Article

Exploit Vulnerabilities in 4G and 5G Cellular Access Network

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Portable gadgets back different specialized highlights and administrations for up-and-coming 2G, 3G, 4G and 5G systems. For illustration, these determinations contain physical layer rate sorts, radio convention data, security calculations, carrier conglomeration groups, and benefit sorts such as GSM-R, Voice over LTE, Within the setting of portable security standardization, these organize determinations and administrations are alluded to as gadget capabilities and are traded with the organize amid the gadget enrolment stage. In this article, we investigate data around indicated gadget capabilities for 4G and 5G gadgets and their part in building up a secure interface between the gadget and the arrange. Our inquire about comes about appear the plausibility of the gadget being traded with the carrier some time recently the confirmation step without any ensures and not affirmed by the carrier. Therefore, we display three unused sorts of assaults that misuse data approximately the capabilities of unprotected gadgets in future 5G systems: Character assaults, sending assaults, and battery deplete assaults against versatile gadgets. Conduct verification of concept assaults utilizing reasonable equipment and computer program arrangements to survey their effect on commercial 4G gadgets and systems. We have detailed the distinguished vulnerabilities to pertinent benchmarks bodies and given countermeasures to relieve assaults against gadget capabilities in up-and-coming 5G systems.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
With the deep combination of both modern information technology and traditional agriculture, the era of agriculture 4.0, which takes the form of smart agriculture, has come. Smart agriculture provides solutions for agricultural intelligence and automation. However, information security issues cannot be ignored with the development of agriculture brought by modern information technology. In this paper, three typical development modes of smart agriculture ( precision agriculture, facility agriculture, and order agriculture ) are presented. Then, 7 key technologies and 11 key applications are derived from the above modes. Based on the above technologies and applications, 6 security and privacy countermeasures ( authentication and access control, privacy-preserving, blockchain-based solutions for data integrity, cryptography and key management, physical countermeasures, and intrusion detection systems ) are summarized and discussed. Moreover, the security challenges of smart agriculture are analyzed and organized into two aspects: 1) agricultural production, and 2) information technology. Most current research projects have not taken agricultural equipment as potential security threats. Therefore, we did some additional experiments based on solar insecticidal lamps Internet of Things, and the results indicate that agricultural equipment has an impact on agricultural security. Finally, more technologies ( 5 G communication, fog computing, Internet of Everything, renewable energy management system, software defined network, virtual reality, augmented reality, and cyber security datasets for smart agriculture ) are described as the future research directions of smart agriculture.
Article
Full-text available
The Internet of Things (IoT) is a promising technology which tends to revolutionize and connect the global world via heterogeneous smart devices through seamless connectivity. The current demand for Machine-Type Communications (MTC) has resulted in a variety of communication technologies with diverse service requirements to achieve the modern IoT vision. More recent cellular standards like Long-Term Evolution (LTE) have been introduced for mobile devices but are not well suited for low-power and low data rate devices such as the IoT devices. To address this, there is a number of emerging IoT standards. Fifth Generation (5G) mobile network, in particular, aims to address the limitations of previous cellular standards and be a potential key enabler for future IoT. In this paper, the state-of-the-art of the IoT application requirements along with their associated communication technologies are surveyed. Additionally, the 3rd Generation Partnership Project (3GPP) cellular-based Low-Power Wide Area (LPWA) solutions to support and enable the new service requirements for Massive to Critical IoT use cases are discussed in detail, including Extended Coverage Global System for Mobile Communications for the Internet of Things (EC-GSM-IoT), enhanced Machine-Type Communications (eMTC), and Narrowband-Internet of Things (NB-IoT). Furthermore, 5G New Radio (NR) enhancements for new service requirements and enabling technologies for the IoT are introduced. This paper presents a comprehensive review related to emerging and enabling technologies with main focus on 5G mobile networks that is envisaged to support the exponential traffic growth for enabling the IoT. The challenges and open research directions pertinent to the deployment of Massive to Critical IoT applications are also presented in coming up with an efficient context-aware congestion control (CACC) mechanism.
Conference Paper
Full-text available
This paper investigates and analyses the insufficient protections afforded to mobile identities when using today's operator backed WiFi services. Specifically we detail a range of attacks, on a set of widely deployed authentication protocols, that enable a malicious user to obtain and track a user's International Mobile Subscriber Identity (IMSI) over WiFi. These attacks are possible due to a lack of sufficient privacy protection measures, which are exacerbated by preconfigured device profiles. We provide a formal analysis of the protocols involved, examine their associated configuration profiles, and document our experiences with reporting the issues to the relevant stakeholders. We detail a range of potential countermeasures to tackle these issues to ensure that privacy is better protected in the future.
Article
OpenAirInterfaceTM (OAI) is an open-source project that implements the 3rd Generation Partnership Project (3GPP) technology on general purpose x86 computing hardware and Off-The-Shelf (COTS) Software Defined Radio (SDR) cards like the Universal Software Radio Peripheral (USRP). It makes it possible to deploy and operate a 4G Long-Term Evolution (LTE) network today and 5G New Radio (NR) networks in the future at a very low cost. Moreover, the open-source code can be adapted to different use cases and deployment and new functionality can be implemented, making it an ideal platform for both industrial and academic research. The OAI Software Alliance (OSA) is a non-profit consortium fostering a community of industrial as well as research contributors. It also developed the OAI public license which is an open source license that allows contributors to implement their own patented technology without having to relinquish their intellectual property rights. This new clause is in agreement with the Fair, Reasonable And Non-Discriminatory (FRAND) clause found in 3GPP. This paper describes the current OAI state-of-the-art of the development, the OAI community and development process, as well as the OAI public license and its usage by academia and industry.
Conference Paper
Cellular devices support various technical features and services for 2G, 3G, 4G and upcoming 5G networks. For example, these technical features contain physical layer throughput categories, radio protocol information, security algorithm, carrier aggregation bands and type of services such as GSM-R, Voice over LTE etc. In the cellular security standardisation context, these technical features and network services termed as device capabilities and exchanged with the network during the device registration phase. In this paper, we study device capabilities information specified for 4G and 5G devices and their role in establishing security association between the device and network. Our research results reveal that device capabilities are exchanged with the network before the authentication stage without any protection and not verified by the network. Consequently, we present three novel classes of attacks exploiting unprotected device capabilities information in 4G and upcoming 5G networks - identification attacks, bidding down attacks, and battery drain attacks against cellular devices. We implement proof-of-concept attacks using low-cost hardware and software setup to evaluate their impact against commercially available 4G devices and networks. We reported identified vulnerabilities to the relevant standardisation bodies and provide countermeasure to mitigate device capabilities attacks in 4G and upcoming 5G networks.
Conference Paper
Mobile network operators choose Self Organizing Network (SON) concept as a cost-effective method to deploy LTE/4G networks and meet user expectations for high quality of service and bandwidth. The main objective of SON is to introduce automation into network management activities and reduce human intervention. SON enabled LTE networks heavily rely on the information acquired from mobile phones to provide self-configuration, self-optimization, and self-healing features. However, mobile phones can be attacked over-the-air using rogue base stations. In this paper, we carefully study SON related LTE/4G security specifications and reveal several vulnerabilities. Our key idea is to introduce a rogue eNodeB that uses legitimate mobile devices as a covert channel to launch attacks against SON enabled LTE networks. We demonstrate low-cost, practical, silent and persistent Denial of Service attacks against the network and end-users by injecting fake measurement and configuration information into the SON system. An active attacker can shut down network services in 2 km2 area of a city for a certain period of time and also block network services to a selective set of mobile phones in a targeted area of 200 m to 2 km in radius. With the help of low cost tools, we design an experimental setup and evaluate these attacks on commercial networks. We present strategies to mitigate our attacks and outline possible reasons that may explain why these vulnerabilities exist in the system.
Book
This book constitutes the proceedings of the 11th International Conference on Network and System Security, NSS 2017, held in Helsinki, Finland, in August 2017. The 24 revised full papers presented in this book were carefully reviewed and selected from 83 initial submissions. The papers are organized in topical sections on Cloud and IoT Security; Network Security; Platform and Hardware Security; Crypto and Others; and Authentication and Key Management. This volume also contains 35 contributions of the following workshops: Security Measurements of Cyber Networks (SMCN-2017); Security in Big Data (SECBD-2017); 5G Security and Machine Learning (IW5GS-2017); of the Internet of Everything (SECIOE-2017).
Article
According to traditional wisdom, latecomer countries improve their technological capabilities in reverse of the product cycle, that is from mature towards new technologies. However, improvement of standards capabilities in this process has not been revealed clearly. This paper confirms similar patterns for improving formal standards capabilities as for the technological capabilities, but records some possible differences in the rate of catch-up when latecomers approach the technology frontier; a forward moving position where technology leaders (typically advanced countries) develop or conceptualize new technologies before being turned into products or systems. A number of case studies of South Korean ICT systems reveal that transition to the technological frontier is increasingly related to how they target and carry out formal standardization. The common elements driving differences in rates of successful catch-up for ICT systems standards are not only limited to generic standards capabilities, but also rely on characteristics of technology trajectories, national strategic focus, and organizing for standardization.3 This implies that a nation should not be discouraged by slow progress in standards-setting during earlier stages. Once a minimum level of capabilities is achieved, a nation pro-active in standards from the beginning may attain higher rates of catch-up near the technology frontier.
Conference Paper
We provide a comparative analysis of the existing MITM (Man-In-The-Middle) attacks on Bluetooth. In addition, we propose a novel Bluetooth MITM attack against Bluetooth- enabled printers that support SSP (Secure Simple Pairing). Our attack is based on the fact that the security of the protocol is likely to be limited by the capabilities of the least powerful or the least secure device type. Moreover, we propose improvements to the existing Bluetooth SSP in order to make it more secure.
Article
We propose two new Man-In-The-Middle (MITM) attacks on Bluetooth Secure Simple Pairing (SSP). The attacks are based on the falsification of information sent during the input/output capabilities exchange and also the fact that the security of the protocol is likely to be limited by the capabilities of the least powerful or the least secure device type. In addition, we devise countermeasures that render the attacks impractical, as well as improvements to the existing Bluetooth SSP in order to make it more secure. Moreover, we provide a comparative analysis of the existing MITM attacks on Bluetooth.
Securing 5G and Evolving Architectures
  • Pramod Nair
Nair, Pramod. Securing 5G and Evolving Architectures. Addison-Wesley Professional, 2021.
Semtech AN120022 Lora Modulation Basics
Connections the quarterly journal. "Semtech AN120022 Lora Modulation Basics." Connections the quarterly journal. (1970). https://connectionsqj.org/article/semtech-an120022-lora-modulation-basics
USRP Software Defined Radio (SDR) Online Catalog
  • Ettus Brand
  • Research
Brand, Ettus Research, a National Instruments. n.d. "USRP Software Defined Radio (SDR) Online Catalog." Ettus Research. http://www.ettus.com/product/details
LTE and IMSI catcher myths
  • R Borgaonkar
  • A Shaik
  • N Asokan
  • V Niemi
  • J P Seifert
R.Borgaonkar, A.Shaik, N.Asokan, V.Niemi, J.P.Seifert. "LTE and IMSI catcher myths." Blackhat EU. (2015). https://www.blackhat.com/docs/eu-15/materials/ eu-15-Borgaonkar-LTE-And-IMSI-Catcher-Myths.pdf