Presentation is loading. Please wait.

Presentation is loading. Please wait.

How an SMS-Based Malware Infection Will Get Throttled by the Wireless Link Roger Piqueras Jover (w. Ilona Murynets) AT&T Security Research Center June.

Published byMitchell Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "How an SMS-Based Malware Infection Will Get Throttled by the Wireless Link Roger Piqueras Jover (w. Ilona Murynets) AT&T Security Research Center June."— Presentation transcript:

1 How an SMS-Based Malware Infection Will Get Throttled by the Wireless Link Roger Piqueras Jover (w. Ilona Murynets) AT&T Security Research Center June 13, 2012 © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.

2 Agenda SMS-based malware Related work SMS over GSM and UMTS Simulation model SMS-based malware infection getting throttled by the wireless link Results © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 2

3 SMS-based Malware SMS is one of the most popular cellular services providing millions of revenue to operators. Also known for being a common platform for spam, fraud and malware. © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 3

4 SMS-based Malware © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 4 Malware infection and spreading. SMS message with a link to a malicious app. – Disguised as a game or social app User install app and phone gets infected App gains access to phone’s contact book – Selects targets to send SMS with link Infection spreads

5 Related work Husted and Myers, LEET’11 Direct contact propagation (via Bluetooth). Mild propagation, controllable by lowering susceptibility of population to infections. © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 5 Fleizach et al., WORM’07 MMS-based malware propagation through cellular. Slower propagation on a mobility network with respect to a wired network. Bottleneck at the link between NodeB and RNC. Assumes wireless signaling and control channel effects not significant. Traynor, IEEEE Trans Computing’11 Wireless link is the main bottleneck when it comes to massive SMS distribution.

6 SMS Network Architecture © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 6

7 SMS Over GSM Standalone Dedicated Control Channel (SDCCH) Shared by all users within one cell/sector Registration, establishment of authentication and encryption, initial call set-up, etc Highly bandwidth-limited – Aggregation of 4 logically consecutive time-slots within multi-frame – Effective bandwidth of 782bps © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 7

8 SMS Over UMTS © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 8 Random Access Channel (RACH) Control channel shared by all users within one cell/sector Registration, establishment of authentication and encryption, initial call set-up, etc Contention-based access channel – Collisions are possible – Collision avoidance and delayed transmission protocol Similar to Slotted-ALOHA Throughput  0.45

9 SMS Over UMTS © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 9 Random Access Channel (RACH) A user willing to transmit waits a certain backoff time and starts a preamble cycle A slot is randomly selected out of the 15 and also a signature (out of 16 possible) is chosen A short preamble message is transmitted on the selected slot with probability p and power P start If an ACK message is received on the same slot of the AICH channel containing the same signature… The user gets assigned to transmit data in the following frame (a data message is longer than a preamble and might occupy several slots)

10 SMS Over UMTS © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 10 Random Access Channel (RACH) A user willing to transmit waits a certain backoff time and starts a preamble cycle A slot is randomly selected out of the 15 and also a signature (out of 16 possible) is chosen A short preamble message is transmitted on the selected slot with probability p and power P start If no response is received on the AICH… In the following frame, the same preamble is sent (with probability p) on new random slot with power Pstart +  dB (power ramping) The user proceeds to listen to the same slot in the AICH If a maximum number of preambles is sent, we go back to the beginning and start a new preamble cycle

11 SMS Over UMTS © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 11 Random Access Channel (RACH) A user willing to transmit waits a certain backoff time and starts a preamble cycle A slot is randomly selected out of the 15 and also a signature (out of 16 possible) is chosen A short preamble message is transmitted on the selected slot with probability p and power P start If a NACK message is received on the AICH… Back to the beginning and start a new preamble cycle If a maximum number of preamble cycles is reached, the call fails (it is what happens when we try to call but it doesn’t go through…)

12 Simulation Model Scenario Large and dense urban environment (  Washington DC, 68.2mi 2 ). Only malware-related SMS traffic (no background traffic). 600000 mobile users 120 cells Barabasi and Albert network model – Contact book size  power-law distribution (80) – Contacts distributed in neighboring cells and a couple of other clusters Malware propagation: – SMS with link to a malicious app – Prob(user clicks on link and downloads app) = 0.5 – Infected phone sends SMS to k random contacts every  minutes k = 3  ~ exp(40min) © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 12

13 Simulation Model GSM SDCCH 8 SDCCH channels per cell/sector – Constant per cell SMS capacity: 8 SMS/5sec © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 13 UMTS RACH Matlab custom RACH model 3G Access Service Class #4 Simulation time Slots of 5 seconds

14 SMS-based malware infection throttled by the wireless link © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 14 GSM 3G Wired Transmitted load Input load Mbps Kbps 782 bps

15 Results Number of transmitted messages Exponential propagation in Wired Scenario Spreading rate much lower in mobility networks – Close to linear spreading in GSM (  8 SMS/5sec) – Faster spreading in UMTS Spreading stops when RACH is clogged Propagation slows down  RACH congestion level decreases  Propagation continues © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 15

16 Results Number of queued messages: global (a), one cell (b) Messages start queuing after  2000 slots of 5 seconds (2.7 hours) Total SMS network load at the saturation point: – 50 SMS/sec – Equivalent to 8.3  10 -5 SMS per second per user – Malware message load could be masked by regular user message traffic Slow increase of queued messages © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 16

17 Results Number of queued messages: global (a), one cell (b) Messages start queuing after  2700 slots of 5 seconds (3.7 hours) Very fast increase of queued messages – RACH saturates and no message goes through – (As opposed to GSM’s constant throughput of  8 SMS/5 sec) © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 17

18 Results Number of infected phones Malware propagation throttled by the wireless link – Internet propagation hits all 600000 mobile users – Infection slows down on UMTS and GSM – SMSs generated by malware could potentially saturate the link for other users © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 18

19 Conclusions Wireless Interface The wireless link plays an important role on malware modeling over mobility networks – Bottleneck of SMS-based malware propagation No massive outbreak – Spreading rate much slower than in wired scenarios (Internet) 10x slower in GSM 3x slower in UMTS © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 19 Future work Large scale nation-wide simulation (pool of 100 million users) Background traffic New propagation vectors – LTE – iMessage, WhatsApp, Viber, etc Load effects on Core Network

20 Thanks! Questions? AT&T Security Research Center src.att.com © 2012 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 20

Download ppt "How an SMS-Based Malware Infection Will Get Throttled by the Wireless Link Roger Piqueras Jover (w. Ilona Murynets) AT&T Security Research Center June."

Similar presentations

Nick Feamster CS 4251 Computer Networking II Spring 2008

Nick Feamster CS 4251 Computer Networking II Spring 2008
Exploiting Open Functionality in SMS-Capable Cellular Networks 20123550 Chang-Jae Lee Some of the slides and figures were borrowed from the author’s slides.

Exploiting Open Functionality in SMS-Capable Cellular Networks Chang-Jae Lee Some of the slides and figures were borrowed from the author’s slides.
Tutorial 6 Mobile Communication Networks Mohamed Esam.

Tutorial 6 Mobile Communication Networks Mohamed Esam.
Multiple Access Techniques for wireless communication

Multiple Access Techniques for wireless communication
Channel Allocation Protocols. Dynamic Channel Allocation Parameters Station Model. –N independent stations, each acting as a Poisson Process for the purpose.

Channel Allocation Protocols. Dynamic Channel Allocation Parameters Station Model. –N independent stations, each acting as a Poisson Process for the purpose.
On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Michael Lin, Machigar Ongtang, Vikhyath.

On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Michael Lin, Machigar Ongtang, Vikhyath.
CS 408 Computer Networks Congestion Control (from Chapter 05)

CS 408 Computer Networks Congestion Control (from Chapter 05)
How is Information Transferred? Developing an Intuition for Network Communication Protocols a 6.UAT concept talk by Olga Stroilova.

How is Information Transferred? Developing an Intuition for Network Communication Protocols a 6.UAT concept talk by Olga Stroilova.
Crime Scene Investigation: SMS Spam Data Analysis Ilona Murynets AT&T Security Research Center New York, NY Roger Piqueras Jover AT&T Security.

Crime Scene Investigation: SMS Spam Data Analysis Ilona Murynets AT&T Security Research Center New York, NY Roger Piqueras Jover AT&T Security.
On Attack Causality in Internet- Connected Cellular Networks Presented by EunYoung Jeong.

On Attack Causality in Internet- Connected Cellular Networks Presented by EunYoung Jeong.
College of Engineering Optimal Access Point Selection and Channel Assignment in IEEE 802.11 Networks Sangtae Park Advisor: Dr. Robert Akl Department of.

College of Engineering Optimal Access Point Selection and Channel Assignment in IEEE Networks Sangtae Park Advisor: Dr. Robert Akl Department of.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.

Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.
James 1:5 If any of you lacks wisdom, he should ask God, who gives generously to all without finding fault, and it will be given to him.

James 1:5 If any of you lacks wisdom, he should ask God, who gives generously to all without finding fault, and it will be given to him.
Presentation By: Daniel Mitchell, Brian Shaw, Steven Shidlovsky Paper By: Martin Heusse, Franck Rousseau, Gilles Berger-Sabbatel, Andrzej Duda 1 CS4516.

Presentation By: Daniel Mitchell, Brian Shaw, Steven Shidlovsky Paper By: Martin Heusse, Franck Rousseau, Gilles Berger-Sabbatel, Andrzej Duda 1 CS4516.
1 November 2 nd, 2007WORM’07 Can You Infect Me Now? Chris Fleizach 1, Michael Liljenstam 3, Per Johansson 2, Geoffrey M. Voelker 1 and András Méhes 3 123123.

1 November 2 nd, 2007WORM’07 Can You Infect Me Now? Chris Fleizach 1, Michael Liljenstam 3, Per Johansson 2, Geoffrey M. Voelker 1 and András Méhes
Network Technology CSE3020 - 2006 1 Network Technology CSE3020 Week 9.

Network Technology CSE Network Technology CSE3020 Week 9.
Lecture 2 Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit.

Lecture 2 Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit.
802.11n MAC layer simulation Submitted by: Niv Tokman Aya Mire Oren Gur-Arie.

802.11n MAC layer simulation Submitted by: Niv Tokman Aya Mire Oren Gur-Arie.
TCP over ad hoc networks Ad Hoc Networks will have to be interfaced with the Internet. As such backward compatibility is a big issue. One might expect.

TCP over ad hoc networks Ad Hoc Networks will have to be interfaced with the Internet. As such backward compatibility is a big issue. One might expect.
1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 9th Lecture 22.11.2006 Christian Schindelhauer.

1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 9th Lecture Christian Schindelhauer.

Similar presentations

Ads by Google