Wireless networks constitute a significant attack vector for adversaries due to their wide usage in our everyday life. As the fifth generation of wireless networks reaches maturity, several vulnerabilities affecting earlier generations have been resolved. Nevertheless the coexistence of legacy wireless technologies is giving rise to the risk of allowing adversaries to perform downgrade attacks, thus bypassing the improved security of the state-of-the-art communication networks. Vulnerabilities due to the trade-off between security and usability could also exist in the latest wireless networking technologies; hence mobile network operators need to be aware of the risks related to both protocol vulnerabilities and configuration defects. The paper proposes a methodology for the systematic identification of vulnerabilities associated with wireless access protocols and systems and the quantitative evaluation of the resulting risks for mobile operators using attack trees and based on the current legislative frameworks. The proposed methodology has been designed to aid both, mobile operators towards planning more effective cybersecurity strategies and adopt efficient defences to minimise the probability of an attack and predict its impact on the operational, market and business aspects of mobile network operators. The proposed risk assessment analysis is evaluated over three distinct vertical scenarios, namely an emergency call, a high-speed train commute and a massive public event, with the most relevant threats and their impact being measured and discussed. The evaluation of the model revealed significant results for mobile network operators that are deploying a mix of legacy and state of the art cellular technologies.
Service providers, 5G network operators and, more generally, vertical industries face today a dangerous shortage of highly skilled cybersecurity experts. Along with the escalation and growing sophistication of cyber-attacks, 5G networks require the training of skilled and highly competent cyber forces. To meet these requirements, the SPIDER cyber range focuses specifically on 5G, and is based on three pillars, (i) cyber security assessment, (ii) training cyber security teams to defend against complex cyber-attack scenarios, and (iii) evaluation of cyber risk. The SPIDER cyber range replicates a customized 5G network, enabling the execution of cyber-exercises that take advantage of hands-on interaction in real time, the sharing of information between participants, and the gathering of feedback from network equipment, as well as the development and adaptation of advanced operational procedures. This aims to help 5G security professionals improve their ability to collaboratively manage and predict security incidents, complex attacks, and propagated vulnerabilities. The SPIDER cyber range is validated in two relevant use case scenarios aimed at demonstrating, in a realistic, measurable, and replicable way the transformations SPIDER will bring to the cybersecurity industry.
This paper performs a forensic investigation to a set of Android mobile applications aiming at discovering sensitive information related to the owner of the mobile device. These applications were chosen based on the fact that: i) they are very popular on Google Play Store, ii) they handle sensitive personal information, iii) they have not been researched by previous works and iv) they are free to download and install. The three chosen applications belong to the following categories: bank, mobile network carrier and public transport. The evaluation of the security of the applications was performed using two techniques: code and disk analysis, as followed in the literature. Based on our findings we derive the conclusion that these applications despite their criticality have failed to incorporate security techniques to protect user's sensitive data and a forensic analysis can reveal crucial and significant information from a forensics point of view.
Cyber ranges are proven to be effective towards the direction of cyber security training. Nevertheless, the existing literature in the area of cyber ranges does not cover, to our best knowledge, the field of 5G security training. 5G networks, though, reprise a significant field for modern cyber security, introducing a novel threat landscape. In parallel, the demand for skilled cyber security specialists is high and still rising. Therefore, it is of utmost importance to provide all means to experts aiming to increase their preparedness level in the case of an unwanted event. The EU funded SPIDER project proposes an innovative Cyber Range as a Service (CRaaS) platform for 5G cyber security testing and training. This paper aims to present the evaluation framework, followed by SPIDER, for the extraction of the user requirements. To validate the defined user requirements, SPIDER leveraged of questionnaires which included both closed and open format questions and were circulated among the personnel of telecommunication providers, vendors, security service providers, managers, engineers, cyber security personnel and researchers. Here, we demonstrate a selected set of the most critical questions and responses received. From the conducted analysis we reach to some important conclusions regarding 5G testing and training capabilities that should be offered by a cyber range, in addition to the analysis of the different perceptions between cyber security and 5G experts.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.