정보보호 및 알고리즘 조호성

Contents 정보보호 및 알고리즘 2

Paper Information Title On Attack Causality in Internet-Connected Cellular Network Authors P. Traynor, P. McDaniel and T. Porta The Pennsylvania Univ. Published USENIX Security 2007 – Network Security 3

Contribution Contribution of this paper New Vulnerability Analysis Identify and develop a realistic characterization of two new vulnerabilities in cellular data networks Implications of Combined Design Philosophies on Security Vulnerabilities are deeply rooted in opposing architectural assumptions. 4

New Vulnerability Analysis The Main Idea Present two new denial of service(DoS) vulnerabilities in cellular data services By delayed teardown mechanism By frequent connection reestablishmet 5

New Vulnerability Analysis Network Architecture A series of attachment and authentication procedures A device owner wants to use data service Locating a device 6

New Vulnerability Analysis Locating a device A series of attachment and authentication procedures 1.Power up and GPRS-attach message GPRS(General Packet Radio Services) 7 1

New Vulnerability Analysis A series of attachment and authentication procedures 2. Forward the message to SGSN SGSN(Serving GPRS Support Node)-authenticate user HLR(Home Location Resister)-keep track of user info. 8 2

New Vulnerability Analysis A series of attachment and authentication procedures 3. Establish PDP(Packet Data Protocol) PDP context is a data structure in SGSN and GGSN GGSN(Gateway GPRS Support Node) 9 3

New Vulnerability Analysis A series of attachment and authentication procedures 4. Request and receive the data A requested packet arrives at the GGSN GGSN matchs data and SGSN, then SGSN deliver data to the device 10 4

New Vulnerability Analysis 3 States of devices IDLE, unregistered and unreachable STANDBY, listen the“waken up”message from network READY, monitors the air interface for incoming packets 11

New Vulnerability Analysis Establishment of Air interface PPCH(Packet Paging Channel) PRACH(Packet Random Access Channel) PAGCH(Packet Access Grant Channel) PACCH(Packet Associated Control Channel) PDTCH(Packet Data Channel) 12 Paging Establish the data transfer channel

New Vulnerability Analysis Exploiting Teardown Mechanisms The process of locating, paging and establishing a connection between network and an end device is expensive So, after finishing data transmission, the device remains a READY state and secure the channel around 5 seconds Sending 32 messages to each sector can exhaust logical resources and temporarily prevent users from receiving traffic If above task can be repeated before 5 sec. expired, DoS attack becomes sustailable 13

New Vulnerability Analysis Exploiting Setup Procedures If connections to an end host must repeatedly be reestablished, the interarrival time between successive packets becomes exceedingly large Those time is also around 5 sec for each connection establishment 14

New Vulnerability Analysis Modeling Attacks on Teardown Mechanisms The blocking rates of legitimate traffic By an attack on the delayed teardown mechanisms 15

New Vulnerability Analysis Modeling Attacks on Connection Setup Blocking caused when immediate resource reclamation 16

Combined Design Philosophies Difference Between Cellular and traditional network Connection establishment are so different A comparison of the cost of delivering In the cellular data case, a significant amount of delay is added because of connection establishment procedure In the tranditional setting, simply forward the packet 17

Conclusion Introduce two DoS attack vulnerabilities Exploiting Teardown Mechanisms Exploiting Setup Procedures Explain the reason of vulnerabilities The problems are presented in this and others are artifacts of a larger architectural mismatch Packet-switched traffic vs. circuit-switched system 18