Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta 2/29/2012.

Slides:

Advertisements

Similar presentations

GSM infrastructure MSC, BSC, BTS, VLR, HLR, GSGN, GSSN

Advertisements

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.

Min Song 1, Yanxiao Zhao 1, Jun Wang 1, E. K. Park 2 1 Old Dominion University, USA 2 University of Missouri at Kansas City, USA IEEE ICC 2009 A High Throughput.

Location Based Service Aloizio P. Silva Researcher at Federal University Of Minas Gerais, Brazil Copyright © 2003 Aloizio Silva, All rights reserved. School.

Mobile web E- Business Technology Prof. Dr. Eduard Heindl Shirin Faghihi.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Michael Lin, Machigar Ongtang, Vikhyath.

On Attack Causality in Internet- Connected Cellular Networks Presented by EunYoung Jeong.

Telefónica Móviles España GPRS (General Packet Radio Service)

Basic radio frequency communications - 2 Session 1.

The Wireless Communication System Xihan Lu. Wireless Communication Cellular phone system Cordless telephone system Bluetooth Infrared communication Microwave.

Cellular and Mobile Wireless Networks (part 2) Advanced Computer Networks.

General Packet Radio System (GPRS) Overview. Introduction General Packet Radio Service (GRPS) today “Packet overlay” network on top of the existing GSM.

GPRS Muhammad Al-khaldi Sultan Al-Khaldi

Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:

Mobile Handset Cellular Network Basics + GSM. Cellular Network Basics There are many types of cellular services; before delving into details, focus on.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.

Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,

 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.

General Packet Radio Service (GPRS) A new Dimension to Wireless Communication.

Evolution from GMS to UMTS

정보보호 및 알고리즘 조호성. Contents 정보보호 및 알고리즘 2.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

[Public]—For everyone ©2003–2008 Check Point Software Technologies Ltd. All rights reserved. GPRS/UMTS Security Requirements Guto Motta

CELLULAR ARCHITECTURE FOR SMS- TXT BASED MOBILE MARKETING Course Faculty: Mrs Yasmin Malik Venue: IBA City Campus, Karachi Course Start Date: Spring 2012.

Mobile Technologies Introduction Basics of GSM Value Added Services SMS Short Codes Asterisk * LBS.

GSM,GPRS & CDMA Technology

CDMA Power Control, Smart Antenna. Power Control in CDMA All the mobiles communicate on the same frequency. Therefore, internal interference is developed.

CDMA Network Structure and Components Lance Westberg.

GSM Network Structure Lance Westberg.

Network: Location Management Y. Richard Yang 3/21/2011.

CELLULAR DATA NETWORKS Mr. Husnain Sherazi Lecture 5.

GSM TOWARDS LTE NETWORKS Lecture # 2. CELLULAR GENERATIONS First Generation Wireless : Analog Second Generation Wireless (2G): Digital Second Generation.

Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta | MobiCom.

Network components of the Switching Subsystem The switching Subsystem comprises the following subsystems. MSC (Mobile Switching Centre) HLR (Home location.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

GSM TOWARDS LTE NETWORKS

Rev A Mikko Suominen Enhancing System Capacity and Robustness by Optimizing Software Architecture in a Real-time Multiprocessor Environment.

Teachers Name : Suman Sarker Telecommunication Technology Subject Name : Mobile & Wireless Communication-2 Subject Code : 9471 Semester :7th Department.

GSM Network Architecture

MOBILITY Beyond Third Generation Cellular Feb

Overview of cellular system

Yschen, CSIE, CCU1 Chapter 4: Fundamental of Cellular Systems Associate Prof. Yuh-Shyan Chen Dept. of Computer Science and Information Engineering National.

Mobile Cellular Networks Cellular principle –Taking this one step further tessellate network coverage area with cell reuse pattern (cluster) Each cell.

Communication Protocol Engineering Lab. Hyoung Joo. Nam. 1 GSM System Overview Wireless and Mobile Network Architecture Nam Hyoung-Joo

DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith.

Computer Networks with Internet Technology William Stallings

(Global System for Mobile Communication)

Denial of Service Resilience in Ad Hoc Networks (MobiCom 2004) Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly November 21 th, 2006 Jinkyu Lee.

WIRELESS FRAUD Detection & Prevention. Method of Fraud CLONING of SIM Card.

Cellular Networks 1. Overview 1G Analog Cellular 2G TDMA - GSM 2G CDMA - IS G 3G 4G and Beyond Cellular Engineering Issues 2.

GPRS General Packet Radio Service Shay Toder – Ori Matalon The Department of Communication System Engineering Ben-Gurion University June 19, 2002.

1 Special Topics in Computer Engineering Supervised by Dr. Walid Abu-Sufah Jordan University Department of Computer Engineering.

Prof. Younghee Lee 1 1 Computer Networks u Lecture 11: Mobility Prof. Younghee Lee * Some part of this teaching materials are prepared referencing the.

1 Lecture 19 EEE 441 Wireless And Mobile Communications.

Cellular Wireless Networks. Cellular Network Organization Multiple low power transmitters —100w or less Area divided into cells —Each with own antenna.

1 Wireless Networks Lecture 17 GPRS: General Packet Radio Service (Part I) Dr. Ghalib A. Shah.

Wireless Network PMIT- By-

Cellular Networks Wireless Transmission Cellular Concept

Global System for Mobile Communications

Network/SMS Characteristics

Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Ashvin Bodhale CS 388.

GPRS GPRS stands for General Packet Radio System. GPRS provides packet radio access for mobile Global System for Mobile Communications (GSM) and time-division.

Global system for Mobile Communications

International Roaming for GSM

GPRS Architecture Ayan Ganguly Bishakha Roy Akash Dutta.

Exploiting Open Functionality in SMS-Capable Cellular Networks

Dept. of Business Administration

Presentation transcript:

Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta 2/29/2012

 Objectives  Cellular Networks  Describing the Attack  Quantifying the Attack  Mitigating the Attack  Conclusions 22/29/2012

 Characterize an attack on cellular network core  Test the attack  Optimize it  Propose defenses 2/29/20123

 Cellular networks have  Home Location Register (HLR)  Mobile Switching Centers (MSC)  Visiting Location Register (VLR)  Serving GPRS Support Node (SGSN)  Base Station Subsystem (BSS) 2/29/20124

 DDoS using a cellular botnet  Target part that will cause most disruption  HLR is necessary for most actions  Authentication  Phone calls  Text messages  Billing  Etc.  HLR most effective target 2/29/20125

 Only ‘legitimate’ transactions reach HLR 2/29/20126

 Write transactions use more HLR resources per transaction than reads  Which one the best?  Update Location utilizes caching  Update Subscriber Data averages 2.5 seconds  Insert Call Forwarding averages 2.7 seconds  Delete Call Forwarding averages 2.5 seconds  Insert/Delete Call Forwarding must alternate  Best to use combination of Insert and Delete Call Forwarding 2/29/20127

8

9

 Why most resource usage per message?  Why not just send more messages?  When sending that many messages, will clog up communications channels and never reach HLR  Deny service for base station, not whole network  Need to distribute attack across multiple base stations 2/29/201210

 Testbed system dropped 93% of traffic under a simulated call-forwarding attack with 5000 messages/sec  Need to be distributed evenly across 21 base stations to not DDoS the random access channel before getting to HLR  Need 375 base stations to not DDoS control channels 2/29/201211

 Tried and true (Internet coordination)  Easy to identify/snoop  Clogs communication channels  Local Wireless Coordination  Short range  Indirect Local Coordination  Using exponential backoff? 2/29/201212

 Filtering  Can be aggressive because call forwarding is not critical  What if call forwarding is not the transaction used?  Shedding  How to deploy effective rules during an attack?  Make phone security better 2/29/201213

 Cellular network are vulnerable to DDoS attacks  Single points of failure are bad  Botnet must be fairly sophisticated  Is there a way to distribute HLR data? 2/29/201214