Research On Automatic Vulnerability Detection Method For LTE Networks

With the rapid development of LTE networks and the widespread of mobile phones,wireless broadband communications have penetrated into all aspects of people's lives.At the same time,the more closer bound of mobile communication and ordinary life produces a lot of security issues.In order to protect public and national security,it is necessary to study the security of LTE networks.In the field of LTE security research,most of the work focuses on analyzing the structure and protocol of the LTE system by the means of manual auditing,and the degree of automation is relatively insufficient.Therefore,it is valuable to study how to improve the automation of LTE networks vulnerability detection.This article focuses on three aspects to research on the automated vulnerability detection about LTE networks:Proposed a method for network elements detection based on protocols and automatic vulnerability detection based on feature matching.Based on the widely used GTP protocol and SCTP protocol in LTE networks,the request/response mechanism were used to detect the network elements' types,and then iterative requests were made by selecting different types of messages.Based on the response results,the set of potential network element's types was divided,finally type of target network element was determined.After obtaining the network structure and the type of network element,we used the method of rule mapping to extract the network's information from the output packets from communication.After obtaining enough network information,we used the feature matching method to detect the vulnerabilities.Experiments confirmed the usability of this method.Proposed a method for vulnerability detection of application implementation in network elements based on static program analysis.By researching the fixed patterns that the processing procedures of the communication protocol have on the specific operations,the main entities of the protocol processing were abstracted and the semantic annotation of the protocol message format was completed.Developed the analysis modules based on the Clang compiler front-end,the variable reference tracking and function call localization methods were used to analyze the operations in protocol message parsing,and the control flow diagram were established to find the potential security flaws in the software implementation.Built the test platform and runned the network simulation for verification.Constructed a LTE simulation platform based on NS-3 network simulation simulator,carried out the experiments of network element detection and the verification of the vulnerabilities obtained from previous static analysis of source code.