2019 IEEE Symposium on Security and Privacy (SP) 2019
DOI: 10.1109/sp.2019.00038
|View full text |Cite
|
Sign up to set email alerts
|

Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane

Abstract: This paper presents our extensive investigation of the security aspects of control plane procedures based on dynamic testing of the control components in operational Long Term Evolution (LTE) networks. For dynamic testing in LTE networks, we implemented a semi-automated testing tool, named LTEFuzz, by using open-source LTE software over which the user has full control. We systematically generated test cases by defining three basic security properties by closely analyzing the standards. Based on the security pr… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
95
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 89 publications
(96 citation statements)
references
References 20 publications
1
95
0
Order By: Relevance
“…Vulnerabilities in network security may also enable UEs to gain access to ML functions, which do not utilize inputs directly from UEs. For instance, part of 5G and 4G access network communication is unprotected [81], [82]. This vulnerability enables man-in-the-middle attacks in 4G.…”
Section: ) Attack Vectors In 5gmentioning
confidence: 99%
“…Vulnerabilities in network security may also enable UEs to gain access to ML functions, which do not utilize inputs directly from UEs. For instance, part of 5G and 4G access network communication is unprotected [81], [82]. This vulnerability enables man-in-the-middle attacks in 4G.…”
Section: ) Attack Vectors In 5gmentioning
confidence: 99%
“…Therefore, one building block of LTE security is the correct implementation and, hence, is target to different analysis methodologies. Kim et al [29] introduce a semi-automatic tool for analyzing the behavior of equipment with the input of malicious data. By doing so, they discover vulnerabilities, including SMS spoofing attacks or an AKA bypass allowing to eavesdrop data sessions.…”
Section: Related Workmentioning
confidence: 99%
“…Unfortunately, this work was limited to two phones and does not capture the whole baseband space. Work similar to SPIKERXG [11] LTE implementations [2,4,9] typically focus on the protocol state machine level and may not capture all classes of implementation flaws or speak to exploitability. The most similar approach to SPIKERXG [1] creates an emulated environment for device testing but does not discuss the root causes of the issues found.…”
Section: Background and Related Workmentioning
confidence: 99%