Making 911 calls more secure - Department of Computer Science - Purdue University Skip to main content
Department of Computer Science

Making 911 calls more secure

06-27-2023

back of a man's head holding a mobile phone dialing 911

 

The road to hacks is paved with good intentions

In the U.S., the Federal Communications Commission has enacted regulations to make it as easy as possible for anyone with a cellphone to contact 911 in an emergency.

Even if you haven’t needed to make an emergency call before, you may have some familiarity with this. Folks may have noticed “Emergency Calls Only” or similar text on their phone screens even when they can’t make other calls.

The research team became interested in how U.S. cell phone services are designed to comply with regulations. What they found is that adhering to the rules can come at the cost of security. For example, companies can’t apply encryption and integrity protection as they would on non-emergency calls. This can open a backdoor vulnerability in 911 cellular calls. 

A team composed of Purdue University and Michigan State University researchers has earned a $1.2 million National Science Foundation (NSF) grant to continue shoring up the security of cellular 911 calls.

Purdue is part of a new $1.2M grant project to continue reducing cybersecurity risks to safeguard cellular 911 calls. 

The ability to swiftly and accurately respond to emergency situations can mean the difference between life and death. As one national critical infrastructure, 5G networks are providing Americans better coverage and faster service, as well as all types of emergency communications, including voice, video, text and data, anytime anywhere. On the flip side, these advances on emergency services also can create new opportunities for cybercriminals to exploit unforeseen gaps in security. woman in dark sweater with long dark straight air standing in front of a window with foliage in background

“A 911 call isn’t a routine experience for the average person; It is a vital lifeline to people who need to call emergency services,” said Chunyi Peng, associate professor of computer science at Purdue University. She added, “Therefore, it’s critical that the connection works as it was designed.” 

This comprehensive project aims to safeguard 911 services over cellular networks beginning from their design all the way to the operation.

 

Safeguarding 911 services

The team plans to conduct a suite of novel research tasks to facilitate an interdisciplinary understanding of various emergency service attacks against the mobile ecosystem, investigate associated research issues, and develop effective algorithms, tools, and platforms to improve the security of cellular emergency services. 

“This grant enables our team to continue our exploration of eliminating vulnerabilities and ensuring security of next-generation 911 services over cellular networks,” said Peng.

The team published their first paper on 911 security at ACM MobiCom 2022, a highly selective international research venue on mobile networks, systems, and computing.  

The research team showed that attackers could anonymously steal cellular data from providers or spam cellular devices, resulting in data overage charges for customers.

The researchers also showed that attackers can obtain, copy and transmit information from a legitimate 911 call, enabling them to launch a variety of denial of 911 service attacks.

For example, using what’s called a phone-detaching attack, bad actors can make it look like two identical calls are coming in from the perspective of a cellular network. To resolve this, the network may reject or terminate the real call while accepting the fake call.

 

Security insights

In revealing these security issues and how they can be exploited, the team provided insights to companies to better protect themselves and their customers. The team hopes the research will inspire regulators to keep cybersecurity in mind going forward.

Their early results unveiled vulnerabilities and potential attacks against 911 services in today’s 4G/5G networks. For their work, they were awarded a Best Community Paper Runner-up for their contributions to the research community. The MobiCom’22 paper was joint work between Purdue University, MSU, the University of California, Los Angeles and National Yang Ming Chiao Tung University in Taiwan.

In April 2023, NSF announced the $1.2M award that will enable Purdue and MSU to continue their work in identifying and remedying security loopholes behind next-generation 911 services. Guan-Hua “Scott” Tu is PI for the MSU team with co-investigators Li Xiao and Jiliang Tang. Chunyi Peng is the PI of Purdue’s cohort.

Chunyi Peng is an associate professor in the Department of Computer Science at Purdue University. She joined the faculty in 2017. She received her PhD in computer science from the University of California, Los Angles. Her current research interests are in the broad areas of mobile networking, system and security, with a focus on renovating 5G access technologies, AI for networks, 5G/IoT security, mobile edge computing (mainly for drones and robots).

 

Abstract

The next-generation 9-1-1 (NG-9-1-1) services are IP-based systems that supports all types of emergency communications, e.g., voice, video, and text. The globally deployed 5G/4G cellular networks with ubiquitous coverage are the most accessible vehicles for emergency services. However, the security of IP-based cellular emergency services is still largely unexplored. Since 911 services are critical to our society, it is extremely important to eliminate potential vulnerabilities and ensure their security. This project aims to safeguard NG-9-1-1 services over cellular networks from their designs to operations. The project's novelties are to systematically uncover insecure design defects, operational slips, and implementation flaws of cellular emergency services while ensuring sustainable security through a multi-disciplinary approach. The project's broader significance and importance are to extend the state-of-the-art emergency service security research to a new frontier by exploring novel methods that can help perform innovative emergency service modeling, vulnerability analysis, data collection/mining, and testing automation solutions. The project also aims to contribute to nation's future workforce by training students in critical areas such as network security, wireless and mobile systems, and machine learning.

This project comprises three research thrusts: (1) to develop new techniques for discovering design flaws of cellular emergency services. This thrust will build a novel multi-level emergency service verifier that adopts and applies model-checking techniques to formally examine diversified cellular emergency service specifications, requirements, and regulations efficiently; (2) to create new techniques that can analyze and identify both implementation issues and potential operational slips of emergency services. A software-defined-radio NG-9-1-1 service platform will be developed. A comprehensive testing dataset will be built to cover both abnormal and normal use scenarios; and (3) to build an NG-9-1-1 service testing platform that allows automatic checking and follow-on re-examination of discovered vulnerabilities to ensure sustainable security.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
Link: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2246051

 

About the Department of Computer Science at Purdue University

Founded in 1962, the Department of Computer Science was created to be an innovative base of knowledge in the emerging field of computing as the first degree-awarding program in the United States. The department continues to advance the computer science industry through research. US News & Reports ranks Purdue CS #20 and #16 overall in graduate and undergraduate programs respectively, seventh in cybersecurity, 10th in software engineering, 13th in programming languages, data analytics, and computer systems, and 19th in artificial intelligence. Graduates of the program are able to solve complex and challenging problems in many fields. Our consistent success in an ever-changing landscape is reflected in the record undergraduate enrollment, increased faculty hiring, innovative research projects, and the creation of new academic programs. The increasing centrality of computer science in academic disciplines and society, and new research activities - centered around data science, artificial intelligence, programming languages, theoretical computer science, machine learning, and cybersecurity - are the future focus of the department. cs.purdue.edu

Media contact: Emily Kinsell, emily@purdue.edu

Last Updated: Nov 2, 2023 8:58 AM

Department of Computer Science, 305 N. University Street, West Lafayette, IN 47907

Phone: (765) 494-6010 • Fax: (765) 494-0739

Copyright © 2024 Purdue University | An equal access/equal opportunity university | Copyright Complaints

Trouble with this page? Disability-related accessibility issue? Please contact the College of Science.