Show Me Your Attach Request and I'll Tell You Who You Are: Practical Fingerprinting Attacks in 4G and 5G Mobile Networks

2022 IEEE Conference on Dependable and Secure Computing (DSC) Pub Date : 2022-06-22 DOI:10.1109/DSC54232.2022.9888899

Daniel Fraunholz, Richard Schörghofer-Vrinssen, H. König, Richard M. Zahoransky

{"title":"Show Me Your Attach Request and I'll Tell You Who You Are: Practical Fingerprinting Attacks in 4G and 5G Mobile Networks","authors":"Daniel Fraunholz, Richard Schörghofer-Vrinssen, H. König, Richard M. Zahoransky","doi":"10.1109/DSC54232.2022.9888899","DOIUrl":null,"url":null,"abstract":"Both attacks are valid for 4G and 5G NSA. 4G will most likely relevant for many years to come. Even if 4G networks will be deactivated in several of years (as it is with GSM or UMTS networks right now), the baseband chips on the UE side will still support 4G and will be prone to 4G-based attacks in the future. In this paper, we leverage a previously introduced vulnerability for 4G mobile communications and present new means for its exploitation. Based on the vulnerability, we introduce a fingerprinting technique and two new attacks to demonstrate how the privacy of mobile devices may be compromised during the initialization procedure of 4G and 5G NSA mobile commu-nications. For this, we exploit information that is exposed in the attach request of the attach procedure sent from a mobile device to the network. This is particularly critical because the confidentiality of this information is not cryptographically protected. In our experiments, we evaluate our attacks against a set of approximately 110 mobile phones from 22 different vendors. Please note that we use pseudonyms (Vendor A etc.) to refer to device vendors to not disadvantage vendors. We demonstrate that our attacks enable to re-identify previously observed mobile devices for tracking purposes and to identify the device vendor and model, respectively, to derive potential sensitive information for tracking their owners.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC54232.2022.9888899","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Both attacks are valid for 4G and 5G NSA. 4G will most likely relevant for many years to come. Even if 4G networks will be deactivated in several of years (as it is with GSM or UMTS networks right now), the baseband chips on the UE side will still support 4G and will be prone to 4G-based attacks in the future. In this paper, we leverage a previously introduced vulnerability for 4G mobile communications and present new means for its exploitation. Based on the vulnerability, we introduce a fingerprinting technique and two new attacks to demonstrate how the privacy of mobile devices may be compromised during the initialization procedure of 4G and 5G NSA mobile commu-nications. For this, we exploit information that is exposed in the attach request of the attach procedure sent from a mobile device to the network. This is particularly critical because the confidentiality of this information is not cryptographically protected. In our experiments, we evaluate our attacks against a set of approximately 110 mobile phones from 22 different vendors. Please note that we use pseudonyms (Vendor A etc.) to refer to device vendors to not disadvantage vendors. We demonstrate that our attacks enable to re-identify previously observed mobile devices for tracking purposes and to identify the device vendor and model, respectively, to derive potential sensitive information for tracking their owners.

查看原文本刊更多论文

告诉我你的附加请求，我会告诉你你是谁:4G和5G移动网络中的实用指纹攻击

这两种攻击都适用于4G和5G NSA。4G很可能在未来的许多年里都很重要。即使4G网络将在几年内停用(就像现在的GSM或UMTS网络一样)，终端端的基带芯片仍将支持4G，并且在未来很容易受到基于4G的攻击。在本文中，我们利用之前介绍的4G移动通信漏洞，并提出了利用它的新方法。基于此漏洞，我们介绍了一种指纹识别技术和两种新的攻击，以演示在4G和5G NSA移动通信初始化过程中移动设备的隐私如何受到损害。为此，我们利用从移动设备发送到网络的附加过程的附加请求中暴露的信息。这一点尤其重要，因为这些信息的机密性没有加密保护。在我们的实验中，我们对来自22个不同供应商的大约110部手机进行了攻击评估。请注意，我们使用假名(供应商A等)来指代设备供应商，而不是不利供应商。我们证明，我们的攻击能够重新识别以前观察到的移动设备用于跟踪目的，并分别识别设备供应商和型号，以获得跟踪其所有者的潜在敏感信息。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE Conference on Dependable and Secure Computing (DSC)

自引率

0.00%

发文量