In mobile network research, the integration of real-world components such as User Equipment (UE) with open-source network infrastructure is essential yet challenging. To address these issues, we introduce open5Gcube, a modular framework designed to integrate popular open-source mobile network projects into a unified management environment. Our publicly available framework allows researchers to flexibly combine different open-source implementations, including different versions, and simplifies experimental setups through containerization and lightweight orchestration. We demonstrate the practical usability of open5Gcube by evaluating its compatibility with various commercial off-the-shelf (COTS) smartphones and modems across multiple mobile generations (2G, 4G, and 5G). The results underline the versatility and reproducibility of our approach, significantly advancing the accessibility of rigorous experimentation in mobile network laboratories.

This paper investigates the ongoing use of the A5/1 ciphering algorithm within 2G GSM networks. Despite its known vulnerabilities and the gradual phasing out of GSM technology by some operators, GSM security remains relevant due to potential downgrade attacks from 4G/5G networks and its use in IoT applications. We present a comprehensive overview of a historical weakness associated with the A5 family of cryptographic algorithms. Building on this, our main contribution is the design of a measurement approach using low-cost, off-the-shelf hardware to passively monitor Cipher Mode Command messages transmitted by base transceiver stations (BTS). We collected over 500,000 samples at 10 different locations, focusing on the three largest mobile network operators in Germany. Our findings reveal significant variations in algorithm usage among these providers. One operator favors A5/3, while another surprisingly retains a high reliance on the compromised A5/1. The third provider shows a marked preference for A5/3 and A5/4, indicating a shift towards more secure ciphering algorithms in GSM networks.

With critical infrastructure increasingly relying on wireless communication, using end-to-end security such as TLS becomes imperative. However, TLS introduces significant overhead for resource-constrained devices and networks prevalent in critical infrastructure. In this paper, we propose to leverage the degrees of freedom in configuring TLS to dynamically adapt algorithms, parameters, and other …

Open RAN has emerged as a transformative approach in the evolution of cellular networks, addressing challenges posed by modern applications and high network density. By leveraging disaggregated, virtualized, and software-based elements interconnected through open standardized interfaces, Open RAN introduces agility, cost-effectiveness, and enhanced competition in the Radio Access Network (RAN) domain. The Open RAN paradigm, driven by the O-RAN Alliance specifications, is set to transform the telecom ecosystem. Despite extensive technical literature, there is a lack of succinct summaries for industry professionals, researchers, and policymakers. This paper addresses this gap by providing a concise, yet comprehensive overview of Open RAN. Compared to previous work, our approach introduces Open RAN by gradually splitting up different components known from previous RAN architectures. We believe that this approach leads to a better understanding for people already familiar with the general concept of mobile communication networks. Building upon this general understanding of Open RAN, we introduce key architectural principles, interfaces, components and use-cases. Moreover, this work investigates potential security implications associated with adopting Open RAN architecture, emphasizing the necessity of robust network protection measures.

This paper investigates stealthy radio attacks targeting Automatic Identification System (AIS) broadcasts in maritime environments. The authors demonstrate how adversarial manipulation of AIS signals can compromise ship tracking systems and navigation safety. The work includes practical evaluations of attack feasibility and proposes mitigation strategies for integrated bridge systems.

This paper introduces a novel Wireshark dissector designed to facilitate the analysis of Service-Based Interface (SBI) communication in 5G Core Networks. Our approach involves parsing the OpenAPI schemes provided by the 5G specification to automatically generate the dissector code. Our tool enables the validation of 5G Core Network traces to ensure compliance with the specifications.

This work reports on a measurement study to estimate the attenuation of 450 MHz LTE networks. The LTE band 72 is currently deployed in Germany, in particular for smart grid applications. Due to this use-case, we assume that a significant amount of future devices will be deployed stationary and indoor which motivated our campaign. We designed a custom measurement device which uses commercial off-the-shelf hardware to assess the downlink RSRP of a public mobile network. In addition, a software has been developed to provide non-experts the possibility to conduct these measurements in the future. This software provides the possibility to determine the indoor position based on ground plans. We conducted measurements at three different buildings. Our results reveal, that the building attenuation of 450 MHz LTE networks is highly heterogeneous and mainly depends on the type of the building, the indoor position and in particular the height of the floor where the device is located.

5G networks, pivotal for our digital mobile societies, are transitioning from 4G to 5G Stand-Alone (SA) networks. However, during this transition, 5G Non-Stand-Alone (NSA) networks are widely used. This paper examines potential security vulnerabilities in 5G NSA networks. Through an extensive literature review, we identify known 4G attacks that can theoretically be applied to 5G NSA. We organize these attacks into a structured taxonomy. Our findings reveal that 5G NSA networks may offer a false sense of security, as most security and privacy improvements are concentrated in 5G SA networks. To underscore this concern, we implement three attacks with severe consequences and successfully validate them on various commercially available smartphones. Notably, one of these attacks, the IMSI Leak, consistently exposes user information with no apparent security mitigation in 5G NSA networks. This highlights the ease of tracking individuals on current 5G networks.

Critical infrastructure increasingly relies on wireless communication, transitioning from dedicated private wired networks to heterogeneous wireless systems. This shift introduces unique security challenges due to the use of public/shared networks and resource-constrained devices. The paper systematically identifies key challenges in reliability, mobility, network/device limitations, and security requirements, while proposing a comprehensive set of solutions including lower-layer security mechanisms, end-to-end security optimizations, hardware-based device security, and context-aware network adaptation strategies.

This paper introduces a modular framework to evaluate smart grid communication protocols (IEC 61850, IEC 60870-5-104, MQTT) over mobile networks like LTE-M. Our framework enables comparative analysis of protocol efficiency and cellular network impact through containerized substation emulators, SCADA applications, and network monitoring tools. Experimental results from 450 MHz LTE deployments reveal significant protocol-specific differences in uplink/downlink traffic patterns and radio resource utilization, providing actionable insights for smart grid operators.

Reliable and secure communication is needed to further digitize public infrastructure. LPWANs operating in license-exempt bands are a promising candidate. This work address the concept of a secure LPWAN by evaluating TLS over LoRaWAN. The overhead induced by TLS in combination with the duty cycle restrictions make this combination challenging. In this work, upper bounds of the usage are compiled by estimating the number of full TLS handshakes under various conditions. An airtime model is verified and integrated into a tool to estimate possible bounds on the duty cycle. The results reveal that a bottleneck exist in the downlink which depends on the Spreading Factor of LoRa and the selected cipher suite.