CellSecInspector: Safeguarding Cellular Networks via Automated Security Analysis on Specifications
Ke Xie, Xingyi Zhao, Min-Yue Chen, Yu-An Chen, Yiwen Hu, Munshi Saifuzzaman, Wen Li, Shuhan Yuan, Guan-Hua Tu, Tian Xie
TL;DR
CellSecInspector is an automated framework that analyzes 3GPP specifications to identify security vulnerabilities in cellular networks by modeling procedures, validating security properties, and generating test cases.
Contribution
It introduces a novel automated approach that captures deep semantic dependencies in specifications, enabling vulnerability discovery without manual security requirements.
Findings
Discovered 43 vulnerabilities in 4G and 5G specifications
Identified 7 previously unreported security issues
Demonstrated scalability and effectiveness of the approach
Abstract
The complexity, interdependence, and rapid evolution of 3GPP specifications present fundamental challenges for ensuring the security of modern cellular networks. Manual reviews and existing automated approaches, which often depend on rule-based parsing or small sets of manually crafted security requirements, fail to capture deep semantic dependencies, cross-sentence/clause relationships, and evolving specification behaviors. In this work, we present CellSecInspector, an automated framework for security analysis of 3GPP specifications. CellSecInspector extracts structured state-condition-action (SCA) representations, models mobile network procedures with comprehensive function chains, systematically validates them against 9 foundational security properties under 4 adversarial scenarios, and automatically generates test cases. This end-to-end approach enables the automated discovery of…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.