Speaker:
Syed Rafiul Hussain
Purdue University

Abstract:

Cellular technologies enable a wide array of critical services, from personal communication, autonomous vehicles and telemedicine to critical infrastructures, such as smart grid electricity distribution. Unfortunately, security and user privacy for such complex networks are often considered as afterthoughts. These lead to inadequate security evaluation early on the development cycle that fails to identify missing security and privacy guarantees in protocol designs. To make matters worse, unsafe practices and operational oversights stemming from poor input sanitization and unvetted simplification of complex protocol interactions further contribute to the deviation of deployments from designs. In this talk, I will highlight how my research addresses these problems by developing principled techniques for analyzing design specifications and deployments of complex cellular network protocols.

I will first present a new adversarial reasoning technique combining the capabilities of a symbolic model checker and a cryptographic protocol verifier that enabled us to identify 20+ new vulnerabilities in 4G and 5G cellular network design specifications. I will then discuss three new side-channel attacks in 4G and 5G networks uncovered with our dedicated probabilistic reasoning technique. Next, I will talk about a fuzzing technique which is more effective than the state-of-the-art in reasoning about syntactic and semantic correctness of an implementation when binary instrumentation is not realizable and direct feedback on code coverage information is missing. Finally, I will conclude with a discussion on challenges in adapting and scaling our current approaches for a holistic analysis of 5G and next-generation cellular networks, and IoT systems.

About: Syed Rafiul Hussain is a Postdoctoral Researcher in the Department of Computer Science at Purdue University from where he also received his Ph.D. in December 2018. His research interests broadly lie in network and system security with a focus on the fundamental improvement of security and privacy analysis of emerging networks and cyber-physical systems, including cellular networks and Internet-of-Things.  His papers have received awards and nominations, including ACSAC'19 distinguished paper award, NDSS'19 distinguished paper award honorable mention, and ACM SIGBED EWSN'17 best paper award nomination. He has been inducted twice in the Hall of Fame Mobile Security Research by GSMA for his contribution in identifying 20+ new protocol flaws in 4G and 5G cellular networks. His findings led to several changes in the 4G and 5G cellular protocol designs and in operational networks. His work has been featured by mass media outlets worldwide, including the New York Times, Washington Post, Forbes, MIT Technology Review, and The Register.

The weekly security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics. More info