TY - JOUR
T1 - On security research towards future mobile network generations
AU - Rupprecht, David
AU - Dabrowski, Adrian
AU - Holz, Thorsten
AU - Weippl, Edgar
AU - Popper, Christina
N1 - Funding Information:
Manuscript received June 9, 2017; revised October 13, 2017 and February 16, 2018; accepted March 11, 2018. Date of publication April 2, 2018; date of current version August 21, 2018. This work was supported in part by the Franco-German BERCOM Project through the German Federal Ministry of Education and Research under Grant FKZ: 13N13741, in part by the DFG Research Training Group GRK under Grant 1817/1, and in part by the COMET K1 program through the Austrian Research Promoting Agency and the Public Employment Service Austria. (David Rupprecht and Adrian Dabrowski contributed equally to this work.) (Corresponding author: David Rupprecht.) D. Rupprecht and T. Holz are with Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, 44801 Bochum, Germany (e-mail: david.rupprecht@rub.de; thorsten.holz@rub.de).
Publisher Copyright:
© 1998-2012 IEEE.
PY - 2018/7/1
Y1 - 2018/7/1
N2 - Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existing security and privacy issues as well as already proposed defenses. This paper aims to unify security knowledge on mobile phone networks into a comprehensive overview and to derive pressing open research questions. To achieve this systematically, we develop a methodology that categorizes known attacks by their aim, proposed defenses, underlying causes, and root causes. Further, we assess the impact and the efficacy of each attack and defense. We then apply this methodology to existing literature on attacks and defenses in all three network generations. By doing so, we identify ten causes and four root causes for attacks. Mapping the attacks to proposed defenses and suggestions for the 5G specification enables us to uncover open research questions and challenges for the development of next-generation mobile networks. The problems of unsecured pre-authentication traffic and jamming attacks exist across all three mobile generations. They should be addressed in the future, in particular to wipe out the class of downgrade attacks and, thereby, strengthen the users' privacy. Further advances are needed in the areas of inter-operator protocols as well as secure baseband implementations. Additionally, mitigations against denial-of-service attacks by smart protocol design represent an open research question.
AB - Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existing security and privacy issues as well as already proposed defenses. This paper aims to unify security knowledge on mobile phone networks into a comprehensive overview and to derive pressing open research questions. To achieve this systematically, we develop a methodology that categorizes known attacks by their aim, proposed defenses, underlying causes, and root causes. Further, we assess the impact and the efficacy of each attack and defense. We then apply this methodology to existing literature on attacks and defenses in all three network generations. By doing so, we identify ten causes and four root causes for attacks. Mapping the attacks to proposed defenses and suggestions for the 5G specification enables us to uncover open research questions and challenges for the development of next-generation mobile networks. The problems of unsecured pre-authentication traffic and jamming attacks exist across all three mobile generations. They should be addressed in the future, in particular to wipe out the class of downgrade attacks and, thereby, strengthen the users' privacy. Further advances are needed in the areas of inter-operator protocols as well as secure baseband implementations. Additionally, mitigations against denial-of-service attacks by smart protocol design represent an open research question.
KW - 5G
KW - GSM
KW - LTE
KW - Security research
KW - UMTS
KW - mobile networks
KW - systematization of knowledge
UR - http://www.scopus.com/inward/record.url?scp=85044727660&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85044727660&partnerID=8YFLogxK
U2 - 10.1109/COMST.2018.2820728
DO - 10.1109/COMST.2018.2820728
M3 - Article
AN - SCOPUS:85044727660
SN - 1553-877X
VL - 20
SP - 2518
EP - 2542
JO - IEEE Communications Surveys and Tutorials
JF - IEEE Communications Surveys and Tutorials
IS - 3
M1 - 8329226
ER -