Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta | MobiCom.

Published byConstance Powers Modified over 9 years ago

Similar presentations

Presentation on theme: "Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta | MobiCom."— Presentation transcript:

1 Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta | MobiCom ‘06 CS712 병렬처리특강 | Dependable Software Lab. | Lee Dong Kun

2 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr) Contents  Introduction  Related Work  System/Attack Characterization  Mitigation Technique  Current Solution  Queue Management  Resource Provisioning  Simulation Result  Conclusion 2 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

3 Introduction  Cellular Network System  Traditional cellular(phone) network system provided closed voice comm.  Currently cellular network system provides opened voice and data comm.  Service Interconnection  Phone network service and Internet service are interconnected by telecommunication provider.  Problems  Traditional phone networks had designed for only homogeneous closed system.  But current phone networks tightly interconnected with phone network and Internet.  Unexpected security problems occur  Heavy SMS traffics can flood over the phone network through Internet services. 3 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

4 Contents  Introduction  Related Work  System/Attack Characterization  Mitigation Technique  Current Solution  Queue Management  Resource Provisioning  Result and Discussion  Conclusion 4 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

5 Related Work | Vulnerability and Approaches  Traditional Solution  Disconnection method  Disconnect from external network – effective way in the past  Not effective anymore, because of new access pattern and service  Vulnerability  Telecomm. Networks are not only systems to suffer from vulnerabilities related to expanded connectivity.  Systems less directly connected to the Internet have also been subject to attack.  DoS(Denial of Service) Attack  Traditional DoS attack happen on the online web site.  Reported DoS accident over the phone networks 5 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

6 Contents  Introduction  Related Work  System/Attack Characterization  Mitigation Technique  Current Solution  Queue Management  Resource Provisioning  Result and Discussion  Conclusion 6 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

7 System characterization(I) | Message Delivery Overview 7 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

8 System characterization(I) | Message Delivery Overview – logical channel  TCH(Transfer Channel)  Carry voice traffic after call setup  CCH(Control Channel)  Transport information about the network  Assist in call setup/SMS delivery 8 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

9 Attack characterization(II) | System Vulnerability – Attack Phase Step 9 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr) Recognition (identification of a vulnerability) Reconnaissance (characterization of the conditions necessary to attack the vulnerability) Exploit (attacking the vulnerability) Recovery (cleanup and forensics)

10 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr) Attack characterization(II) | System Vulnerability – Attach Phase Step  Recognition  Vul. of GSM cellular network in this paper  Problem : Bandwidth allocation in air interface(call blocking)  Shared SDCCHs Problem  Voice Communication  SMS  Reconnaissance  Using tools, an attacker can easily construct a “hit-list” of potential targets.  Exploit  Saturating sectors to their SDCCH capacity for some period of time 10 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

11 Attack Characterization | Experimental Attack Characterization  Events Characterization  Deploy a detailed GSM simulator  Base scenario  Cellular deployment in the scale of metropolitan. i.e.,) Manhattan  12 SDCCHs / each of 55 sectors  No pre-SDCCH queue  Assume a Poisson distribution for the arrival of text message 11 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

12 Contents  Introduction  Related Work  System/Attack Characterization  Mitigation Technique  Current Solution  Queue Management  Resource Provisioning  Result and Discussion  Conclusion 12 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

13 Mitigation Technique(I) | Current Solution  Goal  Not only protect voice services from targeted SMS attacks, But also allow SMS service to continue.  Current Deployed Solution : Edge Solution  Rate-Limiting Solution  Restrict the amount of messages on each IP  Drawbacks : Spoof IP and Existence of Zombie network  Filter SMS traffic  Similar to SPAM filtering methodology  Drawback : An adversary can bypass by generating legitimate looking SMS traffic 13 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

14 Mitigation Technique(II) | Queue Management  Queue Management Technique(Network-based)  Weighted Fair Queuing(WFQ)  Fair Queuing(FQ)  Separate flows into individual queues and then apportions bandwidth equally between them(Round Robin)  Drawback : small time for packet to be transferred  Weighted Fair Queue(WFQ) in this paper  To solve FQ drawback, set priority to each flow.  Voice Call has higher priority compare to SMS  Install two queue on SDCCHs for Voice Call and SMS 14 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

15 Mitigation Technique(II) | Queue Management(cont.)  Weighted Random Early Detection(WRED)  Random Early Detection(RED)  Prevent queue lockout by dropping packets base on Qavg  Weighted Random Early Detection(WRED)  Determine the victims to be dropped base on packet’s priority 15 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

16 Mitigation Technique(III) | Resource Provisioning  Resource Provisioning(Air Interface)  Strict Resource Provisioning(SRP)  Some subset of SDCCH is only for Voice Call  Voice Call and SMS are shared other SDCCHs.  Dynamic Resource Provisioning(DRP)  If a small number of unused TCHs could be repurposed as SDCCHs, additional bandwidth could be provided to mitigate such attack.  Drawback : increase call blocking because of TCH exhaustion  Direct Channel Allocation(DCA)  The ideal means of eliminating the competition for resource - the separation of shared mechanism.  Separate SDCCHs to only Call setup and only SMS, strictly 16 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

17 Contents  Introduction  Related Work  System/Attack Characterization  Mitigation Technique  Current Solution  Queue Management  Resource Provisioning  Result and Discussion  Conclusion 17 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

18 Simulation Result(I) | Queue Management Technique 18 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)  WFQ vs. WRED

19 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr) Simulation Result(II) | Queue Management Technique 19 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)  SRP vs. DRP vs. DCA

20 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr) Contents  Introduction  Related Work  System/Attack Characterization  Mitigation Technique  Current Solution  Queue Management  Resource Provisioning  Result and Discussion  Conclusion 20 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

21 Conclusion  Vulnerability by SMS-based DOS over the phone Network  Adversaries with limited resources can cause call blocking probabilities(70%) – incapacitating a cellular network  This work provides some preliminary solutions and analysis for these vulnerabilities.  Queue Management Scheme  Resource Provisioning  Future works  Seek more general solution that address these vulnerabilities 21 KAIST | Dependable Software Lab | Direito Lee(dklee@dependable.kaist.ac.kr)

Download ppt "Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta | MobiCom."

Similar presentations

CSE 413: Computer Networks

CSE 413: Computer Networks
Exploiting Open Functionality in SMS-Capable Cellular Networks 20123550 Chang-Jae Lee Some of the slides and figures were borrowed from the author’s slides.

Exploiting Open Functionality in SMS-Capable Cellular Networks Chang-Jae Lee Some of the slides and figures were borrowed from the author’s slides.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Michael Lin, Machigar Ongtang, Vikhyath.

On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Michael Lin, Machigar Ongtang, Vikhyath.
An Adaptive Energy-Efficient MAC Protocol for Wireless Sensor Network

An Adaptive Energy-Efficient MAC Protocol for Wireless Sensor Network
On Attack Causality in Internet- Connected Cellular Networks Presented by EunYoung Jeong.

On Attack Causality in Internet- Connected Cellular Networks Presented by EunYoung Jeong.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Introduction Future wireless systems will be characterized by their heterogeneity - availability of multiple access systems in the same physical space.

Introduction Future wireless systems will be characterized by their heterogeneity - availability of multiple access systems in the same physical space.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
ISCSI Performance Experiments Li Yin EECS Department U.C.Berkeley.

ISCSI Performance Experiments Li Yin EECS Department U.C.Berkeley.
Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.

Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:

Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:
3/26/081 Exploiting Open Functionality in SMS- Capable Networks William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Systems and Internet.

3/26/081 Exploiting Open Functionality in SMS- Capable Networks William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Systems and Internet.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks

Similar presentations

Ads by Google