[UCI-Calit2] 2/16 Seminar by Roger Piqueras Jover

Shelly Nazarenus snaz at calit2.uci.edu
Mon Feb 13 09:56:43 PST 2017






Title: LTE security, protocol exploits and location tracking

experimentation with low-cost software radio



Speaker: Roger Piqueras Jover



Date: Feb. 16, 2017, Thu.



Time: 11:00 AM



Venue: Harut Barsamian Colloquia (Engineering Hall 2430, Samueli School of Engineering, UC Irvine



ABSTRACT



The security flaws of legacy GSM networks, which lack of mutual

authentication and implement an outdated encryption algorithm, are well

understood among the technology community. Moreover, until now, the main

cellular vulnerabilities being discovered and exploited in the mobile

security research field were based on 2G base stations and GSM open

source implementations. The Long Term Evolution (LTE) is the newest

standard being deployed globally for mobile communications, and is

generally considered secure. LTE's mutual authentication and strong

encryption schemes result in the false assumption that LTE networks are

not vulnerable to, for example, rogue base stations, IMSI catchers and

protocol exploits. However, these threats are also possible in LTE.

Before the authentication and encryption steps of an LTE connection are

executed, a mobile device engages in a substantial exchange of

unprotected messages with *any* LTE base station (real or rogue) that

advertises itself with the right broadcast information. Eavesdropping or

spoofing these messages can be leveraged to implement a long list of

exploits to which all LTE mobile devices are vulnerable. This talk will

demonstrate how to eavesdrop LTE base station broadcast messages, and

how to implement full-LTE IMSI catchers and other LTE protocol exploits,

such as blocking SIMs and devices. Details will be provided as well on a

previously unknown technique to track the location of mobile devices as

the connection moves from tower to tower. We will discuss as well the

necessary toolset to implement these and other exploits, which are

possible with simply $1.5k worth of off-the-shelf hardware and some

modifications of the code of widely available LTE open source

implementations.



SPEAKER'S BIOGRAPHY



Roger Piqueras Jover is a Wireless Security Research Scientist at the

CTO Security Architecture team of Bloomberg LP, where he leads the

projects on mobile/wireless security. He is also actively involved in

hardware and network security, big data analysis and anomaly detection.

Previous to Bloomberg, he spent 5 years at the AT&T Security Research

Center leading projects on LTE mobile network security. He holds a

Dipl.-Ing. in Telecommunications Engineering from the Universitat

Politecnica de Catalunya (UPC Barcelona), a Master's in Electrical and

Computer Engineering from UC Irvine and a Master's/MPhil (EBD) in

Electrical Engineering from Columbia University. Roger's research

interests are in the area of mobile and wireless communications,

resource allocation, new network architectures and technologies for 5G

and security for wireless networks. In his spare time, he actively works

in identifying, implementing on software-radio and proposing solutions

to PHY layer threats, rogue base stations and protocol exploits against

LTE cellular networks.








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://maillists.uci.edu/pipermail/uci-calit2/attachments/20170213/b6a74fbb/attachment.html>


More information about the UCI-Calit2 mailing list