TY - GEN
T1 - LTEInspector
T2 - 25th Annual Network and Distributed System Security Symposium, NDSS 2018
AU - Hussain, Syed Rafiul
AU - Chowdhury, Omar
AU - Mehnaz, Shagufta
AU - Bertino, Elisa
N1 - Publisher Copyright:
© 2018 25th Annual Network and Distributed System Security Symposium, NDSS 2018. All Rights Reserved.
PY - 2018
Y1 - 2018
N2 - In this paper, we investigate the security and privacy of the three critical procedures of the 4G LTE protocol (i.e., attach, detach, and paging), and in the process, uncover potential design flaws of the protocol and unsafe practices employed by the stakeholders. For exposing vulnerabilities, we propose a model-based testing approach LTEInspector which lazily combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model. Using LTEInspector, we have uncovered 10 new attacks along with 9 prior attacks, categorized into three abstract classes (i.e., security, user privacy, and disruption of service), in the three procedures of 4G LTE. Notable among our findings is the authentication relay attack that enables an adversary to spoof the location of a legitimate user to the core network without possessing appropriate credentials. To ensure that the exposed attacks pose real threats and are indeed realizable in practice, we have validated 8 of the 10 new attacks and their accompanying adversarial assumptions through experimentation in a real testbed.
AB - In this paper, we investigate the security and privacy of the three critical procedures of the 4G LTE protocol (i.e., attach, detach, and paging), and in the process, uncover potential design flaws of the protocol and unsafe practices employed by the stakeholders. For exposing vulnerabilities, we propose a model-based testing approach LTEInspector which lazily combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model. Using LTEInspector, we have uncovered 10 new attacks along with 9 prior attacks, categorized into three abstract classes (i.e., security, user privacy, and disruption of service), in the three procedures of 4G LTE. Notable among our findings is the authentication relay attack that enables an adversary to spoof the location of a legitimate user to the core network without possessing appropriate credentials. To ensure that the exposed attacks pose real threats and are indeed realizable in practice, we have validated 8 of the 10 new attacks and their accompanying adversarial assumptions through experimentation in a real testbed.
UR - http://www.scopus.com/inward/record.url?scp=85118534890&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85118534890&partnerID=8YFLogxK
U2 - 10.14722/ndss.2018.23313
DO - 10.14722/ndss.2018.23313
M3 - Conference contribution
AN - SCOPUS:85118534890
T3 - 25th Annual Network and Distributed System Security Symposium, NDSS 2018
BT - 25th Annual Network and Distributed System Security Symposium, NDSS 2018
PB - The Internet Society
Y2 - 18 February 2018 through 21 February 2018
ER -