In this paper, we investigate the security and privacy
of the three critical procedures of the 4G LTE protocol (i.e.,
attach, detach, and paging), and in the process, uncover potential
design flaws of the protocol and unsafe practices employed by the
stakeholders. For exposing vulnerabilities, we propose a modelbased
testing approach LTEInspector which lazily combines a
symbolic model checker and a cryptographic protocol verifier
in the symbolic attacker model. Using LTEInspector, we have
uncovered 10 new attacks along with 9 prior attacks, categorized
into three abstract classes (i.e., security, user privacy,
and disruption of service), in the three procedures of 4G LTE.
Notable among our findings is the authentication relay attack that
enables an adversary to spoof the location of a legitimate user
to the core network without possessing appropriate credentials.
To ensure that the exposed attacks pose real threats and are
indeed realizable in practice, we have validated 8 of the 10 new
attacks and their accompanying adversarial assumptions through
experimentation in a real testbed.
more »
« less
- Home
- Search Results
- Page 1 of 1
Search for: All records
Creators/Authors contains:
"Chowdhury, O."
-
Total Resources2
- Resource Type
-
20000
- Availability
-
20
- Author / Contributor
- Filter by Author / Creator
-
-
Bertino, E. (2)
-
Chowdhury, O (1)
-
Chowdhury, O. (1)
-
Hussain, S (1)
-
Hussain, S. (1)
-
Mehnaz, S (1)
-
Mehnaz, S. (1)
-
#Tyler Phillips, Kenneth E. (0)
-
#Willis, Ciara (0)
-
& Abreu-Ramos, E. D. (0)
-
& Abramson, C. I. (0)
-
& Abreu-Ramos, E. D. (0)
-
& Adams, S.G. (0)
-
& Ahmed, K. (0)
-
& Ahmed, Khadija. (0)
-
& Akcil-Okan, O. (0)
-
& Akuom, D. (0)
-
& Aleven, V. (0)
-
& Andrews-Larson, C. (0)
-
& Archibald, J. (0)
-
- Filter by Editor
-
-
& Spizer, S. M. (0)
-
& . Spizer, S. (0)
-
& Ahn, J. (0)
-
& Bateiha, S. (0)
-
& Bosch, N. (0)
-
& Brennan K. (0)
-
& Brennan, K. (0)
-
& Chen, B. (0)
-
& Chen, Bodong (0)
-
& Drown, S. (0)
-
& Ferretti, F. (0)
-
& Higgins, A. (0)
-
& J. Peters (0)
-
& Kali, Y. (0)
-
& Ruiz-Arias, P.M. (0)
-
& S. Spitzer (0)
-
& Spitzer, S. (0)
-
& Spitzer, S.M. (0)
-
(submitted - in Review for IEEE ICASSP-2024) (0)
-
- (0)
-
-
Have feedback or suggestions for a way to improve these results?
!
Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
-
Hussain, S ; Chowdhury, O ; Mehnaz, S ; Bertino, E. ( , Network and Distributed Systems Security (NDSS) Symposium 2018)In this paper, we investigate the security and privacy of the three critical procedures of the 4G LTE protocol (i.e., attach, detach, and paging), and in the process, uncover potential design flaws of the protocol and unsafe practices employed by the stakeholders. For exposing vulnerabilities, we propose a model-based testing approach LTEInspector which lazily combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model. Using LTEInspector, we have uncovered 10 new attacks along with 9 prior attacks, categorized into three abstract classes (i.e., security, user privacy, and disruption of service), in the three procedures of 4G LTE. Notable among our findings is the authentication relay attack that enables an adversary to spoof the location of a legitimate user to the core network without possessing appropriate credentials. To ensure that the exposed attacks pose real threats and are indeed realizable in practice, we have validated 8 of the 10 new attacks and their accompanying adversarial assumptions through experimentation in a real testbed.more » « less
Full Text Available