Show Me Your Attach Request and I'll Tell You Who You Are: Practical Fingerprinting Attacks in 4G and 5G Mobile Networks

Daniel Fraunholz, Richard Schörghofer-Vrinssen, H. König, Richard M. Zahoransky
{"title":"Show Me Your Attach Request and I'll Tell You Who You Are: Practical Fingerprinting Attacks in 4G and 5G Mobile Networks","authors":"Daniel Fraunholz, Richard Schörghofer-Vrinssen, H. König, Richard M. Zahoransky","doi":"10.1109/DSC54232.2022.9888899","DOIUrl":null,"url":null,"abstract":"Both attacks are valid for 4G and 5G NSA. 4G will most likely relevant for many years to come. Even if 4G networks will be deactivated in several of years (as it is with GSM or UMTS networks right now), the baseband chips on the UE side will still support 4G and will be prone to 4G-based attacks in the future. In this paper, we leverage a previously introduced vulnerability for 4G mobile communications and present new means for its exploitation. Based on the vulnerability, we introduce a fingerprinting technique and two new attacks to demonstrate how the privacy of mobile devices may be compromised during the initialization procedure of 4G and 5G NSA mobile commu-nications. For this, we exploit information that is exposed in the attach request of the attach procedure sent from a mobile device to the network. This is particularly critical because the confidentiality of this information is not cryptographically protected. In our experiments, we evaluate our attacks against a set of approximately 110 mobile phones from 22 different vendors. Please note that we use pseudonyms (Vendor A etc.) to refer to device vendors to not disadvantage vendors. We demonstrate that our attacks enable to re-identify previously observed mobile devices for tracking purposes and to identify the device vendor and model, respectively, to derive potential sensitive information for tracking their owners.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC54232.2022.9888899","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Both attacks are valid for 4G and 5G NSA. 4G will most likely relevant for many years to come. Even if 4G networks will be deactivated in several of years (as it is with GSM or UMTS networks right now), the baseband chips on the UE side will still support 4G and will be prone to 4G-based attacks in the future. In this paper, we leverage a previously introduced vulnerability for 4G mobile communications and present new means for its exploitation. Based on the vulnerability, we introduce a fingerprinting technique and two new attacks to demonstrate how the privacy of mobile devices may be compromised during the initialization procedure of 4G and 5G NSA mobile commu-nications. For this, we exploit information that is exposed in the attach request of the attach procedure sent from a mobile device to the network. This is particularly critical because the confidentiality of this information is not cryptographically protected. In our experiments, we evaluate our attacks against a set of approximately 110 mobile phones from 22 different vendors. Please note that we use pseudonyms (Vendor A etc.) to refer to device vendors to not disadvantage vendors. We demonstrate that our attacks enable to re-identify previously observed mobile devices for tracking purposes and to identify the device vendor and model, respectively, to derive potential sensitive information for tracking their owners.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
告诉我你的附加请求,我会告诉你你是谁:4G和5G移动网络中的实用指纹攻击
这两种攻击都适用于4G和5G NSA。4G很可能在未来的许多年里都很重要。即使4G网络将在几年内停用(就像现在的GSM或UMTS网络一样),终端端的基带芯片仍将支持4G,并且在未来很容易受到基于4G的攻击。在本文中,我们利用之前介绍的4G移动通信漏洞,并提出了利用它的新方法。基于此漏洞,我们介绍了一种指纹识别技术和两种新的攻击,以演示在4G和5G NSA移动通信初始化过程中移动设备的隐私如何受到损害。为此,我们利用从移动设备发送到网络的附加过程的附加请求中暴露的信息。这一点尤其重要,因为这些信息的机密性没有加密保护。在我们的实验中,我们对来自22个不同供应商的大约110部手机进行了攻击评估。请注意,我们使用假名(供应商A等)来指代设备供应商,而不是不利供应商。我们证明,我们的攻击能够重新识别以前观察到的移动设备用于跟踪目的,并分别识别设备供应商和型号,以获得跟踪其所有者的潜在敏感信息。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Symbolon: Enabling Flexible Multi-device-based User Authentication A Survey on Explainable Anomaly Detection for Industrial Internet of Things Optimising user security recommendations for AI-powered smart-homes A Scary Peek into The Future: Advanced Persistent Threats in Emerging Computing Environments LAEG: Leak-based AEG using Dynamic Binary Analysis to Defeat ASLR
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1