TWC: Small: Collaborative: Cellular Network Services in Peril: A Perspective on Control-Plane and Data-Plane Design

TWC：小型：协作：危险中的蜂窝网络服务：控制平面和数据平面设计的视角

• 批准号: 1528122
• 负责人: Songwu Lu
• 金额: $ 26.09万
• 依托单位: University of California-Los Angeles
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1528122&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Cellular; Network

The cellular network is the largest wireless infrastructure deployed today. It offers users mobile Internet access and carrier-grade voice service. Each such service (e.g., data or voice) typically involves operations on both data and control planes. The former transfers service content to users, whereas the latter performs control functions of service instantiation, maintenance, update, and termination. Securing control and data planes is thus critical to mobile network service. Different from the Internet built upon the single best-effort delivery, the fourth-generation (4G) mobile network supports diversified service models. It not only provides multiple priorities within the network (e.g., voice has higher priority than data), but also carries control and data over different radio channels. Consequently, given a service (e.g., voice, video, or messaging), its control-plane and data-plane operations open new venues for security research. This project aims to study both planes in 4G networks from the security perspective. The success of this research will not only protect the trillion-dollar market of mobile voice for billions of smartphone users, but also safeguard the mobile Internet access from attacks initiated by malicious calls. The proposed activity may influence the upcoming 5G technology standardization and train a new generation of engineers and students.The proposed research has two main thrusts. One is the insecurity analysis of 4G network services. This project examines the control and data planes and their coordination. It conducts thorough theoretical analysis to uncover all potential vulnerabilities, explores novel attacks, and empirically validates those practical threats. The other is to propose defenses to secure both planes from such threats. The solution calls for concerted efforts between the network and the user, and between hardware and software. This project seeks to make three contributions: (1) Systematic disclosure of insecurity on the control-plane and data-plane operations: Both incur new breaches that current defense measures fail to protect; (2) Identification of diverse root causes: Mobile standards stipulate loose regulations, whereas device software and hardware assume protection from each other. As both planes become more accessible to smartphones, no new protection mechanisms are in place. (3) Solution that secures both control-plane and data-plane operations: It adds protection at both hardware and software at mobile devices, and inside the network infrastructure. It further leverages device capabilities while preserving flexible network services.

蜂窝网络是当今部署的最大的无线基础设施。它为用户提供移动的互联网接入和电信级语音服务。每个这样的服务（例如，数据或语音）通常涉及数据和控制平面上的操作。前者将服务内容传递给用户，而后者执行服务实例化、维护、更新和终止的控制功能。因此，保护控制和数据平面对于移动的网络服务是至关重要的。与基于单一尽力而为交付的互联网不同，第四代（4G）移动的网络支持多样化的业务模式。它不仅在网络内提供多个优先级（例如，语音具有比数据更高的优先级），而且还在不同的无线电信道上携带控制和数据。因此，给定服务（例如，语音、视频或消息传送），其控制平面和数据平面操作为安全研究开辟了新的场所。该项目旨在从安全角度研究4G网络中的两个平面。这项研究的成功不仅将保护数十亿智能手机用户的万亿美元移动的语音市场，还将保护移动的互联网接入免受恶意呼叫发起的攻击。拟议的活动可能会影响即将到来的5G技术标准化，并培养新一代的工程师和学生。拟议的研究有两个主要目标。一是4G网络服务的不安全性分析。本项目研究控制和数据平面及其协调。它进行全面的理论分析，以发现所有潜在的漏洞，探索新的攻击，并根据经验验证这些实际威胁。另一个是提出防御措施，以确保两架飞机免受这种威胁。解决这个问题需要网络和用户、硬件和软件的共同努力。该项目旨在做出三个贡献：（1）系统地披露控制平面和数据平面操作上的不安全性：两者都会引发当前防御措施无法保护的新漏洞;（2）识别不同的根本原因：移动的标准规定了宽松的法规，而设备软件和硬件相互保护。随着智能手机越来越容易访问这两个平面，没有新的保护机制。(3)同时保护控制平面和数据平面操作的解决方案：它在移动的设备和网络基础设施内部的硬件和软件上增加了保护。它进一步利用设备功能，同时保留灵活的网络服务。