Fingerprinting of Cellular Infrastructure Based on Broadcast Information

Title

Fingerprinting of Cellular Infrastructure Based on Broadcast Information

 Author

Bhattacharjee, A.K. (TU Delft Networked Systems) ORCID 0009-0009-1961-9958
Cecconello, S. (TU Delft Cyber Security)
Kuipers, F.A. (TU Delft Networked Systems) ORCID 0000-0002-6686-8350
Smaragdakis, G. (TU Delft Cyber Security) ORCID 0000-0002-4127-3617

 Contributor

Tsudik, Gene (editor)
Conti, Mauro (editor)
Liang, Kaitai (editor)
Smaragdakis, Georgios (editor)

Date

2024

 Abstract

To avoid exploitation of known vulnerabilities, it is standard security practice to not disclose any model information regarding the antennas used in cellular infrastructure. However, in this work, we show that end-user devices receive enough information to infer, with high accuracy, the model-family of antennas. We demonstrate how low-cost hardware and software setups can fingerprint the cellular infrastructure of whole regions within a few minutes by only listening to cellular broadcast messages. To show the effectiveness and hence risk of such fingerprinting, we collected an extensive dataset of broadcast messages from three different countries. We then trained a machine-learning model to classify broadcast messages based on the model-family they belong to. Our results reveal a worryingly high average accuracy of 97% for model-family classification. We further discuss how inferring the model-family with such high accuracy can lead to a class of identification attacks on cellular infrastructure and we subsequently suggest countermeasures to mitigate the fingerprint effectiveness.


 To reference this document use:

http://resolver.tudelft.nl/uuid:d052fe1b-9d36-4030-8163-24ea515a5921

 DOI

https://doi.org/10.1007/978-3-031-51476-0_5

 Publisher

Springer

 Embargo date

2024-07-15

 ISBN

9783031514753

 Source

Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings

 Event

28th European Symposium on Research in Computer Security, ESORICS 2023, 2023-09-25 → 2023-09-29, The Hague, Netherlands

 Series

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 0302-9743, 14345 LNCS

 Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

 Part of collection

Institutional Repository

 Document type

conference paper

 Rights

© 2024 A.K. Bhattacharjee, S. Cecconello, F.A. Kuipers, G. Smaragdakis
Files
file embargo until 2024-07-15