Bertino and Karim named to GSMA Mobile Security Hall of Fame
Elisa Bertino, Samuel D. Conte Professor of Computer Science and Imtiaz Karim, PhD student in the Department of Computer Science have been named to the GSMA Mobile Security Hall of Fame for their contributions to exposing vulnerabilities in 4G and 5G cellular networks.
Karim and Bertino identified the vulnerabilities with ProChecker, a security analysis framework able to automatically analyze industry-scale implementations of protocols. Because of the fine-grained model, ProChecker is able to extract from implementations the analyses made possible by ProChecker are much more detailed than possible with previous analysis frameworks.
“ProChecker has a highly innovative design that greatly reduces the manual effort in generating formal models of communication protocols from their implementations, even when large-scale, and will have a major practical impact,” said Bertino.
Vulnerabilities detected by using ProChecker can be exploited by attackers to track a user’s location and launch denial of service attacks. Particularly, for one new vulnerability, Karim and Bertino have shown that an attacker can cause essential security procedures to fail, which could allow an attacker to track an individual’s phone-level location information.
Karim added, “ProChecker has currently been applied to 4G LTE, but it is designed to be applicable to any commercial communication protocol implementation such as Bluetooth and Wifi."
The Global System for Mobile Communications (GSMA) represents the interests of mobile operators worldwide and has more than 700 network providers as members, according to its website. Part of GSMA's work is to define how networks behave and to set the standards for security and privacy algorithms. The Mobile Security Hall of Fame recognizes security vulnerability finders that have made contributions to increasing the security of the mobile industry by submitting disclosures to the GSMA or its members.
The research findings will be published in a paper lead by Karim to be presented at the 41st IEEE International Conference on Distributed Computing Systems 2021, taking place July 7-10, 2021. Professor Syed Rafiul Hussain, an assistant professor at Penn State’s School of Electrical Engineering and Computer Science, is also a co-author of the paper.