metaverse experience:-

Acceptance amongst the masses

1. Better connectivity – with embb as an emerging use case of the 5G SA technology, this shall really be a catalyst to the connecting people. Affordability is something we need to have a close look at.

For those readers who are new to 5G, kindly read my old article on the blog name :

http://cybersecinfinity.in/index.php/2020/11/02/5g-service-based-security-architecture/

http://cybersecinfinity.in/index.php/2020/12/30/security-issues-and-chain-of-trust-in-5g/

2. Cost of hardware to enter in the metaverse – The oculus for example cost somewhere between 299$ for 64gb version to 399$ for 128gb version. Now in order for adaptability to increase the cost of quest needs to go down further below 100$ for a 64gb pair

Security issues

3. Identity – How will be validated in the metaverse, will it be a single factor, dual or three factor authentication. As someone with your identity can do a lot of mischief using your digital identity in form of avatars in the metaverse world
4. Privacy – While metaverse gives us the freedom to freely roam in the virtual room etc, at the same time, it shall from day one take care of ones privacy and consent about ones data, time etc..
5. Data security – there is lot of data about yourself and your home that shall be captured, in order to have areal immersive and personalized experience, techies managing the infrastructure and data behind the scenes need to really have a shift left approach towards security

6. Awareness as a society – this new concept though is fascinating, however needs to be exercised with caution as for certain age groups like the kids and elderly are really prone to identity hijacks, cyber bullying, cyber harassment, financial frauds etc….
7. Financial frauds – The metaverse is centered around the NFT’s which are though powered by blockchain but still have way to be mature enough to secure the whole digital creation concept and how the wallets needs to be securely connected and protected against theft by cyber criminals, who are equally excited to enter the metaverse as their new market place 😊
8. Regulations – safety and security needs to be built into the metaverse world from day one and so are the applicable regulations/compliance across different geographies. The role of government and their bodies is prime importance as metaverse is evolving technically right now, it’s the correct time to join the bandwagon of regulations globally, as there aren’t going to be any borders of this evolution. Hence governments across need to prepare accordingly.

• 

Now a big shout out to government bodies and regulators across to have a shift left approach to security in the metaverse space. We don’t want to retrofit security as we did for the internet or SS7.

Hello ….. trust you are doing well and in good health….. many thanks to all who gave feedback to make my writing better …..

Till now we have covered the following topics, in domain of 5G in your blog  http://cybersecinfinity.in/ 

1. Role of API and security issues in 5G – http://cybersecinfinity.in/index.php/2020/11/02/5g-service-based-security-architecture/
2. Authentication of subscriber, home network and serving network in 5G – http://cybersecinfinity.in/index.php/2020/11/19/5g-aka-authentication-process-3gpp-33501/
3. Chain of trust / digital trust issues in 5G – http://cybersecinfinity.in/index.php/2020/12/30/security-issues-and-chain-of-trust-in-5g/

In this article we shall talk about what the role of the key actors in aspects of cyber security related to Operational technology (OT)/Industrial control system (ICS)

I started my career working in a paper manufacturing plant, my role was to kick start automation and implement distributed control systems(DCS)and SCADA (supervisory control and data acquisition system). The plant at that time had less of automation and had huge man power requirements. Few years back I happened to visit the same plant, I was surprised to see, awesome automation, whole range of SCADA/DCS systems had taken over. The complex wirings and traditional way to approach for telemetry had all gone away. Thanks to the narrow band internet of things(NB-IOT), M2M (depending on the use case) and 5G that made fast and reliable, wireless connectivity really possible.

Sticking to our agenda of various dimensions to look at, we see what is the role of the following actors:-

1. OT/ICS field instrument OEM
2. Plant operations
3. Connectivity provider  – ISP

Role of OT/ICS instrument OEM in cyber security

In this tough competitive world, it makes sense to have the lightest of the OS, simple and low cost firmware / hardware but the bad guys out there are really watching at each layer / component and trying to put bugs right into the firmware.

OEM’s really need to work it out bottoms up. All layers of your hardware components using standard protocols like MQTT, ZigB, Zwave or any other proprietary protocols need to be secured and do keep that additional room for compute for security processing. (low cost OT chips they really didn’t had the compute for security processing)

It is worth looking at the minimum below aspects related to the small chips used for OT/ICS.

1. Hardware security
2. Device software and OS security
3. Interface security
4. Identity (the AAA )
5. Cryptography and off course with that comes the daunting task of keys management

We will focus a bit on hardware security, for things like:–

Importance of secure boot process, its really important to use secure boot as we do not want other party to load an operating system or a different bootloader onto your hardware.

That is why its important that the product’s processor system has an irrevocable secure boot process. Sticking to the basics and always run the secure boot process as default.

The hardware devices have debug interface, there is need to protect the same. Communication should be authorized and authenticated only to entities.

The hardware microprocessor should not allow the firmware to be read out of the products non volatile memory by encrypting the same.

The hardware should be tamper proof and should immediately send a log in case there is any compromise with integrity of the hardware or the secure boot process.

Role of plant operations in cyber security

Plant operations team need to maintain an inventory of all their assets, maintain database of the field assets and keeping the database refreshed and up to date is challenging.

Physical security is one of the most important task when it comes to OT/ICS security.

Configuration parameters of these devices should only be open for configuration to authorized set of users.

Very important in todays context is for the plant operations to keep their OT/ICS software’s up-to-date and the process to sustain the same. The only point to be sure of is to have the upgraded software signed digitally.

Role of an ISP in cyber security

An ISP plays a pivotal role, as they are at a vantage point and see the entire traffic and make the two ends meet (the OT/ICS sensors to its respective application on the cloud or on premise of the plant).

ISP’s need to determine how secure their infrastructure is to provide that service, and it should cover all aspects like the radio should be secure, physically their sites are secure, traffic that lands from radio to the core from their transport network secure from MITM attacks internally and from MITM over the air over the “A” interface, finally the core used to authenticate and authorize the subscriber should have capabilities to uniquely identify each device and ensure impersonation of each tiny device out there in the field is not possible.

Here out of the many security controls that play a pivotal role in securing ISP Radio, Transport, Core network. I would like to focus on SSL pinning, the concept is not new but its important to protect with the strong fundamentals, where you have risk of impersonation. SSL connection tells the client to make an encrypted connection with any identity matching that remote host. Pinning goes one step ahead and tells the client a specific identity they should accept when making a secure connection.

Lets see any example in case of OT/ICS, certificate issues whether well know 3^rd party or internal CA exampleplant.com, its possible to pin an identity. When a device tries to connect, they would receive the pinned information. Any further connections, device would take action (device should be compute vise capable of doing so) and uniquely distinguish and stop connection, if we tried to get the client to use a different identity.

All the actors have key roles to play for effective and sustainable cyber security for the OT/ICS critical infrastructure and applications.  

Thank you, please share your valuable comments, to make the blog better by your contribution….

References:-

I have consulted the beautifully written articles in the below link and would strongly recommend you to read the same for more and detailed clarity about each topic

https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning

https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet

https://www.iotsecurityfoundation.org/tag/iot-security-compliance-framework/

https://pages.nist.gov/800-63-3/sp800-63b.html

https://appid.iconectiv.com/appid/#/

Hello readers….. a very good day to you…

In this article, we shall talk about the security issues related to establishing trust and how security needs to be use case specific in the 5G world.

The below diagram summarizes evolution of telecommunication generations and 5G use cases on a very broad spectrum. This clearly shows that unlike the previous generations, 5G not only has human subscribers but cover a huge range of non-human connected and inter-connected devices like, mMTC(massive machine type communication) devices, VR(virtual reality) devices and applications, AR(augmented reality) devices and applications, MR(mixed reality) and applications , URLLC (Ultra high reliable & low latency) for connected card or self-driving cars.

All of the above are non-human touch points in an operator’s network, which means that operator’s network is at risk with each of these touch points, from confidentiality, integrity and availability standpoint.  

These billions of devices, being used in critical use cases ranging from life-saving surgery to time sensitive critical decision to apply the brakes when the car is moving at a high speed. Core of the issues here is for operator to establish trust on these devices and how shall an operator tailor its security controls as per the use case. As shown in the figure below, security controls implemented for latency sensitive autonomous car shall be different than implemented for a remote surgery.

Let’s talk about a use case here, where a smart city has mMTC sensors for traffic management in a city, this involves installation of some 3^rd party OEM sensors by an operator’s enterprise customer or government entities. The issue with these numerous number of sensors from the 3^rd party OEM’s is that this exposes operator network to the outside world and all those small tiny compute sensors out there in the field are in trust zones by operators by default. Off course until the same has been logically segregated from network point of view.

The risk is two pronged here and might not be contained at level of the operator, as all connected applications at the backend of these non-human touch points are hosted in an on-prem operator data center or cloud data center being used as SaaS, PaaS. The impact of any potential vulnerability might not only be on the operator but also on the end consumer, be it any of the 5G use cases. The damage is collateral in case of 5G.

The core issues that I wanted to express, considering the above use cases is, we can consider a situation that has billions of sensors across the operator’s network, which by default are not built with security in mind. You can consider this situation as SS7 network and abuse of this network, as it was developed in the 1970’s with communication in mind, security was just fit in as an overlay afterthought, when the trust relationships in the SS7 world started getting exploited.

Coming back to our topic of this post, the non-human connected and interconnected devices in the 5G world are huge in number and pose serious chain of trust issues. This calls for the operators to take special consideration of how non-human devices will authenticate to the network, what are the chances that devices identity can be masqueraded, what are the chances that this identity can be abused.

An end to end risk assessment of each and every use case for 5G is required. We cannot go with the traditional approach for assessing risk of the platform for 5G. As each use case will involve its own context with respect to security. Each 5G use case might need to be treated differently (one shoe doesn’t fit all).

For example, security controls for a use case specific to connected cars which are highly sensitive to latency might be different than use case which is related to augmented reality which is bandwidth sensitive.

For addressing the new dimensions of the security concerns and issues arising from this generation of telecommunication need a new way to look at the following (but not limited to the below) :-

Will write soon about, what 3GPP says about security and how we as a community of security professionals can contribute and secure our networks and users.

Thanks to you, please share your valuable comments, to make the blog better by your contribution….

5G AKA authentication process – (3GPP 33501)

Hello my readers today we will talk about two ways to authenticate a UE in 5G :-

5G AKA (Authentication Key Agreement)

EAP AKA

The below components in the 5G network architecture are instrumental in the authentication process

UE – User equipment

SEAF – Security anchor function

AUSF – Authentication server function

UDM – Unified data management

You can consider AUSF as the MME/MSC and UDM as HSS / HLR of the older generation of 3GPP

Here is the step vise authentication process for the UE to the network and vice versa :-

1. On the N1 interface UE send {N1 message with SUCI (if attach for 1st time) else 5G GUTI}

Quick recap on the permanent and temporary identifier used during the attach request and subsequent network usage

2G,3G	4G,5G	Type of subscriber identifier	When is this used
IMSI Internation mobile subscriber identity	SUPI Subscriber permanent identity	Permanent	In order to avoid MITM, only during exceptional scenarios of first time attach Or When the network is unable to resolve SUPI from SUCI/GUTI
TMSI Temparory mobile subscriber identity	GUTI Global unique temparory identifier	Temporary	Each time location is updated or attach attempt is made or call is attempted or as set in the PLMN parameters

HEAV – Home environment authentication vector

AV – Authentication vector

• 

As you can see now the required keys for session to continue are derived for a session

Kseaf becomes the anchor key to derive Kamf, Knas, Kgnb,Knsiwf

Here the subscriber is successfully authenticated, serving network has been authenticated and the home network has been authenticated. This is the change from earlier generation and added layers of authentication have been added to safeguard the consumer

Do share you comments and let me know, was the article information and definitely i do welcome your comments to further improve the blog…… happy reading

In the era of 5G communication, the way 5G services are deployed has fundamentally changed and securing the 5G infra and services is of paramount importance.

5G is no longer a user and operator communication only, its about VR,AR,MR, EMBB(enhanced mobile broadband), MMTC(massive machine type communication)and URLLC( ultra-reliable and low latency communication) much more.

Also one more hurdle to the task it shifts of telecom world into the IT space, where we are no longer talking about physical or traditional VM based core application running on proprietary telecom protocols. Now the fundamental shift is to VNF, container based application, even the protocols RESTful API based on service based architecture. This is where 5G deployment wherein we use the existing upgraded 4G radio and the core. This mainly caters to high speed and just puts the telecom provider in the 5G map. However, for the URLLC and MMTC use cases telecom operator has to move to the SA version of 5G.

Before we begin into the real security issues, lets have a look at basics of 5G.

The spectrum

Deployment models

• NSA – Non stand alone
• SA – Standalone

The architecture

From traditional tin based hardware to truly cloud native application, from boxes its now functions, from proprietary telecom protocols to standard REST API. A solution that truly is cloudification, if utilized to the true potential.

From dedicated interface cards to micro services, where each micro service serves a specific business purpose and built by a specific team. Even the applications are containerized and in the real sense support business.

Basic building blocs of 5G from radio to the core

1. UE talks to RAN , in 5g this is called AN (access network) This can include 3GPP and no 3GPP components – GnodeB[RS2] , wifi
2. UE then connect to AMF (access mobility function)
3. Other core elements the UE connect to are session management function
4. Policy control function
5. Application function
6. Authentication server function
7. User plane function
8. User data management
9. Network slice selection function

AS the function names have totally changed, lets drive an analogy between the LTE and 5G nodes

4G/3G/2G Node	Corresponding 5G Node
HSS, HLR	Unified data management(UDM)
HSS, HLR	Authentication server function(AUSF)
HSS, HLR	Unstructured data user function (UDSF)
This component does not exist in earlier generation as defined by 3gpp	Network repository function(NRF)
HSS, HLR	Unified data repository(UDR)
This component does not exist in earlier generation as defined by 3gpp	Network exposure function (NEF)
This component does not exist in earlier generation as defined by 3gpp	Network slice selection function(NSSF)
EIR	EIR
DRA/DEA	Service communication proxy(SCP)
DRA/DEA	Service edge protection proxy(SEPP)

Different types of API’s in 5G – SBA, make use of different URI, HTTP, data description languages,

1. Northbound API’s
2. Orchestration API’s
3. Internal API’s

Example RESTful SBA Procedures

Example 1: User wants to surf internet

UE calls the AMF

AMF call the NRF

NRF calls the SMF

UE contacts the SMF

In the above its clearly observed that the request above are HTTP POST request and response. The security issues that are faced by HTTP post are now inherited with this SBA in 5G.

Example 2 : Service registration

SMF send request to NRF

SMF send HTTP PUT request to NRF.

This is how the API’s from operator side shall be exposed to the 3^rd parties for their application consumptionS

Security issues in API / HTTP 2.0 usage in 5G

The HTTP methods on which 5G SBA has extreme reliance are the following

HTTP POST – used to create new resource which can be addressed by the URI

The HTTP post method is mostly used now a days to impact availability of the system in form of denial of service. Potentially exploiting the confidentiality as the HTTP POST request is clear text and not encrypted

HTTP GET – request for list/ retrieves the resources addressed by URI

HTTP PUT – request replaces the resourced addressed in URI

HTTP DELETE – request deleted the resource addressed in the URI

HTTP PUT and DELETE are used by an attacker this method which was originally used for file management operations is used to change or delete files from the server’s file system, arbitrarily. For sure, if these are enabled, it opens you to some dangerous attacks and you increase your attack surface.

Some critical interfaces and their security concerns

NG1,NG2,NG3 – all are potential candidates of REST API communication. Hence this leads the way for service based architecture …

• N6 –
• N8-
• N12-
• Nnef –

Security Issues

The security issues really are ranging from identity theft, to availability disruption to life saving services, non repudiation, API security issues, container security issues during the runtime, docker/kubernetics related security issues, privacy, SSL certificate related issues. The attack surface for 5G is really huge. Job of a security team is key over here. To understand about all issues and to put any type of security control over here will really needs in depth understanding of the 5G (NSA or SA) landscape.

In this article we just discuss about only one issues specific to API’s, as its something new to the Telco work from a core services point of view.

Articles about other security issues will soon follow.

---