Embodiments herein include an alternative approach to vulnerability detection, denoted as an automated network vulnerability identification and localization application (ANVIL). More specifically, a network includes multiple hardware and software-based entities that communicate with each other over standardized or proprietary protocol interfaces with the objective of providing data, computing capabilities, or voice connectivity to an end user such as a mobile device. For example, a device-based or core network-based instance of ANVIL emulates different protocol layers in order to periodically scan and probe the message responses of different protocol layers and the accessibility of different network interfaces to unauthorized users. Fuzzing message responses are used to generate new fuzzing messages based on machine learning techniques in order to localize potential vulnerabilities. Multiple protocol layers and communication protocols may be emulated and multiple network entities may be probed by a single instance of ANVIL. The responses of the network to the fuzzing messages and port scans are collated by ANVIL and reported to an administrator via a dashboard that highlights potential vulnerabilities in the network and suggested remedies.

Embodiments herein include an alternative approach to vulnerability detection, denoted as an automated network vulnerability identification and localization application (ANVIL). More specifically, a network includes multiple hardware and software-based entities that communicate with each other over standardized or proprietary protocol interfaces with the objective of providing data, computing capabilities, or voice connectivity to an end user such as a mobile device. For example, a device-based or core network-based instance of ANVIL emulates different protocol layers in order to periodically scan and probe the message responses of different protocol layers and the accessibility of different network interfaces to unauthorized users. Fuzzing message responses are used to generate new fuzzing messages based on machine learning techniques in order to localize potential vulnerabilities. Multiple protocol layers and communication protocols may be emulated and multiple network entities may be probed by a single instance of ANVIL. The responses of the network to the fuzzing messages and port scans are collated by ANVIL and reported to an administrator via a dashboard that highlights potential vulnerabilities in the network and suggested remedies.

An apparatus and system to provide separate network slices for security events are described. A dedicated secure network slice is provided for PDP data from a UE. The network slice is used for detecting security issues and sending security-related information to clients. The communications in the dedicated network slice are associated with a special PDP context used by the UE to interface with the network slice. Once the UE has detected a security issue or has been notified of the security issue on the network or remote servers, the UE uses a special PDP service, and is able to stop uplink/downlink channels, close running applications and enter into a sate mode, cut off connections to the networks, and try to determine alternate available connectivity.

An apparatus and system to provide separate network slices for security events are described. A dedicated secure network slice is provided for PDP data from a UE. The network slice is used for detecting security issues and sending security-related information to clients. The communications in the dedicated network slice are associated with a special PDP context used by the UE to interface with the network slice. Once the UE has detected a security issue or has been notified of the security issue on the network or remote servers, the UE uses a special PDP service, and is able to stop uplink/downlink channels, close running applications and enter into a sate mode, cut off connections to the networks, and try to determine alternate available connectivity.

Accurate and reliable time is acquired by a user equipment (UE) from a base station in a wireless network. The base station may obtain the time, e.g., UTC time or a GNSS time, and ciphers at least a portion of the time before broadcasting the time. The UE determines a propagation delay between the UE and the base station based on a timing advance, known locations of the UE and the base station, or a measured round trip propagation time (RTT) between the UE and the base station. A corrected time can be determined based on the time received from the base station and the propagation delay. A digital signature included with the time broadcast by the base station increases reliability. Spoofing of the broadcast time by an attacking device may be detected by the UE based on the propagation delay being outside an expected range.

Accurate and reliable time is acquired by a user equipment (UE) from a base station in a wireless network. The base station may obtain the time, e.g., UTC time or a GNSS time, and ciphers at least a portion of the time before broadcasting the time. The UE determines a propagation delay between the UE and the base station based on a timing advance, known locations of the UE and the base station, or a measured round trip propagation time (RTT) between the UE and the base station. A corrected time can be determined based on the time received from the base station and the propagation delay. A digital signature included with the time broadcast by the base station increases reliability. Spoofing of the broadcast time by an attacking device may be detected by the UE based on the propagation delay being outside an expected range.

A call blocking module in a smartphone is configured to generate a whitelist stored in the smartphone, the whitelist comprising a calling party number (“CPN”) using various number sources, such as a contact list, outgoing call list, or incoming call list. As each number source is modified with a new CPN, the whitelist may also be augmented automatically, or based upon a confirmation from a user of the smartphone. A contact center originating voice calls to the smartphone may be configured to generate a text call to the smartphone in order to populate the whitelist with the CPN that will be used when originating a subsequent voice call to the smartphone. Thus, the contact center can originate a text call to the smartphone to potentially increase the likelihood that a subsequent voice call will be passed by the whitelist.

A system for governing access to a network environment, including: at least one communication node communicatively coupled to a network infrastructure; a network assurance agent configured to monitor the at least one communication node, wherein the network assurance agent performs actions including: generating, in response to an access request for a network resource from the at least one communication node, an environmental model of the at least one communication node relative to the network environment, wherein the environmental model includes operational data of the at least one communication node or at least one other communication node in the network environment, calculating a risk score for the at least one communication node via a machine learning algorithm, based on the environmental model, and granting or denying the access request based on the risk score.

A method for detecting relay attacks between two communication platforms, the method including: receiving, at a first communication platform, a first signal sent via a first communication channel from a second communication platform, the first signal including information about a challenge; receiving, at the first communication platform, a second signal sent via a second communication channel from the second communication platform, the second signal being a start clock; receiving, at the first communication platform, a third signal sent via the second communication channel from the second communication platform, the third signal including the challenge; outputting, from the first communication platform, a response to the challenge via the first communication channel to the second communication platform; and determining, at the second communication platform, whether a relay attack has occurred based on a time elapsed from when the start clock began to when the response is received at the second communication platform.

A method for detecting relay attacks between two communication platforms, the method including: receiving, at a first communication platform, a first signal sent via a first communication channel from a second communication platform, the first signal including information about a challenge; receiving, at the first communication platform, a second signal sent via a second communication channel from the second communication platform, the second signal being a start clock; receiving, at the first communication platform, a third signal sent via the second communication channel from the second communication platform, the third signal including the challenge; outputting, from the first communication platform, a response to the challenge via the first communication channel to the second communication platform; and determining, at the second communication platform, whether a relay attack has occurred based on a time elapsed from when the start clock began to when the response is received at the second communication platform.