TelcoSecDay 2019 – First talks preview

This year we had some excellent submissions for TelcoSecDay.  Here are the first four confirmed speakers who are going to talk about the below mentioned topics:

1. Telecom protocols revisited – Not just a signalling problem – by Fredrik Söderlund

A look at the design of the currently deployed signalling protocols for core networks, both SS7 and Diameter (legacy and LTE). Peculiar quirks and how the design has lead to the industry sometimes failing to adhere to its own standards.

About the speaker:

Fredrik started his career in reverse engineering and development of debug-tools and runtime software analysis tools. He has more than 20 years of experience in the field. For the last decade his focus has been mainly on telecom, where he is recognized as a leading expert and security researcher.

In recent years he has been deeply involved in the industry efforts to secure the signalling networks, working on and publishing unique offensive research such as the Root Canal attack on SS7. He also actively works with the industry bodies and taking part in shaping the industry wide recommendations on signalling security on SS7, Diameter, 5G protocols and NFV.

As the Symsoft/CLX Software and Systems Security Advisor Fredrik acts as part of the CTO office and focus both on offensive and defensive security research in Signalling and IoT. He participates in the GSMA to help secure the present and future pathways of communication and is listed twice in the Mobile Security Research Hall of Fame.

In his advisory capacity he assists the Symsoft/CLX R&D team in development of the Signalling Firewall and Fraud and Security product line and function horizontally as security advisor on software, IoT and telecom security.


2. V-RAN: security challanges for Telco – by Rosalia d’Alessandro 

Telecom operators are looking to extend the benefits of virtualization to radio access networks (RANs).
The idea behind the use of virtualization in the radio access network is decoupling software from hardware, transforming the typical network architecture from hardware-based to software-based.
This leads to at least two main theoretical advantages:
1) more flexible and agile network with the possibility to quickly deliver customizable services based on new features and algorithms for streamlining resource usage.
2) The reduction of the need for expensive proprietary hardware thanks to the usage of commodity hardware based on the principles of Network Functions Virtualization (cost-effectivness)
In the vRAN model, each base station—e.g. evolved Node B (eNodeB) in LTE—comprises a baseband unit (BBU) and remote radio units (RRUs), which are also referred to as remote radio heads (RRHs). The BBUs are virtualized. The vBBUs are deployed on multiple NFV platforms on industry standard x86 hardware and consolidated in centralized data centers, while remote radio heads (RRHs) are left at the cell sites at the edge of the network. vRAN leverages standard server hardware that cost-effectively scales up or down processing, memory, and I/O resources with demand and infuses the RAN with capacity for application intelligence to significantly improve service quality and reliability. Depending on how the eNodeB functions are split, the architecture also allows for Ethernet and IP fronthaul transport, which gives services providers more cost-effective options for fronthaul transport.
For this reason, VRAN architecture are strongly targeted by mobile operators to improve radio performance of LTE networks, as well as it represents the radio architecture that will be adopted by 5G mobile networks.

In this proposed talk we highlight new security challenges that will be faced by operators on the Radio Access Network. Going forward, we discuss a critical aspect in V-RAN innovation which is network virtualization. Then, we discuss other important aspects of V-RAN like poorly hardened commodity servers used in the deployments (outdated OS, outdated software packages, default OS installation and so on, no network traffic segregation on BBU and RRHs), needs of IPSEC between BBU and RRHs, the implementation of proprietary protocols between VRAN components and poor protocol stack implementations.

About the speaker:

In TIM, since 2002 Rosalia deals with the security of mobile devices and since 2010 she worked on mobile networks security with vulnerability analysis and testing activities. She also joined the GSMA Security Group and its sub-groups where actively collaborated to release several documents/security guidelines on mobile network security configuration (signaling network such SS7, diameter and GTP). She also worked to 3GPP Standardization body on security matters (SA3 group). From september 2018 she joined Accenture SPA, leaving TIM.

3. Gaining Control on Advanced Mobile Location- by Shinjo Park 

Advanced Mobile Location (AML) is an ETSI standard for sending the user’s precise location during emergency call over mobile network. However, its implementation on Android and iOS is relatively unknown in this point. We performed an analysis on how AML is implemend in smartphones and highlight what could be the possible attack vectors.

About the speaker:

Shinjo Park is a doctoral student at TU Berlin.

4. Exploiting Missing Integrity Protection in LTE Networks – by David Rupprecht 

The aLTEr attack enables an adversary to manipulate encrypted transmissions in the LTE network to redirect a victim to a fraudulent website. Furthermore, we analyze the enforcement of integrity protection in deployed LTE networks and demonstrate how a false core network configuration of this allows an adversary to impersonate users.

About the speaker:

David Rupprecht received his B.Eng. in Computer Science and Telecommunications from the University of Applied Sciences for Telecommunications Leipzig, Germany, in 2012. He continued his studies with a focus on IT Security, Networks, and Systems and received his master’s degree 2015 from the Ruhr-University Bochum, Germany. Since 2015, David Rupprecht is a doctoral student at the Information Security Group of the Horst Görtz Institute for IT Security, Bochum. His research interests include mobile network security with a focus on access networks. His work explores implementation as well as specifications flaws in current and future mobile networks. In his daily work, he makes use of software-defined radios for the implementation of attacks and countermeasures.

We do have few other interesting talks still lined up for the TelcoSecDay 2019. We will soon update you with more talks and speakers soon.