Cristin-resultat-ID: 1696826
Sist endret: 10. mai 2019, 10:06
Resultat
Vitenskapelig artikkel
2019

New vulnerabilities in 4G and 5G cellular access network protocols : exposing device capabilities

Bidragsytere:
  • Ravishankar Borgaonkar
  • Altaf Shaik
  • Shinjo Park og
  • Jean-Pierre Seifert

Tidsskrift

2th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19)
ISSN 1931-1222

Om resultatet

Vitenskapelig artikkel
Publiseringsår: 2019

Beskrivelse Beskrivelse

Tittel

New vulnerabilities in 4G and 5G cellular access network protocols : exposing device capabilities

Sammendrag

Cellular devices support various technical features and services for 2G, 3G, 4G and upcoming 5G networks. For example, these tech- nical features contain physical layer throughput categories, radio protocol information, security algorithm, carrier aggregation bands and type of services such as GSM-R, Voice over LTE etc. In the cellular security standardisation context, these technical features and network services termed as device capabilities and exchanged with the network during the device registration phase. In this paper, we study device capabilities information specified for 4G and 5G devices and their role in establishing security association between the device and network. Our research results reveal that device capabilities are exchanged with the network before the authentica- tion stage without any protection and not verified by the network. Consequently, we present three novel classes of attacks exploiting unprotected device capabilities information in 4G and upcoming 5G networks – identification attacks, bidding down attacks, and battery drain attacks against cellular devices. We implement proof- of-concept attacks using low-cost hardware and software setup to evaluate their impact against commercially available 4G devices and networks. We reported identified vulnerabilities to the relevant standardisation bodies and provide countermeasure to mitigate device capabilities attacks in 4G and upcoming 5G networks.

Bidragsytere

Ravishankar Bhaskarrao Borgaonkar

Bidragsyterens navn vises på dette resultatet som Ravishankar Borgaonkar
  • Tilknyttet:
    Forfatter
    ved Software Engineering, Safety and Security ved SINTEF AS

Altaf Shaik

  • Tilknyttet:
    Forfatter

Shinjo Park

  • Tilknyttet:
    Forfatter

Jean-Pierre Seifert

  • Tilknyttet:
    Forfatter
1 - 4 av 4