Karl Norrman

Prajwol Kumar Nakarmi, Mehmet Akif Ersoy, Elif Ustundag Soykan et al.

In recent years, there has been an increasing interest in false base station detection systems. Most of these rely on software that users download into their mobile phones. The software either performs an analysis of radio environment measurements taken by the mobile phone or reports these measurements to a server on the Internet, which then analyzes the aggregated measurements collected from many mobile phones. These systems suffer from two main drawbacks. First, they require modification to the mobile phones in the form of software and an active decision to participate from users. This severely limits the number of obtained measurements. Second, they do not make use of the information the mobile network has regarding network topology and configuration. This results in less reliable predictions than could be made. We present a network-based system for detecting false base stations that operate on any 3GPP radio access technology, without requiring modifications to mobile phones, and that allows taking full advantage of network topology and configuration information available to an operator. The analysis is performed by the mobile network based on measurement reports delivered by mobile phones as part of normal operations to maintain the wireless link. We implemented and validated the system in a lab experiment and a real operator trial. Our approach was adopted by the 3GPP standardization organization.

Karl Norrman, Vaishnavi Sundararajan, Alessandro Bruni

Constrained IoT devices are becoming ubiquitous in society and there is a need for secure communication protocols that respect the constraints under which these devices operate. EDHOC is an authenticated key establishment protocol for constrained IoT devices, currently being standardized by the Internet Engineering Task Force (IETF). A rudimentary version of EDHOC with only two key establishment methods was formally analyzed in 2018. Since then, the protocol has evolved significantly and several new key establishment methods have been added. In this paper, we present a formal analysis of all EDHOC methods in an enhanced symbolic Dolev-Yao model using the Tamarin tool. We show that not all methods satisfy the authentication notion injective of agreement, but that they all do satisfy a notion of implicit authentication, as well as Perfect Forward Secrecy (PFS) of the session key material. We identify other weaknesses to which we propose improvements. For example, a party may intend to establish a session key with a certain peer, but end up establishing it with another, trusted but compromised, peer. We communicated our findings and proposals to the IETF, which has incorporated some of these in newer versions of the standard.

Martin Isaksson, Karl Norrman

Machine Learning (ML) is an important enabler for optimizing, securing and managing mobile networks. This leads to increased collection and processing of data from network functions, which in turn may increase threats to sensitive end-user information. Consequently, mechanisms to reduce threats to end-user privacy are needed to take full advantage of ML. We seamlessly integrate Federated Learning (FL) into the 3GPP 5G Network Data Analytics (NWDA) architecture, and add a Multi-Party Computation (MPC) protocol for protecting the confidentiality of local updates. We evaluate the protocol and find that it has much lower overhead than previous work, without affecting ML performance.