DeepSec 2022 Talk: Identification of the Location in the 5G Network – Giorgi Akhalaia
Mobile devices can provide the majority of everyday services: like emergency, healthcare, security services. The development of mobile devices itself triggered the 5G network deployment. The new telecom standard will create a new ecosystem with a variety of industries and will exceed the limit of telecom communication. With new standards, functionality, services, products always arise new cyber threats. The operating spectrum in the 5G Network is divided into 3 categories: Low, Middle and High Bands. Actually, the third category, high band, also known as mmWave provides majority benefits of the new standard. This band covers from 6 GHz to 100 GHz operating spectrums. Because of the limitation of this frequency range, devices connected to high-band have to be near to the cell-tower. Otherwise, buildings will interrupt the connection. So, when a user is connected to a mmWave tower, only one tower is enough to find the device, instead of 3 towers, which is usually used in previous standards. By default, mobile devices always scan cell-towers to choose that one with a stronger signal. Our study is about to interrupt the scanning operation and make devices connect only to high-band towers without measuring signal strength. As towers are always sending their identities, like IDs and locations, we can map all of them after we stole active tower information from a user and determine its location.
We asked Giorgi Akhalaia a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- Identification of the device location can be done by only one cell-tower;
- Controlling the Switch Function in devices increases the risk of device tracking;
- MITM in 5G network might be the reason for mislocation of devices, which is critical threat in emergency situations;
- Stealing A-GPS data from devices is less noisy than stealing GNSS data;
- mmWave spectrum category can be used for location identification;
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
As a Head of the scientific GNSS Network of Georgia, I have worked a lot on navigation and monitoring systems. By merging the cyber security and GNSS methods, I have simulated different cases of how it can be used to identify a users location with or without their prior permission. Doing various experimental work, I have resolved to work on this topic – Identification of the location in the 5G Network.
Why do you think this is an important topic?
Because of the 5G Network objectives, all of us represent the target group for the new standard. So, the security of this network is crucial for every user. As it is going to be used for critical services like emergency cases (911, 112, critical infrastructure, remote surgeries), and by end-users for everyday life, secure deployment, especially PII privacy, is the first thing that should be resolved before mass usage. To protect end-users from personal data-leakage (GDPR compliance) , saving devices from tracking is very important.
Is there something you want everybody to know – some good advice for our readers maybe?
This topic is not only for cyber security specialists, its about the service we are going to use every day pretty soon. First, my talk is about end-users’ PII privacy to track devices in the 5G Network.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
For the future of my work: I would like to do experimental work, different use-cases to minimize the risk of this vulnerability.
Giorgi Akhalaia is Ph.D candidate of computer science. Giorgi has defended his Master’s degree at Caucasus University, Caucasus School of Technology (Program: IT Management). Giorgi is an Assistant-Professor at Caucasus University and at International Black Sea University (department Cyber Security). He is cyber security trainer at the Scientific Cyber Security Association and Orient Logic Academy. Giorgi is a cyber security specialist and actively involved in the Cyber Security Center, CST (Caucasus University), which is the official representative of BITSENTINEL in the region. From 2014, he was involved in scientific studies at the Institute of Earth Sciences and by 2016, Mr. Akhalaia was promoted as an Acting Head of Scientific Geodesy Network of Georgia. He manages and maintaining online and data servers, data collecting and processing and for upgrading and development of services and staff of the department.
In 2019, Giorgi was involved in various international and local projects. Right now, he is security oriented IT System Admin in the project of Seismic Network Expansion in the Caucasus and Central Asia (Project between 7 countries), funded by The US Department of Energy. In 2020 he won the PhD fund from Shota Rustaveli National Science Foundation of Georgia. Project title is “5G Network security”. In the framework of this fund, a micro 5G lab will be created for testing and deploying new security functions.