Title
Fingerprinting of Cellular Infrastructure Based on Broadcast Information
Author
Bhattacharjee, A.K. (TU Delft Networked Systems) ![ORCID 0009-0009-1961-9958 ORCID 0009-0009-1961-9958](/sites/all/themes/tud_repo3/img/icons/orcid_16x16.png)
Cecconello, S. (TU Delft Cyber Security)
Kuipers, F.A. (TU Delft Networked Systems) ![ORCID 0000-0002-6686-8350 ORCID 0000-0002-6686-8350](/sites/all/themes/tud_repo3/img/icons/orcid_16x16.png)
Smaragdakis, G. (TU Delft Cyber Security) ![ORCID 0000-0002-4127-3617 ORCID 0000-0002-4127-3617](/sites/all/themes/tud_repo3/img/icons/orcid_16x16.png)
Contributor
Tsudik, Gene (editor)
Conti, Mauro (editor)
Liang, Kaitai (editor)
Smaragdakis, Georgios (editor)
Date
2024
Abstract
To avoid exploitation of known vulnerabilities, it is standard security practice to not disclose any model information regarding the antennas used in cellular infrastructure. However, in this work, we show that end-user devices receive enough information to infer, with high accuracy, the model-family of antennas. We demonstrate how low-cost hardware and software setups can fingerprint the cellular infrastructure of whole regions within a few minutes by only listening to cellular broadcast messages. To show the effectiveness and hence risk of such fingerprinting, we collected an extensive dataset of broadcast messages from three different countries. We then trained a machine-learning model to classify broadcast messages based on the model-family they belong to. Our results reveal a worryingly high average accuracy of 97% for model-family classification. We further discuss how inferring the model-family with such high accuracy can lead to a class of identification attacks on cellular infrastructure and we subsequently suggest countermeasures to mitigate the fingerprint effectiveness.
To reference this document use:
http://resolver.tudelft.nl/uuid:d052fe1b-9d36-4030-8163-24ea515a5921
DOI
https://doi.org/10.1007/978-3-031-51476-0_5
Publisher
Springer
Embargo date
2024-07-15
ISBN
9783031514753
Source
Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings
Event
28th European Symposium on Research in Computer Security, ESORICS 2023, 2023-09-25 → 2023-09-29, The Hague, Netherlands
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 0302-9743, 14345 LNCS
Bibliographical note
Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Part of collection
Institutional Repository
Document type
conference paper
Rights
© 2024 A.K. Bhattacharjee, S. Cecconello, F.A. Kuipers, G. Smaragdakis