Analysis and Experimental Verification of Diameter Attacks in Long Term Evolution Networks

In cellular networks, the roaming interconnection was designed when there were only a few trusted parties and security was not a major concern or design criteria. Most of the roaming interconnections today are still based on the decades-old SS7 and the lack of security is being blamed for several vulnerabilities. Recent research indicates that the roaming interconnection has been widely misused for gaining access to the core network. Several attacks have been demonstrated by malicious attackers and other unauthorized entities such as intelligence agencies by exploiting the SS7 signaling protocol. Some operators moved to the more modern LTE (Long Term Evolution) and Diameter Signaling for high-speed data roaming and enhanced security. While LTE offers very high quality and resilience over the air security, it still requires special security capabilities and features to secure the core network against attacks targeting the roaming interconnection. This thesis analyses and identifies attacks that exploit the roaming interconnection and Diameter signaling used in LTE networks. The attacks are analyzed in accordance with the mobile network protocol standards and signaling scenarios. The attacks are also implemented in a test LTE network of a global operator. This thesis also focuses on potential countermeasures to mitigate the identified attacks

Improved internet protocol multimedia subsystem authentication for long term evolution

Long Term Evolution (LTE) is a major technology to be used in the 4th generation (4G) mobile network and the core network is evolving towards a converged packet based framework for all services. As a part of the evolved core network, Internet Protocol (IP) Multimedia Subsystem (IMS) provides multimedia services (data, voice, video and variations) over packet switched networks. LTE and IMS are both defined by the 3rd Generation Partnership Project (3GPP) group, and the specification identifies that a LTE user device has to carry out two authentication steps to access IP multimedia services. The first authentication step is used to gain LTE network admission and the second authentication step is the IMS authentication used to gain access to the multimedia services. It is observed that the 4G standardized authentication protocols include double execution of the Authentication and Key Agreement (AKA) which increases the system’s complexity, results in significant authentication delay and high terminal energy consumption. Authentication is very important for a terminal to gain access to a network and therefore considerable previous research into this topic has occurred. However a common limitation of previously proposed authentication systems is either a lack of security or significant system modification. This research proposes the Improved AKA (IAKA) authentication protocol which binds the two layer’s authentication procedures by using the unified IP Multimedia Private-user Identity (IMPI). The proposed IAKA only executes the AKA protocol once in the network layer and generates authentication credentials which would be used in the second IMS service layer authentication. This research work included providing IAKA authentication protocol, developing a LTE IMS integrated network by using OPNET Modeller, simulation of the IAKA and the legacy 3GPP defined 4G LTE AKA authentication protocol under different environments, and in-depth analysis of the system performance, security and terminal’s energy consumption. It is shown that the proposed IAKA carries out terminal authentication correctly, improves security, reduces IMS layer authentication delay by up to 38%, and provides an 81.82% terminal energy consumption saving

A framework to provide charging for third party composite services

Includes synopsis.Includes bibliographical references (leaves 81-87).Over the past few years the trend in the telecommunications industry has been geared towards offering new and innovative services to end users. A decade ago network operators were content with offering simple services such as voice and text messaging. However, they began to notice that these services were generating lower revenues even while the number of subscribers increased. This was a direct result of the market saturation and network operators were forced to rapidly deploy services with minimum capital investment and while maximising revenue from service usage by end users. Network operators can achieve this by exposing the network to external content and service providers. They would create interfaces that would allow these 3rd party service and content providers to offer their applications and services to users. Composing and bundling of these services will essentially create new services for the user and achieve rapid deployment of enhanced services. The concept of offering a wide range of services that are coordinated in such a way that they deliver a unique experience has sparked interest and numerous research on Service Delivery Platforms (SDP). SDP‟s will enable network operators to be able to develop and offer a wide-variety service set. Given this interest on SDP standardisation bodies such as International Telecommunications Union – Telecommunications (ITU-T), Telecoms and Internet converged Servicers and Protocols for Advanced Networks) (TISPAN), 3rd Generations Partnership Project (3GPP) and Open Mobile Alliance (OMA) are leading efforts into standardising functions and protocols to enhance service delivery by network operators. Obtaining revenue from these services requires effective accounting of service usage and requires mechanisms for billing and charging of these services. The IP Multimedia subsystem(IMS) is a Next Generation Network (NGN) architecture that provides a platform for which multimedia services can be developed and deployed by network operators. The IMS provides network operators, both fixed or mobile, with a control layer that allows them to offer services that will enable them to remain key role players within the industry. Achieving this in an environment where the network operator interacts directly with the 3rd party service providers may become complicated

VoLTE service implementation in EPS-IMS networks

Diplomová práce popisuje VoLTE službu, vývoj a nasazení LTE (zaváděcí fázi, skutečný LTE stav a výhledy do budoucna atd.), EPC-IMS architekturu (popis funkce uzlu, rozhraní atd.) Komunikace mezi uzly a funkce, rozhraní a protokoly jsou používány v průběhu signalizace (SIP SDP) a datový tok (RTCP RTP). Práce stručně popisuje základní toky hovorů, typy nosičů (GBR and N-GBR), a to vytvoření / mazaní nosičů během komunikace. Další část diplomové práce o implementaci volte, instalace a konfigurace IMS. Závěrečná část diplomové práce popisuje zkoušky sítě a, analýzu protokolu.The master's thesis describes VoLTE service, LTE evolution and deployment (deployment phases, actual LTE state and future perspectives etc.), EPC-IMS architecture (functional node description, interfaces etc.). Communications between nodes and functions, interfaces and protocols which are used during signaling (SIP-SDP) and data flow (RTCP RTP). Thesis briefly describe basic call flows, bearers types (GBR and N-GBR) and their establishment/delete during communication. The next part of master's thesis is about VoLTE implementation solutions, IMS installation and configuration. The final part of master's thesis describes the network and protocols tests, analyzes.

LEVERAGING OPENAIRINTERFACE AND SOFTWARE DEFINED RADIO TO ESTABLISH A LOW-COST 5G NON-STANDALONE ARCHITECTURE

Includes Supplementary MaterialCommercial cellular service providers are at the forefront of the paradigm shift from 4G Long Term Evolution (LTE) to 5G New Radio (NR). The increase in throughput, provisioning of ultra-low latency, and greater reliability of 5G enable potential uses that no other wireless communication could support. The Department of Defense (DOD) is interested in 5G NR technologies, but the implementation of the architecture can be lengthy and costly. This capstone configured a 4G LTE network and a 5G non-standalone network using OpenAirInterface and software defined radios (SDRs). Universal Subscriber Identity Module (USIM) cards were configured and introduced to user equipment and attached to the 4G LTE network. A gNodeB (gNB) was added to the 4G LTE network to establish the 5G non-standalone (NSA) network architecture (3GPP Option 3). The testbed developed in this research was able to connect the core to a commercial internet service provider and browse the internet using third-party applications. Our analysis educates future researchers on the challenges and lessons learned when implementing the OpenAirInterface 4G LTE and 5G NSA networks. This work also provides a better understanding of 4G LTE and 5G NSA OpenAirInterface software usability, flexibility, and scalability for potential use cases for the DOD.Chief Petty Officer, United States NavyApproved for public release. Distribution is unlimited

Terminal LTE flexível

Mstrado em Engenharia Eletrónica e TelecomunicaçõesAs redes móveis estão em constante evolução. A geração atual (4G) de redes celulares de banda larga e representada pelo standard Long Term Evolution (LTE), definido pela 3rd Generation Partnership Project (3GPP). Existe uma elevada procura/uso da rede LTE, com um aumento exponencial do número de dispositivos móveis a requerer uma ligação à Internet de alto débito. Isto pode conduzir à sobrelotação do espetro, levando a que o sinal tenha que ser reforçado e a cobertura melhorada em locais específicos, tal como em grandes conferências, festivais e eventos desportivos. Por outro lado, seria uma vantagem importante se os utilizadores pudessem continuar a usar os seus equipamentos e terminais em situações onde o acesso a redes 4G é inexistente, tais como a bordo de um navio, eventos esporádicos em localizações remotas ou em cenários de catástrofe, em que as infraestruturas que permitem as telecomunicações foram danificadas e a cobertura temporária de rede pode ser decisiva em processos de salvamento. Assim sendo, existe uma motivação clara por trás do desenvolvimento de uma infraestrutura celular totalmente reconfigurável e que preencha as características mencionadas anteriormente. Uma possível abordagem consiste numa plataforma de rádio definido por software (SDR), de código aberto, que implementa o standard LTE e corre em processadores de uso geral (GPPs), tornando possível construir uma rede completa investindo somente em hardware - computadores e front-ends de radiofrequência (RF). Após comparação e análise de várias plataformas LTE de código aberto foi selecionado o OpenAirInterface (OAI) da EURECOM, que disponibiliza uma implementação compatível com a Release 8.6 da 3GPP (com parte das funcionalidades da Release 10). O principal objectivo desta dissertação é a implementação de um User Equipment (UE) flexível, usando plataformas SDR de código aberto que corram num computador de placa única (SBC) compacto e de baixa potência, integrado com um front-end de RF - Universal Software Radio Peripheral (USRP). A transmissão de dados em tempo real usando os modos de duplexagem Time Division Duplex (TDD) e Frequency Division Duplex (FDD) é suportada e a reconfiguração de certos parâmetros é permitida, nomeadamente a frequência portadora, a largura de banda e o número de Resource Blocks (RBs) usados. Além disso, é possível partilhar os dados móveis LTE com utilizadores que estejam próximos, semelhante ao que acontece com um hotspot de Wi-Fi. O processo de implementação é descrito, incluindo todos os passos necessários para o seu desenvolvimento, englobando o port do UE de um computador para um SBC. Finalmente, a performance da rede é analisada, discutindo os valores de débitos obtidos.Mobile networks are constantly evolving. 4G is the current generation of broadband cellular network technology and is represented by the Long Term Evolution (LTE) standard, de ned by 3rd Generation Partnership Project (3GPP). There's a high demand for LTE at the moment, with the number of mobile devices requiring an high-speed Internet connection increasing exponentially. This may overcrowd the spectrum on the existing deployments and the signal needs to be reinforced and coverage improved in speci c sites, such as large conferences, festivals and sport events. On the other hand, it would be an important advantage if users could continue to use their equipment and terminals in situations where cellular networks aren't usually available, such as on board of a cruise ship, sporadic events in remote locations, or in catastrophe scenarios in which the telecommunication infrastructure was damaged and the rapid deployment of a temporary network can save lives. In all of these situations, the availability of exible and easily deployable cellular base stations and user terminals operating on standard or custom bands would be very desirable. Thus, there is a clear motivation for the development of a fully recon gurable cellular infrastructure solution that ful lls these requirements. A possible approach is an open-source, low-cost and low maintenance Software-De ned Radio (SDR) software platform that implements the LTE standard and runs on General Purpose Processors (GPPs), making it possible to build an entire network while only spending money on the hardware itself - computers and Radio-Frequency (RF) front-ends. After comparison and analysis of several open-source LTE SDR platforms, the EURECOM's OpenAirInterface (OAI) was chosen, providing a 3GPP standard-compliant implementation of Release 8.6 (with a subset of Release 10 functionalities). The main goal of this dissertation is the implementation of a exible opensource LTE User Equipment (UE) software radio platform on a compact and low-power Single Board Computer (SBC) device, integrated with an RF hardware front-end - Universal Software Radio Peripheral (USRP). It supports real-time Time Division Duplex (TDD) and Frequency Division Duplex (FDD) LTE modes and the recon guration of several parameters, namely the carrier frequency, bandwidth and the number of LTE Resource Blocks (RB) used. It can also share its LTE mobile data with nearby users, similarly to a Wi-Fi hotspot. The implementation is described through its several developing steps, including the porting of the UE from a regular computer to a SBC. The performance of the network is then analysed based on measured results of throughput

Network sharing through service outsourcing in inter-domain IMS frameworks

Includes abstract.Includes bibliographical references (leaves 161-167).Resource sharing can be used as a short-term solution to the imbalance between the supply and demand of network resources. Resources sharing enables operators to provide services to their subscribers using networks belonging to other operators. Resource sharing in mobile networks is increasingly becoming an option for operators to provide service to their subscribers. In this thesis we explore a mechanism for sharing access network resources that utilises negotiable short-term Service Level Agreements (SLA) that can easily adapt to changing network conditions. Through this mechanism operators of resource constrained networks may use near real time dynamic SLAs to negotiate network access services for their subscribers. We refer to this form of resource sharing as 'Service Outsourcing'

Integration of LoRa Wide Area Network with the 5G Test Network

Abstract. The global communication network is going through major transformation from conventional to more versatile and diversified network approaches. With the advent of virtualization and cloud technology, information technology (IT) is merging with telecommunications to alter the conventional approaches of traditional proprietary networking techniques. From radio to network and applications, the existing infrastructure lacks several features that we wished to be part of 5th Generation Mobile Networks (5G). Having a support for large number of applications, Internet of Things (IoT) will bring a major evolution by creating a comfortable, flexible and an automated environment for end users. A network having the capability to support radio protocols on top of basic networking protocols, when blended with a platform which can generate IoT use cases, can make the expectations of 5G a reality. Low Power Wide Area Network (LPWAN) technologies can be utilized with other emerging and suitable technologies for IoT applications. To implement a network where all the technologies can be deployed virtually to serve their applications within a single cloud, Network Functions Virtualization (NFV) and Software Defined Network (SDN) is introduced to implement such a networking possibility for upcoming technologies. The 5G Test Network (5GTN), a testbed for implementing and testing 5G features in real time, is deployed in virtual platform which allows to add other technologies for IoT applications. To implement a network with an IoT enabler technology, LoRa Wide Area Network (LoRaWAN) technology can be integrated to test the feasibility and capability of IoT implications. LoRaWAN being an IoT enabler technology is chosen out of several possibilities to be integrated with the 5GTN. Using MultiConnect Conduit as a gateway, the integration is realized by establishing point to point protocol (PPP) connection with eNodeB. Once the connection is established, LoRa packets are forwarded to the ThingWorx IoT cloud and responses can be received by the end-devices from that IoT cloud by using Message Queuing Telemetry Transport (MQTT) protocol. Wireshark, an open source packet analyser, is then used to ensure successful transmission of packets to the ThingWorx using the 5GTN default packet routes

Flexible cross layer optimization for fixed and mobile broadband telecommunication networks and beyond

In der heutigen Zeit, in der das Internet im Allgemeinen und Telekommunikationsnetze im Speziellen kritische Infrastrukturen erreicht haben, entstehen hohe Anforderungen und neue Herausforderungen an den Datentransport in Hinsicht auf Effizienz und Flexibilität. Heutige Telekommunikationsnetze sind jedoch rigide und statisch konzipiert, was nur ein geringes Maß an Flexibilität und Anpassungsfähigkeit der Netze ermöglicht und darüber hinaus nur im begrenzten Maße die Wichtigkeit von Datenflüssen im wiederspiegelt. Diverse Lösungsansätze zum kompletten Neuentwurf als auch zum evolutionären Konzept des Internet wurden ausgearbeitet und spezifiziert, um diese neuartigen Anforderungen und Herausforderungen adäquat zu adressieren. Einer dieser Ansätze ist das Cross Layer Optimierungs-Paradigma, welches eine bisher nicht mögliche direkte Kommunikation zwischen verteilten Funktionalitäten unterschiedlichen Typs ermöglicht, um ein höheres Maß an Dienstgüte zu erlangen. Ein wesentlicher Indikator, welcher die Relevanz dieses Ansatzes unterstreicht, zeichnet sich durch die Programmierbarkeit von Netzwerkfunktionalitäten aus, welche sich aus der Evolution von heutigen hin zu zukünftigen Netzen erkennen lässt. Dieses Konzept wird als ein vielversprechender Lösungsansatz für Kontrollmechanismen von Diensten in zukünftigen Kernnetzwerken erachtet. Dennoch existiert zur Zeit der Entstehung dieser Doktorarbeit kein Ansatz zur Cross Layer Optimierung in Festnetz-und Mobilfunknetze, welcher der geforderten Effizienz und Flexibilität gerecht wird. Die übergeordnete Zielsetzung dieser Arbeit adressiert die Konzeptionierung, Entwicklung und Evaluierung eines Cross Layer Optimierungsansatzes für Telekommunikationsnetze. Einen wesentlichen Schwerpunkt dieser Arbeit stellt die Definition einer theoretischen Konzeptionierung und deren praktischer Realisierung eines Systems zur Cross Layer Optimierung für Telekommunikationsnetze dar. Die durch diese Doktorarbeit analysierten wissenschaftlichen Fragestellungen betreffen u.a. die Anwendbarkeit von Cross Layer Optimierungsansätzen auf Telekommunikationsnetzwerke; die Betrachtung neuartiger Anforderungen; existierende Konzepte, Ansätze und Lösungen; die Abdeckung neuer Funktionalitäten durch bereits existierende Lösungen; und letztendlich den erkennbaren Mehrwert des neu vorgeschlagenen Konzepts gegenüber den bestehenden Lösungen. Die wissenschaftlichen Beiträge dieser Doktorarbeit lassen sich grob durch vier Säulen skizzieren: Erstens werden der Stand der Wissenschaft und Technik analysiert und bewertet, Anforderungen erhoben und eine Lückenanalyse vorgenommen. Zweitens werden Herausforderungen, Möglichkeiten, Limitierungen und Konzeptionierungsaspekte eines Modells zur Cross Layer Optimierung analysiert und evaluiert. Drittens wird ein konzeptionelles Modell - Generic Adaptive Resource Control (GARC) - spezifiziert, als Prototyp realisiert und ausgiebig validiert. Viertens werden theoretische und praktische Beiträge dieser Doktorarbeit vertiefend analysiert und bewertet.As the telecommunication world moves towards a data-only network environment, signaling, voice and other data are similarly transported as Internet Protocol packets. New requirements, challenges and opportunities are bound to this transition and influence telecommunication architectures accordingly. In this time in which the Internet in general, and telecommunication networks in particular, have entered critical infrastructures and systems, it is of high importance to guarantee efficient and flexible data transport. A certain level of Quality-of-Service (QoS) for critical services is crucial even during overload situations in the access and core network, as these two are the bottlenecks in the network. However, the current telecommunication architecture is rigid and static, which offers very limited flexibility and adaptability. Several concepts on clean slate as well as evolutionary approaches have been proposed and defined in order to cope with these new challenges and requirements. One of these approaches is the Cross Layer Optimization paradigm. This concept omits the strict separation and isolation of the Application-, Control- and Network-Layers as it enables interaction and fosters Cross Layer Optimization among them. One indicator underlying this trend is the programmability of network functions, which emerges clearly during the telecommunication network evolution towards the Future Internet. The concept is regarded as one solution for service control in future mobile core networks. However, no standardized approach for Cross Layer signaling nor optimizations in between the individual layers have been standardized at the time this thesis was written. The main objective of this thesis is the design, implementation and evaluation of a Cross Layer Optimization concept on telecommunication networks. A major emphasis is given to the definition of a theoretical model and its practical realization through the implementation of a Cross Layer network resource optimization system for telecommunication systems. The key questions answered through this thesis are: in which way can the Cross Layer Optimization paradigm be applied on telecommunication networks; which new requirements arise; which of the required functionalities cannot be covered through existing solutions, what other conceptual approaches already exist and finally whether such a new concept is viable. The work presented in this thesis and its contributions can be summarized in four parts: First, a review of related work, a requirement analysis and a gap analysis were performed. Second, challenges, limitations, opportunities and design aspects for specifying an optimization model between application and network layer were formulated. Third, a conceptual model - Generic Adaptive Resource Control (GARC) - was specified and its prototypical implementation was realized. Fourth, the theoretical and practical thesis contributions was validated and evaluated