25th USENIX Security Symposium has ended
Back To Schedule
Monday, August 8 • 12:00pm - 12:30pm
Putting LTE Security Functions to the Test: A Framework to Evaluate Implementation Correctness

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Long Term Evolution (LTE) is the most recent generation of mobile communications promising increased transfer rates and enhanced security features. It is todays communication technology for mobile Internet as well as considered for the use in critical infrastructure, making it an attractive target to a wide range of attacks. We evaluate the implementation correctness of LTE security functions that should protect personal data from compromise.

In this paper, we focus on two security aspects: user data encryption and network authentication. We develop a framework to analyze various LTE devices with respect to the implementations of their security-related functions. Using our framework, we identify several security flaws partially violating the LTE specification. In particular, we show that i) an LTE network can enforce to use no encryption and ii) none of the tested devices informs the user when user data is sent unencrypted. Furthermore, we present iii) a Man-in-the-Middle (MitM) attack against an LTE device that does not fulfill the network authentication requirements. The discovered security flaws undermine the data protection objective of LTE and represent a threat to the users of mobile communication. We outline several countermeasures to cope with these vulnerabilities and make proposals for a long-term solution.

avatar for Christina Pöpper

Christina Pöpper

Wireless security, aviation security, cellular network security and the spaces aroundUAE, camels, and traveling in pandemic times

Monday August 8, 2016 12:00pm - 12:30pm PDT
Texas Ballroom 1

Attendees (3)