Toward a Dependable, Secure Mobile Internet

Dr. Guan-Hua Tu
University of California, Los Angeles


Abstract

The mobile network is the only wireless infrastructure that offers ubiquitous wide-area data and voice services to 3.6 billion users. More and more users use it to access online services through their smartphones. It is a large-scale, global network infrastructure on a par with the wired Internet. It is also called mobile Internet. However, it is not without limitations and flaws. In this talk, I will introduce my research, which is to advance the nowadays mobile Internet to achieve two goals: reliability and security. First, I will present how to adopt the model checking technique to enhance the reliability of the control plane protocols of the mobile Internet. As you may know, the network function correctness and performance are largely determined by the network's control plane. However, the correctness verification of the control-plane protocols of the mobile Internet remains largely unexplored, due to their complex interactions, as well as inaccessible network infrastructure and mobile devices. We thus developed CNetVerifier for protocol diagnosis by leveraging the domain-specific model-checking techniques. We further employed CNetVerifier to discover several problematic interactions among control-plane protocols. Such problematic interactions would result in some user-perceived performance penalties, such as temporarily out of service, long call setup time, the decline of data rate, etc. Second, I will present our work that explores the insecurity of critical services (i.e., data, voice and messaging) on the mobile Internet. I will demonstrate what vulnerabilities are imposed on the mobile Internet while the mature IP-based services (e.g., VoIP) from the Internet are applied without considering the mobile-specific design principles. By leveraging the vulnerabilities, an adversary can launch unexpected security attacks, such as obtaining free data service, abusing millions Facebook user accounts without passwords, etc. The lessons learned can be further applied to securing the existing and next-generation mobile Internet.