My LinkedIn Profile

Tuesday, 6 February 2018

Guidance for Improving LTE-Based Mobile Communications Security

NIST Releases the JANUARY 2018 ITL Security Bulletin – now available on the CSRC website Topic of the Month:

Guidance for Improving LTE-Based Mobile Communications Security

The link below is for all of the ITL Bulletins (including this month's Bulletin) previously released on CSRC website:

link

Tuesday, 30 January 2018

New Standard Enables MNO Services to Easily Access Sensitive Functions from Operating Systems

GlobalPlatform Specification removes expensive device customization to access sensitive APIs 29 January 2018 – GlobalPlatform, the standard for secure digital services and devices, has defined a specification that enables mobile network operators (MNOs) to access certain aspects of the mobile device operating system (OS), which is by default not accessible for security reasons. The specification has received input and support from MNO industry body GSMA and device manufacturers, who recognize that MNOs need this advanced access to ensure customers are receiving optimum network management connectivity. “MNOs want access to mobile device parameters to ensure customers are receiving the best possible service,” explains Gil Bernabeu, GlobalPlatform’s Technical Director. “These low- level services are used to adapt device parameters to the MNO network capabilities. At present, it is expensive and timely to customize each device OS to enable individual MNOs to access sensitive APIs.”

link

Sunday, 14 January 2018

5G Security: UE-assisted network-based detection of false base station

3GPP TS 33.501, Annex E (informative):

Security Architecture and Procedures for 5G System (Release 15)

UE-assisted network-based detection of false base station

Saturday, 30 December 2017

Why TLS 1.3 isn't in browsers yet

"The reductive answer to why TLS 1.3 hasn’t been deployed yet is middleboxes: network appliances designed to monitor and sometimes intercept HTTPS traffic inside corporate environments and mobile networks."

P.S. However, simply blaming network appliance vendors would be disingenuous.

Why TLS 1.3 isn't in browsers yet - link