Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
Taming the Insecurity of Cellular Emergency Services (9-1-1): From Vulnerabilities to Secure DesignsFree, publicly-accessible full text available January 1, 2025
-
Carrier aggregation (CA) is an important component technology in 5G and beyond. It aggregates multiple spectrum fragments to serve a mobile device. However, the current CA suffers under both high mobility and increased spectrum space. The limitations are rooted in its sequential, cell-by-cell operations. In this work, we propose CA++, which departs from the current paradigm and explores a group-based design scheme. We thus propose new algorithms that enable concurrent channel inference by measuring one or few cells but inferring all, while minimizing measurement cost via set cover approximations. Our evaluations have confirmed the effectiveness of CA++. Our solution can also be adapted to fit in the current 5G OFDM PHY and the 3GPP framework.more » « less
-
The cellular network offers a ubiquitous emergency call service with its pervasive coverage. In the United States, it can be consumed by dialing 911 for cellular users, and the emergency call is forwarded to the public safety answer point (PSAP), which handles emergency service requests. According to regulatory authority requirements [1,2,3] for cellular emergency services, anonymous user equipment (UE) is allowed to access them without a SIM (Subscriber Identity Module) card, a valid mobile subscription, or a roaming agreement with the visited cellular network. Such support of the cellular emergency services requires different operations from conventional cellular services, thereby increasing the attack surface of the cellular infrastructure.
-
We design and implement LDRP , a device-based, standard-compliant solution to latency diagnosis and reduction in mobile networks without root privilege. LDRP takes a data-driven approach and works with a variety of latency-sensitive applications. After identifying elements in LTE uplink latency, we design LDRP that can infer the critical parameter used in data transmission and infer them for diagnosis. In addition, LDRP designates small dummy messages, which precede uplink data transmissions, thus eliminating latency elements due to power-saving, scheduling, etc. It imposes proper timing control among dummy messages and data packets to handle various conflicts. We achieve the latency diagnosis and reduction without requiring root privilege and ensure the latency is no worse than the legacy LTE design. The design of LDRP is also applicable for 5 G. The evaluation shows that, LDRP infers the latency with at most 4% error and reduces the median LTE uplink latency by a factor up to 7.4× (from 42 to 5 ms) for four apps over 4 mobile carriers.more » « less
-
The wireless signal propagates via multipath arising from different reflections and penetration between a transmitter and receiver. Extracting multipath profiles (e.g., delay and Doppler along each path) from received signals enables many important applications, such as channel prediction and crossband channel estimation (i.e., estimating the channel on a different frequency). The benefit of multipath estimation further increases with mobility since the channel in that case is less stable and more important to track. Yet high-speed mobility poses significant challenges to multipath estimation. In this paper, instead of using time-frequency domain channel representation, we leverage the delay-Doppler domain representation to accurately extract and predict multipath properties. Specifically, we use impulses in the delay-Doppler domain as pilots to estimate the multipath parameters and apply the multipath information to predicting wireless channels as an example application. Our design rationale is that mobility is more predictable than the wireless channel since mobility has inertial while the wireless channel is the outcome of a complicated interaction between mobility, multipath, and noise. We evaluate our approach via both acoustic and RF experiments, including vehicular experiments using USRP. Our results show that the estimated multipath matches the ground truth, and the resulting channel prediction is more accurate than the traditional channel prediction schemes.more » « less
-
Cellular networks that offer ubiquitous connectivity have been the major medium for delivering emergency services. In the U.S., mobile users can dial an emergency call with 911 for emergency uses in cellular networks, and the call can be forwarded to public safety answer points (PSAPs), which deal with emergency service requests. According to regulatory authority requirements for the cellular emergency services, anonymous user equipment (UE), which does not have a SIM (Subscriber Identity Module) card or a valid mobile subscription, is allowed to access them. Such support of emergency services for anonymous UEs requires different operations from conventional cellular services, and can therefore increase the attack surface of the cellular infrastructure. In this work, we are thus motivated to study the insecurity of the cellular emergency services and then discover four security vulnerabilities from them. Threateningly, they can be exploited to launch not only free data service attacks against cellular carriers, but also data DoS/overcharge and denial of cellular emergency service (DoCES) attacks against mobile users. All vulnerabilities and attacks have been validated experimentally as practical security issues in the networks of three major U.S. carriers. We finally propose and prototype standard-compliant remedies to mitigate the vulnerabilities.more » « less