Katharina Kohls

Head of System Security Chair
Ruhr University Bochum


Projects


Open source encryption research (NCSRA III)
Open and Secure 5G Networks

Open public Internet access is an important building block of our communication. Networks like eduroam or govroam provide connectivity around the globe, however, they rely on attack-prone Wi-Fi without any kind of metadata protection. The goal of this project is to implement an open and publicly available 5G network that augments existing setups like eduroam and unleashes the security features of the new upcoming mobile generation.

Building this 5G network introduces an open and cryptographically enhanced infrastructure that otherwise is fully opaque and dominated by network operators and vendors. In contrast, our proposed network is fully decentralized and consists of voluntarily maintained access points. When contributing resources, users receive rewards through a cryptocurrency implemented in a proof-of-stake blockchain. This facilitates a growing infrastructure, and the 5G network blends in with other existing public networks.

Besides its performance features, our network concept introduces a diverse set of novel security features that clearly distinguish it from existing Wi-Fi settings and the deployments of commercial network providers. First, our network is fully decentralized and distributes the information flow among the individual voluntary resource providers. Second, we focus on a privacy-preserving deployment that minimizes the amount of sensitive and meta data. In combination, this generates a trustable network setup that is fully flexible in its deployment and can range from local 5G access over augmented campus networks to large-scale industrial contexts.

Campus Genius
Ruhr University Bochum

OPNESAS
Operationalization of the NESAS Scheme

5G networks are very complex, and potential security issues can be caused by flaws in the specification, implementation, or the configuration of a network. Identifying such flaws is a persisting and open problem, and existing solutions only cover a fraction of the potential attack surface. Furthermore, methods that identify flaws introduce a high overhead that leads to long testing and analysis cycles. This project aims to improve existing certification standards like NESAS that enable security testing in 5G networks.

Our main focus for possible improvements lies in an integration into the existing development and release procedures. These procedures are applied to networks outside a laboratory environment and target productive deployments. The aim is to be able to carry out all tests in the active network as far as possible. Thought through to the end, this approach can be used to ensure that a complete active network is fully and continuously certified. With such an approach, many technical test aspects of a safety audit can be shifted to this continuous approach.

In this BSI-funded project, we work together with CampusGenius and secuvera. You can find more information on the project website.

Campus Genius
Ruhr University Bochum
Secuvera GmbH
Radix Security GmbH

Research Projects

Card image cap

Call me Maybe

Because of an implementation flaw, some LTE networks introduce a keystream reuse. An adversary can exploit this to decrypt VoLTE phone calls. All this needs is a subsequent call after the initial one. Call me maybe!

Card image cap

IMP4GT

Integrity protection for user plane data is not mandatory in LTE, which introduces malleable encryption. Along with a reflection attack, an adversary can fully impersonate users in uplink and downlink direction.

Card image cap

Geographical Avoidance

Traffic analysis attacks against Tor are a persisting problem, and countermeasures are expensive. Instead, you can also circumvent an area you don't trust. However, things are not so easy in a decentralized system.