Analysis and Mitigation of Recent Attacks on Mobile Communication Backend

2014 aasta viimases kvartalis demonstreeriti mitmeid edukaid rünnakuid mobiilsidevõrkude vastu. Need baseerusid ühe peamise signaaliprotokolli, SS7 väärkasutamisel. Ründajatel õnnestus positsioneerida mobiilseadmete kasutajaid ja kuulata pealt nii kõnesid kui ka tekstisõnumeid. Ajal mil enamik viimase aja ründeid paljastavad nõrkusi lõppkasutajate seadmete tarkvaras, paljastavad need hiljutised rünnakud põhivõrkude endi haavatavust. Teadaolevalt on mobiilsete telekommunikatsioonivõrkude tööstuses raskusi haavatavuste õigeaegsel avastamisel ja nende mõistmisel. Käesolev töö on osa püüdlusest neid probleeme mõista. Töö annab põhjaliku ülevaate ja analüüsib teadaolevaid rünnakuid ning toob välja võimalikud lahendused. Rünnakud võivad olla väga suurte tagajärgedega, kuna vaatamata SS7 protokolli vanusele, jääb see siiski peamiseks signaaliprotokolliks mobiilsidevõrkudes veel pikaks ajaks. Uurimustöö analüüs ja tulemused aitavad mobiilsideoperaatoritel hinnata oma võrkude haavatavust ning teha paremaid investeeringuid oma taristu turvalisusele. Tulemused esitletakse mobiilsideoperaatoritele, võrguseadmete müüjatele ning 3GPP standardi organisatsioonile.In the last quarter of 2014, several successful attacks against mobile networks were demonstrated. They are based on misuse of one of the key signaling protocol, SS7, which is extensively used in the mobile communication backend for signaling tasks such as call and mobility management. The attackers were able to locate the mobile users and intercept voice calls and text messages. While most attacks in the public eye are those which exploits weaknesses in the end-device software or radio access links, these recently demonstrated vulnerabilities exploit weaknesses of the mobile core networks themselves. Understandably, there is a scramble in the mobile telecommunications industry to understand the attacks and the underlying vulnerabilities. This thesis is part of that effort. This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use. Both the known and new attacks have been confirmed by implementing them in a controlled test environment. The attacks are serious because SS7, despite its age, remains the main signaling protocol in the mobile networks and will still long be required for interoperability and background compatibility in international roaming. Moreover, the number of entities with access to the core network, and hence the number of potential attackers, has increased significantly because of changes in regulation and opening of the networks to competition. The analysis and new results of this thesis will help mobile network providers and operators to assess the vulnerabilities in their infrastructure and to make security-aware decisions regarding their future investments and standardization. The results will be presented to the operators, network-equipment vendors, and to the 3GPP standards body

Softswitch Design and Performance Analysis

The increasing number of subscribers’ demands in telecommunication sector has motivated the operators to provide high quality of service in cost effective way. Moreover, operators need to have an open structure system so that they can move their systems to the next generation network architecture. For this purpose, Softswitch is an appropriate technology because it is a safe and cost efficient solution and though it can migrate from traditional circuit-switching based telephone system to internet protocol packet-switching based networking. Softswitch network divides the logical switch into several parts with different functions such as signaling gateway, media gateway, media server, etc. Standard communication protocols are implemented between those parts. Softswitch is software-based system to make connection between devices, and moreover to control voice calls, data and routes calls through different entities of the networks. Softswitch supports management functions such as provisioning, fault handling and reporting, billing, operational support, etc. Softswitch suitable for all types of traffic and services so it is very demanding in the competitive world of mobile operators. In this thesis, Softswitch has been studied and analyzed in details. Softswitch network consisted of different integrated modules such as transportation, calling and signaling, service application and management. Each module provides different services such as call control, routing, billing and network management. Each module is discussed from functional and service point of views. Softswitch based wireless network architecture as well as variety of service solutions is presented. Different protocol interfaces in softswitch network such as signaling system number 7 are explained. Moreover, bearer calls, independent call control protocol, gateway control protocol, IP bearer control protocol are explained as well. Variety of softswitch network architectures analysis has been done based on their performance and the applicability. Three Softswitch network architectures are proposed which are validated through simulations.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Vulnerabilities of signaling system number 7 (SS7) to cyber attacks and how to mitigate against these vulnerabilities.

As the mobile network subscriber base exponentially increases due to some attractive offerings such as anytime anywhere accessibility, seamless roaming, inexpensive handsets with sophisticated applications, and Internet connectivity, the mobile telecommunications network has now become the primary source of communication for not only business and pleasure, but also for the many life and mission critical services. This mass popularisation of telecommunications services has resulted in a heavily loaded Signaling System number 7 (SS7) signaling network which is used in Second and Third Generations (2G and 3G) mobile networks and is needed for call control and services such as caller identity, roaming, and for sending short message servirces. SS7 signaling has enjoyed remarkable popularity for providing acceptable voice quality with negligible connection delays, pos- sibly due to its circuit-switched heritage. However, the traditional SS7 networks are expensive to lease and to expand, hence to cater for the growing signaling demand and to provide the seamless interconnectivity between the SS7 and IP networks a new suite of protocols known as Signaling Transport (SIGTRAN) has been designed to carry SS7 signaling messages over IP. Due to the intersignaling between the circuit-switched and the packet-switched networks, the mo- bile networks have now left the “walled garden”, which is a privileged, closed and isolated ecosystem under the full control of mobile carriers, using proprietary protocols and has minimal security risks due to restricted user access. Potentially, intersignaling can be exploited from the IP side to disrupt the services provided on the circuit-switched side. This study demonstrates the vulnerabilities of SS7 messages to cyber-attacks while being trans- ported over IP networks and proposes some solutions based on securing both the IP transport and SCTP layers of the SIGTRAN protocol stack

GSM mobility management using an intelligent network platform

PhDAbstract not availabl

Economic analysis of the cost of inconsistencies in the implementation of ISDN network layer standards

Case studies depicting ISDN network layer interoperability and standards nonconformance were evaluated, and categorized by type. In each case study the root cause of the interoperability problem was identified, and validated with reference to the applicable ISDN standard. Corrective measures were proposed, and where implemented, the results of the correction were documented. Relative costs associated with the interoperability issue were identified, and recommendation\u27s outlining the best method for avoiding these inconsistencies going forward were presented