On Security Research Towards Future Mobile Network Generations

David Rupprecht, Adrian Dabrowski, Thorsten Holz, Edgar Weippl, Christina Poepper

Research output: Contribution to journalArticle

Abstract

Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existing security and privacy issues as well as already proposed defenses. This paper aims to unify security knowledge on mobile phone networks into a comprehensive overview and to derive pressing open research questions. To achieve this systematically, we develop a methodology that categorizes known attacks by their aim, proposed defenses, underlying causes, and root causes. Further, we assess the impact and the efficacy of each attack and defense. We then apply this methodology to existing literature on attacks and defenses in all three network generations. By doing so, we identify ten causes and four root causes for attacks. Mapping the attacks to proposed defenses and suggestions for the 5G specification enables us to uncover open research questions and challenges for the development of next-generation mobile networks. The problems of unsecured pre-authentication traffic and jamming attacks exist across all three mobile generations. They should be addressed in the future, in particular to wipe out the class of downgrade attacks and, thereby, strengthen the users’ privacy. Further advances are needed in the areas of inter-operator protocols as well as secure baseband implementations. Additionally, mitigations against denial-of-service attacks by smart protocol design represent an open research question.

Original languageEnglish (US)
JournalIEEE Communications Surveys and Tutorials
DOIs
StateAccepted/In press - Mar 30 2018

Fingerprint

Wireless networks
Network protocols
Jamming
Mobile phones
Telecommunication traffic
Authentication
Specifications

Keywords

  • 3G mobile communication
  • 5G
  • 5G mobile communication
  • Authentication
  • GSM
  • GSM
  • Long Term Evolution
  • LTE
  • Mobile Networks
  • Protocols
  • Security Research
  • Systematization of Knowledge.
  • UMTS

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

On Security Research Towards Future Mobile Network Generations. / Rupprecht, David; Dabrowski, Adrian; Holz, Thorsten; Weippl, Edgar; Poepper, Christina.

In: IEEE Communications Surveys and Tutorials, 30.03.2018.

Research output: Contribution to journalArticle

Rupprecht, David ; Dabrowski, Adrian ; Holz, Thorsten ; Weippl, Edgar ; Poepper, Christina. / On Security Research Towards Future Mobile Network Generations. In: IEEE Communications Surveys and Tutorials. 2018.
@article{1286e1ab156f4cc584bcd0e19ea9c48a,
title = "On Security Research Towards Future Mobile Network Generations",
abstract = "Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existing security and privacy issues as well as already proposed defenses. This paper aims to unify security knowledge on mobile phone networks into a comprehensive overview and to derive pressing open research questions. To achieve this systematically, we develop a methodology that categorizes known attacks by their aim, proposed defenses, underlying causes, and root causes. Further, we assess the impact and the efficacy of each attack and defense. We then apply this methodology to existing literature on attacks and defenses in all three network generations. By doing so, we identify ten causes and four root causes for attacks. Mapping the attacks to proposed defenses and suggestions for the 5G specification enables us to uncover open research questions and challenges for the development of next-generation mobile networks. The problems of unsecured pre-authentication traffic and jamming attacks exist across all three mobile generations. They should be addressed in the future, in particular to wipe out the class of downgrade attacks and, thereby, strengthen the users’ privacy. Further advances are needed in the areas of inter-operator protocols as well as secure baseband implementations. Additionally, mitigations against denial-of-service attacks by smart protocol design represent an open research question.",
keywords = "3G mobile communication, 5G, 5G mobile communication, Authentication, GSM, GSM, Long Term Evolution, LTE, Mobile Networks, Protocols, Security Research, Systematization of Knowledge., UMTS",
author = "David Rupprecht and Adrian Dabrowski and Thorsten Holz and Edgar Weippl and Christina Poepper",
year = "2018",
month = "3",
day = "30",
doi = "10.1109/COMST.2018.2820728",
language = "English (US)",
journal = "IEEE Communications Surveys and Tutorials",
issn = "1553-877X",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - On Security Research Towards Future Mobile Network Generations

AU - Rupprecht, David

AU - Dabrowski, Adrian

AU - Holz, Thorsten

AU - Weippl, Edgar

AU - Poepper, Christina

PY - 2018/3/30

Y1 - 2018/3/30

N2 - Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existing security and privacy issues as well as already proposed defenses. This paper aims to unify security knowledge on mobile phone networks into a comprehensive overview and to derive pressing open research questions. To achieve this systematically, we develop a methodology that categorizes known attacks by their aim, proposed defenses, underlying causes, and root causes. Further, we assess the impact and the efficacy of each attack and defense. We then apply this methodology to existing literature on attacks and defenses in all three network generations. By doing so, we identify ten causes and four root causes for attacks. Mapping the attacks to proposed defenses and suggestions for the 5G specification enables us to uncover open research questions and challenges for the development of next-generation mobile networks. The problems of unsecured pre-authentication traffic and jamming attacks exist across all three mobile generations. They should be addressed in the future, in particular to wipe out the class of downgrade attacks and, thereby, strengthen the users’ privacy. Further advances are needed in the areas of inter-operator protocols as well as secure baseband implementations. Additionally, mitigations against denial-of-service attacks by smart protocol design represent an open research question.

AB - Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existing security and privacy issues as well as already proposed defenses. This paper aims to unify security knowledge on mobile phone networks into a comprehensive overview and to derive pressing open research questions. To achieve this systematically, we develop a methodology that categorizes known attacks by their aim, proposed defenses, underlying causes, and root causes. Further, we assess the impact and the efficacy of each attack and defense. We then apply this methodology to existing literature on attacks and defenses in all three network generations. By doing so, we identify ten causes and four root causes for attacks. Mapping the attacks to proposed defenses and suggestions for the 5G specification enables us to uncover open research questions and challenges for the development of next-generation mobile networks. The problems of unsecured pre-authentication traffic and jamming attacks exist across all three mobile generations. They should be addressed in the future, in particular to wipe out the class of downgrade attacks and, thereby, strengthen the users’ privacy. Further advances are needed in the areas of inter-operator protocols as well as secure baseband implementations. Additionally, mitigations against denial-of-service attacks by smart protocol design represent an open research question.

KW - 3G mobile communication

KW - 5G

KW - 5G mobile communication

KW - Authentication

KW - GSM

KW - GSM

KW - Long Term Evolution

KW - LTE

KW - Mobile Networks

KW - Protocols

KW - Security Research

KW - Systematization of Knowledge.

KW - UMTS

UR - http://www.scopus.com/inward/record.url?scp=85044727660&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85044727660&partnerID=8YFLogxK

U2 - 10.1109/COMST.2018.2820728

DO - 10.1109/COMST.2018.2820728

M3 - Article

JO - IEEE Communications Surveys and Tutorials

JF - IEEE Communications Surveys and Tutorials

SN - 1553-877X

ER -