Roger Piqueras Jover
Roger Piqueras Jover is a Software Engineer in the Android Platform Security team. Tech Lead/Manager of the Connectivity Security Team within Android Platform Security, overseeing pivotal initiatives focused on enhancing cellular network security and strengthening cellular baseband firmware defenses. Manager of a team of software engineers, responsible of designing, building, shipping, and maintaining Android infrastructure tailored to fortify devices against False Base Station attacks and IMSI catchers.
Prior to Google he led the cellular security strategy and team in the AT&T Security Research Center and was a technical leader in mobile platform security, network security, and intrusion detection at Bloomberg LP.
A full list of publications, talks, blogs and patents can be found in his personal page and his LinkedIn profile.
Prior to Google he led the cellular security strategy and team in the AT&T Security Research Center and was a technical leader in mobile platform security, network security, and intrusion detection at Bloomberg LP.
A full list of publications, talks, blogs and patents can be found in his personal page and his LinkedIn profile.
Authored Publications
Sort By
Preview abstract
In this paper, we explore the challenges of ensuring security and privacy for users from diverse demographic backgrounds. We propose a threat modeling approach to identify potential risks and countermeasures for product inclusion in security and privacy. We discuss various factors that can affect a user's ability to achieve a high level of security and privacy, including low-income demographics, poor connectivity, shared device usage, ML fairness, etc. We present results from a global security and privacy user experience survey and discuss the implications for product developers. Our work highlights the need for a more inclusive approach to security and privacy and provides a framework for researchers and practitioners to consider when designing products and services for a diverse range of users.
View details
ASTRA-5G: Automated Over-the-Air Security Testing and Research Architecture for 5G SA Devices
Aanjhan Ranganathan
Christina Pöpper
Evangelos Bitsikas
Michele Guerra
Syed Khandker
WiSec '24: Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks, ACM (2024)
Preview abstract
Despite the widespread deployment of 5G technologies, there exists a critical gap in security testing for 5G Standalone (SA) devices. Existing methods, largely manual and labor-intensive, are ill-equipped to fully uncover the state of security in the implementations of 5G-SA protocols and standards on devices, severely limiting the ability to conduct comprehensive evaluations. To address this issue, in this work, we introduce an novel, open-source framework that auto-
mates the security testing process for 5G SA devices. By leveraging enhanced functionalities of 5G SA core and Radio Access Network (RAN) software, our framework offers a streamlined approach to generating, executing, and evaluating test cases, specifically focusing on the Non-Access Stratum (NAS) layer. Our application of this framework across multiple 5G SA devices provides in-depth security insights, significantly improving testing efficiency and breadth.
View details
Fixing Insecure Cellular System Information Broadcasts For Good
Alex Ross
Bradley Reaves
Yomna Nasser
Gil Cukierman
Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses, Association for Computing Machinery (2024), 693–708
Preview abstract
Cellular networks are essential everywhere, and securing them is increasingly important as attacks against them become more prevalent and powerful. All cellular network generations bootstrap new radio connections with unauthenticated System Information Blocks (SIBs), which provide critical parameters needed to identify and connect to the network. Many cellular network attacks require exploiting SIBs. Authenticating these messages would eliminate
whole classes of attack, from spoofed emergency alerts to fake base stations.
This paper presents Broadcast But Verify, an efficient backwardscompatible mechanism for SIB authentication. Broadcast But Verify specifies a new signing SIB that encodes authentication signatures and hashes for all other SIBs while building on a standard cellular PKI. We identify the security and functional requirements for such a system, define a scalable and flexible mechanism to meet those requirements, and demonstrate negligible common-case connection latency overhead of 3.220ms in a 4G LTE testbed. We also demonstrate that unmodified mobile devices successfully connect to networks deploying Broadcast But Verify. In contrast to prior proposals, Broadcast But Verify authenticates every SIB broadcasted by a cell. By demonstrating that even 4G LTE has the capacity to authenticate SIBs, we argue that future network generations can and should mandate authenticated SIBs.
View details
Preview abstract
Keynote at the srsRAN Project Workshop in October 2023: https://srs.io/srsran-project-workshop-october-23-24/
The talk is a summary of the impact that open-source tools and SW radio have had on cellular security research in academia over the last 15 years. It summarizes 2G security research in ~2008-2012 and how the first OSS tools for LTE (openLTE and srsLTE) were a game changer for the field, enabling a tremendous spike in excellent cellular security research work.
View details
Preview abstract
openLTE was the very first open-source implementation of the LTE protocol stack. This tool was critical at enabling the first cellular security research work aimed at 4G protocols, aiding researchers at uncovering and validating a number of security weaknesses. Just a couple of years later, both srsLTE, now known as srsRAN, and OpenAirInterface introduced much more mature and reliable alternative open-source tools that have fueled an excellent and exciting wave of cellular security research in LTE and 5G over the last 5 years.
This talks presents a retrospective of the cellular security research field and discusses the tremendous impact that open-source testbeds have had in discovering and addressing multiple security vulnerabilities in the communication protocols that modern mobile networks leverage.
View details
The Android Platform Security Model (2023)
Jeff Vander Stoep
Chad Brubaker
Dianne Hackborn
Michael Specter
Arxiv, Cornell University (2023)
Preview abstract
Android is the most widely deployed end-user focused operating system. With its growing set of use cases
encompassing communication, navigation, media consumption, entertainment, finance, health, and access to
sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical
threats in a wide variety of scenarios while being useful to non-security experts. To support this flexibility,
Android’s security model must strike a difficult balance between security, privacy, and usability for end users;
provide assurances for app developers; and maintain system performance under tight hardware constraints.
This paper aims to both document the assumed threat model and discuss its implications, with a focus on
the ecosystem context in which Android exists. We analyze how different security measures in past and
current Android implementations work together to mitigate these threats, and, where there are special cases
in applying the security model in practice; we discuss these deliberate deviations and examine their impact.
View details
UE Security Reloaded: Developing a 5G Standalone User-Side Security Testing Framework
Aanjhan Ranganathan
Christina Pöpper
Evangelos Bitsikas
Syed Khandker
16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2023)
Preview abstract
Security flaws and vulnerabilities in cellular networks directly lead to severe security threats given the data-plane services, from calls to messaging and Internet access, that are involved. While the 5G Standalone (SA) system is currently being deployed worldwide, practical security testing of user equipment has only been conducted for 4G/LTE and earlier network generations. In this paper, we develop and present the first security testing framework for 5G SA user equipment. To that end, we modify the functionality of open-source suites (Open5GS and srsRAN) and develop a broad set of test cases for 5G NAS and RRC layers. We apply our testing framework in a proof-of-concept manner to 5G SA mobile phones, report identified vulnerabilities, and provide detailed insights from our experiments.
View details