7 research outputs found
Nori: Concealing the Concealed Identifier in 5G
IMSI catchers have been a long standing and serious privacy problem in pre-5G
mobile networks. To tackle this, 3GPP introduced the Subscription Concealed
Identifier (SUCI) and other countermeasures in 5G. In this paper, we analyze
the new SUCI mechanism and discover that it provides very poor anonymity when
used with the variable length Network Specific Identifiers (NSI), which are
part of the 5G standard. When applied to real-world name length data, we see
that SUCI only provides 1-anonymity, meaning that individual subscribers can
easily be identified and tracked. We strongly recommend 3GPP and GSMA to
standardize and recommend the use of a padding mechanism for SUCI before
variable length identifiers get more commonly used. We further show that the
padding schemes, commonly used for network traffic, are not optimal for padding
of identifiers based on real names. We propose a new improved padding scheme
that achieves much less message expansion for a given -anonymity.Comment: 9 pages, 8 figures, 1 tabl
Applying Machine Learning on RSRP-based Features for False Base Station Detection
False base stations -- IMSI catchers, Stingrays -- are devices that
impersonate legitimate base stations, as a part of malicious activities like
unauthorized surveillance or communication sabotage. Detecting them on the
network side using 3GPP standardized measurement reports is a promising
technique. While applying predetermined detection rules works well when an
attacker operates a false base station with an illegitimate Physical Cell
Identifiers (PCI), the detection will produce false negatives when a more
resourceful attacker operates the false base station with one of the legitimate
PCIs obtained by scanning the neighborhood first. In this paper, we show how
Machine Learning (ML) can be applied to alleviate such false negatives. We
demonstrate our approach by conducting experiments in a simulation setup using
the ns-3 LTE module. We propose three robust ML features (COL, DIST, XY) based
on Reference Signal Received Power (RSRP) contained in measurement reports and
cell locations. We evaluate four ML models (Regression Clustering, Anomaly
Detection Forest, Autoencoder, and RCGAN) and show that several of them have a
high precision in detection even when the false base station is using a
legitimate PCI. In our experiments with a layout of 12 cells, where one cell
acts as a moving false cell, between 75-95\% of the false positions are
detected by the best model at a cost of 0.5\% false positives.Comment: 9 pages,5 figure, 3 tables, 2 algorithm
Evaluation of VoIP Security for Mobile Devices
Market research reports by In-Stat, Gartner, and the Swedish Post and Telecom Agency (PTS) reveal a growing worldwide demand for Voice over IP (VoIP) and smartphones. This trend is expected to continue over the coming years and there is wide scope for mobile VoIP solutions. Nevertheless, with this growth in VoIP adoption come challenges related with quality of service and security. Most consumer VoIP solution, even in PCs, analog telephony adapters, and home gateways, do not yet support media encryption and other forms of security. VoIP applications based on mobile platforms are even further behind in adopting media security due to a (mis-)perception of more limited resources. This thesis explores the alternatives and feasibility of achieving VoIP security for mobile devices in the realm of the IP Multimedia Subsystem (IMS)
A security architecture for 5G networks
5G networks will provide opportunities for the creation of new services, for new business models, and for new players to enter the mobile market. The networks will support efficient and cost-effective launch of a multitude of services, tailored for different vertical markets having varying service and security requirements, and involving a large number of actors. Key technology concepts are network slicing and network softwarisation, including network function virtualisation and software-defined networking. The presented security architecture builds upon concepts from the 3G and 4G security architectures but extends and enhances them to cover the new 5G environment. It comprises a toolbox for security relevant modelling of the systems, a set of security design principles, and a set of security functions and mechanisms to implement the security controls needed to achieve stated security objectives. In a smart city use case setting, we illustrate its utility; we examine the high-level security aspects stemming from the deployment of large numbers of IoT devices and network softwarisation