Fingerprinting of Cellular Infrastructure Based on Broadcast Information

Anup Kiran Bhattacharjee; Stefano Cecconello; Fernando Kuipers; Georgios Smaragdakis

doi:10.1007/978-3-031-51476-0_5

Fingerprinting of Cellular Infrastructure Based on Broadcast Information

Anup Kiran Bhattacharjee^*, Stefano Cecconello, Fernando Kuipers, Georgios Smaragdakis

^*Corresponding author for this work

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

Abstract

To avoid exploitation of known vulnerabilities, it is standard security practice to not disclose any model information regarding the antennas used in cellular infrastructure. However, in this work, we show that end-user devices receive enough information to infer, with high accuracy, the model-family of antennas. We demonstrate how low-cost hardware and software setups can fingerprint the cellular infrastructure of whole regions within a few minutes by only listening to cellular broadcast messages. To show the effectiveness and hence risk of such fingerprinting, we collected an extensive dataset of broadcast messages from three different countries. We then trained a machine-learning model to classify broadcast messages based on the model-family they belong to. Our results reveal a worryingly high average accuracy of 97% for model-family classification. We further discuss how inferring the model-family with such high accuracy can lead to a class of identification attacks on cellular infrastructure and we subsequently suggest countermeasures to mitigate the fingerprint effectiveness.

Original language	English
Title of host publication	Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings
Editors	Gene Tsudik, Mauro Conti, Kaitai Liang, Georgios Smaragdakis
Publisher	Springer
Pages	81-101
Number of pages	21
ISBN (Print)	9783031514753
DOIs	https://doi.org/10.1007/978-3-031-51476-0_5
Publication status	Published - 2024
Event	28th European Symposium on Research in Computer Security, ESORICS 2023 - The Hague, Netherlands Duration: 25 Sept 2023 → 29 Sept 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14345 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	28th European Symposium on Research in Computer Security, ESORICS 2023
Country/Territory	Netherlands
City	The Hague
Period	25/09/23 → 29/09/23

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Access to Document

10.1007/978-3-031-51476-0_5

Cite this

Bhattacharjee, A. K., Cecconello, S., Kuipers, F., & Smaragdakis, G. (2024). Fingerprinting of Cellular Infrastructure Based on Broadcast Information. In G. Tsudik, M. Conti, K. Liang, & G. Smaragdakis (Eds.), Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings (pp. 81-101). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14345 LNCS). Springer. https://doi.org/10.1007/978-3-031-51476-0_5

Bhattacharjee, Anup Kiran ; Cecconello, Stefano ; Kuipers, Fernando et al. / Fingerprinting of Cellular Infrastructure Based on Broadcast Information. Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings. editor / Gene Tsudik ; Mauro Conti ; Kaitai Liang ; Georgios Smaragdakis. Springer, 2024. pp. 81-101 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d052fe1b9d364030816324ea515a5921,

title = "Fingerprinting of Cellular Infrastructure Based on Broadcast Information",

abstract = "To avoid exploitation of known vulnerabilities, it is standard security practice to not disclose any model information regarding the antennas used in cellular infrastructure. However, in this work, we show that end-user devices receive enough information to infer, with high accuracy, the model-family of antennas. We demonstrate how low-cost hardware and software setups can fingerprint the cellular infrastructure of whole regions within a few minutes by only listening to cellular broadcast messages. To show the effectiveness and hence risk of such fingerprinting, we collected an extensive dataset of broadcast messages from three different countries. We then trained a machine-learning model to classify broadcast messages based on the model-family they belong to. Our results reveal a worryingly high average accuracy of 97% for model-family classification. We further discuss how inferring the model-family with such high accuracy can lead to a class of identification attacks on cellular infrastructure and we subsequently suggest countermeasures to mitigate the fingerprint effectiveness.",

author = "Bhattacharjee, {Anup Kiran} and Stefano Cecconello and Fernando Kuipers and Georgios Smaragdakis",

note = "Green Open Access added to TU Delft Institutional Repository {\textquoteleft}You share, we take care!{\textquoteright} – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. ; 28th European Symposium on Research in Computer Security, ESORICS 2023 ; Conference date: 25-09-2023 Through 29-09-2023",

year = "2024",

doi = "10.1007/978-3-031-51476-0_5",

language = "English",

isbn = "9783031514753",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "81--101",

editor = "Gene Tsudik and Mauro Conti and Kaitai Liang and Georgios Smaragdakis",

booktitle = "Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings",

}

Bhattacharjee, AK , Cecconello, S , Kuipers, F & Smaragdakis, G 2024, Fingerprinting of Cellular Infrastructure Based on Broadcast Information. in G Tsudik, M Conti, K Liang & G Smaragdakis (eds), Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14345 LNCS, Springer, pp. 81-101, 28th European Symposium on Research in Computer Security, ESORICS 2023, The Hague, Netherlands, 25/09/23. https://doi.org/10.1007/978-3-031-51476-0_5

Fingerprinting of Cellular Infrastructure Based on Broadcast Information. / Bhattacharjee, Anup Kiran ; Cecconello, Stefano ; Kuipers, Fernando et al.
Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings. ed. / Gene Tsudik; Mauro Conti; Kaitai Liang; Georgios Smaragdakis. Springer, 2024. p. 81-101 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14345 LNCS).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Fingerprinting of Cellular Infrastructure Based on Broadcast Information

AU - Bhattacharjee, Anup Kiran

AU - Cecconello, Stefano

AU - Kuipers, Fernando

AU - Smaragdakis, Georgios

N1 - Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

PY - 2024

Y1 - 2024

N2 - To avoid exploitation of known vulnerabilities, it is standard security practice to not disclose any model information regarding the antennas used in cellular infrastructure. However, in this work, we show that end-user devices receive enough information to infer, with high accuracy, the model-family of antennas. We demonstrate how low-cost hardware and software setups can fingerprint the cellular infrastructure of whole regions within a few minutes by only listening to cellular broadcast messages. To show the effectiveness and hence risk of such fingerprinting, we collected an extensive dataset of broadcast messages from three different countries. We then trained a machine-learning model to classify broadcast messages based on the model-family they belong to. Our results reveal a worryingly high average accuracy of 97% for model-family classification. We further discuss how inferring the model-family with such high accuracy can lead to a class of identification attacks on cellular infrastructure and we subsequently suggest countermeasures to mitigate the fingerprint effectiveness.

AB - To avoid exploitation of known vulnerabilities, it is standard security practice to not disclose any model information regarding the antennas used in cellular infrastructure. However, in this work, we show that end-user devices receive enough information to infer, with high accuracy, the model-family of antennas. We demonstrate how low-cost hardware and software setups can fingerprint the cellular infrastructure of whole regions within a few minutes by only listening to cellular broadcast messages. To show the effectiveness and hence risk of such fingerprinting, we collected an extensive dataset of broadcast messages from three different countries. We then trained a machine-learning model to classify broadcast messages based on the model-family they belong to. Our results reveal a worryingly high average accuracy of 97% for model-family classification. We further discuss how inferring the model-family with such high accuracy can lead to a class of identification attacks on cellular infrastructure and we subsequently suggest countermeasures to mitigate the fingerprint effectiveness.

UR - http://www.scopus.com/inward/record.url?scp=85182593014&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-51476-0_5

DO - 10.1007/978-3-031-51476-0_5

M3 - Conference contribution

AN - SCOPUS:85182593014

SN - 9783031514753

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 81

EP - 101

BT - Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings

A2 - Tsudik, Gene

A2 - Conti, Mauro

A2 - Liang, Kaitai

A2 - Smaragdakis, Georgios

PB - Springer

T2 - 28th European Symposium on Research in Computer Security, ESORICS 2023

Y2 - 25 September 2023 through 29 September 2023

ER -

Bhattacharjee AK , Cecconello S , Kuipers F , Smaragdakis G. Fingerprinting of Cellular Infrastructure Based on Broadcast Information. In Tsudik G, Conti M, Liang K, Smaragdakis G, editors, Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings. Springer. 2024. p. 81-101. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-51476-0_5