Today 4G/5G mobile networked systems provide anywhere and anytime Internet access to billions of mobile users. These systems have built-in security mechanisms that protect against disclosure of information exchanged between users and the network. Despite these existing security mechanisms, I will show that an attacker is still capable of eavesdropping on users' private voice conversations, leaking users' private data, impersonating a user by forging packets and causing a service outage. My key finding is that the attacker breaks 4G/5G encryption and integrity protection without relying on the knowledge of the security key. Motivated by these attacks, I advocate for an efficient and exhaustive vulnerability analysis on 4G/5G systems to discover security loopholes previously unknown.
In this talk, I will demonstrate how we can build systems and design algorithms that can extract new vulnerabilities and enable exhaustive security analysis in polynomial time. In particular, my results show that the security weaknesses also arise due to accidental systems faults, design errors, and unexpected operating conditions hence compromising 4G/5G systems availability. In this regard, I re-architected future 4G/5G systems and made them highly available over commodity network elements in a cloud setting. Looking forward, this approach provides a new dimension for jointly solving security and availability problems in various related fields including the Internet of Things (IoT), multimedia subsystems, and network analytics.