Next-generation mobility network security

Current cellular networks support a large number of heterogeneous services that span beyond traditional voice and short messaging traffic to high-bandwidth data communications. Billions of users and almost every industry depend on cellular networks on a daily basis. The necessity of maintaining the availability of mobility networks against threats and other attacks is clear.  Current mobility networks, with a heterogeneous mix of multiple radio access technologies, and a combination of cellular, femtocell, and WiFi access points, increases the complexity of the problem.

Adopting a proactive strategy, this work goes beyond analyzing known vulnerabilities. The mobility network is being tested against attacks and threats.  In addition, detection and mitigation schemes are being proposed to highly enhance the resiliency of mobility networks against known and new attacks. In order to model and test such security attacks and detection schemes, we have built a standards-compliant LTE security research testbed. It is implemented leveraging both Riverbed Modeler (formerly known as OPNET Modeler) and System in the Loop. Distributing the testbed over our lab cloud infrastructure, we are capable of realistic security experiments on an arbitrarily large-scale LTE network.

The outcome of the project aims to impact upcoming standards and technologies. The goal is to rethink the architecture of a mobility network, originally designed to guarantee encryption and authentication but without the current threat landscape in mind. Such redesign will also consider the evolution of mobility networks, progressing to a near future scenario where nearly every electronic device will be connected to the network through Machine to Machine (M2M) systems and the Internet of Things, with billions of connected devices. We are leveraging our large-scale security research testbed to implement and experiment with new mobility architectures that aim towards a more secure and resilient cellular architecture.

The video below shows a very basic simulation of the LTE NAS attach procedure: RACH + RRC + Authentication + bearer set-up.

For more information on this project contact us at security-research@att.com