Presentation is loading. Please wait.

Presentation is loading. Please wait.

Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta 2/29/2012.

Published byJoel Hunter Modified over 9 years ago

Similar presentations

Presentation on theme: "Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta 2/29/2012."— Presentation transcript:

1 Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta 2/29/2012

2  Objectives  Cellular Networks  Describing the Attack  Quantifying the Attack  Mitigating the Attack  Conclusions 22/29/2012

3  Characterize an attack on cellular network core  Test the attack  Optimize it  Propose defenses 2/29/20123

4  Cellular networks have  Home Location Register (HLR)  Mobile Switching Centers (MSC)  Visiting Location Register (VLR)  Serving GPRS Support Node (SGSN)  Base Station Subsystem (BSS) 2/29/20124

5  DDoS using a cellular botnet  Target part that will cause most disruption  HLR is necessary for most actions  Authentication  Phone calls  Text messages  Billing  Etc.  HLR most effective target 2/29/20125

6  Only ‘legitimate’ transactions reach HLR 2/29/20126

7  Write transactions use more HLR resources per transaction than reads  Which one the best?  Update Location utilizes caching  Update Subscriber Data averages 2.5 seconds  Insert Call Forwarding averages 2.7 seconds  Delete Call Forwarding averages 2.5 seconds  Insert/Delete Call Forwarding must alternate  Best to use combination of Insert and Delete Call Forwarding 2/29/20127

8 8

9 9

10  Why most resource usage per message?  Why not just send more messages?  When sending that many messages, will clog up communications channels and never reach HLR  Deny service for base station, not whole network  Need to distribute attack across multiple base stations 2/29/201210

11  Testbed system dropped 93% of traffic under a simulated call-forwarding attack with 5000 messages/sec  Need to be distributed evenly across 21 base stations to not DDoS the random access channel before getting to HLR  Need 375 base stations to not DDoS control channels 2/29/201211

12  Tried and true (Internet coordination)  Easy to identify/snoop  Clogs communication channels  Local Wireless Coordination  Short range  Indirect Local Coordination  Using exponential backoff? 2/29/201212

13  Filtering  Can be aggressive because call forwarding is not critical  What if call forwarding is not the transaction used?  Shedding  How to deploy effective rules during an attack?  Make phone security better 2/29/201213

14  Cellular network are vulnerable to DDoS attacks  Single points of failure are bad  Botnet must be fairly sophisticated  Is there a way to distribute HLR data? 2/29/201214

Download ppt "Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta 2/29/2012."

Similar presentations

GSM infrastructure MSC, BSC, BTS, VLR, HLR, GSGN, GSSN

GSM infrastructure MSC, BSC, BTS, VLR, HLR, GSGN, GSSN
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
Min Song 1, Yanxiao Zhao 1, Jun Wang 1, E. K. Park 2 1 Old Dominion University, USA 2 University of Missouri at Kansas City, USA IEEE ICC 2009 A High Throughput.

Min Song 1, Yanxiao Zhao 1, Jun Wang 1, E. K. Park 2 1 Old Dominion University, USA 2 University of Missouri at Kansas City, USA IEEE ICC 2009 A High Throughput.
Location Based Service Aloizio P. Silva Researcher at Federal University Of Minas Gerais, Brazil Copyright © 2003 Aloizio Silva, All rights reserved. School.

Location Based Service Aloizio P. Silva Researcher at Federal University Of Minas Gerais, Brazil Copyright © 2003 Aloizio Silva, All rights reserved. School.
Mobile web E- Business Technology Prof. Dr. Eduard Heindl Shirin Faghihi.

Mobile web E- Business Technology Prof. Dr. Eduard Heindl Shirin Faghihi.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Michael Lin, Machigar Ongtang, Vikhyath.

On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Michael Lin, Machigar Ongtang, Vikhyath.
On Attack Causality in Internet- Connected Cellular Networks Presented by EunYoung Jeong.

On Attack Causality in Internet- Connected Cellular Networks Presented by EunYoung Jeong.
Telefónica Móviles España GPRS (General Packet Radio Service)

Telefónica Móviles España GPRS (General Packet Radio Service)
Basic radio frequency communications - 2 Session 1.

Basic radio frequency communications - 2 Session 1.
The Wireless Communication System Xihan Lu. Wireless Communication Cellular phone system Cordless telephone system Bluetooth Infrared communication Microwave.

The Wireless Communication System Xihan Lu. Wireless Communication Cellular phone system Cordless telephone system Bluetooth Infrared communication Microwave.
Cellular and Mobile Wireless Networks (part 2) Advanced Computer Networks.

Cellular and Mobile Wireless Networks (part 2) Advanced Computer Networks.
General Packet Radio System (GPRS) Overview. Introduction General Packet Radio Service (GRPS) today “Packet overlay” network on top of the existing GSM.

General Packet Radio System (GPRS) Overview. Introduction General Packet Radio Service (GRPS) today “Packet overlay” network on top of the existing GSM.
GPRS Muhammad Al-khaldi 215313 Sultan Al-Khaldi 236437.

GPRS Muhammad Al-khaldi Sultan Al-Khaldi
Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:

Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:
Mobile Handset Cellular Network Basics + GSM. Cellular Network Basics There are many types of cellular services; before delving into details, focus on.

Mobile Handset Cellular Network Basics + GSM. Cellular Network Basics There are many types of cellular services; before delving into details, focus on.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.

MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.
Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,

Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,

Similar presentations

Ads by Google