Roger Piqueras Jover
(All the opinions expressed on my personal web page are my own and not related at all to my current or previous employers)
(THIS SECTION WILL LIKELY NEVER BE UPDATED AGAIN. SAVING IT AS IT WAS IN SEPTEMBER 2015 PURELY FOR ARCHIVAL REASONS)
(This has not been updated since joining Bloomberg LP in September 2015. It should be updated with my most recent work on LTE protocol exploits and rogue base stations and, also, with all the new work in corporate network security, data science applied to network security anomaly detection, blockchain research projects, mobile application security, etc – Work in Progress… - For the most up-to-date information check either the main page or my LinkedIn profile.)
(All these projects below are old projects from 5 years ago or more)
· Various projects on security for wireless networks
(AT&T Security Research Center)
I am working on various topics of next generation LTE mobile network security. An overview of my research work and potential research directions can be found in this paper that I recently presented. It summarizes a bit the current scope and next steps of my work. I also work in data mining and machine learning projects processing very large data sets in order to analyze and automatically detect different types of mobile network fraud, such as SMS spam, call bypassing fraud (SIMboxes) and smart-phone theft or malware infections.
In my work I wear many hats and apply many different tools, techniques and programming languages. I manage a small RF LTE lab (Ericsson LTE eNodeB, Sanjole Wavejudge and Intellijudge and Aeroflex TM500) which is connected to an LTE EPC that I remotely access in order to extract network logs (Niksun LTE probe) or to run large-scale experiments (BreakingPoint and Ixia UE+eNodeB emulators). The lab is fully equipped with all types of RF equipment, a spectrum analyzer and a pretty nice collection of directive antennas that I use for my radio jamming work. I work a lot with software radio, being the USRP my “best buddy” at work (along with my beloved Sanjole tools). Aside from work, it is also fun and challenging to keep the lab functional and to keep the interference coming from the street at a not too high level.
I enjoy hands-on work and you can often find me playing with Arduinos or putting together a “wish-list” of things to get for the lab. I am also quite skilled with Matlab and Python scripting languages, which allows me to put together demos or quick tests quickly. Also, I am a big fan of Python because of its speed and versatility at processing very large data sets. However, I am planning to learn how to run Hadoop soon. I often need something running in a phone for my projects and demos, so I often work on Android programming.
Finally, thanks to the great colleagues I am blessed to work with, I have learned a lot on data mining and machine learning.
This is the LTE security paper’s abstract:
Modern LTE (Long Term Evolution) cellular networks provide advanced services for billions of users that go beyond traditional voice and short messaging traffic. The recent trend of Distributed Denial of Service (DDoS) attacks impacting the availability of communication systems illustrate the importance of strengthening the resiliency of mobility networks against Denial of Service (DoS) and DDoS threats, ensuring this way full LTE network availability against security attacks. In parallel, the advent of the Advanced Persistent Threat (APT) has capsized the common assumptions about attackers and hreats. When it comes to very well planned and funded cyber-attacks, the scale of the threat is not the key element anymore. Instead, scenarios such as a local DoS attack, for example, against the cell service around a large corporation’s headquarters or the Stock Exchange become very relevant. Therefore, traditionally overlooked low range threats, such as radio jamming, should not be de-prioritized in security studies.
In this paper we present an overview of the current threat landscape against the availability of LTE mobility networks. We identify a set of areas of focus that should be considered in mobility security in order to guarantee availability against security attacks. Finally, we introduce potential research directions, including a new attack detection layer, to tackle these problems. The final goal is to rethink the architecture of a mobility network within the current security context and threat landscape and considering the current evolution towards a near future scenario where nearly every electronic device will be connected through Machine-to-Machine (M2M) systems.
Main areas of current work
Advanced jamming attacks against LTE mobile networks
The long-term evolution (LTE) is the newly adopted technology to offer enhanced capacity and coverage for current mobility networks, which experience a constant traffic increase and skyrocketing bandwidth demands. This new cellular communication system, built upon a redesigned physical layer and based on an orthogonal frequency division multiple access (OFDMA) modulation, features robust performance in challenging multipath environments and substantially improves the performance of the wireless channel in terms of bits per second per Hertz (bps/Hz). Nevertheless, as all wireless systems, LTE is vulnerable to radio jamming attacks. Such threats have security implications especially in the case of next-generation emergency response communication systems based on LTE technologies. This proof of concept paper overviews a series of new effective attacks (smart jamming) that extend the range and effectiveness of basic radio jamming. Based on these new threats, a series of new potential security research directions are introduced, aiming to enhance the resiliency of LTE networks against such attacks. A spread-spectrum modulation of the main downlink broadcast channels is combined with a scrambling of the radio resource allocation of the uplink control channels and an advanced system information message encryption scheme. Despite the challenging implementation on commercial networks, which would require inclusion of these solutions in future releases of the LTE standard, the security solutions could strongly enhance the security of LTE-based national emergency response communication systems.
Large-scale simulation and implementation of mobile network overloads, attacks and security architectures
(Abstract of a paper being presented at IEEE ICC 2014)
LTE (Long Term Evolution) is the latest cellular communications standard to provide advanced mobile services that go beyond traditional voice and short messaging traffic. Mobility networks are experiencing a drastic evolution with the advent of Machine to Machine (M2M) systems and the Internet of Things (IoT), which is expected to result in billions of connected devices in the near future. In parallel, the security threat landscape against communication networks has rapidly evolved over the last few years, with major Distributed Denial of Service (DDoS) attacks and the substantial spread of mobile malware. In this paper we introduce Firecycle, a new modeling and simulation platform for next-generation LTE mobility network security research. This standards compliant platform is suitable for large-scale security analysis of threats against a real LTE mobile network. It is designed with the ability to be distributed over the cloud, with an arbitrary number of virtual machines running different portions of the network, thus allowing simulation and testing of a full-scale LTE mobility network with millions of connected devices. Moreover, the mobile traffic generated by the platform is modeled from real data traffic observations from one of the major tier-1 operators in the US.
M2M impact and scalability on LTE networks
Mobile network fraud and anomaly detection
Over the last few years I have been very involved in data mining and machine learning projects aimed at detecting various forms of fraud and anomalies in mobile networks. For example, detection of SMS spam and voice call bypassing fraud using SIMboxes. I am involved also in anomaly detection projects in the scope of M2M systems and to authenticate mobile users to prevent fraudulent use of mobile terminals.
· Common Radio Resource Management strategies for heterogeneous wireless networks GERAN/UMTS
(Universitat Politècnica de Catalunya, Grup de Recerca en Comunicacions Mòbils)
As part of my research on Common Radio Resource Management strategies for heterogeneous networks (GSM+UMTS), I proposed new algorithms to determine the initial RAT (Radio Access Technology) to be used when initiating a voice/data call. In a heterogeneous scenario with both 2G and 3G networks deployed and overlapped, common strategies can be used to enhance significantly the quality of service (QoS) offered to the user. By means of analyzing different metrics such as the path loss and current network state, the proposed algorithms improve significantly the QoS.
In parallel, pricing concepts were applied to design a load balancing strategy that is transparent to the users but highly increases the QoS by leveraging the load on both (GSM and UMTS) networks.
All the proposed algorithms were successfully tested with the state of the art network simulator OPNET.
The results were presented at the 2006 IEEE 17th International Symposium on Personal, Indoor and Mobile Radio Communications, Helsinki, September 2006.
Out of these results, I published my graduating thesis (awarded with Honors, the highest qualification in my school) entitled “Analysis and Design of New Initial RAT Selection Strategies Based on Pricing and Path Loss for Heterogeneous Wireless Networks GSM/EDGE/UMTS”.
· Design and implementation of a MIMO/OFDM wireless channel emulator for 802.11n systems
(University of California Irvine, Wireless Circuits and Systems Lab)
I worked on a project to design and implement a wireless channel emulator for MIMO/OFDM 802.11n wireless systems. The implementation, done on a Xilinx Virtex IV platform, presented a new and ground breaking design. Instead of a traditional time-based approach based on convolutional filters in the emulator core, our design was based on a frequency-domain approach. By means of working on the frequency domain (using both FFTs and IFFTs; Fast Fourier Transform and Inverse FFT), the complexity of the design decreased significantly. Moreover, with the increase of M and N in the MIMO system, the complexity increased linearly, as opposed to an exponential increase in traditional time-based approaches.
The results were presented in multiple UC Irvine conferences and poster sessions, including the Fall Balsells Fellowship Reception.
· Uplink interference mitigation for OFDMA-based femtocell networks
(Columbia University in the City of New York, Wireless Communications Lab)
I worked on a project on interference management for femtocell networks. It is well known how femtocells (home-based base stations) enhance the coverage in indoor locations and strongly enhance the capacity of current cellular networks. However, it is also well known that they add extra degrees of complexity to the radio frequency interference problem.
I proposed and implemented an algorithm that applies game theoretical concepts to the sub-carrier allocation problem in OFDMA (i.e. LTE or WiMAX) networks. This strategy completely eliminates the interference between femtocells and macrocells (inter-tier interference) and strongly minimizes the interference among femtocells (intra-tier interference), with great results. The strategy is also very simple and could easily be implemented in a real deployment.
The results are in a paper published in IEEE Transactions on Wireless Communications, February 2012 issue. Check the paper out at IEEE Xplore.
· Other research: Biocompatible Surfaces witch Locally variable Rigidity for cell studies
(Columbia University in the City of New York, Nanotechnology Center For Mechanics in Regenerative Medicine)
I worked during over a year on research on a totally different topic. As a member of the Nanotechnology Center For Mechanics in Regenerative Medicine (Columbia University, New York) I collaborated in a joint effort to study the behavior of cells with respect to their environment. The final goal of the Center is to develop and achieve stem cell therapies that aim the understanding, treatment and, hopefully, cure of different types of cancer and degenerative illnesses.
My project was based on studying the reaction and behavior of cells as a function of the rigidity of their environment. To perform that study, I Fabricated nano-elastomeric/PDMS substrates with variable rigidity using electron-beam lithography and characterized them using Agilent G200 Nanoindenter.
The initial results showed a clear behavior to migrate to the areas with higher rigidity. This result could have implications on, for example, cell selection. A tissue could be placed on one of these engineered surfaces and only the healthy portions of it would not present a migrating behavior towards the substrate with higher rigidity.
The results were presented at the 54th International Conference on Electron, Ion and Photon Beam Technology and Nanofabrication, EIPBN June 2010, Anchorage, AK. The name of the presentation was “Biocompatible Surfaces witch Locally variable Rigidity”. The results were also presented twice on the yearly internal conference of the Nanotechnology Center For Mechanics in Regenerative Medicine in Washington DC (Fall’09) and New York City (Fall’10).
I was also invited to present the results at the Gordon Research Conference on Nanostructure Fabrication, July 2010, Tilton, NH.
(All the opinions expressed on my personal web page are my own and not related at all to my current or previous employers)