LEFT: An LTE-Oriented Emulation-Instrumented Fuzzing Testbed
Research Team Leadership
- PI: Guanhua Yan, Binghamton University, SUNY
The Homeland Security Challenge
By 2020, the number of 4G LTE connections is expected to reach 2.8 billion, due to higher communications capabilities and a growing appetite for online services and resources. Because everything from toothbrushes to automobiles to mobile phones are part of the Internet of Things (IoT), a hacked device can be used to attack other systems and create extensive damage. Because the security of these devices and the networks that connect them haven’t evolved as quickly as their proliferation, these devices pose a significant threat to multiple aspects of critical infrastructure across a wide range of industries.
CIRI's Proposed Solution
Dr. Guanhua Yan is creating a new methodology that would help make 4G LTE networks—which are embedded in the daily operation of everything from healthcare to transportation—more secure and reliable. His goal is to learn more about 4G LTE mobile communication networks and device vulnerabilities in an effort to prevent complications arising from failures or attacks on device and network vulnerabilities. This project is process oriented and targeted, which will result in the development of new software that can be leveraged by mobile telecommunications network providers and device developers.
The research team will develop a “fuzzing” testbed, which is a research method that is very effective at uncovering vulnerabilities at the system level. The testbed will efficiently generate a series of mutated input variants to learn what crashes the system. This is an unexplored approach for studying the resilience of LTE systems. Fuzzing research was done on 2G networks and devices—though not on a very large scale—but it has not been conducted on 4G LTE devices. Yan’s team will use an emulation approach, which allows them to mimic a cell phone device through a custom software package. The end product will be a software program that emulates and injects random software-induced faults into an LTE system to elicit unexpected behaviors for further diagnosis.