[UCI-Calit2] 2/16 Seminar by Roger Piqueras Jover
Shelly Nazarenus
snaz at calit2.uci.edu
Mon Feb 13 09:56:43 PST 2017
Title: LTE security, protocol exploits and location tracking
experimentation with low-cost software radio
Speaker: Roger Piqueras Jover
Date: Feb. 16, 2017, Thu.
Time: 11:00 AM
Venue: Harut Barsamian Colloquia (Engineering Hall 2430, Samueli School of Engineering, UC Irvine
ABSTRACT
The security flaws of legacy GSM networks, which lack of mutual
authentication and implement an outdated encryption algorithm, are well
understood among the technology community. Moreover, until now, the main
cellular vulnerabilities being discovered and exploited in the mobile
security research field were based on 2G base stations and GSM open
source implementations. The Long Term Evolution (LTE) is the newest
standard being deployed globally for mobile communications, and is
generally considered secure. LTE's mutual authentication and strong
encryption schemes result in the false assumption that LTE networks are
not vulnerable to, for example, rogue base stations, IMSI catchers and
protocol exploits. However, these threats are also possible in LTE.
Before the authentication and encryption steps of an LTE connection are
executed, a mobile device engages in a substantial exchange of
unprotected messages with *any* LTE base station (real or rogue) that
advertises itself with the right broadcast information. Eavesdropping or
spoofing these messages can be leveraged to implement a long list of
exploits to which all LTE mobile devices are vulnerable. This talk will
demonstrate how to eavesdrop LTE base station broadcast messages, and
how to implement full-LTE IMSI catchers and other LTE protocol exploits,
such as blocking SIMs and devices. Details will be provided as well on a
previously unknown technique to track the location of mobile devices as
the connection moves from tower to tower. We will discuss as well the
necessary toolset to implement these and other exploits, which are
possible with simply $1.5k worth of off-the-shelf hardware and some
modifications of the code of widely available LTE open source
implementations.
SPEAKER'S BIOGRAPHY
Roger Piqueras Jover is a Wireless Security Research Scientist at the
CTO Security Architecture team of Bloomberg LP, where he leads the
projects on mobile/wireless security. He is also actively involved in
hardware and network security, big data analysis and anomaly detection.
Previous to Bloomberg, he spent 5 years at the AT&T Security Research
Center leading projects on LTE mobile network security. He holds a
Dipl.-Ing. in Telecommunications Engineering from the Universitat
Politecnica de Catalunya (UPC Barcelona), a Master's in Electrical and
Computer Engineering from UC Irvine and a Master's/MPhil (EBD) in
Electrical Engineering from Columbia University. Roger's research
interests are in the area of mobile and wireless communications,
resource allocation, new network architectures and technologies for 5G
and security for wireless networks. In his spare time, he actively works
in identifying, implementing on software-radio and proposing solutions
to PHY layer threats, rogue base stations and protocol exploits against
LTE cellular networks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://maillists.uci.edu/pipermail/uci-calit2/attachments/20170213/b6a74fbb/attachment.html>
More information about the UCI-Calit2
mailing list