Mind Your Language(s): A Discussion about Languages and Security

Jaeger, Eric; Levillain, Olivier

doi:10.1109/spw.2014.29

Cited by 4 publications

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another way to reduce implementation bugs is to carefully choose the development framework based on their intrinsic security properties [182], [183]. Additionally, machinereadable protocol specifications and state machines would allow to generate parsers and state machines directly from the specification, cutting out the error-prone human interpretation of the specification.…”

Section: ) Attacksmentioning

confidence: 99%

On Security Research Towards Future Mobile Network Generations

Rupprecht

Dabrowski

Holz

et al. 2018

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existing security and privacy issues as well as already proposed defenses. This paper aims to unify security knowledge on mobile phone networks into a comprehensive overview and to derive pressing open research questions. To achieve this systematically, we develop a methodology that categorizes known attacks by their aim, proposed defenses, underlying causes, and root causes. Further, we assess the impact and the efficacy of each attack and defense. We then apply this methodology to existing literature on attacks and defenses in all three network generations. By doing so, we identify ten causes and four root causes for attacks.Mapping the attacks to proposed defenses and suggestions for the 5G specification enables us to uncover open research questions and challenges for the development of next-generation mobile networks. The problems of unsecured pre-authentication traffic and jamming attacks exist across all three mobile generations. They should be addressed in the future, in particular to wipe out the class of downgrade attacks and, thereby, strengthen the users' privacy. Further advances are needed in the areas of inter-operator protocols as well as secure baseband implementations. Additionally, mitigations against denial-of-service attacks by smart protocol design represent an open research question.

show abstract

Section: ) Attacksmentioning

confidence: 99%