Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Misusing Wireless ISPs for Anonymous Communication

WiFi, WiMAX, wireless
Andre Adelsbach
Black Hat EU 2010
Indexed on
Mar 26, 2013
File name
File size
1.3 MB

Most wireless communication techniques are broadcast media by nature on the physical layer, i.e., the actual signal can be received by any party in a certain coverage area. A common means to perform secure unicast point-to-point communication over such wireless infrastructures is by applying cryptographic protocols on higher layers: both communication end-points (commonly user and carrier) set up a session key, which is then used to build private and authentic unicast communication by means of encryption and message authentication. As of today, a common assumption in the design and analysis of such communication protocols is that both end-points (user and carrier) behave correctly according to the cryptographic protocol, because they want to preserve security against outsiders. However, if carriers have more power/resources in terms of bandwidth or coverage, users may not be interested in protecting their unicast communication against outsiders at all. Instead, users may try to extend their communication power/resources by means of insider attacks against the communication protocol. Therefore, such insider attacks pose new threats to these protocols and have, to the best of our knowledge, been neglected so far. In this presentation we will present several insider attacks, which break the unicast communication imposed by the carrier of the infrastructure. The most striking example of highly asymmetric resources are satellite ISPs: here the user normally has a terrestrial link to the carrier and no means to broadcast data at all. On the other side, the carrier can broadcast its signals over huge footprints, covering thousands of kilometers. Therefore, we will illustrate our attacks mainly in terms of satellite ISPs, but also discuss other examples such as WIMAX. Our strongest insider attack allows any end-user to make the satellite ISP broadcast data as clear text, even if the downlink (data sent from the satellite to the user) is properly encrypted by the satellite ISP, thereby breaking the unicast communication structure imposed by the satellite ISP. Finally, we discuss how the presented findings can be used to set up communication channels, achieving perfect receiver anonymity.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !