Zishuai Cheng,Mihai Ordean,Flavio Garcia,Baojiang Cui,Dominik Rys

DOI: https://doi.org/10.56553/popets-2023-0053

2023-04-01

Proceedings on Privacy Enhancing Technologies

Abstract:Voice over LTE (VoLTE) and Voice over NR (VoNR), are two similar technologies that have been widely deployed by operators to provide a better calling experience in LTE and 5G networks, respectively. The VoLTE/NR protocols rely on the security features of the underlying LTE/5G network to protect users' privacy such that nobody can monitor calls and learn details about call times, duration, and direction. In this paper, we introduce a new privacy attack which enables adversaries to analyse encrypted LTE/5G traffic and recover any VoLTE/NR call details. We achieve this by implementing a novel mobile-relay adversary which is able to remain undetected by using an improved physical layer parameter guessing procedure. This adversary facilitates the recovery of encrypted configuration messages exchanged between victim devices and the mobile network. We further propose an identity mapping method which enables our mobile-relay adversary to link a victim's network identifiers to the phone number efficiently, requiring a single VoLTE protocol message. We evaluate the real-world performance of our attacks using four modern commercial off-the-shelf phones and two representative, commercial network carriers. We collect over 60 hours of traffic between the phones and the mobile networks and execute 160 VoLTE calls, which we use to successfully identify patterns in the physical layer parameter allocation and in VoLTE traffic, respectively. Our real-world experiments show that our mobile-relay works as expected in all test cases, and the VoLTE activity logs recovered describe the actual communication with 100% accuracy. Finally, we show that we can link network identifiers such as International Mobile Subscriber Identities (IMSI), Subscriber Concealed Identifiers (SUCI) and/or Globally Unique Temporary Identifiers (GUTI) to phone numbers while remaining undetected by the victim.

English Else

Chi-Yu Li,Guan-Hua Tu,chunyi peng,zengwen yuan,yuanjie li,songwu lu,xinbing wang

DOI: https://doi.org/10.1145/2810103.2813618

2015-01-01

Abstract:VoLTE (Voice-over-LTE) is the designated voice solution to the LTE mobile network, and its worldwide deployment is underway. It reshapes call services from the traditional circuit-switched telecom telephony to the packet-switched Internet VoIP. In this work, we conduct the first study on VoLTE security before its full rollout. We discover several vulnerabilities in both its control-plane and data-plane functions, which can be exploited to disrupt both data and voice in operational networks. In particular, we find that the adversary can easily gain free data access, shut down continuing data access, or subdue an ongoing call, etc. We validate these proof-of-concept attacks using commodity smartphones (rooted and unrooted) in two Tier-1 US mobile carriers. Our analysis reveals that, the problems stem from both the device and the network. The device OS and chipset fail to prohibit non-VoLTE apps from accessing and injecting packets into VoLTE control and data planes. The network infrastructure also lacks proper access control and runtime check.

Yuanjie Li,Haotian Deng,Yuanbo Xiangli,Zengwen Yuan,Chunyi Peng,Songwu Lu

DOI: https://doi.org/10.1145/2973750.2985622

2016-01-01

Abstract:We present the demonstration of MOBILEINSIGHT, a software tool that collects, analyzes and exploits runtime information from operational cellular network. MOBILEINSIGHT runs on commercial off-the-shelf phones without extra hardware or additional support from cellular network operators. It exposes cellular protocol messages from the 3G/4G chipset, and performs in-device protocol analysis. We demonstrate the in-device runtime cellular message collection, analysis of the protocol states, visualization of runtime wireless channel and mobility dynamics, and how mobile applications benefit from MOBILEINSIGHT.

Xiang Cheng,Luoyang Fang,Xuemin Hong,Liuqing Yang

DOI: https://doi.org/10.1109/mnet.2017.1500295nm

IF: 10.294

2017-01-01

IEEE Network

Abstract:The worldwide rollout of 4G LTE mobile communication networks has accelerated the proliferation of the mobile Internet and spurred a new wave of mobile applications on smartphones. This new wave has provided mobile operators an enormous opportunity to collect a huge amount of data to monitor the technical and transactional aspects of their networks. Recent research on mobile big data mining have shown its great potential for diverse purposes ranging from improving traffic management, enabling personal and contextual services, to monitoring city dynamics and so on. The mobile big data research has a multi-disciplinary nature that demands distinct knowledge from mobile communications, signal processing, and data mining. The research field of mobile big data has emerged quickly in recent years, but is somewhat fragmented. This article aims to provide an integrated picture of this emerging field to bridge multiple disciplines and hopefully to inspire future research.

Yi-Li Huang,Fang-Yie Leu,Ilsun You,Yao-Kuo Sun,Cheng-Chung Chu

DOI: https://doi.org/10.1007/s11227-013-0958-z

IF: 3.3

2013-06-14

The Journal of Supercomputing

Abstract:In broadband wireless technology, due to having many salient advantages, such as high data rates, quality of service, scalability, security, mobility, etc., LTE-A currently has been one of the trends of wireless system development. This system provides several sophisticated authentication and encryption techniques to enhance its system security. However, LTE-A still suffers from various attacks, like eavesdropping and replay attacks. Therefore, in this paper, we propose a novel security scheme, called the security system for a 4Genvironment (Se4GE for short), which as an LTE-A-based system integrates the RSA and Diffie–Hellman algorithms to solve some of LTE-A’s security drawbacks where LTE-A stands for LTE-Advance which is a 4G system. The Se4GE is an end-to-end ciphertext transfer mechanism which dynamically changes encryption keys to enforce the security of data transmission in an LTE-A system. The Se4GE also produces several logically connected random keys, called the intelligent protection-key chain, which invokes two encryption/decryption techniques to provide users with broader demands for security services. The analytical results show that the Se4GE has higher security level than that of an LTE-A system.

Zengwen Yuan,Yuanjie Li,Chunyi Peng,Songwu Lu,Haotian Deng,Zhaowei Tan,Taqi Raza

DOI: https://doi.org/10.1109/ICCCN.2018.8487371

2018-01-01

Abstract:In this paper, we present our recent work in progress on 4G mobile network analysis. In order to provide an in-depth study on the closed network operations, we advocate a novel approach via two-level, device-centric machine learning that can open up the system behaviors and facilitate fine-grained analysis . We describe our proposed approach, and use the latency analysis on two popular mobile apps (Web browsing and Instant Messaging) to illustrate how our scheme works. We further preliminary results and discuss the open issues.

Xiaojun Jing,Xue Liu,Songlin Sun,Hai Huang

DOI: https://doi.org/10.1109/CCIS.2014.7175826

2014-11-01

Abstract:It is believed that effective communications are important to a successful response to emergency situations. Especially, when a terrorist attack happens, the ability to share multimedia information promptly and directly affects the ability to fight terrorists and save lives. In this paper, a novel network which is based on TD-LTE is designed for counter-terrorism emergency communication in urban area. With the description of the architecture of the TD-LTE CECN, this paper mainly focuses on the process of accessing to the network. Besides, an example of data flow is provided as well as a simulation to prove the performance of this network. At the end of this paper, a political mechanism is discussed to fight terrorists effectively.

Engineering,Computer Science

Jaime Calle‐Sánchez,Mariano Molina‐García,José I. Alonso,Alfonso Fernández‐Durán,Jaime Calle-Sanchez,Mariano Molina-Garcia,Jose I. Alonso,Alfonso Fernandez-Duran

DOI: https://doi.org/10.1002/bltj.21615

2013-09-01

Bell Labs Technical Journal

Abstract:Long Term Evolution (LTE) is considered to be the natural evolution for the current Global System for Mobile Communications–Railways (GSM‐R) in high speed railway environments, not only for its technical advantages and increased performance, but also due to the current evolution of public communication systems. In railway environments, mission critical services, operation assistance services, and passenger services must be supported by reliable mobile communication systems. Reliability and availability are key concerns for railway operators and as a consequence, railway operators are usually conservative adopters of information and communication technologies (ICT). This paper describes the feasibility of LTE as a successor to GSM‐R for new railway mobile communication systems. We identify key features of LTE as a technology and analyze its ability to support both the migration of current railway services and the provisioning of potential future ones. We describe the key challenges to address specific requirements for railway communication services including the provisioning of voice service in LTE networks, handover performance, multicast multimedia transmission, and the provisioning of group communications service and railway emergency calls. © 2013 Alcatel‐Lucent.

Wenfeng Li,Xiaomin Ma,Jun Wu,Kishor S. Trivedi,Xin-Lin Huang,Qingwen Liu

DOI: https://doi.org/10.1109/tvt.2016.2580571

IF: 6.8

2017-01-01

IEEE Transactions on Vehicular Technology

Abstract:In a traffic jam or dense vehicle environment, vehicular ad hoc networks (VANETs) cannot meet the safety requirement due to serious packet collisions. The traditional cellular network solves packet collisions but suffers from long end-to-end delay. Third-Generation Partnership Project (3GPP) Long-Term Evolution (LTE) overcomes both drawbacks; thus, it may be used, instead of VANETs, in some extreme environments. We use Markov models with dynamic scheduling and semipersistent scheduling (SPS) to evaluate how many idle resources of LTE can be provided for safety services and how safety applications impact LTE traditional users. Based on the analysis, we propose to reserve the idle radio resources in LTE for vehicular safety services (LTE-V). Additionally, we propose the weighted-fair-queuing (WFQ) algorithm to schedule beacons for safety services using the LTE reserved resources. Numerical results verify that the proposed mechanism can significantly improve the reliability of safety applications by borrowing limited LTE bandwidth. We also build an NS3 simulation platform to verify the effectiveness of the proposed Markov models. Finally, the reliability of applications, including cooperation collision warning (CCW), slow vehicle indication (SVI), and rear-end collision warning (RCW), using dedicated short-range communication (DSRC) with LTE-V, are evaluated. The simulation results demonstrate that the stringent quality-of-service (QoS) requirement of the aforementioned three applications can be satisfied, even under heavy traffic.

Erwin van de Wiel,Mark Scanlon,Nhien-An Le-Khac

DOI: https://doi.org/10.48550/arXiv.1712.05727

2018-01-27

Abstract:In criminal investigations, telecommunication wiretaps have become a common technique used by law enforcement. While phone-based wiretapping is well documented and the procedure for their execution are well known, the same cannot be said for Internet taps. Lawfully intercepted network traffic often contains a lot of encrypted traffic making it increasingly difficult to find useful information inside the traffic captured. The advent of Internet-of-Things further complicates the process for non-technical investigators. The current level of complexity of intercepted network traffic is close to a point where data cannot be analysed without supervision of a digital investigator with advanced network knowledge. Current investigations focus on analysing all traffic in a chronological manner and are predominately conducted on the data contents of the intercepted traffic. This approach often becomes overly arduous when the amount of data to be analysed becomes very large. In this paper, we propose a novel approach to analyse large amounts of intercepted network traffic based on network metadata. Our approach significantly reduces the duration of the analysis and also produces an insight view of analysing results for the non-technical investigator. We also test our approach with a large sample of network traffic data.

Cryptography and Security,Networking and Internet Architecture

Santu Sardar,Amit K. Mishra,Mohammed Zafar Ali Khan

DOI: https://doi.org/10.1049/iet-rsn.2018.5231

2019-04-16

Abstract:We demonstrated a vehicle detection and classification method based on Long Term Evolution (LTE) communication infrastructure based environment sensing instrument, termed as LTE-CommSense by the authors. This technology is a novel passive sensing system which focuses on the reference signals embedded in the sub-frames of LTE resource grid. It compares the received signal with the expected reference signal, extracts the evaluated channel state information (CSI) and analyzes it to estimate the change in the environment. For vehicle detection and subsequent classification, our setup is similar to a passive radar in forward scattering radar (FSR) mode. Instead of performing the radio frequency (RF) signals directly, we take advantage of the processing that happens in a LTE receiver user equipment (UE). We tap into the channel estimation and equalization block and extract the CSI value. CSI value reflects the property of the communication channel between communication base station (eNodeB) and UE. We use CSI values for with and vehicle and without vehicle case in outdoor open road environment. Being a receiver only system, there is no need for any transmission and related regulations. Therefore, this system is low cost, power efficient and difficult to detect. Also, most of its processing will be done by the existing LTE communication receiver (UE). In this paper, we establish our claim by analyzing field-collected data. Live LTE downlink (DL) signal is captured using modeled LTE UE using software defined radio (SDR). The detection analysis and classification performance shows promising results and ascertains that, LTE-CommSense is capable of detection and classification of different types of vehicles in outdoor road environment.

Networking and Internet Architecture

Aamir Shahzad,René Landry,Malrey Lee,Naixue Xiong,Jongho Lee,Changhoon Lee

DOI: https://doi.org/10.3390/s16060821

2016-06-14

Abstract:Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network.

Cho Soo-hyun,Lee Chang-Kyo,Ko Wan-Jin,Yoon Mahn-Suk,Lee Sung-hun

DOI: https://doi.org/10.1109/ICUFN.2018.8437021

2018-07-01

Abstract:LTE-Railway (LTE-R) is a communication technology that enables immediate and effective response in case of emergencies by providing voice, data, and video services through LTE, a 4th-generation wireless communication technology, optimized for the railway environment. LTE-R, which is currently under development in South Korea, provides the capability to send and receive data for group calls and emergency calls, as well as internal control calls on trains linked to smartphones. However, infrastructure construction and technical services are required to ensure seamless services as well as the quality of service (QoS) in a high-speed moving environment. The Telecommunications Technology Association (TTA) has established the LTE-R wireless communication standard to support these requirements; however, verification of the established data standard is necessary in an actual high-speed rail environment to ensure its reliability. This study measures the QoS through a mobile terminal in the LTE-R infrastructure network constructed by the Korea Railroad Research Institute in a high-speed moving environment (300 km/h to 350 km/h). The measurement results will be used as reference materials for LTE-R construction and research.

Computer Science,Environmental Science,Engineering

Jezabel Molina-Gil,Pino Caballero-Gil,Cándido Caballero-Gil,Amparo Fúster-Sabater

DOI: https://doi.org/10.48550/arXiv.2208.06593

2022-08-13

Cryptography and Security

Abstract:The fourth generation of cell phones, marketed as 4G/LTE (Long-Term Evolution) is being quickly adopted worldwide. Given the mobile and wireless nature of the involved communications, security is crucial. This paper includes both a theoretical study and a practical analysis of the SNOW 3G generator, included in such a standard for protecting confidentiality and integrity. From its implementation and performance evaluation in mobile devices, several conclusions about how to improve its efficiency are obtained.

Gabor Fodor,Stefan Parkvall,Stefano Sorrentino,Pontus Wallentin,Qianxi Lu,Nadia Brahmi

DOI: https://doi.org/10.1109/access.2014.2379938

IF: 3.9

2014-01-01

IEEE Access

Abstract:Device-to-device (D2D) communications have been proposed as an underlay to long-term evolution (LTE) networks as a means of harvesting the proximity, reuse, and hop gains. However, D2D communications can also serve as a technology component for providing public protection and disaster relief (PPDR) and national security and public safety (NSPS) services. In the United States, for example, spectrum has been reserved in the 700-MHz band for an LTE-based public safety network. The key requirement for the evolving broadband PPDR and NSPS services capable systems is to provide access to cellular services when the infrastructure is available and to efficiently support local services even if a subset or all of the network nodes become dysfunctional due to public disaster or emergency situations. This paper reviews some of the key requirements, technology challenges, and solution approaches that must be in place in order to enable LTE networks and, in particular, D2D communications, to meet PPDR and NSPS-related requirements. In particular, we propose a clustering-procedure-based approach to the design of a system that integrates cellular and ad hoc operation modes depending on the availability of infrastructure nodes. System simulations demonstrate the viability of the proposed design. The proposed scheme is currently considered as a technology component of the evolving 5G concept developed by the European 5G research project METIS.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mauro Conti,Qian Qian Li,Alberto Maragno,Riccardo Spolaor

DOI: https://doi.org/10.1109/comst.2018.2843533

2018-01-01

Abstract:In recent years, mobile devices (e.g., smartphones and tablets) have met an increasing commercial success and have become a fundamental element of the everyday life for billions of people all around the world. Mobile devices are used not only for traditional communication activities (e.g., voice calls and messages) but also for more advanced tasks made possible by an enormous amount of multi-purpose applications (e.g., finance, gaming, and shopping). As a result, those devices generate a significant network traffic (a consistent part of the overall Internet traffic). For this reason, the research community has been investigating security and privacy issues that are related to the network traffic generated by mobile devices, which could be analyzed to obtain information useful for a variety of goals (ranging from fine-grained user profiling to device security and network optimization). In this paper, we review the works that contributed to the state of the art of network traffic analysis targeting mobile devices. In particular, we present a systematic classification of the works in the literature according to three criteria: 1) the goal of the analysis; 2) the point where the network traffic is captured; and 3) the targeted mobile platforms. In this survey, we consider points of capturing such as Wi-Fi access points, software simulation, and inside real mobile devices or emulators. For the surveyed works, we review and compare analysis techniques, validation methods, and achieved results. We also discuss possible countermeasures, challenges, and possible directions for future research on mobile traffic analysis and other emerging domains (e.g., Internet of Things). We believe our survey will be a reference work for researchers and practitioners in this research field.

computer science, information systems,telecommunications

Lorenzo Carlà,Romano Fantacci,Francesco Gei,Dania Marabissi,Luigia Micciullo

DOI: https://doi.org/10.48550/arXiv.1501.03613

2015-01-15

Abstract:Currently Public Safety and Security communication systems rely on reliable and secure Professional Mobile Radio (PMR) Networks that are mainly devoted to provide voice services. However, the evolution trend for PMR networks is towards the provision of new value-added multimedia services such as video streaming, in order to improve the situational awareness and enhance the life-saving operations. The challenge here is to exploit the future commercial broadband networks to deliver voice and multimedia services satisfying the PMR service requirements. In particular, a viable solution till now seems that of adapting the new Long Term Evolution technology to provide IP-based broadband services with the security and reliability typical of PMR networks. This paper outlines different alternatives to achieve this goal and, in particular, proposes a proper solution for providing multimedia services with PMR standards over commercial LTE networks.

Networking and Internet Architecture,Multimedia

Ghizlane Orhanou,Said El Hajji,Youssef Bentaleb,Jalal Laassiri

DOI: https://doi.org/10.48550/arXiv.1102.5191

2011-02-25

Abstract:The Long Term Evolution of UMTS is one of the latest steps in an advancing series of mobile telecommunications systems. Many articles have already been published on the LTE subject but these publications have viewed the subject from particular perspectives. In the present paper, a different approach has been taken. We are interested in the security features and the cryptographic algorithms used to ensure confidentiality and integrity of the transmitted data. A closer look is taken to the two EPS confidentiality and integrity algorithms based on the block cipher algorithm AES: the confidentiality algorithm EEA2 and the integrity algorithm EIA2. Furthermore, we focused on the implementation of both algorithms in C language in respect to the specifications requirements. We have tested our implementations according to the testsets given by the 3rd Generation Partnership Project (3GPP) implementation document. Some examples of the implementation tests are presented bellow.

Cryptography and Security

Stig F. Mjølsnes,Ruxandra F. Olimid

DOI: https://doi.org/10.48550/arXiv.1702.04434

2017-02-15

Abstract:IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities (IMSIs) within an area or location within a few seconds of operation and then denies access of subscribers to the commercial network. Moreover, we demonstrate that these attack devices can be easily built and operated using readily available tools and equipment, and without any programming. We describe our experiments and procedures that are based on commercially available hardware and unmodified open source software.

Cryptography and Security

Erol Gelenbe,Gokce Gorbil,Dimitrios Tzovaras,Steffen Liebergeld,David Garcia,Madalina Baltatu,George Lyberopoulos

DOI: https://doi.org/10.48550/arXiv.1307.0687

2013-07-02

Abstract:The growing popularity of smart mobile devices such as smartphones and tablets has made them an attractive target for cyber-criminals, resulting in a rapidly growing and evolving mobile threat as attackers experiment with new business models by targeting mobile users. With the emergence of the first large-scale mobile botnets, the core network has also become vulnerable to distributed denial-of-service attacks such as the signaling attack. Furthermore, complementary access methods such as Wi-Fi and femtocells introduce additional vulnerabilities for the mobile users as well as the core network. In this paper, we present the NEMESYS approach to smart mobile network security. The goal of the NEMESYS project is to develop novel security technologies for seamless service provisioning in the smart mobile ecosystem, and to improve mobile network security through a better understanding of the threat landscape. To this purpose, NEMESYS will collect and analyze information about the nature of cyber-attacks targeting smart mobile devices and the core network so that appropriate counter-measures can be taken. We are developing a data collection infrastructure that incorporates virtualized mobile honeypots and honeyclients in order to gather, detect and provide early warning of mobile attacks and understand the modus operandi of cyber-criminals that target mobile devices. By correlating the extracted information with known attack patterns from wireline networks, we plan to reveal and identify the possible shift in the way that cyber-criminals launch attacks against smart mobile devices.

Networking and Internet Architecture,Cryptography and Security