Skip to main content

Fuzzing Cellular Networks for fun and profit - if allowed

Yongdae Kim

In the past 7 years, I have been working on cellular security publishing more than 10 papers. Throughout these studies, and interactions with device vendors and carriers, I learned a lot about cellular related industry and found that many of the vulnerabilities came from business logic around cellular technologies. As a professor in academia, I will talk about my experience on  cellular security and its relation to business logics of cellular technologies in the first part of the talk. I will link existing vulnerabilities with these problems to show how they are related.

In the second part of the talk, I will present LTEFuzz, a semi-automatic dynamic testing tool for LTE control plane procedures.

LTEFuzz dynamically generates and sends the test cases to a target network or a device, and further deterministically classifies problematic behavior by only inspecting the responses in the tester and victim device from the target. By conducting tests against the operational network, we found 51 vulnerabilities (36 new and 15 previously known).

Speaker bio

Yongdae Kim is a Professor in the Department of Electrical Engineering, an affiliate professor in the Graduate School of Information Security and a director of Cyber Security Research Center at KAIST. He received PhD degree from the computer science department at the University of Southern California under the guidance of Gene Tsudik. Between 2002 and 2012, he was an associate/assistant professor in the Department of Computer Science and Engineering at the University of Minnesota - Twin Cities. Before coming to the US, he worked 6 years in ETRI for securing Korean cyberinfrastructure. He served as a KAIST Chair Professor between 2013 and 2016, and received NSF career award on storage security and McKnight Land-Grant Professorship Award from University of Minnesota in 2005. Currently, he is serving as an associate editor for ACM TOPS, and he was a steering committee member of NDSS between 2012 - 2018. His main research includes novel attacks and analysis methodologies for emerging technologies, such as Cyber Physical Systems such as drone/self-driving cars, 4G/5G cellular networks and Blockchain.

 

 

Share this: