TY - GEN
T1 - PHOENIX
T2 - 28th Annual Network and Distributed System Security Symposium, NDSS 2021
AU - Echeverria, Mitziu
AU - Ahmed, Zeeshan
AU - Wang, Bincheng
AU - Arif, M. Fareed
AU - Hussain, Syed Rafiul
AU - Chowdhury, Omar
N1 - Publisher Copyright:
© 2021 28th Annual Network and Distributed System Security Symposium, NDSS 2021. All Rights Reserved.
PY - 2021
Y1 - 2021
N2 - End-user-devices in the current cellular ecosystem are prone to many different vulnerabilities across different generations and protocol layers. Fixing these vulnerabilities retrospectively can be expensive, challenging, or just infeasible. A pragmatic approach for dealing with such a diverse set of vulnerabilities would be to identify attack attempts at runtime on the device side, and thwart them with mitigating and corrective actions. Towards this goal, in the paper we propose a general and extendable approach called PHOENIX for identifying n-day cellular network control-plane vulnerabilities as well as dangerous practices of network operators from the device vantage point. PHOENIX monitors the device-side cellular network traffic for performing signature-based unexpected behavior detection through lightweight runtime verification techniques. Signatures in PHOENIX can be manually-crafted by a cellular network security expert or can be automatically synthesized using an optional component of PHOENIX, which reduces the signature synthesis problem to the language learning from the informant problem. Based on the corrective actions that are available to PHOENIX when an undesired behavior is detected, different instantiations of PHOENIX are possible: a full-fledged defense when deployed inside a baseband processor; a user warning system when deployed as a mobile application; a probe for identifying attacks in the wild. One such instantiation of PHOENIX was able to identify all 15 representative n-day vulnerabilities and unsafe practices of 4G LTE networks considered in our evaluation with a high packet processing speed (∼68000 packets/second) while inducing only a moderate amount of energy overhead (∼4mW).
AB - End-user-devices in the current cellular ecosystem are prone to many different vulnerabilities across different generations and protocol layers. Fixing these vulnerabilities retrospectively can be expensive, challenging, or just infeasible. A pragmatic approach for dealing with such a diverse set of vulnerabilities would be to identify attack attempts at runtime on the device side, and thwart them with mitigating and corrective actions. Towards this goal, in the paper we propose a general and extendable approach called PHOENIX for identifying n-day cellular network control-plane vulnerabilities as well as dangerous practices of network operators from the device vantage point. PHOENIX monitors the device-side cellular network traffic for performing signature-based unexpected behavior detection through lightweight runtime verification techniques. Signatures in PHOENIX can be manually-crafted by a cellular network security expert or can be automatically synthesized using an optional component of PHOENIX, which reduces the signature synthesis problem to the language learning from the informant problem. Based on the corrective actions that are available to PHOENIX when an undesired behavior is detected, different instantiations of PHOENIX are possible: a full-fledged defense when deployed inside a baseband processor; a user warning system when deployed as a mobile application; a probe for identifying attacks in the wild. One such instantiation of PHOENIX was able to identify all 15 representative n-day vulnerabilities and unsafe practices of 4G LTE networks considered in our evaluation with a high packet processing speed (∼68000 packets/second) while inducing only a moderate amount of energy overhead (∼4mW).
UR - http://www.scopus.com/inward/record.url?scp=85159807846&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85159807846&partnerID=8YFLogxK
U2 - 10.14722/ndss.2021.24390
DO - 10.14722/ndss.2021.24390
M3 - Conference contribution
AN - SCOPUS:85159807846
T3 - 28th Annual Network and Distributed System Security Symposium, NDSS 2021
BT - 28th Annual Network and Distributed System Security Symposium, NDSS 2021
PB - The Internet Society
Y2 - 21 February 2021 through 25 February 2021
ER -