Insecure connection bootstrapping in cellular networks: The root of all evil

Syed Rafiul Hussain, Mitziu Echeverria, Ankush Singla, Omar Chowdhury, Elisa Bertino

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    10 Scopus citations

    Abstract

    In the cellular ecosystem, base stations act as trusted intermediaries between cellular devices and the core network. During connection bootstrapping, devices currently, however, do not possess any mechanisms to authenticate a base station before connecting to it. This lack of authentication has been shown to be exploitable by adversaries to install fake base stations which can lure unsuspecting devices to connect to them and then launch sophisticated attacks. Despite being a well-known threat to the cellular ecosystem, this weakness is not addressed in the current protocol versions including 5G. The current paper sets out to fill this void by proposing a Public-key infrastructure (PKI) based authentication mechanism which builds on top of the asymmetric cryptography used in 5G and adheres to the relevant deployment constraints. Our proposed authentication scheme leverages precomputation-based digital signature generation algorithms and employs optimizations in three dimensions-PKI scheme-level, protocol-level, and cryptographic scheme-level-to address the trilemma of small signature size, efficient signature generation, and short verification time. Our evaluation on a real testbed indicates that the proposed scheme is not only readily deployable but also performs better than a symmetric keybased scheme (i.e., TESLA) in terms of security guarantee, overhead, and deployment constraints (e.g., backward compatibility).

    Original languageEnglish (US)
    Title of host publicationWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
    PublisherAssociation for Computing Machinery, Inc
    Pages1-11
    Number of pages11
    ISBN (Electronic)9781450367264
    DOIs
    StatePublished - May 15 2019
    Event12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 - Miami, United States
    Duration: May 15 2019May 17 2019

    Publication series

    NameWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

    Conference

    Conference12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
    Country/TerritoryUnited States
    CityMiami
    Period5/15/195/17/19

    All Science Journal Classification (ASJC) codes

    • Safety, Risk, Reliability and Quality
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'Insecure connection bootstrapping in cellular networks: The root of all evil'. Together they form a unique fingerprint.

    Cite this