{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T15:32:52Z","timestamp":1759332772230,"version":"3.40.3"},"publisher-location":"Cham","reference-count":51,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031514753"},{"type":"electronic","value":"9783031514760"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-51476-0_5","type":"book-chapter","created":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T07:02:29Z","timestamp":1704870149000},"page":"81-101","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Fingerprinting of\u00a0Cellular Infrastructure Based on\u00a0Broadcast Information"],"prefix":"10.1007","author":[{"given":"Anup Kiran","family":"Bhattacharjee","sequence":"first","affiliation":[]},{"given":"Stefano","family":"Cecconello","sequence":"additional","affiliation":[]},{"given":"Fernando","family":"Kuipers","sequence":"additional","affiliation":[]},{"given":"Georgios","family":"Smaragdakis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,1,11]]},"reference":[{"key":"5_CR1","unstructured":"3GPP: LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); Medium Access Control (MAC) protocol specification (3GPP TS 36.321). 3GPP (2022). https:\/\/www.3gpp.org\/dynareport\/36321.htm"},{"key":"5_CR2","unstructured":"3GPP: LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); Physical channels and modulation (3GPP TS 36.211). 3GPP (2022). https:\/\/www.3gpp.org\/dynareport\/36211.htm"},{"key":"5_CR3","unstructured":"3GPP: LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); Physical layer procedures (3GPP TS 36.213). 3GPP (2022). https:\/\/www.3gpp.org\/dynareport\/36213.htm"},{"key":"5_CR4","unstructured":"3GPP: LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control (RRC); Protocol specification (3GPP TS 36.331). 3GPP (2022). https:\/\/www.3gpp.org\/dynareport\/36331.htm"},{"key":"5_CR5","unstructured":"3GPP: LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); User Equipment (UE) procedures in idle mode (3GPP TS 36.304). 3GPP (2022). https:\/\/www.3gpp.org\/dynareport\/36304.htm"},{"key":"5_CR6","unstructured":"3GPP: LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); User Equipment (UE) radio transmission and reception (3GPP TS 36.101). 3GPP (2022). https:\/\/www.3gpp.org\/dynareport\/36101.htm"},{"key":"5_CR7","unstructured":"3GPP: Study on New Radio Access Technology: Radio Access Architecture and Interfaces (2023). https:\/\/www.3gpp.org\/DynaReport\/38801.htm"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Albakour, T., Gasser, O., Beverly, R., Smaragdakis, G.: Third time\u2019s not a charm: exploiting SNMPv3 for router fingerprinting. In: ACM IMC (2021)","DOI":"10.1145\/3487552.3487848"},{"key":"5_CR9","unstructured":"Amphenol: Amphenol small cells: Cell oDAS. https:\/\/amphenolwireless.com\/small-cellodas\/. Accessed 15 May 2023"},{"key":"5_CR10","unstructured":"Apexel: 36X Super Phone Camera Telephoto Lens for Mobile Phone. https:\/\/www.apexeloptic.com\/product\/36x-telescope-lens"},{"key":"5_CR11","volume-title":"Understanding Machine Learning: From Theory to Algorithms","author":"S Ben-David","year":"2014","unstructured":"Ben-David, S., Shalev-Shwartz, S.: Understanding Machine Learning: From Theory to Algorithms. Cambridge University Press, Cambridge (2014)"},{"key":"5_CR12","unstructured":"Cellmapper: Map (2022). https:\/\/www.o-ran.org\/. https:\/\/www.cellmapper.net"},{"key":"5_CR13","unstructured":"CISCO: Antenna Patterns and Their Meaning. https:\/\/www.industrialnetworking.com\/pdf\/Antenna-Patterns.pdf"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Clancy, T.C.: Efficient OFDM denial: pilot jamming and pilot nulling. In: 2011 IEEE International Conference on Communications (2011)","DOI":"10.1109\/icc.2011.5962467"},{"key":"5_CR15","unstructured":"Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: USENIX Security Symposium (2013)"},{"key":"5_CR16","unstructured":"Ericsson: Small Cells: Radio Dots. https:\/\/www.ericsson.com\/en\/portfolio\/networks\/ericsson-radio-system\/radio\/small-cells\/indoor\/radio-dots"},{"key":"5_CR17","unstructured":"Google: Street View. https:\/\/www.google.com\/streetview"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Gorrepati, U., Zavarsky, P., Ruhl, R.: Privacy protection in LTE and 5G networks. In: International Conference on Secure Cyber Computing and Communication (2021)","DOI":"10.1109\/ICSCCC51823.2021.9478109"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Groen, J., DOro, S., Demir, U., Bonati, L., Polese, M., Melodia, T., Chowdhury, K.: Implementing and evaluating security in O-RAN: interfaces, intelligence, and platforms. arXiv preprint arXiv:2304.11125 (2023)","DOI":"10.1109\/MNET.2024.3434419"},{"key":"5_CR20","unstructured":"GSM Association: GSMA: The Mobile Economy 2022. GSMA (2022). https:\/\/www.gsma.com\/mobileeconomy\/wp-content\/uploads\/2022\/02\/280222-The-Mobile-Economy-2022.pdf"},{"key":"5_CR21","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-030-30278-8_14","volume-title":"New Trends in Databases and Information Systems","author":"D Gubiani","year":"2019","unstructured":"Gubiani, D., Gallo, P., Viel, A., Dalla Torre, A., Montanari, A.: A cellular network database for fingerprint positioning systems. In: Welzer, T., et al. (eds.) ADBIS 2019. CCIS, vol. 1064, pp. 111\u2013119. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-30278-8_14"},{"key":"5_CR22","unstructured":"Huawei: Huawei small cells: Lampsite. https:\/\/carrier.huawei.com\/en\/products\/wireless-network-v3\/Small-Cell\/LampSite. Accessed 15 May 2023"},{"issue":"1","key":"5_CR23","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/1687-417X-2014-1","volume":"2014","author":"RP Jover","year":"2014","unstructured":"Jover, R.P., Lackey, J., Raghavan, A.: Enhancing the security of LTE networks against jamming attacks. EURASIP J. Inf. Secur. 2014(1), 1\u201314 (2014)","journal-title":"EURASIP J. Inf. Secur."},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Joyce, R., Zhang, L.: Locating small cells using geo-located UE measurement reports & RF fingerprinting. In: 2015 IEEE International Conference on Communications (2015)","DOI":"10.1109\/ICC.2015.7248829"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. In: IEEE Symposium on Security and Privacy (2005)","DOI":"10.1109\/SP.2005.18"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Lichtman, M., Reed, J.H., Clancy, T.C., Norton, M.: Vulnerability of LTE to hostile interference. In: IEEE Global Conference on Signal and Information Processing (2013)","DOI":"10.1109\/GlobalSIP.2013.6736871"},{"issue":"2","key":"5_CR27","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1109\/MNET.001.1900101","volume":"34","author":"F Meneghello","year":"2020","unstructured":"Meneghello, F., Rossi, M., Bui, N.: Smartphone identification via passive traffic fingerprinting: a sequence-to-sequence learning approach. IEEE Netw. 34(2), 112\u2013120 (2020)","journal-title":"IEEE Netw."},{"key":"5_CR28","unstructured":"MITRE: MITRE CVEs. https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=enodeb. Accessed 15 May 2023"},{"key":"5_CR29","unstructured":"Mozilla: Location Services (2022). https:\/\/location.services.mozilla.com\/"},{"key":"5_CR30","unstructured":"Nokia: Nokia Small Cells: Airscale. https:\/\/www.nokia.com\/networks\/mobile-networks\/airscale-radio-access\/micro-rrh\/. Accessed 15 May 2023"},{"key":"5_CR31","unstructured":"O-RAN: O-RAN Specifications. https:\/\/orandownloadsweb.azurewebsites.net\/specifications. Accessed 22 May 2023"},{"key":"5_CR32","unstructured":"Open Cells: Open Cells Project. https:\/\/open-cells.com\/"},{"key":"5_CR33","unstructured":"OpenAirInterface Software Alliance: penAirInterface. https:\/\/www.srslte.com\/ and https:\/\/openairinterface.org\/"},{"key":"5_CR34","unstructured":"OpenCellid: OpenCellid. OpenCellid (2022). https:\/\/opencellid.org\/"},{"issue":"2","key":"5_CR35","doi-asserted-by":"publisher","first-page":"1124","DOI":"10.1109\/COMST.2017.2785181","volume":"20","author":"JA del Peral-Rosado","year":"2017","unstructured":"del Peral-Rosado, J.A., Raulefs, R., L\u00f3pez-Salcedo, J.A., Seco-Granados, G.: Survey of cellular mobile radio localization methods: from 1G to 5G. IEEE Commun. Surv. Tutor. 20(2), 1124\u20131148 (2017)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"5_CR36","unstructured":"QCSuper contributors: QCSuper toole. https:\/\/github.com\/P1sec\/QCSuper"},{"key":"5_CR37","unstructured":"Quectel: EG25-G. https:\/\/www.exvist.com\/products\/4g-lte-usb-dongle-wquectel-iot-eg25-g-mini-pcie-type-c"},{"key":"5_CR38","unstructured":"Security Week: Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping. https:\/\/www.securityweek.com\/critical-baicells-device-vulnerability-can-expose-telecoms-networks-to-snooping\/"},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Seyi, A.B., Jafaar, F., Ruhl, R.: Securing the authentication process of LTE base stations. In: IEEE International Conference on Electrical, Communication, and Computer Engineering (2020)","DOI":"10.1109\/ICECCE49384.2020.9179227"},{"key":"5_CR40","doi-asserted-by":"crossref","unstructured":"Shaik, A., Borgaonkar, R., Park, S., Seifert, J.P.: New vulnerabilities in 4G and 5G cellular access network protocols: exposing device capabilities. In: ACM WiSec (2019)","DOI":"10.1145\/3317549.3319728"},{"key":"5_CR41","doi-asserted-by":"crossref","unstructured":"Shamsi, Z., Nandwani, A., Leonard, D., Loguinov, D.: Hershel: single-packet OS fingerprinting. In: ACM SIGMETRICS (2014)","DOI":"10.1145\/2591971.2591972"},{"key":"5_CR42","doi-asserted-by":"publisher","first-page":"258","DOI":"10.1016\/j.procs.2022.09.027","volume":"205","author":"P Skokowski","year":"2022","unstructured":"Skokowski, P., et al.: Jamming and Jamming mitigation for selected 5G military scenarios. Procedia Comput. Sci. 205, 258\u2013267 (2022)","journal-title":"Procedia Comput. Sci."},{"key":"5_CR43","unstructured":"Synacktiv: Multiple Vulnerabilities in Nokia BTS AirScale. https:\/\/www.synacktiv.com\/sites\/default\/files\/2023-02\/Synacktiv-Nokia-BTS-AirScale-Asika-Multiple-Vulnerabilities.pdf"},{"key":"5_CR44","unstructured":"The Times of Israel: 3 Israelis charged in Hamas plot to sabotage telecom networks used by IDF during war. https:\/\/www.timesofisrael.com\/3-israelis-charged-in-hamas-plot-to-sabotage-telecom-networks-used-by-idf-during-war\/"},{"key":"5_CR45","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1016\/j.comcom.2020.04.014","volume":"157","author":"RD Timoteo","year":"2020","unstructured":"Timoteo, R.D., Cunha, D.C.: A scalable fingerprint-based angle-of-arrival machine learning approach for cellular mobile radio localization. Comput. Commun. 157, 92\u2013101 (2020)","journal-title":"Comput. Commun."},{"key":"5_CR46","doi-asserted-by":"crossref","unstructured":"Triki, M., Slock, D.T., Rigal, V., Fran\u00e7ois, P.: Mobile terminal positioning via power delay profile fingerprinting: reproducible validation simulations. In: IEEE Vehicular Technology Conference, pp. 1\u20135 (2006)","DOI":"10.1109\/VTCF.2006.583"},{"key":"5_CR47","unstructured":"VOANews: Somali Telecommunications Center, Tower Destroyed in Explosion. https:\/\/www.voanews.com\/a\/somali-telecommunications-center-tower-destroyed-in-explosion\/6824753.html"},{"key":"5_CR48","unstructured":"Wired: The Last Cell Tower in Mariupol. https:\/\/www.wired.com\/story\/mariupol-ukraine-war\/"},{"key":"5_CR49","unstructured":"Yu, L., Luo, B., Ma, J., Zhou, Z., Liu, Q.: You are what you broadcast: identification of mobile and IoT devices from (public) WiFi. In: USENIX Security Symposium (2020)"},{"issue":"5","key":"5_CR50","doi-asserted-by":"publisher","first-page":"2094","DOI":"10.1109\/TMC.2020.2968899","volume":"20","author":"Y Zhang","year":"2020","unstructured":"Zhang, Y., et al.: Transfer learning-based outdoor position recovery with cellular data. IEEE Trans. Mob. Comput. 20(5), 2094\u20132110 (2020)","journal-title":"IEEE Trans. Mob. Comput."},{"key":"5_CR51","unstructured":"Zimperium: Analysis of multiple vulnerabilities in different open source BTS products. https:\/\/www.zimperium.com\/blog\/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products\/"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-51476-0_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,7]],"date-time":"2024-11-07T20:18:25Z","timestamp":1731010705000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-51476-0_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031514753","9783031514760"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-51476-0_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"11 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2023.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"478","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}