MobilePrivacyin2025Dr. RavishankarBorgaonkar

KaitiakiLabsLLP&UniversityofOxford

21September2017

2

• CellularNetworks

• 1Gto4G– architecture

• 1Gto4G- vulnerabilities

• 5Garchitecture

• 5Gvision2025

• Securitychallenges

Outline

3

• Firstdemonstrationin1877– Stockholm,Sweden

• “TelephoneistheinstrumentofDevil”**

• Innovations- wireline(1877)towireless(2017)

• Foundation– seamlessconnectivityandlowlatency

• Features- qualityofservice&availability

MagicofCellularNetworks

** & Figure Source- Ericsson History

4

• Noauthentication&encryption

• Heavydevices

• Noroaming– internationalcalls

1GNetworksto4G

figure- Ericsson History

• Authentication&encryption

• Smartdevices

• RoamingandhighspeedInternet

DesignStakeholders

5

• Cellularnetworkproviders

• End-userequipmentvendors

• Standardorganizations

• Infrastructure&supportservices

• Over-The-Topservices

SecureCellularCommunication

BaseStationMobile

CoreNetwork

2G/3G/4G

Authentication

Availability

Confidentiality

Integrity

Arewesecured?

6

PrivacyAssets

7

• Deviceinformation

� IMEI,identitiesetc.

� Locationdata

� Sensitivedata(forexampleuserhealthinfo)

• Personalinformation

� IMEI,IMSI,phonenumberetc.

� SMSandcall/Internetdata

� Locationdata

Attackers

• Fraudsters

• Cybercriminals

• Insiderthreats

• Cyberwarfareactors(arguable)

ThreatsandAttackerModel

BaseStationMobile

CoreNetwork

9

Vulnerabilities&Attacks

BaseStationMobilePracticalattacksoncorenetworkandend-users

• architectureissuesandrisksIMSICatchers

10

Attacksagainst3operatingsystems• Baseband,(U)SIM&Android

vulnerabilities

Standards&Regulations

CellularSecurityStandards• Standardizationbodies

� 3GPP(3rdGenerationPartnershipProject)� ETSI(EuropeanTelecommunicationsStandardsInstitute)� GSMA(GSMAssociation)� ITU(InternationalTelecommunicationUnion)

• Mandatorysecurityandprivacyrequirements

• Internationalandnationalregulations(useofencryption,dataretention)

Standards&DeploymentIssues

• PadlocksymbolforHTTPS

• Haveyouseenduringmobilecalllately?

SecurityIndicatorsonMobile

5GNetworks

14

• 5G- Nextgenerationcellularnetworks� Handlesmoredata� Connectsmoredevices� Lowlatency�Morereliability

• 1-10Gbps speed

• Drivenbynewuse-cases,forexample� Connecteddriverlesscars� Remotesurgery

5GNetworksCharacteristics

15Figure Source- Vodafone

Cloud-Native5GArchitecture

16

Movingtowardsnetworksoftwarization andprogrammability

� Radionetwork

� Networkclouds

� SDN(Software-DefinedNetworks)

� NFV(NetworkFunctionsVirtualization)

BaseStation

CloudRadioAccessNetwork

Vision2025– 5G

17Figure Source- 5GPPP Project

5GDevicesin2025?

18

• Non-removableUSIMcards- eSIM era

• Non-removablebattery

• ChangecellularoperatorwithoutgoingtoashopandUSIM

• Alwaysconnected(5Gspeed>WiFi speed)

• Smallcells– connectedtoclouds

CurrentCellularNetworkIssues

• Privacyengineering

• OSandBasebandsoftwareupdate

• Targetedattacks

• Capabilitytodetectthreats

5GPrivacyChallengesfor2025

20

• Radiointerfacesecurity� Essentialfordeliverydronesandself-drivingconnectedcars

• Mandatorysecuritymeasuresinthenetwork� Protectionofcellulardatainthirdpartyservices(cloud)� Quantumsafecryptographytechniques

• Regulatoryframework� Privacyawarenessandlaws� Effectivepoliciesandenforcements� Dataretention

• DoS attacks

• SecurityinSDNandNFV

ThankYou.

Questions

21