Telco Security Day

Tuesday March 21, 2017


The "Telco Security Day" (TSD) is an additional event to TROOPERS. It will take place on Tuesday March 21, 2017 at the Print Media Academy (same as TROOPERS). As the event aims to bring together only researchers, vendors and practitioners from the telecommunication / mobile security field, it is an invitation only event. The event is intended to be a discussion round for current topics accompanied by talks covering various subjects from different domains (e.g. practical security research or hacking, 3GPP standardization, Telco security operations). The TSD is a closed event and no filming will be allowed or recording will take place. It will be held in English. The agenda is publicly available and will be published here soon. Please note there is also a Shared Dinner at 19:00 for TSD Speakers and Attendees.

For all the others out there who are interested in joining us: Although the Telco-Sec-Day is invite only, we’re always happy to see new faces and hear new ideas. As such if you’re interested, feel free to drop me an email ( and explain why you should take part.


TelcoSecDay 2017 – Second Round of Talks

It's no use crying over spilled 2G,3G,4G - what we need to fix in 5G.
by David Ruprecht (Ruhr-Universität Bochum) & Adrian Dabrowski (SBA Research)
Based on the attacks and weaknesses of past generation networks, we will present and discuss our central thesis's of what we need to change. Since we can not introduce groundbreaking changes into existing systems, we need to get them into closed installations or new generations. A chance, we only have once in a decade.

BIO: David Rupprecht is PhD Candidate at Ruhr-Universität Bochum. He specializes in LTE and 5G Se­cu­ri­ty and published a paper on testing LTE implementations.

BIO: Adrian Dabrowski is PhD Candidate at TU Wien and Researcher at SBA Research. He published multiple papers on detection of fake base stations and their attacks.


Outlook on 5G security from 3GPP perspective
Stefan Schröder, Deutsche Telekom AG
While tech media are abuzz with hype about 5G features like low latency, high troughput, massive IoT etc., very little public news deal with new security aspects that we can expect from a 5G network. Vendors, operators, and other stakeholders have been developing ideas for 5G security for over two years within various fora, and many will make it into the 3GPP standard. This talk will give an up-to-date insight into current progress in the 3GPP security group: what is on the roadmap, which are hot topics, where can you still influence the standard? Security-relavant aspects that will be handled in 5G are:

BIO: Stefan Schröder has been the primary delegate of Deutsche Telekom in the 3GPP security group SA3 for fourteen years. During this time, Stefan has been working on security standards for UMTS, LTE, IMS, Femtocells, 5G, and others. Stefan also lead the security design for LTE in DT networks, with a major feature being an automatically secure plug and play IPsec backhaul deployment.

In earlier positions within Siemens (and various subsidiaries), Stefan was responsible for Intelligent Networks planning, PC system design, and hardware design and testing of communications controllers.

Automated large-scale detection of rogue base stations: A field report
by Dr. Björn Rupp, Chief Executive Officer, GSMK

A field report from the front lines of mobile security, this talk summarizes over three years of real-world operational experience with a commercially available system for the distributed, automated, large-scale detection of rogue base stations. The talk highlights effective techniques for automated detection, localization, alarming and neutralization of active attacks on mobile communications emanating from rogue base stations, as well as insights into the types of attacks observed, and pitfalls and regional and national peculiarities to watch out for.

BIO: Dr. Björn Rupp is the Chief Executive Officer of GSMK, a pioneer of mobile voice and message encryption and mobile device and network security. GSMK develops, produces and markets secure mobile, satellite and fixed-line telephones as well as network security solutions for mobile network operators. Björn has over sixteen years of experience in the telecommunications industry and is the author of several journal articles and book chapters on Internet economics, satellite communications systems, and mobile communications security.


Exploring fraud in telephony networks, an illustration with Over-The-Top Bypass
by Merve Sahin & Aurélien Francillon, Eurecom

Telephone networks form the oldest large scale network that has grown to touch over 7 billion people. Telephony is now merging many complex technologies and because numerous services enabled by these technologies can be monetized, telephony attracts a lot of fraud. This talk aims to systematically explore the fraud in telephony networks, by differentiating between the root causes, the vulnerabilities, the exploitation techniques, the fraud types and finally the way fraud benefits to the fraudsters.
As a concrete example, we will present the Over-The-Top (OTT) bypass fraud, where the regular international phone calls (originated from PSTN or cellular networks) are hijacked and terminated over a smartphone application, instead of being terminated over the normal telecom infrastructure. We will evaluate the possible techniques to detect and measure this fraud and analyze its real impact on a small European country through a case study.

BIO: Merve Sahin is a PhD student in the Digital Security department of EURECOM. She is working on identification and detection of fraud and abuse in telephony networks.

BIO: Aurélien is an assistant professor at EURECOM in the System and Software Security group (  He is mainly interested in systems security and, in particular, security of embedded systems and telephony networks.