{"id":"https://openalex.org/W4411721754","doi":"https://doi.org/10.1145/3734477.3734726","title":"<scp>FirmState:</scp> Bringing Cellular Protocol States to Shannon Baseband Emulation","display_name":"<scp>FirmState:</scp> Bringing Cellular Protocol States to Shannon Baseband Emulation","publication_year":2025,"publication_date":"2025-06-27","ids":{"openalex":"https://openalex.org/W4411721754","doi":"https://doi.org/10.1145/3734477.3734726"},"language":"en","primary_location":{"id":"doi:10.1145/3734477.3734726","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3734477.3734726","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"18th ACM Conference on Security and Privacy in Wireless and Mobile Networks","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3734477.3734726","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5118662404","display_name":"Suhwan Jeong","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Suhwan Jeong","raw_affiliation_strings":["ENKI WhiteHat, Seoul, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"ENKI WhiteHat, Seoul, Republic of Korea","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102872491","display_name":"Beomseok Oh","orcid":"https://orcid.org/0009-0009-0692-0899"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Beomseok Oh","raw_affiliation_strings":["KAIST, Daejeon, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"KAIST, Daejeon, Republic of Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109417148","display_name":"Keunyeong Kim","orcid":"https://orcid.org/0009-0009-1121-733X"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Kwangmin Kim","raw_affiliation_strings":["KAIST, Daejeon, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"KAIST, Daejeon, Republic of Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059899443","display_name":"Insu Yun","orcid":"https://orcid.org/0000-0001-8931-2833"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Insu Yun","raw_affiliation_strings":["KAIST, Daejeon, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"KAIST, Daejeon, Republic of Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073822030","display_name":"Yongdae Kim","orcid":"https://orcid.org/0000-0003-4879-1262"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Yongdae Kim","raw_affiliation_strings":["KAIST, Daejeon, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"KAIST, Daejeon, Republic of Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026034763","display_name":"CheolJun Park","orcid":"https://orcid.org/0009-0009-5102-2190"},"institutions":[{"id":"https://openalex.org/I35928602","display_name":"Kyung Hee University","ror":"https://ror.org/01zqcg218","country_code":"KR","type":"education","lineage":["https://openalex.org/I35928602"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"CheolJun Park","raw_affiliation_strings":["Kyung Hee University, Yongin, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Kyung Hee University, Yongin, Republic of Korea","institution_ids":["https://openalex.org/I35928602"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5118662404"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.4888,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.84412079,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"242","last_page":"247"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10715","display_name":"Distributed and Parallel Computing Systems","score":0.9229999780654907,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10715","display_name":"Distributed and Parallel Computing Systems","score":0.9229999780654907,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10904","display_name":"Embedded Systems Design Techniques","score":0.909600019454956,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10829","display_name":"Interconnection Networks and Systems","score":0.9057999849319458,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.8857755661010742},{"id":"https://openalex.org/keywords/baseband","display_name":"Baseband","score":0.7948418855667114},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6771632432937622},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.5619285702705383},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5364068150520325},{"id":"https://openalex.org/keywords/bandwidth","display_name":"Bandwidth (computing)","score":0.2546468675136566}],"concepts":[{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.8857755661010742},{"id":"https://openalex.org/C65165936","wikidata":"https://www.wikidata.org/wiki/Q575784","display_name":"Baseband","level":3,"score":0.7948418855667114},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6771632432937622},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.5619285702705383},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5364068150520325},{"id":"https://openalex.org/C2776257435","wikidata":"https://www.wikidata.org/wiki/Q1576430","display_name":"Bandwidth (computing)","level":2,"score":0.2546468675136566},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C50522688","wikidata":"https://www.wikidata.org/wiki/Q189833","display_name":"Economic growth","level":1,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3734477.3734726","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3734477.3734726","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"18th ACM Conference on Security and Privacy in Wireless and Mobile Networks","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3734477.3734726","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3734477.3734726","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"18th ACM Conference on Security and Privacy in Wireless and Mobile Networks","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":2,"referenced_works":["https://openalex.org/W3103619372","https://openalex.org/W3136586396"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2154523322","https://openalex.org/W2083200807","https://openalex.org/W1603137082","https://openalex.org/W2364195017","https://openalex.org/W2355430452","https://openalex.org/W1951195060","https://openalex.org/W1694436751"],"abstract_inverted_index":{"Cellular":[0],"baseband":[1,27,36,71,85,170,176,187],"processors":[2],"represent":[3],"critical":[4],"security":[5,72],"components":[6],"in":[7,26,126,168,186],"modern":[8],"mobile":[9],"devices,":[10],"yet":[11],"they":[12],"remain":[13],"challenging":[14],"to":[15,18,151,182],"analyze":[16],"due":[17],"their":[19],"complexity":[20],"and":[21,53,95,112,163],"restricted":[22],"access.":[23],"Recent":[24],"advances":[25],"research":[28,185],"introduced":[29],"FirmWire,":[30,144],"the":[31,155],"state-of-the-art":[32],"emulator":[33],"enabling":[34,107],"full-system":[35],"emulation":[37],"with":[38,145],"extensive":[39,117],"features":[40],"debugging":[41],"capabilities.":[42],"However,":[43],"it":[44],"lacks":[45],"protocol":[46,65,156],"state":[47,97],"awareness,":[48],"significantly":[49],"limiting":[50],"its":[51],"coverage":[52,111,147],"fidenlity.":[54],"While":[55],"implementing":[56],"such":[57],"support":[58,183],"demands":[59],"substantial":[60],"engineering":[61],"effort,":[62],"accurately":[63],"modeling":[64],"states":[66],"remains":[67],"essential":[68],"for":[69,131,175],"comprehensive":[70],"analysis.":[73],"In":[74],"this":[75],"paper,":[76],"we":[77,161],"present":[78],"FirmState,":[79],"a":[80,123],"state-aware":[81],"methodology":[82],"that":[83],"augments":[84],"emulation,":[86],"specifically":[87],"targeting":[88],"Samsung":[89],"Shannon":[90],"baseband.":[91],"FirmState":[92,180],"semi-automatically":[93],"recovers":[94],"applies":[96],"information":[98],"extracted":[99],"from":[100,149],"physical":[101],"devices":[102],"during":[103],"actual":[104],"network":[105],"communication,":[106],"more":[108],"complete":[109],"code":[110,127,146],"authentic":[113],"behavior":[114],"reproduction":[115],"without":[116],"reverse":[118],"engineering.":[119],"Our":[120],"evaluation":[121],"demonstrates":[122],"significant":[124],"improvement":[125],"coverage,":[128],"achieving":[129],"7.5%":[130],"RRC--2.7\u00d7":[132],"higher":[133],"than":[134],"previous":[135],"work.":[136],"Additionally,":[137],"our":[138,159],"system":[139],"newly":[140],"supports":[141],"NAS":[142],"over":[143],"ranging":[148],"4.5%":[150],"9.2%,":[152],"depending":[153],"on":[154],"state.":[157],"Using":[158],"approach,":[160],"discovered":[162],"analyzed":[164],"two":[165],"1-day":[166],"vulnerabilities":[167],"Samsung's":[169],"implementation,":[171],"demonstrating":[172],"FirmState's":[173],"effectiveness":[174],"security.":[177,188],"We":[178],"make":[179],"open-source":[181],"further":[184]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}