PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification
End-user-devices in the current cellular ecosystem are prone to many different vulnerabilities across different generations and protocol layers. Fixing these vulnerabilities retrospectively can be expensive, challenging, or just infeasible. A pragmatic approach for dealing with such a diverse set of...
Saved in:
Main Authors | , , , , , |
---|---|
Format | Journal Article |
Language | English |
Published |
01.01.2021
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | End-user-devices in the current cellular ecosystem are prone to many
different vulnerabilities across different generations and protocol layers.
Fixing these vulnerabilities retrospectively can be expensive, challenging, or
just infeasible. A pragmatic approach for dealing with such a diverse set of
vulnerabilities would be to identify attack attempts at runtime on the device
side, and thwart them with mitigating and corrective actions. Towards this
goal, in the paper we propose a general and extendable approach called Phoenix
for identifying n-day cellular network control-plane vulnerabilities as well as
dangerous practices of network operators from the device vantage point. Phoenix
monitors the device-side cellular network traffic for performing
signature-based unexpected behavior detection through lightweight runtime
verification techniques. Signatures in Phoenix can be manually-crafted by a
cellular network security expert or can be automatically synthesized using an
optional component of Phoenix, which reduces the signature synthesis problem to
the language learning from the informant problem. Based on the corrective
actions that are available to Phoenix when an undesired behavior is detected,
different instantiations of Phoenix are possible: a full-fledged defense when
deployed inside a baseband processor; a user warning system when deployed as a
mobile application; a probe for identifying attacks in the wild. One such
instantiation of Phoenix was able to identify all 15 representative n-day
vulnerabilities and unsafe practices of 4G LTE networks considered in our
evaluation with a high packet processing speed (~68000 packets/second) while
inducing only a moderate amount of energy overhead (~4mW). |
---|---|
DOI: | 10.48550/arxiv.2101.00328 |