0 Mining call data to increase the robustness of cellular networks to DoS attacks Hui Zang and Jean Bolot Sprint

1 Better Security via Robust Paging Using Mobility Data Hui Zang and Jean Bolot Sprint

2 Better Security via Robust Paging Using Mobility Data Hui Zang and Jean Bolot Sprint

3 Mobility Data to design Efficient Paging and Increase Security Hui Zang and Jean Bolot Sprint

4 Cellular networks are at risk (650) Paging channel

5 Threats identified SMS DoS attacks >Mobicom 06 (Penn State) Battery attacks via paging >SecureComm 2006 (UC Davis) Signaling DoS via data paging >Mobicom WiSe workshop 06 (Sprint)

6 Increase the robustness of the paging channel Increase paging channel capacity Reduce/block unwanted traffic Decrease paging channel utilization >Efficient paging schemes

7 Contributions Data-driven approach Large-scale cellular mobility data Efficient paging algorithms >Reduce paging utilization by 80% >Increase delay by 10%

8 Per Call Measurement Data (PCMD) Collected by each switch Record of every call >Call type (voice, data, SMS) >Start/end cell, sector >Source/destination Three month-long traces – Feb 2006

9 Trace statistics SwitchNb.recordsNb.cellsNb. users Manhattan120 M K Philadelphia140 M K Brisbane50 M K Total310 M4332 M Size of data: 65GB

10 Mobility 96% users visit < 40 cells in a month

11 Calling activity 60% users make < 26 calls in a month

12 Joint calling and mobility 4% most mobile make 35% of calls

13 Mobility patterns over time Correlation between day X and Y >Mutual information I(X,Y) = H(X) + H(Y) – H(X,Y) Normalized by entropy of the data from a reference day NMI(X,Y) = I(X,Y)/H(X)

14 Correlation between two days Weekday traces are highly correlated NMI(current day, n days ago) 2/28 – Tuesday, 2/26 – Sunday

15 How much history is needed 14 days of data is usually enough NMI(current day, past n days)

16 Recap - what we found so far… 96% users in < 40 cells 60% users make < 26 calls 4% most mobile users make 35% of calls Locations are correlated across days Higher correlation between weekday data 14 days of data is sufficient Use this to design better paging schemes

17 Paging – Locate the mobile Mobile Switching Center ( 650) I am here (650) is in my cell

18 Paging – establish the channel Mobile Switching Center Channel assignment

19 Broadcast vs. profile-based paging Mobile Switching Center One paging/location area Incoming call

20 Broadcast vs. Profile-based paging Mobile Switching Center Broadcast

21 Broadcast vs. Profile-based paging Mobile Switching Center Profile-based 1 st step Incoming call

22 Broadcast vs. Profile-based paging Mobile Switching Center 2 nd step (broadcast) Profile-based No reply back

23 Profile-based paging Fixed profile - update profile periodically +: low management cost -: up-to-date mobility data cannot be utilized Dynamic profile - update with every call +: more accurate predication -: high management cost

24 Performance Metrics Cost: number of cells paged per call Paging delay: call arrival until mobile responds Success rate of the 1 st step - paging selected cells

25 Fixed-profile updated biweekly

26 Dynamic Profile High success rate for data calls

27 Dynamic Profile – cost vs delay

28 Smart paging Dynamic profile-based >14 days of history data Voice/SMS: >most recently visited N cells >top X fraction of most popular cells Data: >most recently visited N cells

29 Success rate Fixed profile Dynamic profile Smart paging N=10 X=0.95 Brisbane 2/ Manhattan 2/

30 Cost and delay tradeoff

31 Conclusions Use large-scale mobility data >mobility and activity >patterns over time To increase paging efficiency >optimized profile-based And increase robustness >decrease utilization >limit cost of data pages Next: nationwide, data

32 Conclusions PCMD can be used to implement profile-based paging Based on our study, 2-week’s data is sufficient to achieve a good cost/performance tradeoff Smart paging limits the cost of data pages, thus minimizes the impact of DoS attacks

33

34 backup

35 Summary of evaluation Fixed profile based >Can achieve up to 90% success rate >Does not work well on weekends Dynamic profile based >Success rate increases with the amount of history data >Higher success rate than fixed-profile-based paging with the same amount of history data >High maintenance >High cost for data pages Smart paging >Achieves similar success rates as dynamic-profile based paging >Reduces paging cost dramatically >Strictly limits the cost of data pages, therefore limits the impact of DoS attacks originating from the Internet

36 What we found from PCMD - call breakdown by service type The majority of incoming calls are voice calls >A paging technique must work well with voice calls For data calls, more outgoing than incoming >Location update is more frequent for data users >High success rate expected for data paging ServiceTotal number of calls Number of incoming calls Voice25.5x x10 6 Data16.7x x10 6 SMS5.6x x10 6

37 P rofile-based Paging Store the locations of calls made within a period of time from PCMD Select all or a set of locations for a user in her location records upon a call termination request (the set can be selected based on user’s previous behavior, the service type of the call, etc.) Page those selected locations If failed to receive a response, then broadcast the paging to the entire paging area

38 Location update and paging schemes Location area based: broadcast paging over the location/paging area Profile based >Each user is associated with a profile >A profile indicates where the user is likely to be at a certain point of time >When a paging request comes, it is sent to the cells indicated by the user’s profile (1 st step) >Broadcast if a reply is not received (2 nd step)