Professor Bertino's Research Referenced in Forbes
Professor Elisa Bertino and graduate students Syed Hussain and Shagufta Mehnaz (PhD '18), with University of Iowa professor, Omar Chowdhury, investigated the security and privacy of the 4G LTE protocol - uncovering potential design flaws and unsafe practices. Using the tool, LTEInspector, they discovered 10 new attacks along with 9 prior attacks in the three critical procedures of the 4G LTE protocol (attach, detach, and paging.) Their work is referenced in Forbes, Protecting Your Organization In Light Of Newly Revealed 4G Network Security Flaws.
In this paper, we investigate the security and privacy of the three critical procedures of the 4G LTE protocol (i.e., attach, detach, and paging), and in the process, uncover potential design flaws of the protocol and unsafe practices employed by the stakeholders. For exposing vulnerabilities, we propose a model-based testing approach LTEInspector which lazily combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model. Using LTEInspector, we have uncovered 10 new attacks along with 9 prior attacks, categorized into three abstract classes (i.e., security, user privacy, and disruption of service), in the three procedures of 4G LTE. Notable among our findings is the authentication relay attack that enables an adversary to spoof the location of a legitimate user to the core network without possessing appropriate credentials. To ensure that the exposed attacks pose real threats and are indeed realizable in practice, we have validated 8 of the 10 new attacks and their accompanying adversarial assumptions through experimentation in a real testbed.