Search for: All records

The cellular network offers a ubiquitous emergency call service with its pervasive coverage. In the United States, it can be consumed by dialing 911 for cellular users, and the emergency call is forwarded to the public safety answer point (PSAP), which handles emergency service requests. According to regulatory authority requirements [1,2,3] for cellular emergency services, anonymous user equipment (UE) is allowed to access them without a SIM (Subscriber Identity Module) card, a valid mobile subscription, or a roaming agreement with the visited cellular network. Such support of the cellular emergency services requires different operations from conventional cellular services, thereby increasing the attack surface of the cellular infrastructure.

 

More than 150 cellular networks worldwide have rolled out LTE-M (LTE-Machine Type Communication) and/or NB-IoT (Narrow Band Internet of Things) technologies to support massive IoT services such as smart metering and environmental monitoring. Such cellular IoT services share the existing cellular network architecture with non-IoT (e.g., smartphone) ones. When they are newly integrated into the cellular network, new security vulnerabilities may happen from imprudent integration. In this work, we explore the security vulnerabilities of the cellular IoT from both system-integrated and service-integrated aspects. We discover several vulnerabilities spanning cellular standard design defects, network operation slips, and IoT device implementation flaws. Threateningly, they allow an adversary to remotely identify IP addresses and phone numbers assigned to cellular IoT devices, interrupt their power saving services, and launch various attacks, including data/text spamming, battery draining, device hibernation against them. We validate these vulnerabilities over five major cellular IoT carriers in the U.S. and Taiwan using their certified cellular IoT devices. The attack evaluation result shows that the adversary can raise an IoT data bill by up to $226 with less than 120 MB spam traffic, increase an IoT text bill at a rate of $5 per second, and prevent an IoT device from entering/leaving power saving mode; moreover, cellular IoT devices may suffer from denial of IoT services. We finally propose, prototype, and evaluate recommended solutions. 

Cellular networks that offer ubiquitous connectivity have been the major medium for delivering emergency services. In the U.S., mobile users can dial an emergency call with 911 for emergency uses in cellular networks, and the call can be forwarded to public safety answer points (PSAPs), which deal with emergency service requests. According to regulatory authority requirements for the cellular emergency services, anonymous user equipment (UE), which does not have a SIM (Subscriber Identity Module) card or a valid mobile subscription, is allowed to access them. Such support of emergency services for anonymous UEs requires different operations from conventional cellular services, and can therefore increase the attack surface of the cellular infrastructure. In this work, we are thus motivated to study the insecurity of the cellular emergency services and then discover four security vulnerabilities from them. Threateningly, they can be exploited to launch not only free data service attacks against cellular carriers, but also data DoS/overcharge and denial of cellular emergency service (DoCES) attacks against mobile users. All vulnerabilities and attacks have been validated experimentally as practical security issues in the networks of three major U.S. carriers. We finally propose and prototype standard-compliant remedies to mitigate the vulnerabilities. 

It is shown that for any positive integer \begin{document}$ n \ge 3 $\end{document}, there is a stable irreducible \begin{document}$ n\times n $\end{document} matrix \begin{document}$ A $\end{document} with \begin{document}$ 2n+1-\lfloor\frac{n}{3}\rfloor $\end{document} nonzero entries exhibiting Turing instability. Moreover, when \begin{document}$ n = 3 $\end{document}, the result is best possible, i.e., every \begin{document}$ 3\times 3 $\end{document} stable matrix with five or fewer nonzero entries will not exhibit Turing instability. Furthermore, we determine all possible \begin{document}$ 3\times 3 $\end{document} irreducible sign pattern matrices with 6 nonzero entries which can be realized by a matrix \begin{document}$ A $\end{document} that exhibits Turing instability.

 

We prove two new results on the K K -polystability of Q \mathbb {Q} -Fano varieties based on purely algebro-geometric arguments. The first one says that any K K -semistable log Fano cone has a special degeneration to a uniquely determined K K -polystable log Fano cone. As a corollary, we combine it with the differential-geometric results to complete the proof of Donaldson-Sun’s conjecture which says that the metric tangent cone of any point appearing on a Gromov-Hausdorff limit of Kähler-Einstein Fano manifolds depends only on the algebraic structure of the singularity. The second result says that for any log Fano variety with the torus action, K K -polystability is equivalent to equivariant K K -polystability, that is, to check K K -polystability, it is sufficient to check special test configurations which are equivariant under the torus action.