Roger Piqueras Jover
Roger Piqueras Jover is a Software Engineer in the Android Platform Security team. Tech Lead/Manager of the Connectivity Security Team within Android Platform Security, overseeing pivotal initiatives focused on enhancing cellular network security and strengthening cellular baseband firmware defenses. Manager of a team of software engineers, responsible of designing, building, shipping, and maintaining Android infrastructure tailored to fortify devices against False Base Station attacks and IMSI catchers.
Prior to Google he led the cellular security strategy and team in the AT&T Security Research Center and was a technical leader in mobile platform security, network security, and intrusion detection at Bloomberg LP.
A full list of publications, talks, blogs and patents can be found in his personal page and his LinkedIn profile.
Prior to Google he led the cellular security strategy and team in the AT&T Security Research Center and was a technical leader in mobile platform security, network security, and intrusion detection at Bloomberg LP.
A full list of publications, talks, blogs and patents can be found in his personal page and his LinkedIn profile.
Authored Publications
Google Publications
Other Publications
Sort By
Preview abstract
In this paper, we explore the challenges of ensuring security and privacy for users from diverse demographic backgrounds. We propose a threat modeling approach to identify potential risks and countermeasures for product inclusion in security and privacy. We discuss various factors that can affect a user's ability to achieve a high level of security and privacy, including low-income demographics, poor connectivity, shared device usage, ML fairness, etc. We present results from a global security and privacy user experience survey and discuss the implications for product developers. Our work highlights the need for a more inclusive approach to security and privacy and provides a framework for researchers and practitioners to consider when designing products and services for a diverse range of users.
View details
UE Security Reloaded: Developing a 5G Standalone User-Side Security Testing Framework
Aanjhan Ranganathan
Christina Pöpper
Evangelos Bitsikas
Syed Khandker
16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2023)
Preview abstract
Security flaws and vulnerabilities in cellular networks directly lead to severe security threats given the data-plane services, from calls to messaging and Internet access, that are involved. While the 5G Standalone (SA) system is currently being deployed worldwide, practical security testing of user equipment has only been conducted for 4G/LTE and earlier network generations. In this paper, we develop and present the first security testing framework for 5G SA user equipment. To that end, we modify the functionality of open-source suites (Open5GS and srsRAN) and develop a broad set of test cases for 5G NAS and RRC layers. We apply our testing framework in a proof-of-concept manner to 5G SA mobile phones, report identified vulnerabilities, and provide detailed insights from our experiments.
View details
Preview abstract
Keynote at the srsRAN Project Workshop in October 2023: https://srs.io/srsran-project-workshop-october-23-24/
The talk is a summary of the impact that open-source tools and SW radio have had on cellular security research in academia over the last 15 years. It summarizes 2G security research in ~2008-2012 and how the first OSS tools for LTE (openLTE and srsLTE) were a game changer for the field, enabling a tremendous spike in excellent cellular security research work.
View details
The Android Platform Security Model (2023)
Jeff Vander Stoep
Chad Brubaker
Dianne Hackborn
Michael Specter
Arxiv, Cornell University (2023)
Preview abstract
Android is the most widely deployed end-user focused operating system. With its growing set of use cases
encompassing communication, navigation, media consumption, entertainment, finance, health, and access to
sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical
threats in a wide variety of scenarios while being useful to non-security experts. To support this flexibility,
Android’s security model must strike a difficult balance between security, privacy, and usability for end users;
provide assurances for app developers; and maintain system performance under tight hardware constraints.
This paper aims to both document the assumed threat model and discuss its implications, with a focus on
the ecosystem context in which Android exists. We analyze how different security measures in past and
current Android implementations work together to mitigate these threats, and, where there are special cases
in applying the security model in practice; we discuss these deliberate deviations and examine their impact.
View details
No Results Found
