Securing Next Generation Cellular Networks
Event details
| Date | 09.06.2026 |
| Hour | 10:30 › 12:30 |
| Speaker | Eduard Vlad |
| Location | |
| Category | Conferences - Seminars |
EDIC candidacy exam
Exam president: Prof. Nate Foster
Thesis advisor: Prof. Mathias Payer
Co-thesis advisor: Prof. Haitham Al Hassanieh
Co-examiner: Prof. Thomas Bourgeat
Abstract
This thesis studies cellular security from a state-aware, system-level perspective spanning user equipment, access networks, core networks, and higher-layer voice and messaging services. These systems form a distributed, heterogeneous infrastructure whose security depends on complex and largely opaque implementations across the stack. Cellular infrastructure underpins everyday communication, emergency response, transport, and industrial systems, yet existing research often focuses on isolated components or stateless message handling, leaving state-dependent vulnerabilities and cross-component interactions insufficiently explored.
This thesis aims to develop methods to infer and explore protocol state in closed and partially observable implementations, combining active automata learning, dynamic analysis, and targeted testing. It begins with baseband firmware and core-network components, then extends across key trust boundaries such as the Radio Interface Layer, non-cellular interworking, and voice and messaging infrastructure. The goal is to identify vulnerabilities arising from logical flaws, memory-safety issues, and inconsistencies in how state and trust are handled across components.
Building on these insights, the thesis derives lightweight hardening for deployed systems, including boundary mediation and flow-based policy validation. By improving how cellular systems are tested and defended, the project strengthens critical infrastructure and Swiss expertise in 5G security.
Selected papers
[1]: https://www.ndss-symposium.org/ndss-paper/auto-draft-200/
[2]:https://www.ndss-symposium.org/ndss-paper/basespec-comparative-analysis-of-baseband-software-and-cellular-specifications-for-l3-protocols/
[3]:https://www.usenix.org/conference/usenixsecurity25/presentation/dong-yilu
Exam president: Prof. Nate Foster
Thesis advisor: Prof. Mathias Payer
Co-thesis advisor: Prof. Haitham Al Hassanieh
Co-examiner: Prof. Thomas Bourgeat
Abstract
This thesis studies cellular security from a state-aware, system-level perspective spanning user equipment, access networks, core networks, and higher-layer voice and messaging services. These systems form a distributed, heterogeneous infrastructure whose security depends on complex and largely opaque implementations across the stack. Cellular infrastructure underpins everyday communication, emergency response, transport, and industrial systems, yet existing research often focuses on isolated components or stateless message handling, leaving state-dependent vulnerabilities and cross-component interactions insufficiently explored.
This thesis aims to develop methods to infer and explore protocol state in closed and partially observable implementations, combining active automata learning, dynamic analysis, and targeted testing. It begins with baseband firmware and core-network components, then extends across key trust boundaries such as the Radio Interface Layer, non-cellular interworking, and voice and messaging infrastructure. The goal is to identify vulnerabilities arising from logical flaws, memory-safety issues, and inconsistencies in how state and trust are handled across components.
Building on these insights, the thesis derives lightweight hardening for deployed systems, including boundary mediation and flow-based policy validation. By improving how cellular systems are tested and defended, the project strengthens critical infrastructure and Swiss expertise in 5G security.
Selected papers
[1]: https://www.ndss-symposium.org/ndss-paper/auto-draft-200/
[2]:https://www.ndss-symposium.org/ndss-paper/basespec-comparative-analysis-of-baseband-software-and-cellular-specifications-for-l3-protocols/
[3]:https://www.usenix.org/conference/usenixsecurity25/presentation/dong-yilu
Practical information
- General public
- Free
Contact
- edic@epfl,ch