Analysis and Mitigation of Recent Attacks on Mobile Communication Backend

2014 aasta viimases kvartalis demonstreeriti mitmeid edukaid rünnakuid mobiilsidevõrkude vastu. Need baseerusid ühe peamise signaaliprotokolli, SS7 väärkasutamisel. Ründajatel õnnestus positsioneerida mobiilseadmete kasutajaid ja kuulata pealt nii kõnesid kui ka tekstisõnumeid. Ajal mil enamik viimase aja ründeid paljastavad nõrkusi lõppkasutajate seadmete tarkvaras, paljastavad need hiljutised rünnakud põhivõrkude endi haavatavust. Teadaolevalt on mobiilsete telekommunikatsioonivõrkude tööstuses raskusi haavatavuste õigeaegsel avastamisel ja nende mõistmisel. Käesolev töö on osa püüdlusest neid probleeme mõista. Töö annab põhjaliku ülevaate ja analüüsib teadaolevaid rünnakuid ning toob välja võimalikud lahendused. Rünnakud võivad olla väga suurte tagajärgedega, kuna vaatamata SS7 protokolli vanusele, jääb see siiski peamiseks signaaliprotokolliks mobiilsidevõrkudes veel pikaks ajaks. Uurimustöö analüüs ja tulemused aitavad mobiilsideoperaatoritel hinnata oma võrkude haavatavust ning teha paremaid investeeringuid oma taristu turvalisusele. Tulemused esitletakse mobiilsideoperaatoritele, võrguseadmete müüjatele ning 3GPP standardi organisatsioonile.In the last quarter of 2014, several successful attacks against mobile networks were demonstrated. They are based on misuse of one of the key signaling protocol, SS7, which is extensively used in the mobile communication backend for signaling tasks such as call and mobility management. The attackers were able to locate the mobile users and intercept voice calls and text messages. While most attacks in the public eye are those which exploits weaknesses in the end-device software or radio access links, these recently demonstrated vulnerabilities exploit weaknesses of the mobile core networks themselves. Understandably, there is a scramble in the mobile telecommunications industry to understand the attacks and the underlying vulnerabilities. This thesis is part of that effort. This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use. Both the known and new attacks have been confirmed by implementing them in a controlled test environment. The attacks are serious because SS7, despite its age, remains the main signaling protocol in the mobile networks and will still long be required for interoperability and background compatibility in international roaming. Moreover, the number of entities with access to the core network, and hence the number of potential attackers, has increased significantly because of changes in regulation and opening of the networks to competition. The analysis and new results of this thesis will help mobile network providers and operators to assess the vulnerabilities in their infrastructure and to make security-aware decisions regarding their future investments and standardization. The results will be presented to the operators, network-equipment vendors, and to the 3GPP standards body

Analysis and Mitigation of Recent Attacks on Mobile Communication Backend

In the last quarter of 2014, several successful attacks against mobile networks were demonstrated. They are based on misuse of one of the key signaling protocol, SS7, which is extensively used in the mobile communication backend for signaling tasks such as call and mobility management. The attackers were able to locate the mobile users and intercept voice calls and text messages. While most attacks in the public eye are those which exploits weaknesses in the end-device software or radio access links, these recently demonstrated vulnerabilities exploit weaknesses of the mobile core networks themselves. Understandably, there is a scramble in the mobile telecommunications industry to understand the attacks and the underlying vulnerabilities. This thesis is part of that effort. This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use. Both the known and new attacks have been confirmed by implementing them in a controlled test environment. The attacks are serious because SS7, despite its age, remains the main signaling protocol in the mobile networks and will still long be required for interoperability and background compatibility in international roaming. Moreover, the number of entities with access to the core network, and hence the number of potential attackers, has increased significantly because of changes in regulation and opening of the networks to competition. The analysis and new results of this thesis will help mobile network providers and operators to assess the vulnerabilities in their infrastructure and to make security-aware decisions regarding their future investments and standardization. The results will be presented to the operators, network-equipment vendors, and to the 3GPP standards body

Permulaan langsung pada talian motor

Terdapat pelbagai jenis kaedah yang digunakan untuk memulakan motor induksi kerana motor ini menggunakan lebih banyak kuasa untuk bermula. Apabila arus melalui lilitan yang tinggi maka ia akan ada peluang untuk merosakkan motor. Untuk mengatasi masalah ini, pelbagai jenis kaedah permulaan digunakan. Jenis mudah kaedah permulaan adalah DOL (langsung pada talian). DOL termasuk pemutus litar (MCCB), penyampai beban dan penyambung untuk perlindungan motor. Pembukaan hubungan antara elektromagnetik boleh dilakukan melalui relay overload termal di bawah keadaan kesalahan. Biasanya, kawalan penghubung boleh dilakukan dengan menggunakan butang berasingan seperti start dan stop. Hubungan tambahan digunakan pada contactor merentasi butang mula kerana contactor elektrik terkunci semasa kerja motor induks

Mobile commerce over GSM: A banking perspective on security

GSM has changed the face of communication and information exchange, much as the Internet did. With the advances made in the mobile technology arena, new opportunities are created. Mobile Commerce (m-Commerce) is one such opportunity. Each new advance in technology brings with it associated risks. This dissertation focuses on the risks involved with m-Commerce for the banking industry. This dissertation provides a detailed overview of basic services that any m-Commerce application should provide to the banking industry. These principles provide the foundation for securing any financial transaction over untrusted networks. Several mechanisms to provide these services are also discussed. Examples of such mechanisms include hash functions, Message Authentication Codes and Digital Signatures. The security of GSM networks has come under attack in the past. This is largely due to the fact that the GSM consortium opted to develop their security technologies in secret, rather than in the public domain. This dissertation aims to evaluate the security offered by GSM and assess potential attacks in order to further understand risks associated with m-Commerce applications over GSM. In recent years there have been significant additions to the GSM enabling technology family. The arrival of the SIM Application Toolkit and the Wireless Application Protocol promised to again change the face of commerce. Although market acceptance of these technologies proved to be initially slow, usage is set to increase exponentially within the next couple of years. A detailed analysis of these enabling technologies is presented in the dissertation. Possible attacks on these technologies are discussed in the latter part or this document. Based on the findings of the research, some changes to either the application architectures or the processing of the data have been suggested in order to enhance the security offered by these services. It is not the intent of this dissertation to redesign these applications, but to rather leverage off the current technologies in order to enable secure m-Commerce over these channels. This dissertation provides a detailed overview of basic services that any m-Commerce application should provide to the banking industry. These principles provide the foundation for securing any financial transaction over untrusted networks. Several mechanisms to provide these services are also discussed. Examples of such mechanisms include hash functions, Message Authentication Codes and Digital Signatures. The security of GSM networks has come under attack in the past. This is largely due to the fact that the GSM consortium opted to develop their security technologies in secret, rather than in the public domain. This dissertation aims to evaluate the security offered by GSM and assess potential attacks in order to further understand risks associated with m Commerce applications over GSM. In recent years there have been significant additions to the GSM enabling technology family. The arrival of the SIM Application Toolkit and the Wireless Application Protocol promised to again change the face of commerce. Although market acceptance of these technologies proved to be initially slow, usage is set to increase exponentially within the next couple of years. A detailed analysis of these enabling technologies is presented in the dissertation. Possible attacks on these technologies are discussed in the latter part or this document. Based on the findings of the research, some changes to either the application architectures or the processing of the data have been suggested in order to enhance the security offered by these services. It is not the intent of this dissertation to redesign these applications, but to rather leverage off the current technologies in order to enable secure m-Commerce over these channels.Dissertation (M.Sc (Electronics))--University of Pretoria, 2005.Electrical, Electronic and Computer Engineeringunrestricte

MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research

Cellular networks are not merely data access networks to the Internet. Their distinct services and ability to form large complex compounds for roaming purposes make them an attractive research target in their own right. Their promise of providing a consistent service with comparable privacy and security across roaming partners falls apart at close inspection. Thus, there is a need for controlled testbeds and measurement tools for cellular access networks doing justice to the technology’s unique structure and global scope. Particularly, such measurements suffer from a combinatorial explosion of operators, mobile plans, and services. To cope with these challenges, we built a framework that geographically decouples the SIM from the cellular modem by selectively connecting both remotely. This allows testing any subscriber with any operator at any modem location within minutes without moving parts. The resulting GSM/UMTS/LTE measurement and testbed platform offers a controlled experimentation environment, which is scalable and cost-effective. The platform is extensible and fully open-sourced, allowing other researchers to contribute locations, SIM cards, and measurement scripts. Using the above framework, our international experiments in commercial networks revealed exploitable inconsistencies in traffic metering, leading to multiple phreaking opportunities, i.e., fare-dodging. We also expose problematic IPv6 firewall configurations, hidden SIM card communication to the home network, and fingerprint dial progress tones to track victims across different roaming networks and countries with voice calls

The Rise of Mobile and the Diffusion of Technology-Facilitated Trafficking

In this report, researchers at the USC Annenberg Center on Communication Leadership & Policy (CCLP) reveal how those involved in human trafficking have been quick to adapt to the 21st-century global landscape. While the rapid diffusion of digital technologies such as mobile phones, social networking sites, and the Internet has provided significant benefits to society, new channels and opportunities for exploitation have also emerged. Increasingly, the business of human trafficking is taking place online and over mobile phones. But the same technologies that are being used for trafficking can become a powerful tool to combat trafficking. The precise role that digital technologies play in human trafficking still remains unclear, however, and a closer examination of the phenomenon is vital to identify and respond to new threats and opportunities.This investigation indicates that mobile devices and networks have risen in prominence and are now of central importance to the sex trafficking of minors in the United States. While online platforms such as online classifieds and social networking sites remain a potential venue for exploitation, this research suggests that technology facilitated trafficking is more diffuse and adaptive than initially thought. This report presents a review of current literature, trends, and policies; primary research based on mobile phone data collected from online classified sites; a series of firsthand interviews with law enforcement; and key recommendations to policymakers and stakeholders moving forward

Mobile financial services in Ghana - Measures for achieving safety and security of services

Thesis submitted to the Department of Computer Science, Ashesi University College, in partial fulfillment of Bachelor of Science degree in Management Information Systems, April 2017The use of mobile phones has become part of the daily activities of about ninety percent of Ghanaian adults. This has contributed to the rapid adoption of mobile financial services by Ghanaians. In 2014, Bank of Ghana reported over two million registered users. Africa and the rest of the world have also experienced this exponential growth in the use of mobile financial services. Due to the huge money it is raising in that sector, fraudsters have made several attempts on these systems leading to the loss of enormous sums of money. The objective of this study is to understand the mobile financial service ecosystem in Ghana and internationally, assess what risks users may face and suggest measures to help prevent or reduce the effects of these risks. In order to better understand the concept of mobile financial service, some academic papers were reviewed revealing the components of the ecosystem, risks that these players may face and some proposed solutions by scholars. Case studies, in-depth interviews and secondary data were gathered for this research. Findings from the data collected show that some risks users may face include: malware infection of devices or point of sale terminals, corruption of information stored on the server of acquirers or service providers, theft of data during transaction, including man-in-the middle attacks, advanced persistent thefts and insecure data connectivity. Also some mitigation measures to these threats include enforcement of two factor authentication on systems, securing data connections using Secured Socket Layer (SSL) authentication, secure configuration, hardening of critical servers and data encryption during transactions. This study is limited geographically because the interviews held included players in the mobile financial service ecosystem in Accra only. Also only three companies were interviewed for this study due to the limited time constraint.Ashesi University Colleg

Cooperating broadcast and cellular conditional access system for digital television

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The lack of interoperability between Pay‐TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay‐TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay‐TV systems. This paper presents a novel end‐to‐end system architecture for Pay‐TV systems cooperating mobile and broadcasting technologies. It provides a cost‐effective, scalable, dynamic and secure access control mechanism supporting converged services and new business opportunities in Pay‐TV systems. It enhances interactivity, security and potentially reduces customer attrition and operational cost. In this platform, service providers can effectively interact with their customers, personalise their services and adopt appropriate security measures. It breaks up the rigid relationship between a viewer and set‐top box as imposed by traditional conditional access systems, thus, a viewer can fully enjoy his entitlements via an arbitrary set‐top box. Having thoroughly considered state‐of‐the‐art technologies currently being used across the world, the thesis highlights novel use cases and presents the full design and implementation aspects of the system. The design section is enriched by providing possible security structures supported thereby. A business collaboration structure is proposed, followed by a reference model for implementing the system. Finally, the security architectures are analysed to propose the best architecture on the basis of security, complexity and set‐top box production cost criteria

Propagation, Detection and Containment of Mobile Malware.

Today's enterprise systems and networks are frequent targets of malicious attacks, such as worms, viruses, spyware and intrusions that can disrupt, or even disable critical services. Recent trends suggest that by combining spyware as a malicious payload with worms as a delivery mechanism, malicious programs can potentially be used for industrial espionage and identity theft. The problem is compounded further by the increasing convergence of wired, wireless and cellular networks, since virus writers can now write malware that can crossover from one network segment to another, exploiting services and vulnerabilities specific to each network. This dissertation makes four primary contributions. First, it builds more accurate malware propagation models for emerging hybrid malware (i.e., malware that use multiple propagation vectors such as Bluetooth, Email, Peer-to-Peer, Instant Messaging, etc.), addressing key propagation factors such as heterogeneity of nodes, services and user mobility within the network. Second, it develops a proactive containment framework based on group-behavior of hosts against such malicious agents in an enterprise setting. The majority of today's anti-virus solutions are reactive, i.e., these are activated only after a malicious activity has been detected at a node in the network. In contrast, proactive containment has the potential of closing the vulnerable services ahead of infection, and thereby halting the spread of the malware. Third, we study (1) the current-generation mobile viruses and worms that target SMS/MMS messaging and Bluetooth on handsets, and the corresponding exploits, and (2) their potential impact in a large SMS provider network using real-life SMS network data. Finally, we propose a new behavioral approach for detecting emerging malware targeting mobile handsets. Our approach is based on the concept of generalized behavioral patterns instead of traditional signature-based detection. The signature-based methods are not scalable for deployment in mobile devices due to limited resources available on today's typical handsets. Further, we demonstrate that the behavioral approach not only has a compact footprint, but also can detect new classes of malware that combine some features from existing classes of malware.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/60849/1/abose_1.pd

Evolução da telefonia na web

Mestrado em Sistemas de InformaçãoCom a ameaça imposta às operadoras por aplicações OTT como WhatsApp ou Skype, diversas iniciativas coordenadas pela GSMA foram criadas para tentar responder a este fenómeno. Paralelamente, com a evolução de tecnologias como HTML5 e WebRTC, novos serviços como o Twilio têm surgido, oferecendo APIs para o desenvolvimento de novas aplicações Web. No entanto, a integração destas tecnologias em tradicionais redes de telecomunicações não faz parte das actuais especificações. Sendo assim, o objectivo desta dissertação consiste na especificação e implementação de um protótipo baseado nestas tecnologias emergentes, integrado com uma rede IMS. Primeiramente, foi feito um estudo do estado de arte, definindo requisitos e casos de uso a serem explorados. De seguida, o desenho da solução foi feito e implementado, tendo sido criado uma plataforma que alia WebRTC e a OneAPI da GSMA (que define funcionalidades básicas para operadores), oferecendo interoperabilidade entre ambos os mundos. A solução é composta por um servidor aplicacional que expõe a API e gateway WebRTC, tendo sido testada e considerada adaptada às necessidades estabelecidas.With the threat to operators by OTT applications such as Skype or WhatsApp, several initiatives coordinated by GSMA were created in an effort to respond to this phenomenon. In parallel, with the evolution of technologies such as HTML5 and WebRTC, new services such as Twilio are now available, offering APIs for web application development. However, the integration of these technologies and traditional telecommunication networks is not a part of the current standards. As such, the objective of this dissertation is the specification and implementation of a prototype based on these emerging technologies, integrated in an IMS network. First, a state-of-the-art analysis was made, defining requirements and use-cases to be explored. Secondly, the design and implementation of the solution was done, creating a platform that unites WebRTC and GSMA’s OneAPI (which exposes basic operator features), offering interoperability between both worlds. The solution is composed by an application server that exposes the API and a WebRTC gateway, having been successfully tested and adapted to the established needs