Title: “Protocol-fuzzing mobile networks with open-source tools to enhance the security of LTE and 5G mobile networks”

Speaker: Roger Piqueras Jover, Security Researcher at Bloomberg LP

Date and Time: Tuesday, May 15 at 10:00 a.m.

Location: Donald Bren Hall 3011


The Long Term Evolution (LTE) is the latest mobile communications standard being deployed globally to provide connectivity to billions of mobile devices, from personal cell-phones to all types of critical systems, such as self-driving cars, medical appliances and industrial IoT sensors. As such, the security of this communication standard is of paramount importance. However, there is concerning inherent protocol security threats in LTE due to the large amount of unauthenticated and unprotected messages exchanged between a base station and a mobile device prior to the authentication security handshake.

Open source implementations of the LTE standards rapidly matured within the last couple of years. This, in combination with sophisticated yet low cost software radio hardware, fueled a new wave of security research that identified numerous protocol security issues in LTE that could allow an adversary to deny the service of mobile endpoints and track the location of users. This talk will summarize an ongoing effort on protocol-fuzzing LTE mobile networks using open-software tools. The protocol exploits against mobile endpoints that were discovered two years ago will be discussed as an introduction to the new systematic approach to protocol-fuzz LTE networks, introducing as well a series of new potential exploits in the uplink, against the network infrastructure and mobile devices outside of the radio range of the adversary.

Finally, these LTE protocol exploits are analyzed in the context of the recently (December 2017) published first release of the 3GPP 5G specifications (3GPP Rel. 15) for the 5G Radio Access Network (5G New Radio) and Core Network (5G System). Unfortunately, not only most protocol-aware radio jamming issues and LTE protocol exploits are still a potential threat, but there is a large number of new pre-authentication messages and new fields to already existing messages that could open the doors to further 5G-specific exploits.


Roger Piqueras Jover is a Wireless Security Research Scientist and Security Architect at the CTO Security Architecture team of Bloomberg LP, where he leads projects on mobile/wireless security and is actively involved in hardware security, network security, machine learning and anomaly/fraud detection. Previous to Bloomberg, he spent 5 years at the AT&T Security Research Center (AT&T SRC), where he led the research area on wireless and LTE mobile network security and received numerous awards for his work.

Roger holds 17 issued patents on mobile and wireless security, has co-authored manuscripts in numerous top communications and security conferences and is the Technical Co-Chair for the ongoing IEEE 5G Summit series.

Roger holds a Dipl. Ing. from Politechnical University of Catalunya (Barcelona, Spain), a Master’s in Electrical and Computer Engineering from University of California Irvine and a Master’s/MPhil and EBD (Everything But Dissertation) in Electrical Engineering from Columbia University.

For a much more detailed biography, details on his wireless security work on LTE, 5G, LoRaWAN and other technologies, one can refer to http://rogerpiquerasjover.net/