Journal of Telecommunications and Information Technology, 2012, nr 3

kwartalni

Locating Objects in a Wide-area System

Steen, M.R. van [Promotor]Tanenbaum, A.S. [Promotor

A Denial-of-Service Attack to GSM/UMTS Networks via Attach Procedure

In this thesis I describe an attack to the security of a Public Land Mobile Network allowing an unauthenticated malicious mobile device to inject traffic in the mobile operator's infrastructure. I show that using a few hundreds of malicious devices and without any SIM module it is possible to inject in the mobile infrastructure high levels of signalling traffic targeted at the Home Location Register, thus causing significant service degradation up to a full-fledged Denial-of-Service attack

Architectural and mobility management designs in internet-based infrastructure wireless mesh networks

Wireless mesh networks (WMNs) have recently emerged to be a cost-effective solution to support large-scale wireless Internet access. They have numerous ap- plications, such as broadband Internet access, building automation, and intelligent transportation systems. One research challenge for Internet-based WMNs is to design efficient mobility management techniques for mobile users to achieve seamless roam- ing. Mobility management includes handoff management and location management. The objective of this research is to design new handoff and location management techniques for Internet-based infrastructure WMNs. Handoff management enables a wireless network to maintain active connections as mobile users move into new service areas. Previous solutions on handoff manage- ment in infrastructure WMNs mainly focus on intra-gateway mobility. New handoff issues involved in inter-gateway mobility in WMNs have not been properly addressed. Hence, a new architectural design is proposed to facilitate inter-gateway handoff man- agement in infrastructure WMNs. The proposed architecture is designed to specifi- cally address the special handoff design challenges in Internet-based WMNs. It can facilitate parallel executions of handoffs from multiple layers, in conjunction with a data caching mechanism which guarantees minimum packet loss during handoffs. Based on the proposed architecture, a Quality of Service (QoS) handoff mechanism is also proposed to achieve QoS requirements for both handoff and existing traffic before and after handoffs in the inter-gateway WMN environment. Location management in wireless networks serves the purpose of tracking mobile users and locating them prior to establishing new communications. Existing location management solutions proposed for single-hop wireless networks cannot be directly applied to Internet-based WMNs. Hence, a dynamic location management framework in Internet-based WMNs is proposed that can guarantee the location management performance and also minimize the protocol overhead. In addition, a novel resilient location area design in Internet-based WMNs is also proposed. The formation of the location areas can adapt to the changes of both paging load and service load so that the tradeoff between paging overhead and mobile device power consumption can be balanced, and at the same time, the required QoS performance of existing traffic is maintained. Therefore, together with the proposed handoff management design, efficient mobility management can be realized in Internet-based infrastructure WMNs

On the Impact of the Cellular Modem on the Security of Mobile Phones

Mobile Kommunikation, Mobiltelefone und Smartphones sind ein wesentlicher Bestandteil unseres täglichen Lebens geworden. Daher ist es essentiell, dass diese sicher und zuverlässig funktionieren. Mobiltelefone und Mobilfunknetze sind hoch komplexe Systeme. Solche Systeme abzusichern ist eine anspruchsvolle Aufgabe. Vorangegangene Arbeiten haben sich meist auf die mobilen Endgeräte, im Speziellen auf die Betriebssysteme sowie Endanwendungen, konzentriert. Die vorliegende Doktorarbeit untersucht einen neuen Weg im Bereich Mobilfunksicherheit. Im Fokus steht das Modem als Schnittstelle zum Mobilfunknetz. Das Mobilfunkmodem ist die Komponente, welche die Funkverbindungzum Mobilfunknetz herstellt und ist nach unserer Auffassung eine der Schlüsselkomponenten bei der Untersuchung und Verbesserung der Mobilfunksicherheit. Mobilfunkmodems sind proprietär und können nur mit extrem hohem Aufwand untersucht werden. Für den Einbau zusätzlicher Sicherungsmaßnahmengilt dasselbe. Aus diesen Gründen analysiert diese Arbeit nicht das Innenleben eines Modems, sondern dessen Schnittstelle zum mobilen Betriebssystem. In dieser Arbeit untersuchen wir daher die folgende von uns aufgestellte These: Die Sicherheit mobiler Endgeräte sowie der Mobilfunknetze hängt direkt mit der Sicherheit der Modemschnittstelle zusammen. Diesen Zusammenhang legen wir anhand von drei Schritten dar. Im ersten Schritt führen wir eine Untersuchung der Modemschnittstelle durch. Basierend auf den Ergebnissen der Untersuchung führen wir mehrere Sicherheitsanalysen von Short-Message-Service- (SMS) Implementierungen von verschiedenen Telefontypen durch. Im zweiten Schritt untersuchen wir die Möglichkeiten, die sich Schadcode auf mobilen Endgeräten zu Nutze machen kann. Für diese Untersuchung entwickeln wir ein Proof-of-Concept-Botnetz, welches mittels des Modems verdeckt kommuniziert. Im dritten Schritt implementieren wir, basierend auf den Ergebnissen der vorangegangenen Schritte, einen Schutzmechanismus zur Absicherung des Modems gegen bösartige Zugriffe. Durch unsere Untersuchungen sind wir zu mehreren Ergebnissen gekommen. Die Software für den Empfang von SMS-Nachrichten beinhaltet oftmals (zum Teil kritische) Sicherheitsprobleme. Diese Sicherheitsprobleme haben auch Auswirkungen auf andere Komponenten der Endgeräte. Mit unserem mobilen Botnetz zeigen wir, welche Möglichkeiten Schadcode auf Mobiltelefonen grundsätzlich zur Verfügung stehen. Durch den von uns entwickelten Schutzmechanismus der Modemschnittstelle bestätigen wir unsere anfangs formulierte These. Die Absicherung der Modemschnittstelle verhindert die zuvor präsentierten Angriffe und zeigt hierdurch, dass die Modemschnittstelle einen entscheidenden Faktor der Mobilfunksicherheit darstellt.Cellular communication and especially mobile handsets are an essential part of our daily lives. Therefore, they need to be secure and work reliably. But mobile handsets and cellular networks are highly complex systems and securing them is a challenging task. Previously, most efforts concentrated on the handsets. These efforts only focused on the mobile phone operating system and applications in order to improve cellular system security. This thesis takes a new path and targets the cellular modem as the route to improve the security of mobile handsets and cellular networks. We target the modem since it is one of the essential parts of a mobile handset. It is the component that provides the radio link to the cellular network. This makes the modem a key element in the task to secure mobile phones. But cellular modems are proprietary and closed systems that cannot be easily analyzed in the full or even modified to improve security. Therefore, this thesis investigates the security of the cellular modem at its border to the mobile phone operating system. We suspect that the security of mobile handsets and cellular network strongly depends on the security of the modem interface. This is our hypothesis, which we seek to prove in this work. We solve this in three steps. In the first step, we analyze the interaction between the cellular modem and the other parts of a modern mobile phone. Based on the analysis we develop two novel vulnerability analysis methods. Using this methods we conduct vulnerability analysis of the Short Message Service implementations on various mobile phones. In the second step, we investigate the possible capabilities that malware has through unhindered access to the cellular modem. For this, we develop a cellular botnet where the bots utilize the modem for stealthy communication. In the third step, we use the results from the previous analysis steps to improve the security at the cellular modem interface. In our analysis step, we abused the cellular modem for vulnerability analysis.We discovered several security and reliability issues in the telephony softwares tack of common mobile phones. Using our cellular botnet implementation, we show how malware can abuse access to the cellular modem interface for various kinds of unwanted activities. In the final step, we show that through improving the security at the cellular modem interface the security of mobile handsets as well as the security of cellular networks can be increased. Throughout this thesis we show that the cellular modem has a significant impact on mobile phone security