Hume Center Intelligent Systems Lab Tech Talks

The Hume Center's Intelligent Systems Lab has invited researchers and industry professionals to join us at the Virginia Tech Research Center in Arlington (900 N. Glebe Road, Arlington, VA 22203) to present tech talks on their work. These talks are open to anyone in the Virginia Tech community. Please join us in person at the VTRC-A (rooms listed below) or on Zoom at this link. If you have any questions about these talks or would be interested in presenting one, please contact Russ Walker at rswalker@vt.edu.

Previous Events

Roger Jover - Exploring LTE security with open-source tools, testing protocol exploits and analyzing their potential impact on 5G mobile networks

12 p.m., Monday, November 26; VTRC-A room 5-024

The 3rd Generation Partnership Project (3GPP) released the 5G specifications in December 2017 and the 5G security architecture specifications in March 2018. This new generation of mobile communication systems has been designed with a strong security focus from the beginning, aiming to tackle the known protocol exploits of both current and previous mobile generations. The security flaws of legacy GSM networks, which lack of mutual authentication and implement an outdated encryption algorithm, are well understood among the technology community. Also, the current mobile generation, the Long Term Evolution (LTE), was expected to tackle the security issues in GSM, though protocol exploits and both privacy and location leaks are still possible in LTE.

Despite being first introduced in 2007, security researchers did not identify and demonstrate these protocol exploits in LTE until just a few years ago, mainly because of the immaturity of the mobile protocol security field and the unavailability of low cost research tools. However, open source implementations of the LTE standards rapidly matured within the last couple of years. This, in combination with sophisticated yet low cost software radio hardware, fueled a new wave of security research that identified numerous protocol security issues in LTE that could allow an adversary to deny the service of mobile endpoints and track the location of users. This talk will explore the security of LTE communication networks, discussing a series of protocol exploits and privacy leaks at multiple network layers. An overview will be presented on how to eavesdrop LTE base station broadcast messages, implement LTE IMSI catchers, track mobile devices, and other LTE protocol exploits, such as blocking SIMs and devices. Some recent exploits discovered by security researchers will be discussed as well. Moreover, leveraging new open-source tools, new uplink attack vectors will be introduced and analyzed.

Finally, these protocol exploits will be analyzed in the context of the recently published first release of the 3GPP 5G specifications. Results of the analysis of the 5G specifications will be presented, introducing the main security challenges of 5G, as well as discussing the first recent security weaknesses that researchers have identified in 5G.

 

Dr. Alexia Schulz - Cyber Instability: Non-stationarity and non-ergodicity in network time series

12:30 p.m., Wednesday, December 5, VTRC-A room 5-196

Abstract:
Many predictive cyber analytics assume, implicitly or explicitly, that the underlying statistical processes they treat are well-behaved. Often statistics predicated on Gaussian behavior are used, but even if not, assumptions on statistical stationarity, ergodicity, and the applicability of the Central Limit Theorem (CLT) are often present. We present here empirical results on several common network time series, and demonstrate that these assumptions are false. The series are non-stationary, non-ergodic, and ensembles of them do not obey the CLT. We present several statistical tests, borrowed from other disciplines, for the evaluation of network time series. We discuss the implications of these results on the goal of constructing a meaningful “cyber baseline” of a network or host, intended to establish the bounds of “normal” behavior. For many accessible network observables used in defensive cyber operations, it may prove to be unrealistic to establish such a baseline, or detect significant deviations from it.

 

Dr. Brian Thompson - SEXTANT: A Computational Framework for Scalable and Efficient Correlation of Spatio-Temporal Trajectories

10:00 a.m., Thursday, January 17, VTRC-A room 5-196

Abstract:
There is a growing need for scalable and efficient algorithms that can leverage the increasing availability of spatio-temporal data. One use case involves identifying when observed signals from two different communication protocols are being emitted by the same mobile device — an error-prone, time-consuming process often done by hand, complicated by obfuscation techniques employed by mobile devices. This becomes especially challenging when the signals are sparse or noisy and when signals from many devices are being observed simultaneously. We propose SEXTANT, a computational framework that combines novel spatio-temporal correlation algorithms with known device identification techniques, implemented using highly efficient data structures over a distributed architecture. Given a large set of time-stamped and geo-located observations, SEXTANT returns a ranked list of likely signal pairs of interest, along with informational metrics providing additional context, drastically reducing analyst workload. Experiments demonstrate SEXTANT's ability to capture correlated behavior while being robust to data heterogeneity, sparsity, and noise, out-performing existing methods.