Signaling Attacks in Mobile Networks - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Signaling Attacks in Mobile Networks

Description:

MSC/VLR. MSC/VLR. HLR. HLR. Internet/ IP Core. SIP. Server ... MSC. 2.Send Rout. Info (SRI) 3. Provide Roam. Num (PRN) Home Network. 4.Provide Roam. Num Ack ... – PowerPoint PPT presentation

Number of Views:92
Avg rating:3.0/5.0
Slides: 9
Provided by: rav47
Category:

less

Transcript and Presenter's Notes

Title: Signaling Attacks in Mobile Networks


1
Signaling Attacks in Mobile Networks
  • Thomas F. La Porta

2
Future Network Environment
Services in all-IP domain
Open Interfaces
3G
Circuit Access
CDMA2000
ANSI-41 Core
BS
MSC/VLR
HLR
Internet/ IP Core
IP Access
3G-IP
BS
UMTS Core
Circuit Access
SIP Server
MSC/VLR
BS
UMTS
SIP Server
IP Access
HLR
IP Access
BS
UMTS-IP
SIP Server
Internet vulnerabilities transferred to 3G
Networks
BS
WI-FI/802.16
Interworking between networks
3
Network Architecture
Subscriber Alice
M
M
BS
BS
BS
BS
M
MSC/ VLR
M
GMSC
Ohio
BS
GMSC
MSC/VLR
Pennsylvania
GMSC
M
MSC/VLR
HLR
GMSC
MSC/VLR
HLR
BS
GMSC
West Virginia
M
BS
MSC/VLR
MSC/VLR
BS
HLR
BS
M
M
BS
M
BS
BS
Subscriber Bob
4
Possible Attacks
  • Message modification/insertion/deletion
  • Requires access to signaling network
  • Service logic corruption
  • Change software in switches (has occurred)
  • Can be done by corrupted network
  • Data corruption
  • Service provisioning, transient data,

5
Current Solution
  • Current (2G) and early 3G systems MAPSEC
  • MAP is the mobility/authentication protocol for
    cellular networks
  • MAPSEC provides message integrity and
    confidentiality (optional)
  • Impact
  • Signaling protocols are application layer
    protocols
  • Messages are modified at each hop along the
    connection or involved in the transaction
  • Amounts to hop-by-hop integrity
  • Our study prevents only about 30 of possible
    attacks

6
Call delivery Service
GMSC
HLR
VLR
MSC
1.Initial Address Message (IAM)
2.Send Rout Info (SRI)
Subscriber Bob
3. Provide Roam Num (PRN)
Air Interface
4.Provide Roam Num Ack (PRN_ACK)
5. Send Rout Info Ack (SRI_ACK)
6.Initial Address Message (IAM) Caller ID
Number, Callee ID
7.SIFIC
8.Page MS
9. Page
Home Network
Roaming Network
7
Possible Solution EndSec
  • Design Goals
  • protecting all types of signaling messages
  • providing end-to-end security for signaling
    messages
  • providing multi-hop security to each data item
    in the signaling message
  • detecting compromised service nodes due to
    corrupt service logic or data sources.
  • Data items must be encrypted and signed by the
    originator and derivator
  • Signaling messages to record the PATH (and its
    signature) taken by the signal flow
  • Significantly increased signaling load (size of
    messages)

8
Challenges
  • How to efficiently protect signaling?
  • Similar problems will exist in IP-based mobile
    networks
  • SIP is an application layer protocol much like
    the telecom protocols
  • IPSec or TLS will provide protections similar to
    MAPSec
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Signaling Attacks in Mobile Networks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!