LTE security disabled-misconfiguration in commercial networks

Merlin Chlosta, David Rupprecht, Thorsten Holz, Christina Pöpper

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Long Term Evolution (LTE) is the de-facto standard for mobile communication. It provides effective security features but leaves room for misunderstandings in its configuration and implementation. In particular, providers face difficulties when maintaining network configurations. In this paper, we analyze the security configuration of commercial LTE networks. We enhance the open baseband srsLTE with support for commercial networks and perform a subsequent analysis. In more detail, we test the security algorithm selection in a total of twelve LTE networks in five European countries.We expose four misconfigured networks and multiple cases of implementation issues. Three insecure networks fail to enforce integrity protection and encryption, which enables an adversary to impersonate victims towards the network. We provide a proof-of-concept attack in a live network, where the adversary obtains an IP address at the victim's cost. Our work is an appeal to security as a holistic state, which requires not only secure specifications but also secure configurations.

Original languageEnglish (US)
Title of host publicationWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
PublisherAssociation for Computing Machinery, Inc
Pages261-266
Number of pages6
ISBN (Electronic)9781450367264
DOIs
StatePublished - May 15 2019
Event12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 - Miami, United States
Duration: May 15 2019May 17 2019

Publication series

NameWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
CountryUnited States
CityMiami
Period5/15/195/17/19

Keywords

  • LTE Security
  • Man-in-the-middle attack
  • Misconfiguration

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'LTE security disabled-misconfiguration in commercial networks'. Together they form a unique fingerprint.

  • Cite this

    Chlosta, M., Rupprecht, D., Holz, T., & Pöpper, C. (2019). LTE security disabled-misconfiguration in commercial networks. In WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks (pp. 261-266). (WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks). Association for Computing Machinery, Inc. https://doi.org/10.1145/3317549.3324927