Abstract
Long Term Evolution (LTE) is the de-facto standard for mobile communication. It provides effective security features but leaves room for misunderstandings in its configuration and implementation. In particular, providers face difficulties when maintaining network configurations. In this paper, we analyze the security configuration of commercial LTE networks. We enhance the open baseband srsLTE with support for commercial networks and perform a subsequent analysis. In more detail, we test the security algorithm selection in a total of twelve LTE networks in five European countries.We expose four misconfigured networks and multiple cases of implementation issues. Three insecure networks fail to enforce integrity protection and encryption, which enables an adversary to impersonate victims towards the network. We provide a proof-of-concept attack in a live network, where the adversary obtains an IP address at the victim's cost. Our work is an appeal to security as a holistic state, which requires not only secure specifications but also secure configurations.
Author supplied keywords
Cite
CITATION STYLE
Chlosta, M., Rupprecht, D., Holz, T., & Pöpper, C. (2019). LTE security disabled-misconfiguration in commercial networks. In WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks (pp. 261–266). Association for Computing Machinery, Inc. https://doi.org/10.1145/3317549.3324927
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
