Diffie-Hellman Key Exchange Security Issues in Commercial VoWiFi Deployments

Explore a research presentation from USENIX Security '24 examining critical security vulnerabilities in Voice over WiFi (VoWiFi) implementations. Dive into an analysis of IPsec tunnel security in commercial VoWiFi deployments, focusing on the key exchange mechanisms between user equipment and mobile network operators. Learn about discovered weaknesses in both 5G baseband chipsets and operator networks, including the concerning discovery of shared static private keys across multiple operators serving approximately 140 million subscribers. Understand how these security flaws could compromise the confidentiality of VoWiFi communications and the implications for network security. Gain insights into the technical details of Internet Key Exchange protocol implementation and the potential risks of weak cryptographic parameters in commercial telecommunications infrastructure.