ProChecker: An automated security and privacy analysis framework for 4G LTE protocol implementations

Imtiaz Karim, Syed Rafiul Hussain, Elisa Bertino

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    14 Scopus citations

    Abstract

    Cellular protocol implementations must comply with the specifications, and the security and privacy requirements. These implementations, however, often deviate from the security and privacy requirements due to under specifications in cellular standards, inherent protocol complexities, and design flaws inducing logical vulnerabilities. Detecting such logical vulnerabilities in the complex and stateful 4G LTE protocol is challenging due to operational dependencies on internal-states, and intertwined complex protocol interactions among multiple participants. In this paper, we address these challenges and develop ProChecker which- (1) extracts a precise semantic model as a finite-state machine of the implementation by combining dynamic testing with static instrumentation, and (2) verifies the properties against the extracted model by combining a symbolic model checker and a cryptographic protocol verifier. We demonstrate the effectiveness of ProChecker by evaluating it on a closed-source and two of the most popular open-source 4G LTE control-plane protocol implementations with 62 properties. ProChecker unveiled 3 new protocol-specific logical attacks, 6 implementation issues, and detected 14 prior attacks. The impact of the attacks range from denial-of-service, broken integrity, encryption, and replay protection to privacy leakage.

    Original languageEnglish (US)
    Title of host publicationProceedings - 2021 IEEE 41st International Conference on Distributed Computing Systems, ICDCS 2021
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages773-785
    Number of pages13
    ISBN (Electronic)9781665445139
    DOIs
    StatePublished - Jul 2021
    Event41st IEEE International Conference on Distributed Computing Systems, ICDCS 2021 - Virtual, Washington, United States
    Duration: Jul 7 2021Jul 10 2021

    Publication series

    NameProceedings - International Conference on Distributed Computing Systems
    Volume2021-July

    Conference

    Conference41st IEEE International Conference on Distributed Computing Systems, ICDCS 2021
    Country/TerritoryUnited States
    CityVirtual, Washington
    Period7/7/217/10/21

    All Science Journal Classification (ASJC) codes

    • Software
    • Hardware and Architecture
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'ProChecker: An automated security and privacy analysis framework for 4G LTE protocol implementations'. Together they form a unique fingerprint.

    Cite this