TY - GEN
T1 - Insecure connection bootstrapping in cellular networks
T2 - 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
AU - Hussain, Syed Rafiul
AU - Echeverria, Mitziu
AU - Singla, Ankush
AU - Chowdhury, Omar
AU - Bertino, Elisa
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/5/15
Y1 - 2019/5/15
N2 - In the cellular ecosystem, base stations act as trusted intermediaries between cellular devices and the core network. During connection bootstrapping, devices currently, however, do not possess any mechanisms to authenticate a base station before connecting to it. This lack of authentication has been shown to be exploitable by adversaries to install fake base stations which can lure unsuspecting devices to connect to them and then launch sophisticated attacks. Despite being a well-known threat to the cellular ecosystem, this weakness is not addressed in the current protocol versions including 5G. The current paper sets out to fill this void by proposing a Public-key infrastructure (PKI) based authentication mechanism which builds on top of the asymmetric cryptography used in 5G and adheres to the relevant deployment constraints. Our proposed authentication scheme leverages precomputation-based digital signature generation algorithms and employs optimizations in three dimensions-PKI scheme-level, protocol-level, and cryptographic scheme-level-to address the trilemma of small signature size, efficient signature generation, and short verification time. Our evaluation on a real testbed indicates that the proposed scheme is not only readily deployable but also performs better than a symmetric keybased scheme (i.e., TESLA) in terms of security guarantee, overhead, and deployment constraints (e.g., backward compatibility).
AB - In the cellular ecosystem, base stations act as trusted intermediaries between cellular devices and the core network. During connection bootstrapping, devices currently, however, do not possess any mechanisms to authenticate a base station before connecting to it. This lack of authentication has been shown to be exploitable by adversaries to install fake base stations which can lure unsuspecting devices to connect to them and then launch sophisticated attacks. Despite being a well-known threat to the cellular ecosystem, this weakness is not addressed in the current protocol versions including 5G. The current paper sets out to fill this void by proposing a Public-key infrastructure (PKI) based authentication mechanism which builds on top of the asymmetric cryptography used in 5G and adheres to the relevant deployment constraints. Our proposed authentication scheme leverages precomputation-based digital signature generation algorithms and employs optimizations in three dimensions-PKI scheme-level, protocol-level, and cryptographic scheme-level-to address the trilemma of small signature size, efficient signature generation, and short verification time. Our evaluation on a real testbed indicates that the proposed scheme is not only readily deployable but also performs better than a symmetric keybased scheme (i.e., TESLA) in terms of security guarantee, overhead, and deployment constraints (e.g., backward compatibility).
UR - http://www.scopus.com/inward/record.url?scp=85066754809&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85066754809&partnerID=8YFLogxK
U2 - 10.1145/3317549.3323402
DO - 10.1145/3317549.3323402
M3 - Conference contribution
AN - SCOPUS:85066754809
T3 - WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
SP - 1
EP - 11
BT - WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
PB - Association for Computing Machinery, Inc
Y2 - 15 May 2019 through 17 May 2019
ER -