Nowadays, the world has been mobilized. By the end of 2022, mobile networks have connected billions of mobile devices and provided billions of users with ubiquitous mobile services. People can use the cellular network for voice and text communication, accessing the Internet, conducting monetary transactions, etc. With the development of cellular networks, lots of new services continue to be added and provided by the operators. As mobile networks continue to evolve, with billions of devices and users connected, ensuring the security of mobile networks becomes crucial. However, it is challenging to secure mobile networks. The mobile network is a complex ecosystem comprising various components, such as eNodeBs, MMEs, HHS, AAAs, ePDGs, P-GWs, and S-GWs, encompassing a multitude of protocols including IP, NAS, RRC, PDCP, etc., and employing multiple generations of technologies of 2G, 3G, 4G/LTE, and 5G/NR. Furthermore, the introduction of new technologies and services, such as Voice over LTE (VoLTE), Voice over Wi-Fi (VoWi-Fi, a.k.a Wi-Fi calling), and the support of cellular IoT services further contributes to the complexity. Additionally, the wide range of devices (e.g., smartphones, tablets, IoTs) connected to mobile networks and the geographical distribution of mobile network components further complicate security measures. Any vulnerability in mobile networks may threaten the entire wireless ecosystem. Thus, there is a pressing need for security research to ensure the development of secure and dependable mobile networks, which is the motivation of this dissertation to conduct the security study on the essential cellular mobile network services including IMS services, wireless IoT services, and Internet Application Services. First, the security research of cellular network IP Multimedia Subsystem (IMS) security in mobile networks is introduced. It is the first work that investigates the security of the operational VoWi-Fi services in three major U.S. operators’ networks using commodity devices. We disclose that current VoWi-Fi security is not bullet-proof and uncover three vulnerabilities. Two proof-of-concept attacks are devised and both of them can bypass the existing security defenses. We propose solutions to address all discovered vulnerabilities. Our discovered vulnerabilities have been confirmed by GSMA. Our findings have been acknowledged by academia and industry and received positive recognition, including IEEE CNS Best Paper Award and Google Security Reward. Second, we focus on securing wireless IoT services, specifically cellular IoT (CIoT). By conducting our empirical security research on cellular IoT service charging over the major U.S. carriers, we discover security vulnerabilities and analyze their root causes. To assess their real-world impact, proof-of-concept attacks are devised to allow adversaries to pay less for cellular data services. In the end, we analyze the challenges in addressing these vulnerabilities and develop an anti-abuse solution to mitigate attack incentives. The solution is standard-compliant and can be used immediately in practice. The prototype and evaluation confirm its effectiveness. Third, to overcome the fundamental obstacle for Internet Application Service (IAS), which is that there is no scalable, dependable, reliable, and privacy-preserving method to verify the IAS users' identities, we propose a novel security framework, MPKIX, designated as Mobile-assisted PKIX (Public-Key Infrastructure X.509). MPKIX secures both IAS providers and users by leveraging the broadly used PKIX services and mobile networked systems. It provides a reliable and privacy protection user verification mechanism and largely mitigates the possibility of ID theft attacks and benefits other involved parties. The evaluation results based on the prototype confirm the effectiveness and efficiency of MPKIX with low overhead. In conclusion, the novel framework, MPKIX, integrates Internet Application Services into the wide-sense mobile networks and enables the mobile network to provide secure and dependable services to its users. Lastly, the works introduced in this dissertation are summarized. Two future research topics are discussed. In conclusion, the security research on the mobile cellular network services (i.e., IP Multimedia Subsystem services, wireless IoT services, Internet Application Services) conducted in this dissertation contributes to the advancement of secure and dependable mobile networks. They secure the mobile ecosystem, facilitate the global deployment, and head toward secure and dependable mobile networks. Our findings and solutions have implications of billions of mobile users and pave the way for a safer mobile network ecosystem.
Read
