Security of 4G and 5G cellular networks

Date: October 16th, 10 AM – 11 AM AEST.

Recording: link

Slides: LTEInspector

Guest Speaker: Professor Elisa Bertino, Purdue University, West Lafayette, Indiana, United States.

Elisa Bertino is professor of Computer Science at Purdue University. She serves as Director of the Purdue Cyberspace Security Lab (Cyber2Slab). Prior to joining Purdue, she was a professor and department head at the Department of Computer Science and Communication of the University of Milan. She has been a visiting researcher at the IBM Research Laboratory in San Jose (now Almaden), at the Microelectronics and Computer Technology Corporation, at Rutgers University, at Telcordia Technologies. She has also held visiting professor positions at the Singapore National University and the Singapore Management University.  Her main research interests include security, privacy, database systems, distributed systems, and sensor networks. Her recent research focuses on cybersecurity and privacy of cellular networks and IoT systems, and on edge analytics for cybersecurity.  Elisa Bertino is a Fellow member of  IEEE, ACM, and AAAS. She received the 2002 IEEE Computer Society Technical Achievement Award for “For outstanding contributions to database systems and database security and advanced data management systems”, the 2005 IEEE Computer Society Tsutomu Kanai Award for “Pioneering and innovative research contributions to secure distributed systems”, and the 2019-2020 ACM Athena Lecturer Award.

Abstract:

As the world moves to 4G and 5G cellular networks, security and privacy are paramount importance and new tools are needed to ensure them. For example, LTEInspector is a model-based testing approach that combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model. Using it, researchers have uncovered 10 new attacks along with 9 prior attacks, categorized into three abstract classes (i.e., security, user privacy, and disruption of service), in three procedures of 4G LTE. Notable among the findings is the authentication relay attack that enables an adversary to spoof the location of a legitimate user to the core network without possessing appropriate credentials. To ensure that the exposed attacks pose real threats and are indeed realizable in practice, 8 of the 10 new attacks have been validated and their accompanying adversarial assumptions have been put through a real testbed. On-going work in addressing some of those vulnerabilities points the way toward an agenda of further research.