References Paper

 

[1] Ettus Research USRP B210.

https://www.ettus.com/product/details/UB210-KIT.
[Online; accessed 02-Mar-2020].

[2] Sanjole - WaveJudge4900A.
http://www.sanjole.com/brochures-2/WaveJudge4900A-LTEHandout-Feb11-2012.pdf, 2018. [Online; accessed 02-Mar-2020].

[3] Software Radio Systems - Airscope. http://www.softwareradiosystems.com/products/, 2018.[Online; accessed 02-Mar-2020].

[4] 3GPP. GSMA Coordinated Vulnerability Disclosure Programme). https://www.gsma.com/security/gsma-coordinated-vulnerability-disclosure-programme/. [Online; accessed 02-Mar-2020].

[5] 3GPP. Speech codec speech processing functions; Adap-tive Multi-Rate - Wideband (AMR-WB) speech codec; Frame structure. TS 26.201, 3rd Generation Partnership Project (3GPP), 12 2009.

[6] 3GPP. Evolved Universal Terrestrial Radio Access (E-UTRA); Packet Data Convergence Protocol (PDCP) specification. TS 36.323, 3rd Generation Partnership Project (3GPP), 01 2010.

[7] 3GPP. IP Multimedia Subsystem (IMS) media plane security. TS 33.328, 3rd Generation Partnership Project (3GPP), 12 2010.

[8] 3GPP. Service requirements for the Evolved Packet System (EPS). TS 22.278, 3rd Generation Partnership Project (3GPP), 10 2010.

[9] 3GPP. Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access Network (E-UTRAN); Overall description; Stage 2. TS 36.300, 3rd Generation Partnership Project (3GPP), 03 2011.

[10] 3GPP. Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control (RRC); Protocol specification. TS 36.331, 3rd Generation Partnership Project (3GPP), 06 2011.

[11] 3GPP. 5G; NR; Radio Resource Control (RRC);. TS TS38.331, 3rd Generation Partnership Project (3GPP), 2018.

[12] Elad Barkan, Eli Biham, and Nathan Keller. Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Com-munication. In Annual International Cryptology Con-ference, pages 600–616. Springer, 2003.

[13] David Basin, Jannik Dreier, Lucca Hirschi, Saša Radomirovic, Ralf Sasse, and Vincent Stettler. A For-mal Analysis of 5G Authentication. In Conference on Computer and Communications Security (CCS), pages 1383–1396. ACM, 2018.

[14] Alex Biryukov, Adi Shamir, and David Wagner. Real Time Cryptanalysis of A5/1 on a PC. In Workshop on Fast Software Encryption (FSE). Springer, 2000.

[15] Nicola Bui and Joerg Widmer. OWL: A Reliable Online Watcher for LTE Control Channel Measurements. In Workshop on All Things Cellular: Operations, Applica-tions and Challenges (ATC). ACM, 2016.

[16] Mario Callegaro, Allan L McCutcheon, and Jack Lud-wig. Who’s calling? The Impact of Caller ID on Tele-phone Survey Response. Field Methods, 22(2):175–191, 2010.

[17] Merlin Chlosta, David Rupprecht, Thorsten Holz, and Christina Pöpper. Lte security disabled — misconfigura-tion in commercial networks. In Conference on Security & Privacy in Wireless and Mobile Networks (WiSec). ACM, 2019.

[18] Federal Communications Commission. Caller id spoof-ing. https://www.fcc.gov/consumers/guides/spoofing-and-caller-id. [Online; accessed 02-Mar-2020].

[19] Cas Cremers and Martin Dehnel-Wild. Component-Based Formal Analysis of 5G-AKA: Channel Assump-tions and Session Confusion. In Symposium on Network and Distributed System Security (NDSS). ISOC, 2019.

[20] Jovan Dj. Goli´c. Cryptanalysis of Alleged A5 Stream Cipher. In Theory and Application of Cryptographic Techniques (EUROCRYPT). Springer, 1997.

[21] Ismael Gomez-Miguelez, Andres Garcia-Saavedra, Paul D. Sutton, Pablo Serrano, Cristina Cano, and Doug J. Leith. srsLTE: An Open-source Platform for LTE Evolution and Experimentation. In Workshop on Wireless Network Testbeds, Experimental Evaluation, and Characterization (WiNTECH). ACM, 2016.

[22] GSM Association Security Group. Indus-try Initiative to Withdraw A5/2 Briefing Paper. http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_44_Tallinn/Docs/S3-060541.zip. [Online; accessed 02-Mar-2020].

[23] GSMA. VoLTE (Voice over LTE)). https://www.gsma.com/futurenetworks/technology/volte/.
[Online; accessed 02-Mar-2020].

[24] B. Hong, S. Park, H. Kim, D. Kim, H. Hong, H. Choi, J. P. Seifert, S. J. Lee, and Y. Kim. Peeking over the Cellular Walled Gardens - A Method for Closed Network Diagnosis. IEEE Transactions on Mobile Computing, 2018.

[25] Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, and Elisa Bertino. LTEInspector: A System-atic Approach for Adversarial Testing of 4G LTE. In Symposium on Network and Distributed System Security (NDSS). ISOC, 2018.

[26] Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowd-hury, Ninghui Li, and Elisa Bertino. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information. In Symposium on Network and Distributed System Security (NDSS). ISOC, 2019.

[27] Roger Piqueras Jover. LTE Security, Protocol Exploits and Location Tracking Experimentation with Low-Cost Software Radio. CoRR, abs/1607.05171, 2016.

[28] Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim. Breaking and Fixing VoLTE : Exploiting Hidden Data Channels and Misimplementa-tions. In Conference on Computer and Communications Security (CCS). ACM, 2015.

[29] Hongil Kim, Jiho Lee, Eunkyu Lee, and Yongdae Kim. Touching the untouchables: Dynamic security analysis of the lte control plane. In IEEE Symposium on Security and Privacy (SP). IEEE, 2019.

[30] Katharina Kohls, David Rupprecht, Thorsten Holz, and Christina Pöpper. Lost Traffic Encryption : Fingerprint-ing LTE/4G Traffic on Layer Two. In Conference on Security & Privacy in Wireless and Mobile Networks (WiSec). ACM, 2019.

[31] Chi-Yu Li, Guan-Hua Tu, Songwu Lu, Xinbing Wang, Chunyi Peng, Zengwen Yuan, Yuanjie Li, Songwu Lu, and Xinbing Wang. Insecurity of Voice Solution VoLTE in LTE Mobile Networks. In Conference on Computer and Communications Security (CCS). ACM, 2015.

[32] Najmeh Miramirkhani, Oleksii Starov, and Nick Niki-forakis. Dial one for Scam: A large-scale Analysis of Technical support Scams. In Symposium on Network and Distributed System Security (NDSS). ISOC, 2016.

[33] osmocom Security. Withdrawal of a5/2 algorithim sup-port. http://security.osmocom.org/trac/wiki/A52_Withdrawal. [Online; accessed 02-Mar-2020].

[34] V. Panayotov, G. Chen, D. Povey, and S. Khudanpur. Librispeech: An ASR corpus based on Public Domain Audio Books. In International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 5206–5210, April 2015.

[35] Shinjo Park, Altaf Shaik, Ravishankar Borgaonkar, An-drew Martin, and Jean-Pierre Seifert. White-Stingray: Evaluating IMSI Catchers Detection Applications. In Workshop on Offensive Technologies (WOOT). USENIX Association, 2017.

[36] Muhammad Taqi Raza and Songwu Lu. On Key Reinstallation Attacks over 4G/5G LTE Networks: Feasibility and Negative Impact. Technical report, University of California, Los Angeles, 11 2018. https://www.researchgate.net/publication/ 328927054_On_Key_Reinstallation_Attacks
_over_4G5G_LTE_Networks_Feasibility_and
_Negative_Impact [Online; accessed 02-Mar-2020].

[37] David Rupprecht, Adrian Dabrowski, Thorsten Holz, Edgar Weippl, and Christina Pöpper. On Security Re-search towards Future Mobile Network Generations. IEEE Communications Surveys & Tutorials, 2018.

[38] David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper. Breaking LTE on Layer Two. In IEEE Symposium on Security & Privacy (SP). IEEE, 2019.

[39] David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper. IMP4GT: IMPersonation Attacks in 4G NeTworks. In Symposium on Network and Dis-tributed System Security (NDSS). ISOC, February 2020.

[40] Merve Sahin, Aurélien Francillon, Payas Gupta, and Mustaque Ahamad. SoK: Fraud in Telephony Networks. In IEEE European Symposium on Security and Privacy (EuroSP). IEEE, 2017.

[41] Security Research Labs. Kraken: A5/1 Decryption Rainbow Tables. https://opensource.srlabs.de/projects/a51-decrypt, 2010. [Online; accessed 02-Mar-2020].

[42] Hemant Sengar, Ram Dantu, Duminda Wijesekera, and Sushil Jajodia. SS7 over IP: signaling interworking vulnerabilities. IEEE Network, 20(6):32–41, 2006.

[43] Altaf Shaik, Ravishankar Borgaonkar, N. Asokan, Valt-teri Niemi, and Jean-Pierre Seifert. Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems. In Symposium on Network and Distributed System Security (NDSS). ISOC, 2016.

[44] Catherine Stupp. Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime Case.
https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402. [Online; accessed 02-Mar-2020].

[45] The Computer Security Group at Berlin University of Technology. SCAT: Signaling Collection and Analysis Tool. https://github.com/fgsect/scat. [Online; accessed 02-Mar-2020].

[46] Patrick Ventuzelo, OL Moal, and Thomas Coudray. Sub-scribers Remote Geolocation and Tracking using 4G VoLTE Enabled Android Phone. In Symp. on Informa-tion and Communications Security (SSTIC), 2017.