On the criticality of integrity protection in 5G fronthaul networks
The modern 5G fronthaul, which connects the base stations to radio units in cellular
networks, is designed to deliver microsecond-level performance guarantees using Ethernet …
networks, is designed to deliver microsecond-level performance guarantees using Ethernet …
The dark side of scale: Insecurity of direct-to-cell satellite mega-constellations
The emergent direct-to-cell Low-Earth Orbit (LEO) satellite mega-constellations promise
ubiquitous LTE/5G access for our commodity phones and IoTs without terrestrial base …
ubiquitous LTE/5G access for our commodity phones and IoTs without terrestrial base …
Enabling Physical Localization of Uncooperative Cellular Devices
In cellular networks, authorities may need to physically locate user devices to track criminals
or illegal equipment. This process involves authorized agents tracing devices by monitoring …
or illegal equipment. This process involves authorized agents tracing devices by monitoring …
{CellDAM}:{User-Space}, Rootless Detection and Mitigation for 5G Data Plane
Despite all deployed security fences in 5G, attacks against its data plane are still feasible. A
smart attacker can fabricate data packets or intelligently forge/drop/modify data-plane …
smart attacker can fabricate data packets or intelligently forge/drop/modify data-plane …
Breaking cellular iot with forged data-plane signaling: Attacks and countermeasure
We devise new attacks exploiting the unprotected data-plane signaling in cellular IoT
networks (aka both NB-IoT and Cat-M). We show that, despite the deployed security …
networks (aka both NB-IoT and Cat-M). We show that, despite the deployed security …
Hybrid RFF Identification for LTE Using Wavelet Coefficient Graph and Differential Spectrum
The growing popularity of 4 G/5 G mobile devices has led to an increase in demand for
wireless security. Radio frequency fingerprint (RFF) technique is an emerging approach for …
wireless security. Radio frequency fingerprint (RFF) technique is an emerging approach for …
Dissecting Operational Cellular IoT Service Security: Attacks and Defenses
More than 150 cellular networks worldwide have rolled out LTE-M (LTE-Machine Type
Communication) and/or NB-IoT (Narrow Band Internet of Things) technologies to support …
Communication) and/or NB-IoT (Narrow Band Internet of Things) technologies to support …
Enabling Uncooperative Physical Localization in Cellular Networks
In cellular networks, authorities may need to physically locate user devices to track criminals
or illegal equipment. This process involves authorized agents tracing devices by monitoring …
or illegal equipment. This process involves authorized agents tracing devices by monitoring …
Sonica: An open-source NB-IoT prototyping platform
In this demo, we describe Sonica, an open-source NB-IoT prototype platform. Both radio
access and core network components are designed and implemented with the features and …
access and core network components are designed and implemented with the features and …
Unprotected 4G/5G Control Procedures at Low Layers Considered Dangerous
Over the years, several security vulnerabilities in the 3GPP cellular systems have been
demonstrated in the literature. Most studies focus on higher layers of the cellular radio stack …
demonstrated in the literature. Most studies focus on higher layers of the cellular radio stack …