[1] Ettus Research USRP B210.
https://www.ettus.com/product/details/UB210-KIT.
[Online; accessed 02-Mar-2020].
[2] Sanjole
- WaveJudge4900A.
http://www.sanjole.com/brochures-2/WaveJudge4900A-LTEHandout-Feb11-2012.pdf, 2018.
[Online; accessed 02-Mar-2020].
[3] Software
Radio Systems - Airscope. http://www.softwareradiosystems.com/products/,
2018.[Online; accessed 02-Mar-2020].
[4] 3GPP.
GSMA Coordinated Vulnerability Disclosure Programme). https://www.gsma.com/security/gsma-coordinated-vulnerability-disclosure-programme/. [Online;
accessed 02-Mar-2020].
[5] 3GPP.
Speech codec speech processing functions; Adap-tive Multi-Rate - Wideband
(AMR-WB) speech codec; Frame structure. TS 26.201, 3rd Generation Partnership
Project (3GPP), 12 2009.
[6] 3GPP.
Evolved Universal Terrestrial Radio Access (E-UTRA); Packet Data Convergence
Protocol (PDCP) specification. TS 36.323, 3rd Generation Partnership Project
(3GPP), 01 2010.
[7] 3GPP.
IP Multimedia Subsystem (IMS) media plane security. TS 33.328, 3rd Generation
Partnership Project (3GPP), 12 2010.
[8] 3GPP.
Service requirements for the Evolved Packet System (EPS). TS 22.278, 3rd
Generation Partnership Project (3GPP), 10 2010.
[9] 3GPP.
Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal
Terrestrial Radio Access Network (E-UTRAN); Overall description; Stage 2. TS
36.300, 3rd Generation Partnership Project (3GPP), 03 2011.
[10] 3GPP.
Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control
(RRC); Protocol specification. TS 36.331, 3rd Generation Partnership Project
(3GPP), 06 2011.
[11] 3GPP.
5G; NR; Radio Resource Control (RRC);. TS TS38.331, 3rd Generation Partnership
Project (3GPP), 2018.
[12] Elad
Barkan, Eli Biham, and Nathan Keller. Instant Ciphertext-Only Cryptanalysis of
GSM Encrypted Com-munication. In Annual International Cryptology Con-ference,
pages 600–616. Springer, 2003.
[13] David
Basin, Jannik Dreier, Lucca Hirschi, Saša Radomirovic, Ralf Sasse, and Vincent
Stettler. A For-mal Analysis of 5G Authentication. In Conference on Computer
and Communications Security (CCS), pages 1383–1396. ACM, 2018.
[14] Alex
Biryukov, Adi Shamir, and David Wagner. Real Time Cryptanalysis of A5/1 on a
PC. In Workshop on Fast Software Encryption (FSE). Springer, 2000.
[15] Nicola
Bui and Joerg Widmer. OWL: A Reliable Online Watcher for LTE Control Channel
Measurements. In Workshop on All Things Cellular: Operations, Applica-tions and
Challenges (ATC). ACM, 2016.
[16] Mario
Callegaro, Allan L McCutcheon, and Jack Lud-wig. Who’s calling? The Impact of
Caller ID on Tele-phone Survey Response. Field Methods, 22(2):175–191, 2010.
[17] Merlin
Chlosta, David Rupprecht, Thorsten Holz, and Christina Pöpper. Lte security
disabled — misconfigura-tion in commercial networks. In Conference on Security
& Privacy in Wireless and Mobile Networks (WiSec). ACM, 2019.
[18]
Federal Communications Commission. Caller id spoof-ing. https://www.fcc.gov/consumers/guides/spoofing-and-caller-id. [Online;
accessed 02-Mar-2020].
[19] Cas
Cremers and Martin Dehnel-Wild. Component-Based Formal Analysis of 5G-AKA:
Channel Assump-tions and Session Confusion. In Symposium on Network and
Distributed System Security (NDSS). ISOC, 2019.
[20] Jovan
Dj. Goli´c. Cryptanalysis of Alleged A5 Stream Cipher. In Theory and
Application of Cryptographic Techniques (EUROCRYPT). Springer, 1997.
[21] Ismael
Gomez-Miguelez, Andres Garcia-Saavedra, Paul D. Sutton, Pablo Serrano, Cristina
Cano, and Doug J. Leith. srsLTE: An Open-source Platform for LTE Evolution and
Experimentation. In Workshop on Wireless Network Testbeds, Experimental
Evaluation, and Characterization (WiNTECH). ACM, 2016.
[22] GSM
Association Security Group. Indus-try Initiative to Withdraw A5/2 Briefing
Paper. http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_44_Tallinn/Docs/S3-060541.zip. [Online;
accessed 02-Mar-2020].
[23] GSMA.
VoLTE (Voice over LTE)). https://www.gsma.com/futurenetworks/technology/volte/.
[Online; accessed 02-Mar-2020].
[24] B.
Hong, S. Park, H. Kim, D. Kim, H. Hong, H. Choi, J. P. Seifert, S. J. Lee, and
Y. Kim. Peeking over the Cellular Walled Gardens - A Method for Closed Network
Diagnosis. IEEE Transactions on Mobile Computing, 2018.
[25] Syed
Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, and Elisa Bertino.
LTEInspector: A System-atic Approach for Adversarial Testing of 4G LTE. In
Symposium on Network and Distributed System Security (NDSS). ISOC, 2018.
[26] Syed
Rafiul Hussain, Mitziu Echeverria, Omar Chowd-hury, Ninghui Li, and Elisa
Bertino. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side
Channel Information. In Symposium on Network and Distributed System Security
(NDSS). ISOC, 2019.
[27] Roger
Piqueras Jover. LTE Security, Protocol Exploits and Location Tracking
Experimentation with Low-Cost Software Radio. CoRR, abs/1607.05171, 2016.
[28] Hongil
Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han,
Taesoo Kim, and Yongdae Kim. Breaking and Fixing VoLTE : Exploiting Hidden Data
Channels and Misimplementa-tions. In Conference on Computer and Communications
Security (CCS). ACM, 2015.
[29] Hongil
Kim, Jiho Lee, Eunkyu Lee, and Yongdae Kim. Touching the untouchables: Dynamic
security analysis of the lte control plane. In IEEE Symposium on Security and
Privacy (SP). IEEE, 2019.
[30]
Katharina Kohls, David Rupprecht, Thorsten Holz, and Christina Pöpper. Lost
Traffic Encryption : Fingerprint-ing LTE/4G Traffic on Layer Two. In Conference
on Security & Privacy in Wireless and Mobile Networks (WiSec). ACM, 2019.
[31] Chi-Yu
Li, Guan-Hua Tu, Songwu Lu, Xinbing Wang, Chunyi Peng, Zengwen Yuan, Yuanjie
Li, Songwu Lu, and Xinbing Wang. Insecurity of Voice Solution VoLTE in LTE
Mobile Networks. In Conference on Computer and Communications Security (CCS).
ACM, 2015.
[32] Najmeh
Miramirkhani, Oleksii Starov, and Nick Niki-forakis. Dial one for Scam: A
large-scale Analysis of Technical support Scams. In Symposium on Network and
Distributed System Security (NDSS). ISOC, 2016.
[33]
osmocom Security. Withdrawal of a5/2 algorithim sup-port. http://security.osmocom.org/trac/wiki/A52_Withdrawal. [Online;
accessed 02-Mar-2020].
[34] V.
Panayotov, G. Chen, D. Povey, and S. Khudanpur. Librispeech: An ASR corpus
based on Public Domain Audio Books. In International Conference on Acoustics,
Speech and Signal Processing (ICASSP), pages 5206–5210, April 2015.
[35] Shinjo
Park, Altaf Shaik, Ravishankar Borgaonkar, An-drew Martin, and Jean-Pierre
Seifert. White-Stingray: Evaluating IMSI Catchers Detection Applications. In Workshop
on Offensive Technologies (WOOT). USENIX Association, 2017.
[36]
Muhammad Taqi Raza and Songwu Lu. On Key Reinstallation Attacks over 4G/5G LTE
Networks: Feasibility and Negative Impact. Technical report, University of
California, Los Angeles, 11 2018. https://www.researchgate.net/publication/ 328927054_On_Key_Reinstallation_Attacks
_over_4G5G_LTE_Networks_Feasibility_and
_Negative_Impact [Online; accessed 02-Mar-2020].
[37] David
Rupprecht, Adrian Dabrowski, Thorsten Holz, Edgar Weippl, and Christina Pöpper.
On Security Re-search towards Future Mobile Network Generations. IEEE
Communications Surveys & Tutorials, 2018.
[38] David
Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper. Breaking LTE
on Layer Two. In IEEE Symposium on Security & Privacy (SP). IEEE, 2019.
[39] David
Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper. IMP4GT:
IMPersonation Attacks in 4G NeTworks. In Symposium on Network and Dis-tributed
System Security (NDSS). ISOC, February 2020.
[40] Merve
Sahin, Aurélien Francillon, Payas Gupta, and Mustaque Ahamad. SoK: Fraud in
Telephony Networks. In IEEE European Symposium on Security and Privacy
(EuroSP). IEEE, 2017.
[41]
Security Research Labs. Kraken: A5/1 Decryption Rainbow Tables. https://opensource.srlabs.de/projects/a51-decrypt, 2010.
[Online; accessed 02-Mar-2020].
[42] Hemant
Sengar, Ram Dantu, Duminda Wijesekera, and Sushil Jajodia. SS7 over IP:
signaling interworking vulnerabilities. IEEE Network, 20(6):32–41, 2006.
[43] Altaf
Shaik, Ravishankar Borgaonkar, N. Asokan, Valt-teri Niemi, and Jean-Pierre
Seifert. Practical Attacks Against Privacy and Availability in 4G/LTE Mobile
Communication Systems. In Symposium on Network and Distributed System Security
(NDSS). ISOC, 2016.
[44]
Catherine Stupp. Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime
Case.
https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402. [Online;
accessed 02-Mar-2020].
[45] The
Computer Security Group at Berlin University of Technology. SCAT: Signaling
Collection and Analysis Tool. https://github.com/fgsect/scat. [Online;
accessed 02-Mar-2020].
[46]
Patrick Ventuzelo, OL Moal, and Thomas Coudray. Sub-scribers Remote Geolocation
and Tracking using 4G VoLTE Enabled Android Phone. In Symp. on Informa-tion and
Communications Security (SSTIC), 2017.
沒有留言:
張貼留言