Cellular networks (4G, 5G, and beyond), the only large-scale wireless network infrastructure on par with the Internet, play an indispensable role in supporting not only daily voice, text, and data services but also critical services such as emergency services. Emergency communication over cellular networks is a vital part of our nation’s emergency response and disaster preparedness system. To maximize emergency service availability, there are some special requirements from standard organizations and administrative authorities. For example, in the U.S., the Federal Communications Commission (FCC) stipulates that cellular carriers must transmit all wireless 911 calls without call validation to Public Safety Answering Points (PSAPs). The 3GPP standard provides emergency services with higher priority than non-emergency services and enables them across all available radio access technologies, generations, and operators. Therefore, ideally, by design, users are supposed to access emergency services anytime and anywhere, as long as wireless coverage is available.However, it is very challenging to support such emergency communications. An operational cellular infrastructure usually comprises multiple generations of cellular networks, such as 5G Standalone, 5G Non-Standalone, 4G, and 3G, using different radio access technologies, including 5G NR (New Radio), 4G E-UTRA (Evolved Universal Terrestrial Radio Access), or even public/private Wi-Fi networks. However, the security mechanisms and supported services of different generations are not equally reliable. Moreover, to maximize emergency service support, networks must permit some insecure operations, such as allowing anonymous emergency access for roaming users or users without mobile subscriptions. These special operations, while essential, similar to backdoors, introducing potential attack surfaces. Even more threatening, emergency and non-emergency services share the same underlying infrastructure. Therefore, any design flaw in emergency services can compromise the security and reliability of the entire mobile ecosystem. Despite their importance, emergency services remain underexplored, as prior work mainly targets user equipment or simulated DoS attacks, lacking systematic study of such critical infrastructure.This dissertation presents our research on powering the infrastructure for critical services to ensure secure and reliable emergency communications over cellular networks. We highlight our research insights and findings on: (1) identifying design defects in cellular emergency service standards, and (2) investigating the security and reliability of operational emergency services in the U.S. and other countries/areas, along with the technical challenges we encountered and our approaches to addressing them. Our results show that, from a security perspective, operational cellular emergency services are not only abusable but also deniable. For example, an adversary can block a victim's emergency calls by sending just a single message to the carrier network. Adversaries without purchasing any mobile subscription can obtain free data, voice, and text services through the high-priority emergency communication channel. Even more threatening, our study also reveals that, in some situations, with sufficient wireless coverage, emergency calls cannot be made within 2 minutes, whereas non-emergency calls at the same locations can be made within 3-6 seconds. Finally, we conclude our existing research on studying critical emergency services, discuss new challenges and opportunities for safeguarding next-generation emergency services, and outline future research directions.
Read
