TY - GEN
T1 - When Good Turns Evil
T2 - 2023 IEEE Conference on Communications and Network Security, CNS 2023
AU - Shi, Jingwen
AU - Xie, Tian
AU - Tu, Guan Hua
AU - Peng, Chunyi
AU - Li, Chi Yu
AU - Hou, Andrew
AU - Wang, Sihan
AU - Hu, Yiwen
AU - Lei, Xinyu
AU - Chen, Min Yue
AU - Xiao, Li
AU - Liu, Xiaoming
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - 5G/4G voice calls are always encrypted for security and privacy. However, in this work, we unveil several vulnerabilities which can unintentionally leak 5G/4G call state information, despite encryption protection. They stem from recent call optimization techniques standardized in the 3GPP specifications and adopted by mobile network operators. While these techniques are effective to enhance 5G/4G call quality and efficiency, they unfortunately expose extra call information, which can be exploited to precisely infer call states and launch side-channel attacks. By leveraging precise call states, we devise a Cross-domain Identity Linkage attack, CrossIL, which aims to infer mobile users' user identities and cellular identities, thereby enabling powerful cyberattacks or privacy inferences against high-value victims. We have experimentally validated these vulnerabilities and assessed the attack damages with three major U.S. carriers. Our experimental result shows that the success rate on the identity inference ranges from 89% to 98%. Finally, we propose and evaluate a cellular-friendly solution.
AB - 5G/4G voice calls are always encrypted for security and privacy. However, in this work, we unveil several vulnerabilities which can unintentionally leak 5G/4G call state information, despite encryption protection. They stem from recent call optimization techniques standardized in the 3GPP specifications and adopted by mobile network operators. While these techniques are effective to enhance 5G/4G call quality and efficiency, they unfortunately expose extra call information, which can be exploited to precisely infer call states and launch side-channel attacks. By leveraging precise call states, we devise a Cross-domain Identity Linkage attack, CrossIL, which aims to infer mobile users' user identities and cellular identities, thereby enabling powerful cyberattacks or privacy inferences against high-value victims. We have experimentally validated these vulnerabilities and assessed the attack damages with three major U.S. carriers. Our experimental result shows that the success rate on the identity inference ranges from 89% to 98%. Finally, we propose and evaluate a cellular-friendly solution.
UR - http://www.scopus.com/inward/record.url?scp=85177575118&partnerID=8YFLogxK
U2 - 10.1109/CNS59707.2023.10288900
DO - 10.1109/CNS59707.2023.10288900
M3 - Conference contribution
AN - SCOPUS:85177575118
T3 - 2023 IEEE Conference on Communications and Network Security, CNS 2023
BT - 2023 IEEE Conference on Communications and Network Security, CNS 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 2 October 2023 through 5 October 2023
ER -