SECURITY AND PRIVACY ISSUES IN MOBILE NETWORKS, DIFFICULTIES AND SOLUTIONS

Mobile communication is playing a vital role in the daily life for the last two decades; in turn its fields gained the research attention, which led to the introduction of new technologies, services and applications. These new added facilities aimed to ease the connectivity and reachability; on the other hand, many security and privacy concerns were not taken into consideration. This opened the door for the malicious activities to threaten the deployed systems and caused vulnerabilities for users, translated in the loss of valuable data and major privacy invasions. Recently, many attempts have been carried out to handle these concerns, such as improving systems’ security and implementing different privacy enhancing mechanisms. This research addresses these problems and provides a mean to preserve privacy in particular. In this research, a detailed description and analysis of the current security and privacy situation in the deployed systems is given. As a result, the existing shortages within these systems are pointed out, to be mitigated in development. Finally a privacy preserving prototype model is proposed. This research has been conducted as an extensive literature review about the most relevant references and researches in the field, using the descriptive and evaluative research methodologies. The main security models, parameters, modules and protocols are presented, also a detailed description of privacy and its related arguments, dimensions and factors is given. The findings include that mobile networks’ security along with users are vulnerable due to the weaknesses of the key exchange procedures, the difficulties that face possession, repudiation, standardization, compatibility drawbacks and lack of configurability. It also includes the need to implement new mechanisms to protect security and preserve privacy, which include public key cryptography, HIP servers, IPSec, TLS, NAT and DTLS-SRTP. Last but not least, it shows that privacy is not absolute and it has many conflicts, also privacy requires sophisticated systems, which increase the load and cost of the system.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Performance analysis of mobile networks under signalling storms

There are numerous security challenges in cellular mobile networks, many of which originate from the Internet world. One of these challenges is to answer the problem with increasing rate of signalling messages produced by smart devices. In particular, many services in the Internet are provided through mobile applications in an unobstructed manner, such that users get an always connected feeling. These services, which usually come from instant messaging, advertising and social networking areas, impose significant signalling loads on mobile networks by frequent exchange of control data in the background. Such services and applications could be built intentionally or unintentionally, and result in denial of service attacks known as signalling attacks or storms. Negative consequences, among others, include degradations of mobile network’s services, partial or complete net- work failures, increased battery consumption for infected mobile terminals. This thesis examines the influence of signalling storms on different mobile technologies, and proposes defensive mechanisms. More specifically, using stochastic modelling techniques, this thesis first presents a model of the vulnerability in a single 3G UMTS mobile terminal, and studies the influence of the system’s internal parameters on stability under a signalling storm. Further on, it presents a queueing network model of the radio access part of 3G UMTS and examines the effect of the radio resource control (RRC) inactivity timers. In presence of an attack, the proposed dynamic setting of the timers manage to lower the signalling load in the network and to increase the threshold above which a network failure could happen. Further on, the network model is upgraded into a more generic and detailed model, represent different generations of mobile technologies. It is than used to compare technologies with dedicated and shared organisation of resource allocation, referred to as traditional and contemporary networks, using performance metrics such as: signalling and communication delay, blocking probability, signalling load on the network’s nodes, bandwidth holding time, etc. Finally, based on the carried analysis, two mechanisms are proposed for detection of storms in real time, based on counting of same-type bandwidth allocations, and usage of allocated bandwidth. The mechanisms are evaluated using discrete event simulation in 3G UMTS, and experiments are done combining the detectors with a simple attack mitigation approach.Open Acces

Solutions to the GSM Security Weaknesses

Recently, the mobile industry has experienced an extreme increment in number of its users. The GSM network with the greatest worldwide number of users succumbs to several security vulnerabilities. Although some of its security problems are addressed in its upper generations, there are still many operators using 2G systems. This paper briefly presents the most important security flaws of the GSM network and its transport channels. It also provides some practical solutions to improve the security of currently available 2G systems.Comment: 6 Pages, 2 Figure

Analysis and Mitigation of Recent Attacks on Mobile Communication Backend

2014 aasta viimases kvartalis demonstreeriti mitmeid edukaid rünnakuid mobiilsidevõrkude vastu. Need baseerusid ühe peamise signaaliprotokolli, SS7 väärkasutamisel. Ründajatel õnnestus positsioneerida mobiilseadmete kasutajaid ja kuulata pealt nii kõnesid kui ka tekstisõnumeid. Ajal mil enamik viimase aja ründeid paljastavad nõrkusi lõppkasutajate seadmete tarkvaras, paljastavad need hiljutised rünnakud põhivõrkude endi haavatavust. Teadaolevalt on mobiilsete telekommunikatsioonivõrkude tööstuses raskusi haavatavuste õigeaegsel avastamisel ja nende mõistmisel. Käesolev töö on osa püüdlusest neid probleeme mõista. Töö annab põhjaliku ülevaate ja analüüsib teadaolevaid rünnakuid ning toob välja võimalikud lahendused. Rünnakud võivad olla väga suurte tagajärgedega, kuna vaatamata SS7 protokolli vanusele, jääb see siiski peamiseks signaaliprotokolliks mobiilsidevõrkudes veel pikaks ajaks. Uurimustöö analüüs ja tulemused aitavad mobiilsideoperaatoritel hinnata oma võrkude haavatavust ning teha paremaid investeeringuid oma taristu turvalisusele. Tulemused esitletakse mobiilsideoperaatoritele, võrguseadmete müüjatele ning 3GPP standardi organisatsioonile.In the last quarter of 2014, several successful attacks against mobile networks were demonstrated. They are based on misuse of one of the key signaling protocol, SS7, which is extensively used in the mobile communication backend for signaling tasks such as call and mobility management. The attackers were able to locate the mobile users and intercept voice calls and text messages. While most attacks in the public eye are those which exploits weaknesses in the end-device software or radio access links, these recently demonstrated vulnerabilities exploit weaknesses of the mobile core networks themselves. Understandably, there is a scramble in the mobile telecommunications industry to understand the attacks and the underlying vulnerabilities. This thesis is part of that effort. This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use. Both the known and new attacks have been confirmed by implementing them in a controlled test environment. The attacks are serious because SS7, despite its age, remains the main signaling protocol in the mobile networks and will still long be required for interoperability and background compatibility in international roaming. Moreover, the number of entities with access to the core network, and hence the number of potential attackers, has increased significantly because of changes in regulation and opening of the networks to competition. The analysis and new results of this thesis will help mobile network providers and operators to assess the vulnerabilities in their infrastructure and to make security-aware decisions regarding their future investments and standardization. The results will be presented to the operators, network-equipment vendors, and to the 3GPP standards body

A Denial-of-Service Attack to GSM/UMTS Networks via Attach Procedure

In this thesis I describe an attack to the security of a Public Land Mobile Network allowing an unauthenticated malicious mobile device to inject traffic in the mobile operator's infrastructure. I show that using a few hundreds of malicious devices and without any SIM module it is possible to inject in the mobile infrastructure high levels of signalling traffic targeted at the Home Location Register, thus causing significant service degradation up to a full-fledged Denial-of-Service attack

Security-centric analysis and performance investigation of IEEE 802.16 WiMAX

fi=vertaisarvioitu|en=peerReviewed

A Survey on Security for Mobile Devices

Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has signicantly increased due to the dierent form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research eld is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011. We focus on high-level attacks, such those to user applications, through SMS/MMS, denial-of-service, overcharging and privacy. We group existing approaches aimed at protecting mobile devices against these classes of attacks into dierent categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach

Analysis and Experimental Verification of Diameter Attacks in Long Term Evolution Networks

In cellular networks, the roaming interconnection was designed when there were only a few trusted parties and security was not a major concern or design criteria. Most of the roaming interconnections today are still based on the decades-old SS7 and the lack of security is being blamed for several vulnerabilities. Recent research indicates that the roaming interconnection has been widely misused for gaining access to the core network. Several attacks have been demonstrated by malicious attackers and other unauthorized entities such as intelligence agencies by exploiting the SS7 signaling protocol. Some operators moved to the more modern LTE (Long Term Evolution) and Diameter Signaling for high-speed data roaming and enhanced security. While LTE offers very high quality and resilience over the air security, it still requires special security capabilities and features to secure the core network against attacks targeting the roaming interconnection. This thesis analyses and identifies attacks that exploit the roaming interconnection and Diameter signaling used in LTE networks. The attacks are analyzed in accordance with the mobile network protocol standards and signaling scenarios. The attacks are also implemented in a test LTE network of a global operator. This thesis also focuses on potential countermeasures to mitigate the identified attacks