ProChecker: An automated security and privacy analysis framework for 4G LTE protocol implementations

Imtiaz Karim, Syed Rafiul Hussain, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

24 Scopus citations

Abstract

Cellular protocol implementations must comply with the specifications, and the security and privacy requirements. These implementations, however, often deviate from the security and privacy requirements due to under specifications in cellular standards, inherent protocol complexities, and design flaws inducing logical vulnerabilities. Detecting such logical vulnerabilities in the complex and stateful 4G LTE protocol is challenging due to operational dependencies on internal-states, and intertwined complex protocol interactions among multiple participants. In this paper, we address these challenges and develop ProChecker which- (1) extracts a precise semantic model as a finite-state machine of the implementation by combining dynamic testing with static instrumentation, and (2) verifies the properties against the extracted model by combining a symbolic model checker and a cryptographic protocol verifier. We demonstrate the effectiveness of ProChecker by evaluating it on a closed-source and two of the most popular open-source 4G LTE control-plane protocol implementations with 62 properties. ProChecker unveiled 3 new protocol-specific logical attacks, 6 implementation issues, and detected 14 prior attacks. The impact of the attacks range from denial-of-service, broken integrity, encryption, and replay protection to privacy leakage.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE 41st International Conference on Distributed Computing Systems, ICDCS 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages773-785
Number of pages13
ISBN (Electronic)9781665445139
DOIs
StatePublished - Jul 2021
Event41st IEEE International Conference on Distributed Computing Systems, ICDCS 2021 - Virtual, Washington, United States
Duration: Jul 7 2021Jul 10 2021

Publication series

NameProceedings - International Conference on Distributed Computing Systems
Volume2021-July

Conference

Conference41st IEEE International Conference on Distributed Computing Systems, ICDCS 2021
Country/TerritoryUnited States
CityVirtual, Washington
Period7/7/217/10/21

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'ProChecker: An automated security and privacy analysis framework for 4G LTE protocol implementations'. Together they form a unique fingerprint.

Cite this