Insecure connection bootstrapping in cellular networks: The root of all evil

Syed Rafiul Hussain, Mitziu Echeverria, Ankush Singla, Omar Chowdhury, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

43 Scopus citations

Abstract

In the cellular ecosystem, base stations act as trusted intermediaries between cellular devices and the core network. During connection bootstrapping, devices currently, however, do not possess any mechanisms to authenticate a base station before connecting to it. This lack of authentication has been shown to be exploitable by adversaries to install fake base stations which can lure unsuspecting devices to connect to them and then launch sophisticated attacks. Despite being a well-known threat to the cellular ecosystem, this weakness is not addressed in the current protocol versions including 5G. The current paper sets out to fill this void by proposing a Public-key infrastructure (PKI) based authentication mechanism which builds on top of the asymmetric cryptography used in 5G and adheres to the relevant deployment constraints. Our proposed authentication scheme leverages precomputation-based digital signature generation algorithms and employs optimizations in three dimensions-PKI scheme-level, protocol-level, and cryptographic scheme-level-to address the trilemma of small signature size, efficient signature generation, and short verification time. Our evaluation on a real testbed indicates that the proposed scheme is not only readily deployable but also performs better than a symmetric keybased scheme (i.e., TESLA) in terms of security guarantee, overhead, and deployment constraints (e.g., backward compatibility).

Original languageEnglish (US)
Title of host publicationWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
PublisherAssociation for Computing Machinery, Inc
Pages1-11
Number of pages11
ISBN (Electronic)9781450367264
DOIs
StatePublished - May 15 2019
Event12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 - Miami, United States
Duration: May 15 2019May 17 2019

Publication series

NameWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
Country/TerritoryUnited States
CityMiami
Period5/15/195/17/19

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Insecure connection bootstrapping in cellular networks: The root of all evil'. Together they form a unique fingerprint.

Cite this