Automated Security Analysis for Cellular Networks

This paper introduces CellSecInspector, an automated framework to analyze 3GPP specifications for vulnerabilities in cellular networks. It addresses the limitations of manual reviews and existing automated approaches by extracting structured representations, modeling network procedures, and validating them against security properties. The discovery of 43 vulnerabilities, including 8 previously unreported, highlights the effectiveness of the approach.

• •CellSecInspector is an automated framework for security analysis of 3GPP specifications.
• •It uses structured state-condition-action (SCA) representations and models mobile network procedures.
• •The framework validates procedures against security properties and generates test cases.
• •It discovered 43 vulnerabilities in 5G and 4G NAS and RRC specifications, including 8 new ones.