Explore a research presentation from USENIX Security '24 examining critical security vulnerabilities in Voice over WiFi (VoWiFi) implementations. Dive into an analysis of IPsec tunnel security in commercial VoWiFi deployments, focusing on the key exchange mechanisms between user equipment and mobile network operators. Learn about discovered weaknesses in both 5G baseband chipsets and operator networks, including the concerning discovery of shared static private keys across multiple operators serving approximately 140 million subscribers. Understand how these security flaws could compromise the confidentiality of VoWiFi communications and the implications for network security. Gain insights into the technical details of Internet Key Exchange protocol implementation and the potential risks of weak cryptographic parameters in commercial telecommunications infrastructure.
Overview
Syllabus
USENIX Security '24 - Diffie-Hellman Picture Show: Key Exchange Stories from Commercial VoWiFi...
Taught by
USENIX