Research Topic

Cellular networks have become a major access technology to the public Internet that can also be used across national borders. In June 2017, the European Union abolished data roaming fees for the intra-EU/EEA area under the roam like at home doctrine. This regulation made roaming in foreign cellular networks feel and behave like at the home operator and led to a drastic increase in roaming traffic. Despite these dependencies and its popularity, the mobile ecosystem is dominated by powerful companies, leaving customers, researchers, and regulatory bodies (e.g., BEREC) with limited knowledge of current provider practices. To better understand these systems and enhance their security and resilience, independent measurement tools are needed -- accessible to researchers, regulators, and the industry itself for auditing and improvement.

Large-scale Internet measurements (e.g., traceroute, port scanning, or web scraping) are a popular method in a wide range of research areas. However, they are typically oblivious to the access network technology, focusing on the IP layers and above. Hence, there is a lack of large-scale, international measurement frameworks specific to cellular access networks and their emergent complexity through features like roaming. Complexity is the nemesis of security, but issues within these networks might stay undiscovered without proper tools to introspect and analyze their inner workings.

Research Question: In my dissertation, I therefore aim to address how we can effectively measure and audit the security and privacy of mobile networks and their ecosystems in our globalized society.

State of the Art

Active measurements in cellular networks can be done in two manners:

i) running experiments on volunteers' smartphones and ii) deploying and using dedicated measurement equipment.

The first solution allows rapid upscaling, is however not suitable for some types of measurements (e.g., fine-grained tests, requiring a controlled measurement environment without any background noise).

Early approaches for the second solution [1] ultimately failed, due to poor scaling properties caused by the exponential state explosion with an increasing number of covered countries and operators. We proposed MobileAtlas [2], that tackles these problems by geographically decoupling modem and SIM card. By tunneling the SIM communication over the Internet, measurements can be dynamically orchestrated and SIM cards can thus be easily measured across multiple countries.

Project Goal

The ultimate goal of this work is to improve the transparency and measurement capabilities in cellular networks. New measurement tools that are developed during this work will enable researchers and Internet activists to audit operators and their deployed practices. This will put them into a more powerful position to guard net-neutrality rules and open Internet guidelines, and to prevent operators from establishing anti-consumer practices. Moreover, my research will provide more insights into the quality of service and into the security of telecommunication of Austrian citizens, not only in their home country, but also when using telecommunication services overseas. Lastly, by responsibly disclosing discovered security vulnerabilities, this work will contribute in improving the overall IT security of the telecommunication landscape, thus profiting anybody who is using cellular services.

[1] MONROE: Measuring Mobile Broadband Networks in Europe (Alay et al., 2015)

[2] MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research (Gegenhuber et al., 2023)