AUTHENTICATION TECHNIQUES for HETEROGENEOUS TELEPHONE NETWORKS by BRADLEY GALLOWAY REAVES a DISSERTATION PRESENTED to the GRADUA
Total Page:16
File Type:pdf, Size:1020Kb
AUTHENTICATION TECHNIQUES FOR HETEROGENEOUS TELEPHONE NETWORKS By BRADLEY GALLOWAY REAVES A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA 2017 © 2017 Bradley Galloway Reaves For Sarah ACKNOWLEDGMENTS Iamonlywritingthistodaybecauseofthemultitudeoffamily,friends,teachers,and colleagues who helped get me here. This journey began in high school, when Mrs. Reid, my English teacher, suggested that I would make a good college professor. I wasn’t sure about the idea until my second programming class in college. I loved programming, so I would do the lab assignments at home, then show up in the lab to demonstrate the project to the TA. My work for the week was done, but I didn’t leave the lab. Instead, I stayed for the next few hours helping other students when they needed help with the programming assignments. It became the best part of my week, and I realized that there was no career I wanted more than to be a professor of computing. Having a goal and knowing what it takes to achieve it are two very di↵erent things. At the time I knew I needed a PhD, but nothing of what it took to get one. Luckily, I had wonderfully supportive professors and advisors who told me what it took, and one in particular helped me take the first steps toward a research career. Tommy Morris was a new professor at Mississippi State, and after teaching my digital design class o↵ered me a (paid!) position in his research lab. I thought I’d be doing scut work, but he very quickly let me define my own project: analyzing the security of digital radios. Along the way, he taught me the basics of computer security, how to define and execute a research project, how the publication process works, and helped me win an NSF Graduate Fellowship. As I finished my master’s degree, I desperately wanted to learn how to do the best research I could, and I knew I still had so much to learn. By certain divine providence, I joined Patrick Traynor’s group at Georgia Tech. Patrick Traynor has, over the course of the past six years, become the single greatest professional influence on my life. He has been not just an amazing academic advisor, but also an incomparable friend, confidant, occasional running coach, and an exemplar of what it means to live life fully. He taught me every aspect of my craft, including how to be an impactful teacher, mentor, manager, technologist, and researcher, and he 4 believed in me even when I did not believe in myself. He showed me by his example that as important and rewarding as it is do pour everything you have into your career, it is far more important to care for your family and put their needs first. If I am a fraction of the teacher, advisor, husband, and father that he is I will lead a full and rich life. Very few doctoral courses follow a straight-line path, and my course was no exception. The greatest surprise and kismet occurred when Patrick Traynor moved to the University of Florida in 2014 to found the Florida Institute for CyberSecurity Research (FICS), and I joined him as a founding member of the group. While leaving Georgia Tech and Atlanta was bittersweet and meant leaving behind good friends and colleagues, UF provided bountiful opportunities that I would have been a fool to miss. At FICS, I had the pleasure of working with a group of friends and colleagues who were not only all dedicated to building one of the world’s finest computer security research groups, but to have fun doing so. I know that what success I have had has been enabled by the support and camaraderie of the great group of students and faculty at FICS. There is nothing better than working with a group of friends you can rely upon in the trenches. UF provided a wonderful home to write my dissertation, but satisfying the University’s rigorous requirements as a transfer student would not have been possible without the support of the CISE graduate advisor, Adrienne Cook. I can say with no reservation that I would not have graduated without her tireless support and assistance. She not only regularly made the seemingly impossible happen, her exceptional optimism and friendliness made every visit to her office a delight. Iwouldalsoliketothankmydissertationcommitteefortheirhelpfuladviceand guidance in completing this dissertation. One of the lessons I learned from Patrick Traynor was that it is far better to work with others on projects than to work alone, and he proved that to me by grafting me into an extensive academic family. Kevin Butler was always ready with a brilliant insight or helpful comment to make my work much better than it would have been otherwise. 5 Will Enck showed me how wonderful collaboration can be and was always ready with encouragement. Patrick McDaniel gave me the advice I needed at precisely the right times. I’m also grateful to my family, who gave me everything I needed to be successful. My mother nurtured (and sometimes even bravely endured) my insatiable curiosity, while my father taught me to love learning how things worked, building and making things, and the courage to believe I can do anything I put my mind to. My stepmother Angela showed me what it means to love someone as your own. Pat Bradley, my grandmother, taught me to love reading and to find humor in everything. My grandmother Ann showed me what endless patience and self-sacrificing love truly mean, and my grandfather John demonstrated what discipline and a strong work ethic can achieve. Sarah Anderson Reaves has been with me since well before this long journey was even an idea. She has selflessly loved me through everything: a decade of rootlessness and the uncertainty of college and graduate school; the long days and sometimes even longer nights of coursework, research, and travel; self-doubt and delusions of grandeur; celebrations and disappointments; crises and opportunities. Through all of it she has been my greatest supporter and my best friend. This thesis and the degree it completes would never have happened were it not for the love she gave and the sacrifices she made, large and small. I am so very lucky I get to share my life with her. To everyone mentioned here, and all those who have helped me become who I am: thank you from the bottom of my heart. 6 TABLE OF CONTENTS page ACKNOWLEDGMENTS ................................. 4 LIST OF TABLES ..................................... 10 LIST OF FIGURES .................................... 11 ABSTRACT ........................................ 13 CHAPTER 1 INTRODUCTION .................................. 15 1.1 Thesis Statement ................................ 17 1.2 Contributions .................................. 17 1.3 Organization .................................. 17 1.4 Publications ................................... 18 2 BACKGROUND AND RELATED WORK ..................... 19 2.1 The Modern SMS Ecosystem ......................... 19 2.2 Telephone Network Background ........................ 22 2.2.1 Landline Networks ........................... 23 2.2.2 Cellular Networks ............................ 24 2.2.3 VoIP ................................... 26 2.2.4 Challenges to Authenticating Phone Calls ............... 27 2.3 Related Work .................................. 29 2.3.1 Prior Work on SMS Use and Abuse .................. 29 2.3.2 Telephony Fraud and Detection .................... 30 2.3.3 Prior Work Authenticating Phone Calls ................ 31 2.3.4 Audio Quality Measurement ...................... 32 3 CHARACTERIZING THE SECURITY OF THE SMS ECOSYSTEM WITH PUBLIC GATEWAYS ................................ 34 3.1 Methodology .................................. 36 3.1.1 Public Gateways ............................. 36 3.1.2 Crawling Public Gateways ....................... 40 3.1.3 Additional Data Sources and Analyses ................ 40 3.1.4 Message Clustering ........................... 43 3.1.5 Message Intentions ........................... 45 3.2 Data Characterization ............................. 46 3.2.1 Gateways and Messages ......................... 46 3.2.2 Infrastructure .............................. 46 3.2.3 Geography ................................ 48 3.2.4 Clusters ................................. 49 7 3.2.5 SMS Usage ................................ 49 3.3 Uses of SMS as a Secure Channel ....................... 51 3.3.1 PII and other Sensitive Information .................. 51 3.3.2 SMS code Entropy ........................... 55 3.3.3 Takeaways ................................ 58 3.4 Abuses of SMS ................................. 59 3.4.1 Gateways and PVA ........................... 59 3.4.2 Detecting Gateways ........................... 61 3.4.3 Abuse Campaigns in SMS ....................... 65 3.4.4 Takeaways ................................ 69 4 DETECTING INTERCONNECT BYPASS FRAUD ............... 73 4.1 What is a Simbox? ............................... 75 4.1.1 How Simbox Fraud Works ....................... 76 4.1.2 Consequences of Simbox Operation .................. 78 4.2 Methodology .................................. 79 4.2.1 Inputs to Ammit ............................ 80 4.2.2 Detecting Unconcealed Losses ..................... 81 4.2.3 Detecting Concealed Losses in GSM-FR ................ 84 4.2.4 Simbox Decision and SIM Detection .................. 85 4.2.5 Efficiency of Ammit ........................... 86 4.3 Threat Model and Evasion ........................... 86 4.3.1 Security Assumptions .......................... 87 4.3.2 Evasion .................................. 87 4.4 Experimental